How we are losing the fight against global money laundering

Money laundering is one of the key ‘engines of crime’ sustaining a global criminal business worth over a trillion dollars, according to the UN. It also represents a significant risk to the integrity of the financial system. The task of combating it is becoming more difficult, due to the increasingly global and virtual nature of financial services, allowing crypto currencies and freely available anonymization tools to conceal criminal activity and frustrate the identification of beneficial owners. Controlling much of this mega-illicit activity are global money laundering syndicates, who offer their services at scale to criminal networks, and are highly adept at exploiting gaps in the financial system. These are the challenging conditions within which anti-money laundering arrangements of the banking sector currently operate. They set a very high bar for success in curtailing the international flows of illicit funds. And we are nowhere near reaching that standard. Europol estimates that barely 1% of criminal proceeds generated in the European Union are confiscated by relevant authorities. Why is the success rate of the system so poor and what can be done about it? These are the questions that frame a new initiative, led by Europol and the Institute of International Finance (IIF), to bring some of the world’s biggest banks closer to the law enforcement community to improve the systemic impact of financial crime compliance efforts. What this group has found is highly revealing.

Global banks invest billions of dollars each year meeting stringent anti-money laundering regulations. Financial crime compliance has become a big and costly business, reflecting the high importance of bringing order to systemic attempts to prevent the criminal misuse of the financial system. So why has this level of investment not delivered a greater strategic impact on the problem? One major reason identified by global banks, law enforcement agencies and the Financial Action Task Force (FATF), which sets international standards for anti-money laundering arrangements, is that the regulatory regime is highly inefficient. To meet regulatory standards banks run sophisticated algorithms to monitor millions of transactions, producing high quantities of alerts for individual review by compliance officers. According to a senior executive in one global bank only some 5% of those reviewed ever reach the standard of being filed as a suspicion transaction report to law enforcement. The rest are discarded. So, as the executive put it, "we employ thousands of people to look at noise in the system." But, it gets worse. Europol’s research has shown that, over a period stretching back to 2006, an average of only 10% of all suspicion transaction reports received by law enforcement agencies across Europe ever lead to any meaningful investigation. That is partly due to resource limitations in the law enforcement community, but it primarily reflects the general paucity of good-quality intelligence delivered by the system. So there’s low-level junk as well as noise in the system. It means that the sum of this systemic effort is that only some 0.5% of all transactions reviewed by the huge number of compliance officers in the banking sector ever lead to a criminal investigation. That’s a very small dividend from the multi-billion dollar investment made and goes a long way to explaining why such a small amount of criminal proceeds are ever confiscated.

At the heart of the system is a highly-developed, rules-based compliance regime. While that offers clarity and uniformity it lacks flexibility in the face of a dynamic criminal threat and suppresses innovation by cultivating a ‘tick-box’ methodology and culture. In particular it is a regime that favours a standardised, brute-force approach to scrutinising high volumes of accounts and transactions with insufficient scope for targeted interventions. So the task of meeting the A to Z of regulatory requirements in each case seems to have become an end in itself, rather than a means by which this system can make a more meaningful contribution to the fight against serious crime. The strategic goal of the whole system seems to have become lost in the detailed design and application of the regime. That’s not to say that the regulations themselves are not important. They constitute the necessary building blocks from which an effective impact can be made. That has not been achieved yet because the underpinning investment has lacked focus and has generally failed to exploit the intelligence potential of the data held in the financial sector.

Re-directing the considerable resources of the regime under a more targeted approach would almost certainly yield greater benefits. In the law enforcement and intelligence communities of the US and Europe such an ‘intelligence-led’ approach of using enhanced knowledge of the threat to direct operational resources against the highest priority areas is at the heart of all counter-terrorist and other major security programmes. These conceptual principles are not at the core of most banks’ financial crime compliance arrangements, in spite of repeated calls from FATF to run a more risk-based and outcome-focused approach. This is a cultural challenge but it also reflects generally poor levels of cooperation with law enforcement. Of the millions of suspicious transaction reports routinely churned out by the regime very few are either the result of a police-directed effort or the subject of any significant feedback. Where there have been cases of systematic cooperation the outcome is positive. The Joint Money Laundering Intelligence Taskforce (JMLIT), launched in the UK in 2016, has brought together law enforcement agencies and 20 major banks in an initiative to improve intelligence-sharing and cooperation. The first results are encouraging, with the project leading to over 1500 proactive investigations by the banks in cases identified by law enforcement agencies, including many relating to recent terrorist attacks in the UK. In most of these cases the efforts of compliance teams have been productive and highly relevant to significant police investigations of money laundering and terrorism. That is a startling comparison to the default 0.5% productivity rate of the current arrangements.

