Fincrime Briefing: Latvia fines SEB on AML, Wolfsberg shifts focus to compliance effectiveness, HSBC pays DOJ more than $190 million in tax fracas, and more

By Brian Monroe
bmonroe@acfcs.org
December 20, 2019

Quote of the Day: Very little is needed to make a happy life; it is all within yourself, in your way of thinking.” – Marcus Aurelius

In today’s briefing, Latvia continues AML compliance crackdown in Danske scandal aftermath, Wolfsberg asks for examiner credit for compliance effectiveness, HSBC Switzerland pays $192 million for tax evasion tactics, and more.

Please enjoy this unlocked story, part of the many benefits of being an ACFCS member.

Want to talk about industry trends, story ideas or get published? Feel free to reach out to ACFCS Vice President of Content Brian Monroe at the email address above. Now, on to more sweet sweet content!

LATVIA

Latvian regulator penalizes Sweden’s SEB bank nearly $2 million on lax AML controls, sanctions screening failures

In a continuing crackdown in the wake of European banking scandals, Latvia’s top financial regulator fined a Swedish bank nearly 1.8 million euros, or $2 million, for several financial crime and sanctions compliance failures – one in particular that led to dealing with a blacklisted entity.

Latvia’s Financial and Capital Market Commission (FCMC) stated that in several instances in recent years, in 2017 and 2019, the bank had failed to capture, vet and verify documentation around certain clients expected economic activity and beneficial ownership details to determine if transactional activity reached the threshold of suspicious.

“On certain limited occasions it was not fully ensured that the documentation proving the client’s economic activity had [been] acquired in a sufficient scope and quality to ascertain that the client’s transactions cannot be viewed as suspicious, as well as on certain limited occasions the client’s beneficial owner was not sufficiently proved or documented,” according to the penalty order.

SEB also ran afoul of EU and U.S. sanctions programs, in particular the complex, sprawling and undulating regime set up by the U.S. Treasury’s Office of Foreign Assets Control (OFAC).

The bank had “shortcomings” related to one customer in particular that had a subsidiary become designated after the parent operation was a customer.

The FCMC noted the bank struggled to have “correct and relevant” information tied to the customer and sanctions lists, leading to the “unblocking of funds for this certain customer” that should have remained frozen.

Part of the issue, according to the regulator, is that the bank maintained an “internal list” to screen for designated entities, but failed to adopt broader industry best practices by using an “external list” of “persons related to sanctioned persons that allows screening [for entities owned by sanctioned person that could] prevent similar cases.”

The FCMC noted that the relatively small size of the fine reflected that the bank’s overall financial crime risks were low and that SEB had proactively created an “action plan” to remediate the AML and sanctions issues and bolster counter-crime controls to prevent a similar failure to happen in the future.

The SEB penalty is the latest in a string fines on Latvian banks by the FCMC as Latvia tries to clean up its financial sector after several scandals, including the closure of ABLV last year after U.S. authorities accused it of money laundering.

Just weeks ago, the FCMC fined Baltic International Bank 1.56 million euros ($1.72 million) for lax AML controls in many high-risk areas, including the power brokers behind opaque ownership structures and highlighting and reporting on potentially suspicious transactions.

The regulator said in a statement that a review of the country’s eighth-biggest bank had shown it did not have an adequate control system for the prevention of money laundering and terrorism financing.

The FCMC detailed a bevy of failures in higher risk flashpoint areas, including beneficial owners, engaging in stronger due diligence for key customers and identify, investigating and reporting on large, aberrant and atypical transactions.

