Introduction

As money laundering is typically secretive, it can be difficult to estimate just how much is laundered each year, though the UNODC suggests that it’s around 0.8 to 2 trillion US dollars; an eye-watering amount. This has been fuelled even more so by the impact of the pandemic, meaning there is a growing need for anti-money laundering (AML) and know your customer (KYC) defences as financial crime levels rise.

It's no surprise then, that fighting financial crime costs global institutions a staggering amount of money - with more than $213 billion US dollars spent on financial crime compliance in 2020. Moreover, a recent study reports that mid-to-large financial institutions in the highest spending EMEA markets typically fork out $45-48 million US dollars on anti-money laundering compliance - a double-digit percentage increase on 2019 levels.

Despite this high spending, more than 99% of money laundering proceeds remain in the hands of criminal gangs. It's not just the massive amounts of money that go unseized that’s troubling, but how it emboldens these criminals involved in terrorism, drug trafficking, human exploitation, arms trafficking, fraud, tax evasion and a host of other illegal activities.

A lack of informed data often causes financial institutions (FIs) to try and mitigate these risks by exiting markets where these risks are perceived to be higher. Therefore the current anti-money laundering system can restrict operational efficiency and revenue growth for banks due to a lack of standardisation and over-reliance on risk-based methods such as de-risking - therefore failing FIs and the markets they operate in. 

From risk remediation programmes all the way up to regulation - why isn't the current system working? Here are 5 reasons:

1. Current AML programmes focus more on technical processes than effectiveness

An important problem with current AML programmes, Wolfsberg emphasises in its Statement on Effectiveness, is that national supervisors focus solely on technical processes, not necessarily on the effectiveness of anti-money laundering measures. In trying to optimise on technical processes and legal policy implementation through increased spending, FIs are not allocating enough of these resources into trying to prevent crime, improve their risk assessment systems, or locating the origin of it.

To encourage more firms to detect and deter illicit activity, the Wolfsberg Group points to the Financial Action Task Force’s guidance on effective outcomes, encouraging all jurisdictions to promote AML/CTF programmes that:

  • comply with all AML/CTF laws and regulations; 
  • provide useful information to relevant government agencies in defined priority areas;
  • establish a reasonable and risk-based set of controls to mitigate the risks of an institution being used to facilitate illicit activity.

In spite of the importance of this guidance, the results of these measures might differ depending on whether an institution uses ‘confiscated assets’ or ‘seized assets’ as its bar, as well as the illicit markets they focus on, leaving it difficult to make meaningful comparisons between firms.

2. There is a lack of standardised regulation across the industry and markets

In line with a risk-based approach to financial crime, regulators and the global financial services industry are calling for improved anti-money laundering measures. Whilst this call for action has created more regulation for FIs to try to implement, much of it is ambiguous and open to the interpretation of the institutions themselves. 

For example, a risk-based approach to financial crime management was established by the Financial Action Task Force (FATF) in its guidance note from 2014. They state that “a risk-based approach means that countries, competent authorities, and banks identify, assess, and understand the money laundering and terrorist financing risk to which they are exposed, and take the appropriate mitigation measures in accordance with the level of risk.” They also address what banks, countries, and competent authorities should do to mitigate money laundering and terrorist financing.

According to this FATF guidance, organisations should decide where to focus their efforts, and they are encouraged to take stronger measures in high-risk situations and simpler ones in low-risk situations; this approach is also intended to prevent institutions from hastily de-risking in a way that could impair the functioning of markets. 

Similarly, the Office of Terrorism and Financial Intelligence and the Financial Crimes Enforcement Network (FinCEN) released a joint statement in 2019, outlining common practices for assessing the money laundering and terrorist financing risk profile of institutions.

Building on the FATF principles, the statement outlined how both bodies had been able to allocate more resources to higher-risk areas, and fewer to lower-risk areas when conducting their examinations, although the statement fell short of establishing new requirements. 

Although providing guidance in these cases is laudable, this kind of regulation still allows a wide variety of processes to be implemented. As far as measuring and defining financial crime risks across countries, product lines, and customer types, there are no set guidelines. Institutions determine their own risk appetite, establish mitigating controls, and allocate resources for risk management based on their own internal policies. As a result, a lack of industry standards may lead to FIs taking limited action or taking wildly different actions in response to financial crime risk. 

3. An over reliance on the risk-based approach to financial crime leads to operational setbacks

Anti-financial crime management is largely risk-based. That means policy and resources are prioritised based on the highest levels of security and transactional risk. This is why the process is flawed:

It’s inefficient

Risk-based calculations still rely largely on manual processes, despite improvements in other areas of risk management. Traditional AML operations gather, queue, and review unusual or suspicious transactions individually before approving or declining them and often manual systems like Excel are used to make these calculations. In the modern world, payments have become faster due to technology adoption and online banking, and risk assessment teams are under increasing pressure to process payments more quickly. 

