Are You Aiding a Criminal?
When it comes to money laundering and terrorist financing, there’s a new Strafverfolgungsbehörde in town.
The new European Union regulator, the Anti Money Laundering Authority (AMLA), will directly supervise companies that conduct high-risk cross-border transactions and will monitor the use of cryptocurrencies. Moreover, the authority will have enforcement capabilities, something the previous rules from the European Banking Authority (EBA) largely lacked, according to a 2020 European Commission review.
Banking scandals have plagued the financial sector in the EU over the past decade.
The new enforcement unit will wield enhanced powers, including the authority to issue fines.
Cryptocurrencies, often a shield for criminal activity, will also be regulated.
The new framework will be binding on European Union member states and should usher in EU-wide rule standardization. However, the overhaul creates a need for revamped corporate compliance controls that currently cater to varied national regulations.
Caught in the dragnet will be insurers and other financial institutions along with their executives and directors, who could be targeted as individuals under the new rules.
Crowdfunding platforms are also under new guidelines from the EBA, as are corporate finance offices, account information service providers, payment initiation services providers, companies providing currency exchange services and employee representative organizations, among others. These will all likely be folded into the AMLA’s efforts.
Where It Began
Banking scandals have plagued the financial sector in the EU over the past decade. They include money laundering uncovered in 2018 at ABLV, a Latvian bank tied to Russian dirty dealing; and a large, porn- and Taliban-related money-laundering scheme involving Turkey’s Aktif Bank, part of Turkish conglomerate Calik Holding, and its clients. In response, the European Banking Authority tightened rules regarding due diligence in the financial sector. But implementation has been patchy, and the guidelines have been more of a paper tiger.
The EBA unveiled an updated set of rules in May. These rules come on the heels of a review done by the European Commission (EC) that looked at the original EU risk-based approach to preventing money laundering and terrorist financing. That EC report found “widespread challenges in the operationalisation and supervision of the risk-based approach…”
That risk-based approach was promulgated in 2016 by the EBA in conjunction with the European Insurance and Occupational Pensions Authority and the European Securities and Markets Authority. The goal was to create an awareness of money-laundering and terrorist-financing (ML/TF) risks throughout the financial services sector and to establish effective anti ML/TF supervisory practices across EU member states. Prior to this, ML/TF monitoring was largely left up to individual states or corporations and was pretty low on the priority list. The approach consisted of four steps: the identification of ML/TF risk factors, a risk assessment, the allocation of anti-ML/counter-TF supervisory resources in a way that is commensurate with the ML/TF risk identified, and monitoring and review to ensure the risk assessment and associated allocation of supervisory resources remains up to date and relevant. Findings in step four could trigger the cycle to repeat itself.
As a result of European Commission’s findings, the EC took steps to reorganize the anti money-laundering and terrorism-financing regulatory structure. Authority over money-laundering and terrorist-financing efforts, previously shared by the European Securities and Markets Authority and the European Insurance and Occupational Pensions Authority, was consolidated under the EBA in January 2020. The EBA’s mission was to understand the failures identified in the EC report and replace the original risk-based guidelines with the revised guidelines.
The new rules mandate risk assessments and customer due diligence that include “the identification of beneficial owners, the use of innovative solutions to identify and verify customers’ identities, and how financial institutions should comply with legal provisions on enhanced customer due diligence in high-risk third countries.”
But almost as soon as the EBA put forth these new guidelines, Brussels went a step further, proposing the establishment of a dedicated regulator whose sole purpose would be to clean up the European financial sector. The new unit, the Anti Money Laundering Authority, will directly supervise companies conducting high-risk cross-border transactions, coordinate regulatory practices and information sharing across the EU and wield an enforcement authority that includes the ability to levy fines. The AMLA is projected to be established in 2023, operational in 2024, and in full swing in its direct supervisory and enforcement role in 2026.