The regulator gave these reasons for the AML penalty against Baltic International:

  •      Beneficial ownership battles: in several cases, the Bank had not taken sufficient measures to make certain that a beneficial owner indicated was the beneficial owner;
  •      Source of funds: in several cases, the Bank had not obtained documentation and had not taken necessary measures to make certain of the origin of financial means in its customer accounts and had not documented conclusions;
  •      Scrimping on scrutiny: the Bank had not ensured appropriate and high-quality enhanced customer due diligence and the documentation of results thereof;
  •      The terminator: the Bank had not duly decided on termination of business relationship with customers;
  •      Short attention span theater: the Bank had not paid sufficient and special attention to untypical large, complex, inter-related transactions with no apparent economic purpose or clear legal purpose, including had not timely obtained documents supporting the economic activities of customers;

Meanwhile, Latvia’s central bank governor Ilmars Rimsevics is accused of bribery in the first corruption trial of a European Central Bank governor, (via the FCMC). To read SEB’s full statement, click here.

Monroe’s Musings: At the same time, even though these penalty figures are small compared to the multi-billion dollar figures levied in the United States, the FCMC has been increasing its oversight and proclivity to hand out fines for financial crime compliance failures in response to the Danske Bank money laundering scandal, which has rocked the European Union, Nordic and Baltic regions.

In the central pillar of the Danske scandal, the now-shuttered Estonian branch saw some $230 billion in suspect Russian funds flow through its operation, with financial rivulets running to Swedbank, Deutsche Bank and others.

The scandal has sparked investigative and regulatory probes in the U.S., Europe, Estonia, Latvia and other jurisdictions, with several top executives at once-shiny banking groups getting the axe.

Latvia is also under more pressure as it must prepare for an overall review of its country AML defenses by Moneyval, the European body that carries out country mutual evaluations for countries not currently members of the Paris-based Financial Action Task Force, the global counter-crime watchdog body. 

So look for this heightened enforcement focus in Latvia to continue.

COMPLIANCE

Influential Wolfsberg Group weighs in on AML compliance ‘effectiveness’ versus ‘technical compliance’ to shift exam needle toward results

An influential group of more than a dozen of the world’s largest banks has lent their considerable weight behind a shift in regulatory exam focus from checking boxes and “technical” compliance to a regime favoring “effectiveness” and giving credit to institutions actually helping law enforcement in the global fight against financial crime.

That is the message from the Wolfsberg Group, an association of thirteen global banks founded in 2000, which aims to develop frameworks and guidance for the management of financial crime risk under the broader ambit of anti-money laundering (AML) and countering the financing of terror (CFT) programs.

Here are some excerpts from the Wolfsberg missive:

The topic of effectiveness has also been more widely discussed across the AML/CTF community in recent years. In 2013, the Financial Action Task Force (FATF) determined that jurisdictions simply having reasonable legal frameworks in place for financial crime prevention was no longer sufficient.

FATF stated that “each country must enforce these measures, and ensure that the operational, law enforcement and legal components of an AML/CFT system work together effectively to deliver results: the 11 immediate outcomes.”1

As a result, FATF changed the way it conducted mutual evaluations of its member states, no longer focusing solely on technical compliance with its 40 Recommendations, but also evaluating the overall effectiveness of the AML/CTF regime based on evidence that the outcomes were being achieved.

Notwithstanding FATF’s approach, Financial Institutions (FIs) still tend to be examined by national supervisors almost exclusively on the basis of technical compliance rather than focusing on the practical element of whether AML/CTF programs are really making a difference in the fight against financial crime.

The Group believes that, in practice, there is as yet insufficient consideration of whether an FI’s AML/CTF program is effective in achieving the overall goals of the AML/CTF regime which go beyond technical compliance.

As a result, FIs devote a significant amount of resources to practices designed to maximize technical compliance, while not necessarily optimizing the detection or deterrence of illicit activity.

The Group believes that jurisdictions should adopt the FATF’s focus on effective outcomes and therefore, that an FI’s AML/CTF program should have three key elements:

  • 1. Comply with AML/CTF laws and regulations
  • 2.Provide highly useful information to relevant government agencies in defined priority areas
  • 3. Establish a reasonable and risk-based set of controls to mitigate the risks of an FI being used to facilitate illicit activity

The Group believes that supervisors and/or relevant government agencies should assess the effectiveness of an FI’s AML/CTF program based on the above criteria, recognizing that no two FIs are the same and each FI’s risk mitigation strategy must be tailored to meet its risk appetite, (via Wolfsberg).

