Regional Report: In face of massive EU AML scandals, prosecutors, regulators, banks looking to bolster information sharing, accountability, liability

The Skinny:

  • In this regional report focusing on Europe, the ACFCS Netherlands Chapter looks at some of the EU AML scandals and issues in and out of banks that can make compliance difficult.
  • The takeaways come from the “Fintech and FinCrime in Europe” session, a panel from ACFCS Fincrime Virtual Week, the association’s first-ever fully online fincrime compliance conference.  
  • More than 5,600 attendees, speakers and thought leaders registered for the event, which addressed the overarching themes of Disruption, Innovation and Resiliency. In the panel focused on compliance and regulatory trends in the EU, speakers highlighted several key trends, including:
  • Regulators and prosecutors in Europe are trying to more aggressively tie egregious fraud and financial crime compliance failures to senior management and directors outside of compliance, including business line revenue agents, just as new financial crime compliance rules take hold.
  • In response, some banking groups have started to collapse silos in and outside the bank, banding together across institutions to share information on customers – including potentially risky and fraudulent individuals and entities – and interweave anti-money laundering (AML), fraud and cyber teams to better tackle crimes in a holistic, convergent manner.

By Brian Monroe
bmonroe@acfcs.org
August 18, 2020 

Regulators and prosecutors in Europe are trying to more aggressively tie egregious fraud and financial crime compliance failures to senior management and directors outside of compliance, including business line revenue agents, just as new financial crime compliance rules take hold.

In response, some banking groups have started to collapse silos in and outside the bank, banding together across institutions to share information on customers – including potentially risky and fraudulent individuals and entities – and interweave anti-money laundering (AML), fraud and cyber teams to better tackle crimes in a holistic, convergent manner.

Those are just some of the takeaways from the “Fintech and FinCrime in Europe” session, a panel from ACFCS Fincrime Virtual Week.

More than 5,600 attendees, speakers and thought leaders registered for the Association of Certified Financial Crime Specialists’ (ACFCS) first-ever fully online conference, which addressed the overarching themes of Disruption, Innovation and Resiliency.

The event covered five days of learning between Aug. 3 and Aug. 7 with dozens of sessions and speakers, including top federal regulators, investigative agencies and thought leaders from the banking, consulting, insurance, crypto currency and other financial services sectors.

Overall, the event highlighted the vital importance of collaboration, between banks, law enforcement and regulators, including illuminating the opacity of impenetrable beneficial ownership structures and finding a way to provide such information to institutions subject to anti-money laundering (AML) rules, transparency watchdogs and journalists.

During the “Fintech and FinCrime” panel, speakers spearheaded by the Dutch Chapter of ACFCS covered many of the stumbling blocks banks encounter individually and also looked at the overarching trends to counter large-scale money laundering networks across the bloc and Nordic and Baltic regions – the epicenter of the current fincrime scandals.

In recent EU AML scandals, penalties the rising specter of individual liability

One new wrinkle in recent months is the rising specter of individual liability for compliance professionals, senior management and even the board.

“What is new on the executive level is that someone has to be responsible for the implementation of the AML directive,” said Lotte van Meerten, a compliance manager with Van Lanschot Kempen Wealth Management.

In recent events, including high-profile fraud and AML failures, including Wirecard and the hefty fine at ING Groep last year for nearly $1 billion, authorities are trying to work in individual liability in major actions, something that should not be lost on compliance professionals in Europe.

Prosecutors are “trying to keep someone responsible for the events that happened in the company,” she said. “If you are a director or CEO of a company you must be aware of what is happening in your company and what goes wrong in your company. It’s not just the responsibility of the business and the compliance” teams.

The challenges for banks tackled by the Fincrime Virtual Week panel in terms of creating programs, at the top of the list to be in compliance with just-updated EU AML rules, are manifold, and include:

  • Silos in Financial Crime investigations
  • Integrating data sources
  • Covering all the FinCrime risks
  • Covering all the steps in the process
  • Not looking at multiple data sources simultaneously
  • Different monitoring tools for different risks
  • No or little alignment and handover between various lines of defense
  • Different systems for different steps in the process
  • No integral, aggregated risk view as a result

The push for making changes in all of these areas is clearly a response to the ever-widening and still-rumbling Danske Bank scandal.

The scandal has seen Denmark’s largest lender facing a plethora of probes, investigations, accusations and recriminations in several countries for its monitoring, reporting and handling of some 200 billion euros, or more than $224 billion, in potentially suspicious transactions tied to Russia between 2007 and 2015.

