Written by Teodora Harrop, FICA on Monday 26 July, 2021
In response to a variety of AML legislation over the years, transaction monitoring has today evolved to the point where the emphasis is now on the requirement that firms carry out ongoing monitoring of client relationships. Financial institutions have invested significantly in response, but regulators across a range of jurisdictions continue to impose significant fines against firms that fail to monitor transactions effectively. This article considers what can be learnt from recent enforcement action and provides best practice examples from which firms can learn.
Recent enforcement
The last 18 months saw regulators across the globe impose large fines on financial institutions for transaction monitoring failures, vividly demonstrating the cost of getting the monitoring process ‘wrong’.
In September 2020, AUSTRAC fined Westpac over £721 million (AU$1.3 billion) for failing to report an incredible 19 million cross-border transactions and carry out appropriate due diligence in relation to some of those payments, noting that some of these could have been associated with human trafficking and child exploitation activities.[1]
Similarly, in June 2020 Commerzbank was fined £37.8 million by the UK Financial Conduct Authority (FCA). One of the issues identified by the FCA related to the failure to ‘address long-standing weaknesses in its automated tool for monitoring money laundering risk on transactions for clients’. Despite identifying in 2015 that 40 high-risk countries were missing, and 1,110 high-risk clients had not been added, Commerzbank delayed making the required changes to the tool.[2]
And in February 2021, the Office of Foreign Assets Control (OFAC) fined BitPay £360,000 ($507,375). Whilst of a lower overall value, this enforcement action brought an interesting dimension to the concept of transaction monitoring, namely that one of the key issues related to BitPay’s failure to include location data in its transaction monitoring programme.
Though BitPay screened its direct customers (the merchants) against OFAC’s sanctions list, and conducted due diligence on them to ensure they were not located in sanctioned jurisdictions, BitPay failed to screen location data that it obtained about its merchants’ buyers.[3]
These fines illustrate that adequate transaction monitoring can help firms evidence that they are complying with legal and regulatory requirements, and that an absence of effective tools can have serious ramifications.
Preventing complex crime
Whilst the risks associated with money mules are relatively well known, an effective transaction monitoring system may help detect other types of more sophisticated crimes.
For example, in October 2019, the UK’s National Crime Agency (NCA) highlighted the risks of Chinese Underground Banking (an informal value transfer system) and the practice of ‘Daigou’ (purchasing goods in a Western country on behalf of third parties in China).
Following several prosecutions, the NCA identified instances of abuse of Chinese Underground Banking ‘by utilising cash generated from crime in the UK to settle separate and unconnected inward Underground Banking remittances to Chinese citizens in the UK’.[4]
Persons involved in Daigou receive ‘criminally derived cash directly into their UK bank accounts, or wire transfers from mule accounts in the name of other Chinese nationals, into which criminally derived cash has previously been smurfed’.
Other implications of this type of crime may involve the exploitation of the HMRC VAT 407 retail export scheme (this allows VAT to be reclaimed on goods purchased in retail stores in the UK that are intended to be exported) and large revenue losses.[4]
The right blend of automatic and manual systems
When it comes to transaction monitoring, legislation is not prescriptive, and financial institutions can adopt different approaches. A manual approach can be incredibly resource intensive and is less likely to be able to adapt in response to emerging risks, but the cost of automated systems may be substantial.
In its Financial Crime Guide, the FCA highlights examples of good practice, asking firms to consider how they ‘feed findings from monitoring back into the customer’s risk profile’ and reminding firms of the importance of understanding the ‘capabilities and limitations’ of automated transaction monitoring systems.[5]
The Monetary Authority of Singapore (MAS) in 2018 published a paper produced by the AML/CFT Industry Partnership (ACIP); this highlighted the importance of ensuring compliance with legal and regulatory requirements, including data privacy:
FIs [Financial institutions] wishing to embark on analytics projects will need to have a clear understanding of the relevant regulatory considerations, particularly in respect of ever developing and evolving legal and regulatory requirements. FIs would need to evaluate any apparent inconsistencies between their proposed models and regulatory requirements, then design or adjust models in order to work within regulatory parameters. In addition to AML/CFT regulations, data privacy and protection laws are also relevant as they govern the collection, disclosure and use of data, especially personal data, in the jurisdictions within which the FIs operate or have customers.[6]
An effective transaction monitoring system may employ an automated approach, but will still rely on a certain level of manual, human intervention, to:
- document the scope of transaction monitoring, including screening of any additional information (such as IP addresses)
- calibrate the systems and rules – however some ‘off the shelf’ solutions may lack flexibility or will involve significant time and resource to be adapted to respond to emerging risks (such as the pandemic)
- review the potential issues identified – these could be relating to a range of financial crime issues, from money laundering or fraud to sanctions evasion
- assist financial institutions to comply with legal and regulatory requirements, including reporting of suspicious activities and transactions
- comply with data privacy requirements, prevent data breaches and protect against cyberattacks
- provide reporting to senior management and regulators, and
- undertake assurance activities, proportionate to the scale and complexity.
Each firm will have to identify and document the correct transaction monitoring approach for their business model and strategy. Culture, education and training are key in preventing financial crime. The ramifications of enforcement actions can be financially and reputationally damaging for firms, but failure to protect the vulnerable can have far reaching implications for both financial institutions and society as a whole.
_________________________________________________________________
References:
[1] AUSTRAC, ‘AUSTRAC and Westpac agree to proposed $1.3bn penalty’, 24 September 2020: https://www.austrac.gov.au/news-and-media/media-release/austrac-and-westpac-agree-penalty – accessed May 2021
[2] Financial Conduct Authority, ‘FCA fines Commerzbank London £37,805,400 over anti-money laundering fines’, 17 June 2020:
https://www.fca.org.uk/news/press-releases/fca-fines-commerzbank-london-37805400-over-anti-money-laundering-failures – accessed May 2021
[3] US Department of the Treasury, ‘OFAC Enters Into $507,375 Settlement with BitPay, Inc. for Apparent Violations of Multiple Sanctions Programs Related to Digital Currency Transactions’, 18 February 2021:
https://home.treasury.gov/system/files/126/20210218_bp.pdf – accessed May 2021
[4] National Crime Agency, Chinese Underground Banking and ‘Daigou’, October 2019:
https://www.nationalcrimeagency.gov.uk/who-we-are/publications/445-chinese-underground-banking/file – accessed May 2021
[5] Financial Conduct Authority, Financial Crime Guide: A firm’s guide to countering financial crime risks (FCG), May 2021:
https://www.handbook.fca.org.uk/handbook/FCG.pdf – accessed May 2021
[6] Monetary Authority of Singapore, AML/CFT Industry Partnership: Industry Perspectives – Adopting Data Analytics Methods for AML/CFT, November 2018:
https://www.mas.gov.sg/-/media/MAS/Regulations-and-Financial-Stability/Industry-Perspectives--Adopting-Data-Analytics-Methods-for-AMLCFT.pdf – accessed May 2021
_________________________________________________________________
You may be interested in:
Read more from Teodora Harrop: