• News
• Bookshop
• Events
• Sign up for the E-mail newsletter
• Anti Money Laundering
• Financial Management
• Human Resources
• Information Technology
• International Firms
• Jobs & Careers
• Knowledge Management
• Marketing, Business Development
• Mergers
• Mobile Working
• Outsourcing
• Professional Indemnity
• Risk Management

Feature

posted 22 Jun 2010 in Volume 12 Issue 12

Andrew Cheung, director of compliance at Denton Wilde Sapte, asks whether international anti-money laundering efforts are actually producing results.

Most countries now apply some form of anti-money laundering (AML) law. In fact, the absence of such laws is fast becoming the exception rather than the rule. Every African State bar Uganda now has some form of AML law in place, and Uganda is under pressure from the International Monetary Fund (IMF) and World Bank to join that pack (although how rigorously those laws are enforced is another matter). Even ‘tax haven’ jurisdictions – which have traditionally been high-risk areas for money laundering – are implementing strict AML regimes. In 2009, the IMF found that Jersey had complied with 44 of the Financial Action Task Force’s (FATF) 40+9 recommendations, which was better than the UK.

With this political focus on AML and counter terrorist financing (CTF), you would think it would be easier than ever to administer an effective global AML and CTF programme. You might also assume that most clients would now be familiar with AML due diligence and identification requirements. If you were feeling particularly brave, you may even think that the speed and extent to which AML due diligence regimes are spreading around the world means they must be an effective way of policing money laundering.

This article examines and questions some of these assumptions from the perspective of a UK-based international law firm. It particularly focuses on how due diligence requirements in the UK apply in practice to clients from high-risk jurisdictions.

Different approaches

Governments have increasingly turned to the private sector to identify and report money laundering. The FATF’s revised mandate describes private industry as being at “the frontline of the global fight against money launderers and terrorist financiers”. Unfortunately, however, organisations have not travelled to that AML frontline voluntarily. Governments have tackled the problem with rather more stick than carrot, using criminal laws, often with extra-territorial effect. Regulated businesses have been frogmarched to the frontline with a pistol muzzle planted firmly in the small of their backs.

Despite the FATF’s role in formulating AML strategy, different jurisdictions have also invariably taken different approaches to tackling money laundering. Attempting to solve a global problem like money laundering through the application of local criminal laws has created inconsistencies and ambiguity. These differences provide unique and expensive challenges to international businesses thrust to the AML frontline by making it incredibly difficult to present a unified, ‘one business’ approach to clients. 

Managing a minefield

Businesses have three options in managing their AML programmes, none of which are particularly satisfactory. They can apply differential AML standards and processes across their international network to meet local requirements, but this requires a lot of people with appropriate technical expertise to administer sophisticated systems that ‘quarantine’ offices from one another. Clients cannot be freely and seamlessly passported around such a network, and international cooperation on matters is inhibited while additional due diligence measures are being undertaken. Clients neither understand nor appreciate this delay, particularly if they have already gone through some form of due diligence.

Another option, then, is to apply a single global standard based on the highest AML standards applicable throughout the business’ international network. While this facilitates passporting, however, it can lead to competitive disadvantage for local offices, which will protest against the application of processes that they perceive as surplus and business inhibiting.

Finally, and least satisfactorily, businesses can ignore the issue and hope they aren’t caught out.

The prohibitively high stakes for non-compliance now make this last option far less attractive than it might once have been. Non-compliance often has criminal consequences. Where custodial sentences aren’t handed out, businesses can face hefty fines.

ABN AMRO was recently fined US$500 million  by the US Department of Justice (DOJ) for such failures and breaches of the Bank Secrecy Act. In the UK, the FSA recently fined online foreign exchange broker Alpira £140,000 for failing to put in place adequate AML procedures. While this pales in significance next to the DOJ fine against ABN AMRO, the FSA added an interesting twist by making the money laundering reporting officer personally liable for his part in the failure, to the tune of £14,000. These sorts of fines are also not just limited to financial institutions. Recently the FSA fined Atlantic Law, a West London boutique law firm, £400,000 in respect of its involvement in and failure to report a boiler-room fraud.  

UK due diligence

In the UK, the requirement to undertake customer due diligence is imposed by the Money Laundering Regulations 2007 (MLR07), which transposes the EU’s Third Anti-Money Laundering Directive 2005/06/EC. The prohibitions on money laundering and the requirement to report suspicions of money laundering are contained in the Proceeds of Crime Act 2002 (POCA).

Under MLR07, client due diligence measures are applied on a risk-based approach. This involves assessing the AML risk of clients and their matters to determine what client information and verification of that information is needed. Regulated organisations need to understand the nature and intended purpose of their business relationship with a client and that client’s source of funds and wealth. They also need to identify the real persons who ultimately own and control more than 25% of ‘the client’. All of this needs to be done before forming a business relationship and starting work (except in limited circumstances). There
is also a requirement to monitor clients on an ongoing basis. The level of monitoring is driven by the level of AML risk a client poses.