Moreover, since correspondent banks cannot make compromises in this area, meeting both customers' expectations and AML obligations can be more challenging to strike a balance between. An added layer of complexity is caused when it comes to communicating or relaying this data to correspondent banking partners - slowing down the due diligence process and reducing the likelihood of successful partnerships.

It’s outdated

Many processes are conducted annually, taking up to six months to complete, by which time they may be outdated. It’s also been some time since the existing AML framework has been able to keep up with the demands of international payments. As payment systems meet the ever-intensifying needs of consumers, businesses, and FIs, this trend has intensified, increasing volume, velocity, and variety of transactions. These lengthy processes can also cause friction between compliance teams and revenue generating functions.

It’s subjective 

Due to a lack of data involved in decisions to enter different markets or work with different customers, some of these processes can't provide objective insights - preventing opportunities from being evaluated fairly and limiting institutions' ability to spot new areas for growth.

4. Lack of data can make it hard to evaluate counterparty risk effectively, causing large threats to go unnoticed 

Correspondent banks play a crucial role in cross-border payments by allowing banks to process international transactions without having to maintain physical presences in all the jurisdictions where they do business. The payments are instead facilitated through the provision of banking services by one bank (the correspondent bank) to another (the respondent bank). 

Correspondent banks are typically the largest, most active international banks that provide services to customers with more complex needs, including foreign exchange and cross-border payments and wire transfers. Correspondent banking is perceived by the market to be a much greater risk when it comes to financial crime, since correspondents are not acting on behalf of their own customers.

The key problem for correspondent banks is that they need to be able to show that their respondent bank customers have adequate financial crime controls in place and this is difficult without appropriate reporting metrics, tools and analytics readily at their disposal.

Despite the Wolfsberg Group guidance on managing correspondent banking activity risk and its industry standard questionnaire for due diligence processes, access to the full level of detail required to evaluate correspondent banking risk comprehensively remains a challenge. The failure of several recent efforts to identify high risk scenarios has demonstrated this. 

For example, several banks in Danske Bank's network, including Deutsche Bank, reduced correspondent banking exposure after a $200 billion money laundering scandal at Danske Bank. In both cases, institutions were found to have treated financial crime risk as an operational and regulatory issue rather than a governance one.

And now, with Dankse Bank pleading guilty to fraud for enabling money laundering in December 2022, the current climate shows that the existing system more than ever is failing financial networks in which these large banks operate. This limited stance left a dangerous lack of clarity at the highest levels of authority, blurring the lines between risk factors and ultimately contributing to a failure of internal controls. 

5. A wave of de-risking closes doors for regional markets

As a result of these multiple failures to detect counterparty risk at scale, several financial institutions have pulled out of certain markets.This has triggered a wave of de-risking - precisely the kind that the FATF had hoped to avert, washing across the global financial services landscape and sweeping away a number of important correspondent banks. For example, there has been a 22% drop in active correspondent banks between 2011 and 2019, and a similar concentration of activity amongst fewer entities.

In both the local and wider economies, the loss of so much correspondent banking activity has had negative consequences on mid-tier and regional players, who have had to deal with the loss of revenue, since they rely on correspondent banking relationships to serve more complex and profitable international customers. In their place, large players with established global reach have hoovered up demand; reducing competition and choice for customers, as well as the overall level of correspondent banking service revenue in the system.

De-risking has also led to financial crime risks shifting to the fringes of the industry, where high standards and controls might otherwise be lacking. For example, a range of non-bank financial institutions (NBFIs) and other informal non-banking channels have gained in popularity. In some cases, less stringent reporting or fully opaque business practices can effectively make AML and counter-terrorist financing impossible to monitor, leading to greater problems down the road. Non-governmental organisations (NGOs) and humanitarian organisations in countries like Bangladesh and Mexico have also reported a negative impact on financial inclusion and access to funds.

So how can we improve the AML and risk assessment system?

Many FIs lack adequate systems to assess whether their AML and risk assessment systems are achieving desired outcomes, or even to define what those outcomes are, making it difficult to communicate their trustworthiness to their correspondent banking partners. To prevent being de-risked and strengthen their relationships with their correspondent banks, banks need to be able to rapidly detect financial crime issues and remediate these.

In order for the system to work, institutions need to have a single source of truth to benchmark against. A transparent, objective monitor is needed that provides standardised criteria, increases trust between corresponding banks and counterparties, and prevents unnecessary de-risking that could lead to market instability - all while remaining efficient. 

If you want to learn more about how to build effective correspondent banking relationships in the context of de-risking and multiple regulatory guidance, you can download our guide to building stronger relationships with your correspondent partners below.

In this guide, we discuss how to build comprehensive risk assessment programmes, impress your banking partners with reliable transaction data while maximising business opportunities through reducing friction with internal teams. We also show you how Elucidate's platform can help you strengthen your banking relationships by providing one common risk ratings solution for analysing financial crime risk.

Download the guide below