Because cryptocurrencies have been used as a shield for all sorts of criminal activity, digital payments will also be regulated under the AMLA. Currently, virtual assets and currencies are not governed by EU financial rules. Under the new regime, rules would be proffered to require cryptocurrency service providers to collect and share data on their clients, such as originators and beneficiaries of crypto-asset transactions.
Though the details need to be negotiated in the European Parliament and approved by member states, the effort may find support in a wave of similar rule-making and legislation in Canada and the United States.
Canada Makes Sweeping Changes
Sweeping amendments to Canada’s anti money-laundering legislation—the Proceeds of Crime (Money Laundering) and Terrorist Financing Act—went into effect June 1. The new law now includes life insurers and entities acting as life insurance agents or brokers, financial services cooperatives, financial organizations using prepaid payment products, and trust companies, among many other sectors. In fact, all reporting entities are affected.
The amendments include exemptions for life insurance brokers acting as managing general agents or associate general agents. They are not considered reporting entities under the new law.
For life insurance entities that fall under the amended rules, newly imposed responsibilities cover situations where someone makes a $100,000 or greater lump-sum payment into an immediate or deferred annuity or policy and is a political or high-risk client, a head of an international organization, or a close associate of such a person. Sellers’ duties include establishing the source of the funds or virtual currency used as well as the source of wealth of the people involved in a transaction. A senior manager must review such transactions. The amended language goes beyond high-risk and political clients, explicitly stating that all business relationships are subject to reasonable efforts to verify beneficial ownership data.
In addition, reporting entities must now make a deep dive into the foreign financial institutions they work with, must make sure those institutions are not shell banks, must memorialize in writing all correspondent banking arrangements, and must get senior-level approval to enter into correspondent banking relationships. Note that electronic funds transfers and virtual currency transfers are also affected when used in connection with financial entities, casinos and money services businesses. In those cases, transactions must include the name, address and account or other reference number of the party requesting the transfer, the name and address of the beneficiary, and the beneficiary’s account or reference number, if there is one.
Record-keeping responsibilities for financial entities also have been expanded under the amendments. For example, foreign financial institutions that reporting entities deal with must provide written statements confirming their compliance with anti money-laundering and terrorist-financing laws and noting any penalties a correspondent bank has incurred for related violations.
Regarding beneficial ownership rules, FinTrac (the Financial Transactions and Report Analysis Centre of Canada) has new guidance, effective June 1, that redefines when a financial entity has established a business relationship. The new guidance defines a business relationship as beginning when a client opens an account at the financial institution (some exceptions apply) or a non-accountholder conducts a transaction that requires identity verification a second time within a five-year period. Entering into such a business relationship creates obligations for beneficial ownership screenings, determinations and monitoring.
Know-your-client rules also changed on June 1, creating an obligation for financial entities to verify client identity for virtual currency transactions of C$10,000 or more occurring within a 24-hour window, except in cases where the deposit comes from a financial entity, a public body, or a person acting on behalf of either of those.
What do these new enforcement developments mean for agencies and brokerages? Todd Elson, director of life and benefits at Firstbrook Cassie & Anderson in Toronto, contends they will create additional compliance work on products such as universal life policies and non-registered annuity contracts. These include segregated funds, guaranteed interest accounts and single-premium immediate annuities. “But the additions to the existing ‘know your client’ requirements aren’t too onerous,” Elson writes in an email, “and they’re balanced by the real benefit in reducing the risk of money laundering in the life industry (or the perceived risk, which affects our collective reputation).”
U.S. Begins Regulatory Process
In the United States, the U.S. Financial Crimes Enforcement Network (FinCEN) released its first-ever list of anti money-laundering and terrorism-financing priorities, as required by the Anti Money Laundering Act, passed in December 2020. The list comprised eight points: corruption, cyber crime, terrorist financing, fraud, transnational organized crime, drug trafficking, human trafficking and smuggling and proliferation financing. While FinCEN says it hopes to implement public/private cooperation for investigation, reporting and enforcement, it has been criticized for lack of substantive guidance.