Europol plans to replicate the UK initiative on a pan-European basis, as a means by which to tackle another inherent flaw in the system: its over-dependence on national frameworks. The anti-money laundering regime operates through a network of Financial Intelligence Units, established in each country as the main interface between the banking and law enforcement sectors. They are essential elements in the system. But while structures exist to facilitate cross-border cooperation between these national units, outputs vary considerably in consistency and impact. The system is overwhelmingly modelled to run along national lines, even though the problem is clearly about the international flows of illicit money. At the heart of this issue are strong regulatory conditions imposed to protect principles of bank secrecy and data privacy. They limit the type and amount of data that can be shared with law enforcement generally, and further limit their sharing across borders, even within the relatively well developed legislative framework of the European Union. Overcoming this is a considerable challenge for governments and regulators, but the time has surely come for a regime that better reflects the increasingly cross-border nature of money laundering. That is less about de-regulation and more a re-targeting of the principles and objectives of the regime in place.

In the meantime the legislative and operational frameworks offered by international bodies such as Europol give considerable scope to improve information sharing standards and practice even within the existing system. Europol facilitates the exchange of information between 1,000 law enforcement agencies and 100 private companies drawn from over 40 countries, primarily in Europe but including the US as a major strategic partner. It also hosts the networks of Financial Intelligence Units and Asset Recovery Offices in the EU, is an implementing agency in the EU-US Terrorist Financing Tracking Programme, and coordinates or supports hundreds of international money laundering investigations each year. The new initiative formed by Europol and the IIF last month is focused on how this international platform can support a more effective use of the financial crime compliance regime along the models explored above. Proposals under the 4th EU AML Directive to establish an EU Financial Intelligence Unit and other developments underway to revitalise the EU’s financial crime strategy are also designed with the same overall goal in mind.

The final area worthy of strategic re-design is under the direct influence of the banks themselves. In a feature common to the sector the poor integration of anti-money laundering efforts with other risk and security threats of a related nature, namely fraud and cybercrime, is another sub-optimal factor in overall efforts to curtail the criminal exploitation of the financial system. With the rise of hybrid criminal groups, acting in multiple sectors and on a global basis, the threat picture across these three areas is becoming increasingly connected. Success all depends on an ability to see and exploit these joins in an integrated framework, yet some banks still compartmentalise their efforts under separate strategies and hierarchies. Most law enforcement agencies have already adapted to the new paradigm of an interconnected criminal economy, and are yielding considerable intelligence benefits as a result. Many banks have not yet shown the leadership and innovation to take a similar path, in part due to regulatory and structural challenges, but the case for their doing so is compelling, especially when taken together with the other measures explored in this paper. They could start by integrating their intelligence functions on financial crime, fraud and cybercrime under a single, centralised platform designed to maximise threat awareness and drive a more optimum, concerted response.

Under a system in which regulation still constrains the optimal sharing of data, and values uniform compliance over intelligence-led interventions, it is no wonder the outputs are small. Some green-shots of positive change are emerging, including those referred to above and other initiatives designed to improve the standard and practice of financial intelligence sharing. These efforts must be supported by a new strategic paradigm that better reflects the inherent international nature of illicit money flows and the essential need for action to be driven by an integrated intelligence-led framework. That paradigm should influence government and regulatory thinking and the evolution of strategy and function within individual banks. It should also prompt law enforcement agencies to have a more open and constructive partnership with the sector. But its success depends on effective leadership in each of these sectors. What’s on offer is the prospect of running a much more effective, collective response to money laundering and other forms of serious crime. The time has come for us all to step up in the area.