Certain kinds of clients are designated high risk and organisations need to undertake mandatory enhanced measures when identifying and monitoring these clients. These include politically-exposed persons, individuals not met in person, and clients who are ‘otherwise high risk’. There is nothing prescribing what constitutes ‘enhanced’ but it generally requires getting more client information and independent verification of that evidence.

Paradoxically, this means that the highest standards of due diligence and ongoing monitoring often apply to clients from countries with the lowest levels of transparency and available corporate and financial information.  

High-risk jurisdictions

This problem often presents itself in emerging markets that score poorly on Transparency International’s Corruption Perceptions Index, meaning they have high levels of perceived corruption. These markets will sometimes have a form of AML law in place, but it is often unclear how it is enforced in practice. There is also, generally, little to no publicly available corporate or financial information about clients in these jurisdictions, and most significant commercial work involves the government or a body connected with the government.

Clients from these jurisdictions, perhaps unsurprisingly, tend to be higher risk. This means regulated businesses not only need to confirm the usual due diligence details, but also need additional independent verification of that evidence and ongoing monitoring.

Usually, however, the only place to get this information is from the clients themselves. There is often little to no opportunity to seek independent verification of these details. You may be able to seek confirmation from a local law firm or accountancy firm as a nod to the independent verification requirements. Where, however, does this really take you in terms of identifying money launderers or giving you comfort when the client is based in a high-risk country? Probably not very far. If your client is money laundering, they are unlikely to unwittingly let that fact slip when self-certifying information to you, and are likely to be able to afford the assistance of professional services providers.

Clients from these jurisdictions can also be suspicious of anyone collecting personal information about the ownership and control structures of their ventures. This sensitivity is especially present when enquiring about the source of wealth and funds. Sometimes they are suspicious with good reason – particularly if they are based in a politically unstable jurisdiction prone to persecution and government acquisition of private assets. Explaining the operation of non-disclosure agreements and duties of confidentiality can help, but will not always.

There are also often cultural barriers to clients disclosing these sorts of details. Requests can often be perceived as distrustful, accusatorial and completely at odds with developing a long-term relationship or business partnership. It is not uncommon for such clients to go to a competitor who does not, or chooses not, to apply those same standards. The result is that UK businesses may find themselves trying to foist English cultural and business standards and expectations on clients with very different expectations and operating arrangements.

There is also a risk that AML measures that are too burdensome, or unlikely to be genuinely effective, are approached as bureaucratic ‘tick box’ exercises, rather than addressing the fundamental issues associated with money laundering. AML due-diligence processes risk being viewed as administrative and valueless hoops. This is unhelpful for compliance officers and management, and detrimental to the FATF’s aim to stamp out money laundering.  

Effectiveness of requirements

From the perspective of a legal services provider, does the current due-diligence regime justify the cost of administering it? That is admittedly a far easier question to write than answer. One thing for certain is that the cost is considerable and rising.

European lawyers were first captured by the second EU AML Directive because of their role in setting up legal structures and facilitating transactions that were essential for the layering and integrating of criminal proceeds. The close fiduciary relationship of trust and confidence that lawyers share with their clients, and their role in matters, means they invariably learn about their clients’ transactions in great detail. Those transactions are objectively viewed and tested.

It is in the course of testing and reviewing transactions that suspicions most often arise. Something about the fundamental commerciality of the transaction may not make sense, or the client may otherwise be acting suspiciously.

Client due diligence information very rarely has a direct impact on the identification of a reportable suspicion of money laundering under POCA. It is telling that the vast majority of the 4,772 suspicious activity reports that UK law firms filed last year would have involved (directly or indirectly) clients who have cleared the AML identification process. This position may be different for other professionals (for example, banking) but it probably similarly applies to the accounting profession.

Does all this mean that we should do away with due diligence requirements? I don’t think that view is supportable. Governments should, however, consider whether and how they enforce criminal laws, applying stringent due diligence requirements with broad extraterritorial reach. They would do well to reconsider whether criminal sanctions are appropriate and whether greater flexibility and cooperation are needed with other regimes. Efforts should also be made to introduce minimum standards of corporate and financial transparency globally. AML regimes should be modified to recognise the current lack of those minimum standards.

Governments could also benefit from thinking about ways to positively reinforce or encourage organisations to approach AML seriously and substantively. This may mean lowering the ‘stick’ in favour of using the carrot. By way of reward for having robust and substantively compliant AML processes, companies could be given preferred status on government contracts or even tax incentives. It may even be helpful to introduce an internationally recognised standard for AML procedures at an organisational rather than just country level. This could help firms to market their AML compliance functions and realise some of their return on investment.