As recent money-laundering scandals move from the Baltics to Scandinavia, who will be next?
The beginning of 2019 and most of 2018 have been marked by a significant uptick in money-laundering scandals. More surprising is that recent money-laundering scandals involve financial institutions and jurisdictions that have generally been considered of lower risk both for money laundering as well as corruption, which highlights the need to go beyond popular measures of risk and consider a deeper dive in identifying money-laundering and regulatory risks.
Even more surprising is the fact that it has been more than three years since the Panama Papers scandal made headlines, and offshore secrecy and the use of offshore structures—which dominated the banking clientele in the Baltics, those so-called “non-resident” clients—should have been at the forefront of all board of directors at financial institutions globally, but especially those with large non-resident customer bases.
Since the release of the Panama Papers and the broad coverage they received in the media, financial institutions around the world would have been well advised to review their current client portfolios and determine specifically their exposure to the entities revealed in the Panama Papers while examining their client portfolios in general.
The last profound warning sign for financial institutions globally came in the form of the notice of proposed rulemaking (NPRM) issued by the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) on February 13, 2018, regarding ABLV Bank of Latvia.
ABLV Bank, at the time of the NPRM, did not maintain direct US correspondent relationships with financial institutions, but through nested and indirect relationships, the bank was still able to execute US dollar transactions that were:
- potentially either being missed by other financial institutions as being ABLV’s transactions;
- not given the required attention such transactions should have received; or
- simply ignored.
According to FinCEN’s NPRM:
“ABLV executives, shareholders, and employees have institutionalized money laundering as a pillar of the bank’s business practices. ABLV management orchestrates, and permits the bank and its employees to engage in, money laundering schemes. Management solicits the high-risk shell company activity that enables the bank and its customers to launder funds, maintains inadequate controls over high-risk shell company accounts, and is complicit in the circumvention of AML/CFT controls at the bank. As a result, multiple actors have exploited the bank in furtherance of illicit financial activity, including transactions for parties connected to U.S. and UN-designated entities, some of which are involved in North Korea’s procurement or export of ballistic missiles. In addition, ABLV management seeks to obstruct enforcement of Latvian AML/ CFT rules. Through 2017, ABLV executives and management have used bribery to influence Latvian officials when challenging enforcement actions and perceived threats to their high-risk business. ABLV’s business practices enable the provision of financial services to clients seeking to evade financial regulatory requirements. Bank executives and employees are complicit in their clients’ illicit financial activities, including money laundering and the use of shell companies to conceal the true nature of illicit transactions and the identities of those responsible. ABLV is considered innovative and forward-leaning in its approaches to circumventing financial regulations. The bank proactively pushes money laundering and regulatory circumvention schemes to its client base and ensures that fraudulent documentation produced to support financial schemes, some of which is produced by bank employees. In 2014, ABLV was involved in the theft of over $1 billion in assets from three Moldovan banks, BC Unibank S.A., Banca Sociala S.A., and Banca de Economii S.A., in which criminals took over the three Moldovan banks using a non-transparent ownership structure, partly financed by loans from offshore entities banking at ABLV. Separately, ABLV previously developed a scheme to assist customers in circumventing foreign currency controls, in which the bank disguised illegal currency trades as international trade transactions using fraudulent documentation and shell company accounts.”
If not previously done so after the release of the Panama Papers at least after FinCEN’s NPRM relating to ABLV Bank, financial institutions should have deployed their contingency plans for regulatory preparedness and response, assuming such plans existed, and taken a hard look at their respective risk assessments and client bases.
The cost of inaction
However, as the recent money-laundering scandals in the Baltics and Scandinavia point to, not all financial institutions have asked themselves whether their current clients pose heightened risks for their respective financial institutions. Those financial institutions are now paying the price for past inactions; as press reporting on certain regions and banks intensifies, it is becoming harder for management and boards of directors to respond properly to media reports, regulatory inquiries and probes. Management and boards are finding themselves in the peculiar situation of no longer being in charge of their destinies. They are now discovering that the saying “An ounce of prevention is worth a pound of cure” holds true. As both internally and externally driven investigations ramp up, and the potential risk of regulatory fines and sanctions increases, some financial institutions will now have to spend a multiple of the amount on mounting a regulatory defense and response while at the same time augmenting their control structures with haste—something that could have begun several years ago with a more sensible approach rather than the looming threat of regulatory actions.