The scandal has sacked some top leaders at banks in Denmark and Sweden, snared Deutsche Bank and even cast regulators in the regions in harsh lights, even as these financial watchdogs work to levy statement-making penalties against the institutions involved. 

Not surprisingly, the EU Commission and Parliament have voiced concerns and put forth formal measures to create a pan-bloc AML enforcement body that would put member state regulators, not just banks, in the hot seat for compliance failures. 

After series of EU scandals, Dutch banks team up to share data, algorithms

Not surprisingly, if more regulators are getting together to see the bigger picture across boundaries and banking groups, banks themselves are concluding they better do it first and find any larger vulnerabilities before examiners are at the door.

The panel also touched on the importance of sharing data, not just between banks and law enforcement, and vice versa, but for banks to swim their information on customers together – to highlight who is low risk and who isn’t.

Several of the largest Dutch banking groups are choosing not to go Dutch when fighting financial crime on the heels of massive European money laundering scandals that have snaked suspicion and scrutiny to regions like Amsterdam and the Netherlands. 

Financial services giants including ING Groep NV, Rabobank and ABN Amro Bank NV – all banks in recent years that have been hit by U.S. or home country financial crime compliance penalties – are working toward a joint venture to share information.

In all, the institutions would share data about transactions occurring across multiple banks and jurisdictions in an effort to better identify the telltale signs of illicit activity and broader ties to larger interconnected organized criminal groups. 

The name of the facility will be Transaction Monitoring Netherlands (TMNL), with overarching stewardship coming from the Dutch Banking Association (NVB). 

“In the next six months the banks will study whether this is feasible given the technical and legal challenges involved,” NVB said in a statement when the effort was announced last year, adding that other banks could join the data pooling initiative at a later stage.

NVB estimated that 16 billion euros in funds tainted by criminals is circulating in the Netherlands, most of which is connected to the illicit drugs trade, a “serious social problem.”  

“The banks see it as an important public duty to help solve this problem,” NVB Chair Chris Buijink said in a statement. “They want to rid their systems of criminality and are investing heavily in” in compliance, technology and monitoring systems to that end. 

In the new transaction monitoring facility plans, banks would be more aggressively cooperating with the Financial Intelligence Unit (FIU), the Public Prosecution Service, FIOD and for example ministries. 

Last year, under AML obligations, the banks reported 68,000 unusual transactions to the FIU, with an estimated 15,000 of these transactions described by the FIU analysts as suspicious. The five banks involved handle 9.8 billion payment transactions every year, amounting to 27 million transactions every day.

The fight against money laundering and the financing of terrorism is a major priority for the banks. 

Apart from the banks taking responsibility themselves, effectively dealing with money laundering requires a national (chain) approach. 

Dutch shared KYC facility mirrors efforts, safe harbors in U.S. AML defenses

While there will no doubt be technical, legal and privacy challenges aplenty in this Dutch endeavor, it holds great potential to improve the efficiency and effectiveness of financial crime compliance and investigations in the regions involved. 

Many large U.S. and international banks are already engaging in similar efforts, over the past decade swimming the data on customers and transactions together with indicia of fraud, money laundering and other financial crimes as an “association of banks” under the broad safe harbor of Patriot Act Section 314(b). 

The efforts have made it more difficult for a criminal engaging in illicit activity at one bank to simply walk across the street to another institution and start doing the same things there.

Dutch banks have a tough road ahead to mirror similar improvements, but the transaction monitoring sharing facility could be a powerful first start.

Even so, the panel noted that the breaking down of silos and sharing of data across banks could all be for naught if Europe doesn’t address what to many has become the biggest financial crime vulnerability in the world: impenetrable beneficial ownership structures.

As part of updates to EU AML rules, banks must capture details on the ultimate beneficial owner of a corporates, in some cases down to the 25 percent and even 10 percent levels, and get that information to a central repository in the member state.

The Netherlands was even chastised by the EU for tarrying on this initiative as it comes with both technical, logistic and resource challenges for countries. These countries then face the unenviable task of ensuring the beneficial ownership data stays updated – and to penalize firms attempting to game the system.

The effort to capture all of this beneficial ownership information, however, faces the prospect of being siloed itself: the information captured at the country level must then also be linked together in a massive database, one that many hope will be accessible to banks, the public and outside watchdog groups.

“It is not just silos within banks that are being taken down, but silos between banks are being taken down,” said Tames Rietdijk, the CEO of BusinessForensics, referring to the shared KYC facility and other efforts to capture and share data across Europe.