Skinning the Money Laundering Monster — Are You Doing It Right?
The evolution of banking technology, and with it cryptocurrencies, has created alternative methods to transfer, invest and even define money. As banks try to re-invent themselves in this digital era, they face strong operational risks such as money laundering. How can they master them? A view from Singapore.
In August 2016, the Monetary Authority of Singapore (MAS) created a dedicated anti-money laundering (AML) department which consolidates regulatory policies linked to money laundering and other illicit financing into one unit.1 In addition, a supervisory team was set up to monitor these risks and carry out onsite supervision of how financial institutions manage them. Between 2016 and 2017, banks in Singapore were fined approximately SGD 29.1 million (fig. 1) due to severe breaches of the Money Authority of Singapore (MSA-6262). These were uncovered during an investigation into the «1Malaysia Development Berhad» (1MDB), the state investment fund that faced charges of alleged impropriety.3 The breaches highlighted significant lapses in the bank’s customer due diligence measures; and controls for ongoing monitoring. They also reflected an inadequate assessment of irregularities in client behaviour as well as delays in reporting suspicious activity. Regulators noted that the failings were due to several factors, including inadequate policies and procedures, insufficient oversight of front office staff and a lack of sufficient knowledge of risks related to money laundering among some staff. Audit findings have brought to light the absence of proper monitoring of suspicious activities as well as the inadequacy of the control framework to ensure implementation of robust policies and procedures. The result of these investigations has pushed regulators to enforce higher standards for AML and for compliance focused on countering financing of terrorism (CFT).
To help combat money laundering risks and adhere to new regulatory guidance, banks in Singapore have taken steps to collaborate. For instance, in February 2016 the OCBC Bank Singapore initiated the «Open Vault», where FinTech companies could submit proposals for AML solutions.4 Additionally, UBS is sponsoring the Wealth Management Institute Anti- Money Laundering Risk Management Program to reinforce Singapore’s status as a financial centre that adheres to the highest standards.5
The robustness of policies in one bank or one country branch cannot, however, be determined to be as robust as in another. There are several risk factors related to money laundering that can influence the implementation of AML/CFT guidelines in a bank. These factors include the types of products and services offered by the bank, the volume of cash transactions, the primary source of wealth as well as the political, economic and cultural environment the bank operates in.
Risk factors of money laundering
The strong presence of cash-based industries like the casino industry as well as low value money-changing and remittance businsses in Southeast Asia are a significant driver of money laundering in Singapore and Hong Kong. Cash transactions are a key impediment to the effectiveness of AML/CFT oversight and reporting systems as they generally do not leave electronic records. This makes them difficult to track and report. In 2015, US authorities reported that drug proceeds amounting to USD 5 billion were laundered through casinos and currency exchanges before reaching bank accounts in Hong Kong and China.6
Political, social, cultural and legal norms: With more than three quarters of funds managed in Singapore and Hong Kong coming from abroad, banks there may be exposed to risks stemming from regulatory gaps or weaknesses associated with those funds. Not all financial institutions may be subject to the same regulatory guidance, leading to higher AML risk for cross-border payments and transfers. Furthermore, some regions are politically or economically unstable and exhibit high levels of corruption. In addition, the continued tolerance of nominee-owned accounts by regulatory authorities in certain locations prevents proper identification of beneficial ownership. This in turn reduces transparency and hinders enforcement of «Know-Your-Customer» (KYC) requirements on banks in the relevant regulatory environments.
Advent of cryptocurrencies: Traditional methods of banking capture a client’s KYC information and documentation when the account is opened. Conversely, cryptocurrencies, with their inherent anonymity and decentralised systems, create obstacles for regulators and banks to identify and mitigate risks from money laundering and terrorist financing. It is essential that current AML frameworks be modified to address gaps in information related to client activity or payments introduced by novel technologies like crypto- currencies. MAS and the Association of Banks in Singapore (ABS) are exploring the benefits of leveraging blockchain technology to move from a «black-box» to a more transparent yet secure banking ecosystem.7
Where are the banks struggling?
Below are the current challenges banks face in preventing «dirty money» from circulating into the system.
High volume of false-positive results: With increasing availability of information, the number of alerts triggered during client review and transaction screening processes remains a challenge for many banks. A high number of irrelevant and false-positive results cast doubt on the current capabilities of AML screening systems and deplete the scarce resource of highly trained AML staff to investigate and manually filter such alerts.