According to an analysis published by Ballard Spahr attorney Peter Hardy, “…the collective Priorities [from FinCEN] are so broad and so numerous that it is difficult to imagine a crime or suspicious activity that is not somehow captured by one or more of the eight Priorities… Accordingly, they provide little guidance to financial institutions attempting to figure out how to focus their limited compliance resources.”
In addition, the list of enforcement priorities is so broad it could pose regulatory risk to financial institutions that dedicate resources to the wrong area and get caught with a violation.
“With the passage of the Anti-Money Laundering Act 2020, the Corporate Transparency Act, the recent national priorities and the Biden administration memorandum on combatting corruption, it is clear that AML enforcement will be a well-resourced priority in the coming years,” says Ian Herbert, counsel at law firm Miller & Chevalier, “and companies should review their anti-money laundering programs to ensure that they adequately address risk.”
Should a company run afoul of regulations and ding earnings or valuation, it could be at higher exposure for a shareholder lawsuit. Herbert says some relief may be found in directors and officers liability insurance.
But timing is important, and not knowing the extent of the rules can create a compliance problem. FinCEN is obligated by the AML Act to issue draft rules by the end of 2021, so we may have more clarity at that point, but businesses should be thinking in terms of expanded compliance efforts and protecting themselves against regulatory violations as well as against overstepping and engendering lawsuits by clients.
In July, the European Banking Authority issued draft guidelines for compliance management that may be a good indicator of what the United States and other jurisdictions may do. Those guidelines are quite specific on compliance reporting, companies’ risk-assessment frameworks, transactions with high-risk customers, training for staff, and monitoring of organization-wide adherence to policies and procedures. The draft guidelines also emphasize group-level oversight at financial services companies that have subsidiary operations so there is uniformity of compliance policies, procedures, reporting and enforcement across the whole group.
Does outsourcing compliance seem like a good idea? Not so fast. The EBA draft guidelines require the most important activities be kept in-house. It remains to be seen if U.S. authorities will issue that mandate.
In a survey of 24,000 insurance intermediaries operating in France, the country’s Autorité de Contrôle Prudentiel et de Résolution, or ACPR, found “only a minority” had a money-laundering reporting officer. As a result, the ACPR said in a report issued in May, it would be doubling on-site inspections in the insurance industry. According to the report , the insurance brokerage sector filed only 6% of the 96,000 suspicious transaction reports the tracking authority received from all financial institutions in 2019.
The ACPR is now assessing financial services institutions’ approach to vetting customers, especially those from or operating in areas at high risk for money laundering or terrorist financing. The ACPR said it will likely increase its number of recommended penalties for AML violations.
Finanstilsynet, a Norwegian governmental supervisory authority for the financial services sector, reported earlier this year that, “Money laundering was on the agenda at most ordinary inspections at insurers and insurance intermediaries in 2020. The findings showed shortcomings in risk assessments, which were too often cursory and gave a description of the regulations instead of assessing the specific risks.”
Its findings were similar to those in other countries across Europe, with concerns expressed over employee training on compliance, the ease of implementation of AML procedures, and keeping up to date with legislative changes. “In general,” the report states, “there was better compliance among insurers than among insurance intermediaries.”
Auditing firms were also criticized in the report: “There were shortcomings in their compliance with requirements for the risk classification of customers, internal training and their ability to identify circumstances indicating that funds could be used for money laundering or terrorist financing.” This is an important notation because some companies may tend to rely on audits to detect funny business.
Life Insurance as a Money-Laundering Vehicle
Life insurance has been singled out for AML/TF attention from other insurance products largely because beneficiaries can be changed, policies can be used as collateral for loans, and numerous investment products can be affiliated with life insurance, creating a series of difficult-to-trace transactions called layering, whereby money origins and beneficiaries can be veiled. Experts say intermediaries should be trained to spot suspicious transactions and software should be written to assist in identifying yellow flags.
Single-premium investment policies and annuities are attractive targets for money launderers, since ill-gotten funds can be used to buy the products and the money derived comes from legitimate sources. In some cases, launderers will overpay premiums with dirty money and receive back clean money in the form of an insurance check that can be used as a deposit into another institution’s account. The same goes for cashed-out life policies and those that are surrendered, even if with a penalty.
