Tracking down dirty cash

Money laundering is the third largest business in the world. The International Monetary Fund (IMF) estimates laundering amounts globally to between US$590 billion and US$1.5 trillion a year – two to five percent of the world’s GDP. Criminals, drug barons, smugglers, arms dealers and tax evaders need to launder their ill-gotten gains in an effort to disguise the source of their wealth from the authorities. And in this new age of global transactions and electronic transfers at the click of a mouse, criminals have the ability to move their cash to almost anywhere in the world and avoid the scrutiny of investigators.

But while the government is training its sights on money launderers, financial institutions are increasingly finding themselves under pressure to spot and report suspicious transactions. In 1986, the US government became the first in the world to criminalize money laundering. But it took the 9/11 terrorist attacks for the laws to be given an overhaul with the introduction of the Patriot Act 2001 – a far-reaching anti-terror bill that provided amendments to previous banking and money laundering laws such as the Bank Secrecy Act (BSA).

The Act was introduced to strengthen, protect and prosecute international money laundering and financial terrorism. It also set out to combat terrorists transferring funds through US banks to fund attacks. But although the Bush administration insisted it was a serious effort to crack down on money laundering and the financing of terrorism, some questioned whether the new anti-terror Act wasn’t merely a knee-jerk reaction. Banks were unsure of the legislation and unwilling to invest heavily in complying with the raft of complex anti-money laundering compliance rules. They pointed out that whilst money laundering starts with a crime, evidence suggests that much terrorist funding originates from legitimate sources. The sums involved in funding terrorist activity are also relatively small when compared to the multi-billion dollar money laundering industry. For instance, the 9/11 plot cost the al Qaeda terror network the relatively small sum of US$400,000, of which approximately US$300,000 passed through the hijackers’ US bank accounts. A paper trail was later discovered in the United Arab Emirates and Germany, but the terrorists moved their money in such a routine way that it never aroused the suspicions of the banks.

However, those institutions that fail to comply with the updated anti-money laundering (AML) legislation face serious consequences – large fines, damage to their reputations, share depreciation and even imprisonment for culpable executives. Despite the high stakes, many grappled with the 300 pages of legislation but struggled to pin down the full extent of their responsibilities. Banks have been walking a financial tightrope since 2001 – on the one hand they face heavy fines from the Department of the Treasury, but at the same time implementing adequate AML measures costs serious money. To date, AML compliance has set the industry back several billion dollars.

Carol Beaumier, Managing Director of Protiviti – an internal audit and business and technology risk consultancy firm – says companies are still struggling to meet government demands on money laundering. “Financial institutions have significantly expanded their AML compliance departments and, with the increased use of technology, the sophistication of their AML programs,” she explains. “Many have very effective AML programs, but the number of money laundering-related enforcement actions issued by the US regulators suggests that financial institutions are still struggling to meet regulatory expectations.

“From the US government’s perspective, the Patriot Act (and specifically the information sharing requirement) has been successful in yielding productive leads for both money laundering and terrorist financing. Opponents of the Act continue to argue, however, that the costs do not justify the results.”

The Act lays down strict regulations for international banks that do business with US-based financial institutions. At the time the Act was introduced, bankers argued that it would severely hamper their business with correspondent banks. There were also the added costs of administration, implementation of anti-money laundering (AML) measures and the training of staff in how to spot and report suspicious transactions – all of which gave the banks a financial headache.

The Patriot Act states that banks must file a suspicious activity report (SAR) if they find any transaction (or series of related transactions) of US$10,000 or more. However, by making a multitude of transactions smaller than this threshold (known as smurfing) launderers attempt to operate below the radar. The Act also requires banks to carry out know your customer (KYC) checks on new account holders and close correspondent accounts with foreign shell banks (banks not physically based in any country but situated ‘virtually’ in offshore zones to avoid taxes and regulations). The KYC requirement, whilst time-consuming, enables the authorities to track those about to recycle illicit cash and deters would-be launderers from using US banks. Some institutions argue that the scrutiny of customers has led to a loss of business. This does not cut any ice with the Department of the Treasury, which has been sending out a clear message – “comply with the regulations or face the consequences”.

