2019 and it is 30 years since the Sommet de l’Arche in Paris established the Financial Action Task Force (FATF) to combat money laundering. So where have we come to in Europe and what remains to be done?
Money laundering has been criminalised not just in Europe but the world over. Predicate offences have widened from drug trafficking to the proceeds of all crimes. Europol has established itself internationally in AML terms. The Egmont Group has grown to a large international organisation of 159 financial intelligence units, representing the operational arm of AML/CFT deterrence to complement the strategic arm of the FATF. Fifteen EU Member States (plus the European Commission) are direct FATF members and the remaining thirteen are members of Moneyval, the European regional version of FATF. Moneyval includes non EU/EEA Member States such as Russia and Ukraine. European governments evaluate each others’ AML performance every so often. The term “money laundering”, unheard of in 1989, is now in common parlance. However, the amount of proceeds of crime recovered as a result of successful money laundering prosecutions, as compared to the amount thought to be available to be laundered, is around 0.1% at best. It is small wonder that commission of the underlying predicate offences remains rife, and increasing, particularly in relation to emerging criminality, such as cybercrime. So why is the European AML system so ineffective in reducing the impact of the underlying crimes upon European citizens?
The major AML issues in Europe can be divided into three distinct areas: governance, risk management and capability. Some feel it is a simple question of reforming the European AML supervisory architecture, but the answer is much more complex and nuanced than that. True, AML deterrence in Europe does need better governance, but improved structure of European authorities alone will not keep organised crime lords and other members of the dark economy awake unless it is allied to action, commitment and improvements in capability.
There are many fault lines across Europe in relation to AML governance:
- There is no clear stated focus on what the objective of AML should be across Europe. Yet without clarity of vision, mission and modus operandi, it is difficult to see how progress can be achieved. It should be greater than merely securing the financial and operational integrity of the EU, though that would be a good start. The focus of most governments seems to have switched to fining the gatekeepers rather than convicting the perpetrators of the predicate offences. This is ineffective in terms of reducing the scourge of drug trafficking across Europe, for example;
- Only 15 EU Member States are members of FATF. The remaining 13 Member States are members of Moneyval, a 28 state European FATF equivalent which includes members such as the Caucasus states, Russia and Ukraine. 19 of the 28 EU Member States are members of the Eurozone. These fault lines all cause dislocation across the EU in terms of deterrence not just of money laundering, but of financial crime in general;
- There is no EU co-ordination body for AML policy except for the European Commission, certain monitoring and supervisory functions carried out by the European Central Bank and European Banking Authority, and certain loose information sharing arrangements between national Member State authorities;
- Laws relating to crime are reserved to individual Member States. True, there is some co-ordination of investigation through Europol, and instruments such as the European Arrest Warrant have been created, but usage of such instruments varies wildly across the EU;
- Governance is not just about architecture, however, but also about “battle rhythm”:
- The gestation periods of European legal and policy measures are far too long. In relation to MLD 4, for example, the “flash to bang” time (carrying out policy development within FATF to implementation of the associated directive) was well over a decade. This is far too long in relation to deterrence of money laundering, a problem which will be exacerbated by the need to respond to the explosive growth of cybercrime
- The mutual inspection cycle is also around a decade long. With virtually all EU businesses subject to so much annual control and monitoring, why should this concept not apply in AML deterrence at governmental level? There is currently no annual assessment of EU Member State performance against the FATF 40 Recommendations
2 Risk Management
No Key Performance Indicators (KPIs) have been set by the FATF or Moneyval, and Member States are not even collecting figures on the underlying offences in a co-ordinated manner, yet this is vital for effective policy development and the combat of money laundering and its predicate offences. How can policies possibly be effective if you don’t know the numbers? True, FATF has developed some indicators (known as “Immediate Outcomes”), but these are not the same as KPIs related to the predicate offences. An assessment of what really needs to be measured is urgently required, in order to develop the correct tools, fund the most effective action, and reduce the ever growing scourge of the underlying crimes. Even the most advanced EU Member States are assessed as having a number of areas where major improvements are required, so greater government commitment is necessary.
In order to reduce compliance burdens and increase effectiveness, the concept of risk based deterrence has been introduced. Although highly attractive conceptually, the risk based system has been stymied since it has become the regulator who decides what the risk is, rather than allowing firms to carry out their own risk function, with regulators checking that the risk process works and the firm developing its risk assessment skills. This initiative needs become less dirigiste to succeed.