For insurers and their agents and brokers, there are specific compliance mandates. “Insurance companies are covered entities under the Bank Secrecy Act,” Herbert says, “and therefore must have an anti money-laundering program that includes adequate internal controls based upon the company’s assessment of money-laundering risk. The program should integrate the company’s agents and brokers and ensure that the company obtains the relevant customer-related information necessary to combat money laundering. It should include a compliance officer, appropriate AML training, and independent testing of the program.”
What About Equity?
There is a fear that the new guidelines will reduce financial institutions’ willingness to work with clients from high-risk countries—with the result that there will be a disproportionate exclusion of minorities. In response to that concern, the EBA says in its newest guidance, “The EBA reiterates that there is no requirement for financial institutions to discontinue services to entire categories of customers that they associate with higher ML/TF risk (so-called ‘de-risking’): Instead, financial institutions should balance the need for financial inclusion with the need to mitigate and manage ML/TF risk. The guidelines can help financial institutions to achieve this balance.”
So financial institutions will walk a tightrope, potentially being penalized for discrimination, money laundering/terrorist financing, or both.
A substantial focus will be on beneficial owners—that is, those who may benefit from a holding that is nominally owned by a different legal entity. For those who insure property, businesses and lives or those who sell securities or other financial instruments, there is concern. Is it possible that proceeds from an insurance claim or financial investment are supporting a nefarious money launderer, drug trafficker or arms dealer? As the EU found, yes, it is.
The first step, according to experts, is getting better cooperation between jurisdictions. That is the main purpose of the new AMLA. Currently, the financial intelligence units (FIUs) in the various European states don’t cooperate well with each other, and sometimes they don’t even collaborate with their own national law enforcement authorities. For example, last year it was revealed that Germany’s FIU, a division of the Ministry of Finance, received a report from a bank in 2018 that more than $1.2 million dollars in suspicious transactions was transferred to recipients in Africa. The FIU allegedly didn’t inform the police, and the transaction went through with impunity.
Going after businesses isn’t the right tack, according to Karel Lannoo, CEO of the Centre for European Policy Studies. “You are hitting the wrong thing,” he says. “You need to focus on the FIUs and that they cooperate with each other. Cooperation between police authorities is very difficult in the EU since they do not cooperate across states. If you launder in Belgium then run to France, OK, you get away.”
Banks, the strongest sector for anti money-laundering efforts, are already very active in monitoring and reporting, using people and technology to identify patterns and potential criminal activity. In fact, banks generate thousands of reports to comply with the law. Unfortunately, Lannoo says, 95% to 98% of suspicious activities detected in the private sector are false positives. “According to the rules, I have to transmit this suspicious activity report. Yes, we know it’s a false positive, but your rules say we must send it.”
He suggests targeting what he calls “the big fish.”
“We should be strong on the big things and not worry about the small guys,” Lannoo says. As an example, he cites drug trafficking, which relies on supply lines that run right through ports and which generates billions of dollars in untracked income. Lannoo questions whether we can be serious about tracking suspicious banking activities if we don’t shut down drug traders—who notoriously send their money to terrorists and other criminals—at the point of sale and in their supply chain.
Another solution Lannoo suggests is the improved use of existing data. “[R]egistries of corporates and ultimate beneficial owners (UBOs) need to be much better applied and legal entity identifiers (LEIs) more widely used,” Lannoo previously stated in a blog. “LEIs were instituted after the financial crisis, but their utilisation rate is only 2-7% of the eligible entities in the Western world.”
Ultimately, the private sector will be held accountable, and—it appears from the proposals offered so far—the entire financial services sector will have to increase compliance oversight à la the best of the banks. It may be a lot of “box-ticking,” Lannoo says. But the AMLA will have authority to fine, and European and North American authorities are on the prowl. As Lannoo says, “If you look at the word of the law, you should be extremely concerned.”