Carl Fornaris, a partner in Miami law firm Greenberg Traurig and Co-Chair of the National Financial Institutions Practice, says the law was not clear from the outset. “Many of the BSA/AML buzzwords introduced by the regulators in implementing the Patriot Act include amorphous phrases like ‘risk assessment’ or ‘risk profile’ or ‘commensurate with risk’,” he explains. “When regulators promulgate unclear rules, it is fair to expect less than exacting results. Financial institutions whose senior management have been active in managing money laundering risk, who have invested heavily in BSA/AML technologies and who have hired additional compliance personnel have generally been quite successful in complying with the AML regulations of the Patriot Act. Conversely, senior management of institutions who have taken a passive approach to BSA/AML technology and the hiring of compliance personnel, particularly those doing cross border business, have in many cases found themselves trying to resolve regulatory criticism for their BSA/AML compliance programs.”

Despite the heavy penalties, a handful of large banks have already fallen foul of the Act and been snared by regulators. Last year, Riggs National Bank was fined more than US$40 million for failing to report suspicious transactions passing through its customers’ accounts. And in 2004, AmSouth – the US$48-billion asset bank – agreed to pay US$50 million in penalties and fines for not setting up adequate AML programs or conducting accurate or timely reports into strange banking activities.

Providing solutions

Following the clampdown on money laundering, a wealth of companies have sprung up offering AML solutions to identify suspicious transactions. The software monitors customer behavior and flags up strange transactions or money transfers. For example, if someone moves a large amount of cash to another country or jurisdiction then the system would alert the bank. The software can gather data from millions of transactions and analyze it using of hundreds of scenarios. It can also create profiles so that an alarm is raised if a customer performs transactions outside of their normal pattern of behavior.

“In addition to flagging transactions that are out of profile, rules-based software can also flag any transaction or activity that violates a business rule,” says Beaumier. “For example, a common rule is to flag any transaction involving particular countries that are designated high-risk by the institution.”

However, software is just one piece of the jigsaw. Banks need trained staff in order to detect and investigate suspicious banking activities. The legislation states that institutions should appoint a dedicated compliance officer with ongoing training. “The important thing to remember with any AML-related technology is that it is a tool, not a solution. Experienced staff and managers and staff are critical to ensuring that the technology is used correctly and that information is properly interpreted,” asserts Beaumier. Fornaris agrees: “In 2002 the marketplace began to witness a flood of new BSA/AML IT vendors competing for customers. Therefore institutions should be wary of the charlatan – typically a new vendor who has very limited experience in the BSA/AML space. Ironically, institutions should engage in ‘know your vendor’ diligence, conduct extensive checks on the vendor and ask for a follow up on customer references before engaging these vendors for IT services.”

A recent threat assessment by the federal government described money laundering as a “massive and evolving challenge”. “The volume of dirty money circulating through the United States is undeniably vast and criminals are enjoying new advantages with globalization and the advent of new financial services,” the report said. “Moving away from face-to-face customer interaction, particularly for (bank) account openings, challenges the traditional process of customer due diligence.” The assessment, drawn up by 16 different government agencies, found that most suspicious transactions were heading for criminal interests in South and Central America, Russia and the Caribbean Rim countries. However, it was discovered that just one percent of SARs filed by financial institutions was linked to funding terrorist activities.

Alain Damais, Executive Secretary of the Financial Action Task Force, feels accurate identification of account holders is key to complying with legislation. “The cornerstone of an effective AML program is indeed comprehensive customer identification and verification by financial institutions,” he suggests. “Criminals are trying to avoid being accurately identified when they open bank accounts or make financial transactions through the use of fraudulent or forged identification documents. Many financial institutions all over the world do implement robust AML programs and conduct comprehensive and ongoing training for their employees. Nevertheless, financial institutions may be unsure of how to respond to the challenges of AML, particularly in the face of new and emerging money laundering techniques. Rapidly developing technologies and financial products may create money laundering opportunities that were never foreseen by a financial institution when its AML program was developed.”

Richard Riece, Director for the Center of Regulatory Compliance at the American Bankers Association, says institutions are gradually getting to grips with the Act. “The learning curve has been steep, but many in the industry have demonstrated that they have been adept at the climb. Managing such a complex array of risk factors and priorities without having one or two business lines without having one fall short of expected performance is not so surprising. The current BSA policy imperative requires organizations to be vigilant about BSA compliance issues from top to bottom, from board room to back office.”

Banks agree that money laundering is a commercial and national security issue for businesses. The crime morphs into a variety of disguises and crime bosses are quick to adapt their laundering techniques in a bid to outfox the banks. Stemming the tide of black money flowing through US bank accounts is a huge and evolving challenge, especially with technology making it easier for money to be moved all over the world. Computerization, combined with the vast sums of money swirling around the system, has piled pressure on the banks to quickly identify and report suspicious activity. Only time will tell if they manage to gain the upper hand against the criminals.