Monroe’s Musings: This has been a long time coming. Wolfsberg is not known for making statements frequently – in fact quite the opposite. When the group finally decides to weigh in on an issue, the many players in the AML game take notice.

This statement is more evidence that the largest banks in the world are speaking in one unified voice and asking for a tectonic shift in regulatory focus – one from dinging banks on minor failings to prove they are not asleep at the wheel – from technical compliance with AML regulations to a dynamic where banks can be free to innovate and really stop bad guys.

In short, examiners will have to take a more collegial approach and give banks credit for being a part of major investigations and cases, and back off from singling out relatively minor program foibles out of context with the overall “effectiveness” of the program in aiding law enforcement in complex and multi-jurisdictional investigations.

Will examiners bite? At least in the U.S., this is already happening. Broad interagency regulatory statements have called for a different dynamic between examiner and bank, opening the door to an “era of innovation,” where banks tinker with new ideas, technologies and compliance structures – with the tacit support of the typically nitpicky regulator. 

EUROPEAN UNION

Europe’s money laundering crackdown is expanding beyond banks as investigators follow fincrime tendrils to payment processors

After dirty-cash scandals involving hundreds of billions of euros rocked some of the continent’s biggest banks, the Baltic region — where one of the biggest cases yet erupted — has begun a fresh clampdown.

This time, the target is payment-service providers, which as well as facilitating e-commerce often help people send money around the world at low costs – operations that may not be subject to the same anti-money laundering (AML) compliance rules as their brick-and-mortar brethren.

The risk is that criminals use them to conceal illicit transactions while scrutiny is focused on traditional banks.

The danger was flagged earlier this year by officials from the Nordic countries, which have been at the heart of developments after Danske Bank A/S admitted that much of about $230 billion that flowed through its tiny branch in Estonia may have been illicit.

There’s also been concern about big global players like London-based Revolut Ltd, which has a European banking license from Lithuania.

But it’s law enforcement and regulators in Tallinn, Riga and Vilnius — a hub for fintech companies — who’ve taken the most drastic action.

Estonian police this month detained three employees of GFC Good Finance Company AS over money laundering and embezzlement.

GFC, which had been operating since 2013 and controlled more than half of the 183 million-euro ($200 million) market in the first quarter of this year, had its license withdrawn in May. The authorities said it had “seriously breached” rules including know-your-client procedures.

In April, AS Talveaed — which had serviced higher-risk non-resident clients since 2011 — was also stripped of its license following “several years” of it violating legal obligations.

“We can confirm that after dealing with those cases, the risk in that sector has significantly declined,” financial watchdog head Kilvar Kessler said by email.

In Lithuania, the central bank fined payment company MisterTango UAB 245,000 euros ($270,000) in October for breaching anti-money laundering and counter-terrorist financing rules — the company’s third breach since 2016.

The bank has also toughened AML and capital requirements on electronic money and payment companies.

Latvia is similarly concerned. Its anti-money laundering watchdog deems some companies service foreign clients as high risk due to weaknesses in client vetting. In a risk assessment published this year, it said firms providing services to local clients could also be exposed to tax-fraud schemes.

Risks “are increased by the high vulnerability of the sector” to management of AML systems, according to the report, (via Bloomberg).

Monroe’s Musings: This is not entirely unexpected. With investigators and regulators in multiple jurisdictions mapping out many of the larger tendrils of the Danske Bank scandal, the lens then swings to the secondary entities supporting illicit financial flows.

That means a whole universe of entities that move and process monetary transactions – money remitters, payment processors, currency exchangers and others – now get their AML controls, or lack thereof, scrutinized. Look for more penalties against these operations – and a mad rush by the rest to figure out how to spell AML. 

TAX EVASION

In DOJ DPA, Swiss unit of HSBC pays more than $190 million for helping clients evade taxes for more than a decade

The Swiss unit of banking giant HSBC will pay U.S. authorities $192 million for helping clients evade taxes, admitting the operation engaged in a broad scheme for more than a decade that employed numbered accounts, offshore secrecy havens and secret trips to sunny South Florida.