In assessing how deterrence should work, many regulators have latched on to a principle of three lines of defence. This follows the old military principle of castle building, the outer wall representing the first line of defence, the inner wall the second line of defence, and the keep the final line. Fine for castle building in mediaeval Europe, but the only organisation building castles these days is Walt Disney. This concept of defence as applied to financial institutions has the customer facing staff as the front line, compliance as the second line and audit in the castle keep. This concept is outmoded, ineffective and encourages the wrong mentality in
crime fighting. Better a system of integrated active defence, where all anti money laundering assets are designed to work together, as currently used by the world’s militaries to great effect in defences such as Integrated Air Defence Systems and Integrated Carrier Battle Groups.
Training of law enforcement in how financial markets work is generally below what it could be. Virtually all law enforcement officers are given some financial investigation training, but this is not the same as instruction in the operation of financial markets such that law enforcement has a chance of recognising egregious behaviour, apprehending the perpetrators and obtaining necessary evidence. Some kind of specialist financial police are needed, properly trained and supported, in all countries. Commitment currently ranges from Financial Investigation Units consisting of just one law enforcement officer, to specialist financial police like the Guardia di Finanza with a force of around 70,000 persons.
Fines levied on banks are in the billions, yet at the same time governments appear unwilling to fund even small law enforcement projects. One Member State agency, for example, promised funding for its creaking IT system to cope with suspicious activity reports, requiring just over €5 million, has finally been promised the funding, but not until 2023.
AML compliance has become an end in itself, highly bureaucratic, with the real objectives having become lost in a mass of organisational data kleptomania. Digitisation of business has given rise to a search for an automated AML nirvana, reducing human input to a bare minimum. Yet money laundering deterrence is a human issue and programming errors can increase costs dramatically, as battles to reduce false positives have shown.
Compliance is also often seen as all cost with little or no benefit. CEOs appear to prefer running the risk of massive fines than investing sufficiently in ensuring that their business models and compliance functions are properly aligned, effective and efficient. Far from scandals having changed such attitudes, they have been perpetuated, as the recent response by Scandinavian banks demonstrates.
The Way Forward
So where does the solution lie? The following steps and options are recommended for consideration:
- Develop clarity of vision and mission. Processes need to have an impact on the underlying threats, or there is no point introducing them;
- Assess whether a new AML body is needed within Europe at policy co-ordination level. This could be separate, or be the policy arm of Europol, for example;
- Ensure co-ordination works between EU Member States, EEA Member States, and non-EU/EEA states, at all levels, and with similar bodies in related areas, such as ENISA;
- Improve cross border co-operation, at all levels, including data collection, intelligence generation, policy making, investigation, information exchange, prosecution, etc.
- Adopt key performance indicators (KPIs) which relate to the underlying criminal threats which AML laws are intended to impact. These need to be thought through, rather than being measures which are adopted purely as they are a measure and/or are easy to measure (such as the number of suspicious activity reports filed with law enforcement). The right metrics are needed to combat the threat. Data collection techniques in this area are also in need of improvement;
- Allow firms to develop and use risk based systems to improve effectiveness;
- Carry out effective Benefit Cost Analysis (rather than Cost Benefit Analysis) of proposed new measures;
- Adopt active, co-ordinated defences, rather than the static three lines of defence model with all its attendant difficulties referred
- Encourage training and spending on specialised financial police;
- Increase funding and support of law enforcement, particularly of undercover operations and IT systems, enabling law enforcement to follow the money trail from commission of crimes;
- Improve training standards to a new EU level, including the courts process, policy makers, investigators and intelligence analysts.
So what are the options for Europe? In essence they are to carry on as now (“EU AML 1.0”), with little success. Alternatively Europe can counter money laundering with renewed vigour, centralising that which needs to be centralised, integrating all AML defence systems, and ensuring that this “EU AML 2.0” works in each of the various Member States, particularly given the differences in threat, vulnerability and risk of those Member States.
Looking at the figures on drug deaths, terrorism, fraud, cybercrime, organised crime, etc., in each of the Member States, and the negative impact this has on the whole of the EU, things could be different. Money laundering, like climate change and the threats to the natural world, is a truly European issue and needs a truly European response. We must not be found wanting.
Financial Markets Law International
CEPS intends to create a Task Force on how to progress the combat of money laundering at EU level. Interested parties are invited to contact the author, or CEPS direct.