EU commission crafts information exchange accord with state regulators to bolster bloc AML oversight
Friday, January 18, 2019
Posted by: Brian Monroe
By Brian Monroe
January 18, 2019
European authorities this week crafted a new agreement to more aggressively share data and information between a central authority and member-state regulators to tighten financial crime compliance oversight in the wake of multi-billion dollar banking scandals involving Denmark, Estonia, Latvia and other jurisdictions.
The European Central Bank (ECB) and the European Supervisory Authorities (ESAs), the government bodies engaged in examining and enforcing financial crime compliance rules, Tuesday approved a Multilateral Agreement on the practical steps for exchanging information between the various member state authorities responsible for supervising financial institution anti-money laundering (AML) rules.
The agreement will “create a clear framework for exchanging information” between the ECB and competent authorities (CAs) and “potentially will enhance the effectiveness of their supervisory practices.”
The new agreement will also review the AML enforcement actions and penalties imposed by regulators on banks to gauge the oversight rigor of regulators themselves.
The new system, however, is also meant to be a two-way street. Regulators can also query the ECB about what information it has gathered on certain financial institutions, particularly instances where it has noted AML failures and sanctions in other jurisdictions.
The move coincides with Europe strengthening its AML Directive, going from its fourth iteration to the fifth, or AMLD5, last year. The agreement must still be signed by both groups.
This amendment is part of the EU legislator's “wider efforts to enhance the cooperation and information exchange between prudential and AML/CFT supervisors through a clear legal mandate.”
The agreement contains provisions on the “type of information and underlying process for exchanging it; confidentiality and data protection provisions; situations where the request for information can be refused; means of communication and language used in the information exchange; the signing process; and the settlement of disputes procedures.”
Some details include that the preferred language of the information sharing is English and that in urgent cases, requests can be made over the phone or in person, but most be immediately followed up by digital or paper requests as a matter of record.
Information shared between regulators, given or received, by the central authority, on AML gaps and related data must also be kept secure so they can’t be intercepted by criminals, hackers or other institutions.
The move is just one of many taken in recent months by the EU to improve AML scrutiny at the member-state level and communicate those trends, gaps and vulnerabilities to a single authority – a move aimed at seeing what is happening across the bloc, rather than relying on each member state to understand what is happening within and without its borders.
In November, the ECB’s Single Supervisory Mechanism (SSM) stated it was launching a network of AML sentinel watchdogs to more quickly and completely collect and share information from regional supervisors and regulatory authorities.
The network would include an AML office that would act as a central hub and be responsible for leading financial crime investigations and a compliance network made up of Joint Supervisory Teams reviewing banks considered to be at a higher risk for money laundering, either through business models, economic throughput or tied to riskier regions.
AML roles filled, holes plugged
This “AML office” is intended to “fulfil three roles,” said Danièle Nouy, the Chair of the Supervisory Board, in November before parliamentarians, noting the dynamic would act as another layer of protection to identify, and hopefully, prevent, large-scale AML failures.
The three main functions include:
- AML intel conduit: Act as a single point of entry with respect to the direct exchange of AML information between the ECB and AML authorities.
- Resident risk examiners: Set-up and chair “an AML Network” among Joint Supervisory Teams in charge of the banks whose business model leads to a high level of money laundering risks.
- Center of excellence: Act as a center of expertise on the SSM related AML/CTF issues. On this basis, the AML Office will contribute to the development of ECB positions on AML topics.
Uneven AML coverage, expertise, enforcement
The moves by the EU come in the wake of historic financial crime scandals and what will likely be massive AML compliance failures that came to light in 2018.
In recent months, lenders in Denmark, Estonia, Latvia, Luxembourg, Malta, Spain, the Netherlands, Britain and Cyprus have been racked by money laundering schemes, with criminal activities in many cases done through foreign branches within the EU.
In September, Denmark’s largest bank admitted that a Baltic branch had potentially laundered hundreds of billions of dollars in a widening financial crime probe that has risen larger each month, with the latest twist being that the head of the entire bank has stepped down in disgrace.
Danske Bank has made headlines in recent months as the scope of potential money laundering through its Estonia branch tied to risky regions such as Russia, Azerbaijan and Ukraine has soared from an initial estimate of $80 billion, then to $150 billion and in an 87-page report released in September, to an estimated $234 billion – leading to the bank’s Chief Executive Officer, Thomas Borgen, to say he is stepping down.
To read ACFCS coverage of the Danske Bank scandal, click here.
As a point of context in this battle in the Baltics, the suspicious financial flows equated to nearly the size of the entire gross domestic product of Denmark, pegged at just more than $300 billion. Danske Bank has total assets of $472.5 billion and revenues of $7.6 billion.
Danske Bank did this by becoming the bank of choice for thousands of customers residing outside Estonia, which the audit firm refers to as the burgeoning “Non-Resident Portfolio.” To read the bank’s press release, click here. To read the bank’s announcement of the CEO’s resignation, click here.
The Estonian branch and the non-resident portfolio had become part of Danske Bank when it acquired Finnish-based Sampo Bank in 2007, where the bank also acquired branches in Latvia and Lithuania.
EU seeks more agile AML oversight, speedier enforcement
The AML changes and future improvements sought by the EU would ostensibly also replace a current clunky system that takes weeks and even months to result in changes, with failures being referred to the EU Court of Justice.
In November, the EU Commission took rare and drastic steps to increase legal pressure on Luxembourg and Malta for not adequately implementing bloc-wide financial crime compliance regulations, while pulling back similar actions against Spain after a range of recent improvements.
The EU commission levied a range of censures against the three countries.
Authorities chastised Malta’s financial intelligence unit for having lax supervision of the banking sector with ostensibly the worst punishment handed down to Luxembourg, which faced a lump sum penalty and daily fines until examiners deemed it in line with Europe’s Fourth AML Directive.
These desires for improvement are parsed out in the ECB agreement with member states, and in some ways mirror the ways the U.S. attempts to mesh federal and state AML efforts to maximize communication, coordination and cooperation.
In the United States, in many cases, particularly for sectors subject to AML rules without a federal functional regulator, state and federal authorities rely on each other on a rolling basis to get a sense of compliance at large entities, say a money services business.
In those cases, the states will review AML from their vantage points and report findings to the U.S. Treasury’s Financial Crimes Enforcement Network and IRS AML division for consideration of more extensive sanctions in the case of broad failures.
When the new AML regime comes into play in the EU, it has the potential to bring harmony and equilibrium to compliance standards that can vary drastically across the bloc.
This is vital because, currently, AML rules created at the EU level still must be transposed at the member state level while, typically, it’s up to those individual state regulators to ensure compliance in their jurisdiction. But that patchwork approach has led to problems.
In EU, some states lauded, others derided on AML
Not surprisingly, being that there are 28 member countries in the EU, that means there are varying degrees of both technical AML compliance, laws on the books, and enforcement effectiveness.
That has resulted in some countries, like Germany, being lauded for its efforts to counter money laundering and corruption, while at the same time, Estonia, is at the very heart of a money laundering scandal related to a bank headquartered in Denmark accused of reportedly laundering hundreds of billions of dollars.
One potential compliance takeaway: Look for the ECB and the AML office to be more closely looking over the shoulder of member state regulators, which could mean more rigorous exams and a penchant for more penalties to prove a new enforcement ethos.
“We need to take a more European approach to combating money laundering,” said Nouy, of the ECB in November. “We need to consider a higher level of harmoni[z]ation of the applicable rules in the form of a regulation.”