Risk identification, assessment, contingency planning and scenario analysis
While most financial institutions globally conduct some form of an AML (anti-money-laundering)-risk assessment focused on customers, products and different lines of businesses, few financial institutions consider “regulatory or enforcement risk” as part of their risk assessments and even fewer conduct “what if” scenario analytics of both their risk assessments and overall AML-compliance programs.
Several regulatory bodies have mandated that risk assessments should be tailored not only to a company’s operations but also to its third-party relationships. That means a financial institution should assess its potential risk exposure across the entire organization, across its counterparties, across its affiliates and with regard to the products its affiliates use.
For example, recent enforcement actions point out that some financial institutions are still treating their affiliates and branches as part of the same organization, and they’re not giving much consideration to potential AML risks as they conduct business with affiliates and branches in certain jurisdictions. Therefore, it may be necessary for a financial institution to revise policies and procedures based on the regions in which it conducts business. In another example, financial institutions might want to consider adjusting their transaction-monitoring efforts when conducting business in jurisdictions that impose currency restrictions or certain central bank reporting requirements for funds leaving the country of origin. Further, financial institutions should evaluate both inherent and perceived risks associated with certain business activities and relationships. Such an approach, and heeding the warning signs around the Baltics that started surfacing well before the recent money-laundering scandals in 2018, would not only have been prudent but could have probably prevented some of the most recent scandals, and the significant regulatory enforcement actions yet to follow in the wake of those scandals.
The tone at the top alone is not enough if not adequately supported
There is virtually no financial institution that would claim not to be compliant with AML rules and regulations in their particular jurisdictions. However, while setting the right tone at the top is important, regulatory bodies will consider not only the tone at the top but actions taken from the top in their considerations of both whether to sanction a financial institution and the severity of such monetary and non-monetary sanctions, such as the appointment of an independent monitor. Boards and senior management should set the tone for their organizations by creating a culture of compliance.
On the other hand, if compliance officers are strapped for resources and cannot obtain adequate support and personnel, then it’s likely that the financial institution’s leadership is not seriously engaged in AML compliance, and the “tone” can become lip service only.
Boards of directors should keep in mind that they have a duty to ensure that their financial institutions reach not only their financial goals but also their regulatory-compliance and corporate-governance goals. This, in turn, will preserve shareholder value and potentially avoid costly shareholder litigation due to a decline in shareholder value as a result of management and board inaction.
US regulatory bodies have made this point clear through enforcement actions that often cite language such as: “The Board shall ensure that the Bank achieves and thereafter maintains compliance with this Order, including, without limitation, successful implementation of the BSA (Bank Secrecy Act)/AML Action Plan. The Board shall further ensure that, upon implementation of the BSA/AML Action Plan, the Bank achieves and maintains an effective BSA/AML compliance program” [source: selected enforcement actions issued by the Federal Reserve (2014 – 2018)]or “.…maintain a Compliance Committee of at least three (3) directors, of which at least two (2) may not be employees or officers of the Bank or any of its subsidiaries or affiliates…. The Compliance Committee shall be responsible for monitoring and coordinating the Bank’s adherence to the provisions of this Order” [source: selected enforcement actions issued by the Office of the Comptroller of the Currency (2014 – 2018)].
AML compliance remains a significant challenge for financial institutions globally, with notable differences between regions. Enforcement of existing rules and regulations also continues to evolve, and it can be expected that national European regulatory bodies will take a similar stance on board involvement and oversight as US regulatory bodies have in the past.
As financial institutions become more complex and more interconnected across jurisdictions, and as rules and regulations continue to evolve and the enforcement of those rules and regulations is being taken more seriously by various regulatory bodies, financial institutions will need to devote considerable resources to AML-compliance matters, both for their ongoing operations and contingency-planning purposes as well.
The race to keep up with differing compliance standards has redrawn the competitive landscape for banks, and those banks that can get AML compliance right will undoubtedly emerge as winners in the ever-increasingly competitive global financial landscape. Meanwhile, those financial institutions that continue to rely solely on strict legal interpretation of rules and regulations and/or past inaction of regulatory bodies may find themselves in the limelight of the popular press, followed be severely intensified regulatory scrutiny, prosecution efforts and the lack of correspondent relationships in the future, as their counterparties “de-risk” newly “too risky” relationships.