The race is on: banks and regulators prepare for AML changes

Aamir Khan is general counsel and head of London office at Clutch Group

The European Union and the larger international policy community have given substantial attention to anti-money laundering regimes this year, cueing both financial institutions and regulators to begin the race to implement and enforce respectively, writes Aamir Khan, general counsel and head of London office at Clutch Group.

The Financial Action Task Force and European Commission have spearheaded these efforts.  Most recently the European Commission released the final drafts of the Fourth Money Laundering Directive (MLD4) and accompanying EU regulation. Earlier in the year, the FATF released a report detailing deficiencies in AML supervision, shining a light on weaker regimes and corporate violations.

Both developments have increased the pressure on governments and financial institutions alike, but this is just the beginning. The implementation of MLD4, adoption of EU regulations and response to the deficiencies report will almost certainly lead to future studies, examinations, increased supervision and enforcement actions.

Spotlight on Poor Performers

In February, the FATF published its assessment on gaps and deficiencies in the prevention of money laundering and terrorist financing.  The FATF characterized these gaps as major threats to the integrity of global financial systems. Iran and North Korea were identified as the countries with the highest risk levels, followed by Algeria, Ethiopia, Indonesia, Myanmar, Pakistan, Syria, Turkey and Yemen. Kenya and Tanzania’s AML regimes were said to be improving.  The FATF cautioned against businesses engaging with other businesses and government officials from these countries. Although loose recommendations were provided for high-risk countries, the FATF did not provide any concrete guidance, leaving most of the responsibility on member countries and corporations.

New Directive Ushers in Coordinated Regulatory Campaign

The European Commission’s MLD4 was published this February, concurrently with draft EU regulation on information accompanying fund transfers. Both actions are the result of the European Commission’s renewed focus on money laundering and terrorist financing prevention, stemming from the new international AML standards published in 2012.  It has been nearly a decade since the last money laundering directive was published and the new MLD4 will make considerable strides to coordinate and standardize AML enforcement across the EU. Although MLD4 is primarily a prescriptive document for member state governments, the implications for the financial services industry are considerable. MLD4 will redefine AML regimes, from internal policies and procedures, to recordkeeping and liabilities.

MLD4 will synchronize the efforts of the European Commission, FATF and EU member state governments to bring about aggressive enforcement. Recent AML developments also align with other simultaneous EU programs, including the Stockholm Programme and the EU International Security Strategy. While uniformity may benefit certain financial institutions operating in multiple countries by streamlining compliance standards, ultimately, this campaign will raise the bar of AML requirements for all member states and increase the number of policing bodies.

Directions to Enforce

The new money laundering directive is just that – a directive for legislative bodies, court systems, regulators and international policy bodies to pursue thorough enforcement, or as the European Commission describes it, “repressive responses to money laundering.”  These entities have their marching orders to enhance AML supervision and implement new requirements by no later than 2016.  Financial institutions should begin preparing for a robust and coordinated review of their AML policies.

Under MLD4, member states are required to ensure that financial institutions can be held liable for violations under the applicable national legal frameworks. Governments are also required to establish financial intelligence units to collect and monitor suspicious activity. Certain member states may even be required to expand the authority of their regulatory and supervisory agencies. Article 45 requires that member states empower their authorities to compel the disclosure of relevant information, maintain regular monitoring, and have sufficient resources at their disposal.

AML Developments Are Doubled Edged Sword for Banks

The release of MLD4, its accompanying EU regulation and the AML deficiencies survey, fires the starting gun for financial institutions. And the race begins for a swift compliance roll out.  Considering how detailed the new MLD4 requirements are, it is unlikely that there will be any delay in regulatory administration once the provisions become effective. Thankfully, financial institutions can also benefit from the detailed requirements. MLD4 clearly outlines the following new requirements and standards:  the prohibition of anonymous accounts; the inclusion of tax evasion as a predicate offence for AML violations; enhanced customer due diligence demands; heightened data protection; thorough recordkeeping; and an update of internal AML compliance programs.

Despite some areas of clarity, financial institutions face challenges with the more subjective risk-based approach proposed by the European Commission. MLD4 redesigns AML enforcement through the implementation of this approach.  The new approach will increase the subjectivity required to make determinations on risk classification and information collection and verification. Financial institutions will be required to support AML decisions with evidence-based justifications, which will then undoubtedly be scrutinized by supervisory agencies.  Based on the proposal language, it appears that financial institutions will also be expected to allocate additional resources to identified high risk areas. MLD4 states that financial institutions must mitigate, identify, document and update risk assessments, and will be held “fully accountable for the decisions they make.”

Off to the Races

With MLD4 and the EU regulation finalized, financial institutions and member state governments have no choice but to push forward to implementation, just two short years down the road. Countries that lag behind and fail to meet new standards, can expect more embarrassing deficiency reports that could harm their domestic business environment. For financial institutions that fail to take proactive steps, the penalties are more severe.  Article 56 outlines an intimidating list of minimum penalties, including:  public publishing of violations; cease and desist orders for illegal conduct; withdrawal of business authorizations if applicable; restrictions on members of management participating in business; fines of up to 10 percent of annual profit of individuals; administrative sanctions up to €5,000,000; or administrative sanctions up to double the amount of profits gained from violation.  Either way, both regulators and financial institutions would be wise to get started on the implementation marathon that awaits them.