Outdated rules-based detection systems: The current tools used to monitor suspicious transactions are primarily rules-based systems, where the same assumptions are made for each client regardless of their financial background and intended purpose of the account. Furthermore, most of these systems are not capable of learning from previously approved transactions leading to duplication of effort during reviews. Banks also struggle to compile and process all relevant information for complex transactions such as trade-based transactions or those involving correspondent banks.
Distribution of data across multiple platforms: Though banks are constantly striving to improve the system user experience for relationship managers and compliance staff, information related to client activity is rarely aggregated on one platform. Adverse news, screening results, changes in the client’s KYC information, account activities and previous investigations provide a holistic view of the client. Not viewing this information together may affect the timeliness of identifying suspicious activity. Connection to money laundering wrongdoing can also impair a bank’s reputation. In 2016, MAS directed BSI bank to shut down operations in Singapore due to breaches of AML regulation and poor oversight by senior management. Also in 2017, MAS issued large fines to banks such as Credit Suisse and UOB due to weakness in their control processes and breaches of AML regulation.
Lack of ownership and accountability: Following their involvement in the 1MDB scandal of 2016, DBS and UBS declared that they would take appropriate action to hold staff, including senior executives, accountable for lapses in implementing proper AML policies.8
How to strengthen the AML framework?
As money launderers and terrorists become more sophisticated, banks should invest in advanced systems and specialized staff to continue the fight against financial crime, money launderers and terrorists.
Use a smart approach for screening: Banks should navigate away from simple rules-based systems to a more flexible approach using fuzzy logic and machine learning. Client screening can be made more accurate by matching multiple parameters such as date of birth, country, nationality along with the client name and any aliases. This reduces the effort required to filter out false-positive results. Transaction monitoring can use machine learning to identify out-of-pattern transactions according to the client’s transactional history and anticipated account activity. The client’s employment industry, source of funds and expected payment counter-parties are also taken into account.
Connect to AML-specific databases: With information moving from paper and computers to cloud storage services, banks can subscribe to databases to garner more additional information related to transactions such as shipment and price validations for trade-based transactions. Using third-party proprietary data to ensure the completeness and accuracy of information can help to detect changes in client activity and unusual transactions, as well as allow for timely reporting of suspicious transactions.
Leverage on payment data: With a large volume of clients and transactions, banks can collect the data of multiple payment counterparties and connected parties over time. This information is usually not available to extract from internal databases. Banks can now use technology to verify and consolidate details of major counterparties and connected parties and identify any common networks. This helps banks to identify high- risk clients and accounts more accurately and to determine whether more due diligence is required on certain counterparties.
One platform for a holistic review: As recommended by regulators, banks perform regular client reviews to capture any changes in KYC information and expected account activity over a given period. To help relationship managers and compliance units perform comprehensive reviews, banks should implement a single platform which:
- Extracts the captured KYC, client activity and payment information.
- Refreshes information using internal and external data-bases like adverse news and «politically exposed persons (PEP)»/sanctions screening.
- Displays a summary of changes in a client’s risk profile alongside any current or previously reported unusual transactions.
- Captures and displays the frequency at which the client’s profile has changed as an additional parameter for possible investigation.
Strengthen the risk culture: Banks can benefit from positive publicity when displaying efforts to comply with regulators. Professional organizations such as The «The Asian Banker» grant awards every year for top anti-money laundering implementation. To establish an effective risk culture, banks should adhere to the following («The Award 2018»):
Setting the tone from the top (TFTT)
TFTT ensures that the views and expectations of senior management are clearly communicated and in line with corporate strategy and values. TFTT should be incorpo- rated into all applicable communication campaigns and initiatives.
Creating incentives to comply
Banks should formulate a clear governance process that incentivises staff to live by the right risk culture and to be responsible.
Investing in people
With recent changes in AML regulation, demands on employees have broadened. Thorough risk and compliance training engenders confidence in employees and bank management.
Given the volume and complexity of AML cases, banks should consider unconventional methods and market proven technologies to uncover them. They enable banks to read unstructured data, connect the information gathered from various sources and implement predictive methods to detect unknowns. To make effective use of the technologies, a strong understanding of business and technology – including less conventional software development – is required.