The U.S. Department of Justice (DOJ) detailed the failings in a deferred prosecution agreement (DPA) with HSBC Private Bank (Suisse) SA is just the latest in a string of high-profile tax evasion settlements with banks in Switzerland – a concerted effort that has effectively cracked the seemingly invulnerable bastion of Swiss bank secrecy.

Over roughly the last decade, the U.S. has played hardball with many of the largest banking groups in the world, extracting billions of dollars in penalties, concessions and data from institutions including Credit Suisse, UBS, and more than 80 other related non-prosecution agreements (NPAs) under a Swiss bank program, representing many of the regions largest banks, such as Société Générale, BNP Paribas and others.  

As part of the settlement, HSBC Switzerland will pay a total civil and criminal fine of more than $192 million, including a civil forfeiture of $71.8 million, for proceeds illegally derived from their conduct.

HSBC Switzerland admitted that between 2000 and 2010 it conspired with its employees, third-party and wholly owned fiduciaries, and U.S. clients to evade taxes, eventually amassing undeclared assets worth more than $1 billion.

In 2002, the bank had approximately 720 undeclared U.S. client relationships, with an aggregate value of more than $800 million. When the bank’s undeclared assets under management reached their peak in 2007, HSBC Switzerland held approximately $1.26 billion in undeclared assets for U.S. clients. 

The DPA also requires HSBC Switzerland to affirmatively disclose information it may later uncover regarding U.S.-related accounts, as well as to disclose information consistent with the department’s Swiss Bank Program relating to accounts closed between Jan. 1, 2009 and Dec. 31, 2017.

Under the DPA, prosecution against the bank for conspiracy will be deferred for an initial period of three years to allow HSBC Switzerland to demonstrate good conduct. The agreement provides no protection for any individuals.

The final penalty figure takes into consideration that HSBC Switzerland “self-reported its conduct, conducted a thorough internal investigation, provided client identifying information to the Tax Division, and extensively cooperated in a series of investigations and prosecutions, as well as implemented remedial measures to protect against the use of its services for tax evasion in the future,” according to DOJ.

During its evasion scheme, HSBC got very creative in attempting to stymie the taxman.

To conceal its clients’ assets, the bank engaged in using “code-name and numbered accounts and hold-mail agreements, and maintaining accounts in the names of nominee entities established in tax haven jurisdictions, such as the British Virgin Islands, Liechtenstein, and Panama, that concealed the client’s beneficial ownership of the accounts.”

They were also not afraid to woo U.S. clients directly.

Between 2005 and 2007, at least four HSBC Switzerland bankers traveled to the United States to meet at least 25 different clients.

“One banker also attended Design Miami, a major annual arts and design event in Miami, Florida, in an effort to recruit new U.S. clients to open undeclared accounts with HSBC Switzerland,” according to court documents.

These moves were not even slowed by other banks falling to U.S. authorities in high-profile tax fracases.  

In early 2008, in response to news about the UBS AG evasion investigation, HSBC Switzerland “began a series of policy changes to restrict its cross-border business with U.S. persons, but the bank did not immediately cease that business.”

In fact, some HSBC Switzerland bankers “assisted clients in closing their accounts in a manner that continued to conceal their offshore assets, such as withdrawing the contents of their accounts in cash,” DOJ stated, (via DOJ).

 

Monroe’s Musings: This is a black mark for HSBC, yes. But the bank has changed its tune from the operation paying nearly $2 billion for AML and sanctions failings and getting hauled before Congress for dealing with many of the world’s deadliest narco trafficking groups.

In recent years, HSBC has hired many of the brightest minds in AML compliance and government investigations and started tinkering with bleeding edge compliance technologies, like artificial intelligence, machine learning and automation.

In the eyes of many, the institution has gone from compliance pariah to law enforcement ally – a transformation that could not have happened without a dedicated, talented and passionate staff putting in nearly superhuman hours of blood, sweat and many tears.