By: Garry W.G. Clement, CFCS, CFE (Life Member), CAMS
Executive Vice President and Executive Director
Association of Certified Financial Crime Specialists
Those of us seized with working in the financial crime compliance arena know far too well that the regulatory landscape is shifting as is the environment in which we work in.
We are now facing financial crime threats where borders no longer exist and more complex and more coordinated global threats by professional criminals, criminal organizations and state sponsored hackers than ever in our history.
Flowing from recent documented organizational compliance deficiencies, governments are announcing more and more regulations and the assignment of accountability back to senior management, Boards of Directors and the compliance officer, all of whom can be subjected to administrative penalties.
While the laws subjecting compliance officers to individual liability are not new, the fact regulators are now assigning accountability through personal penalties was highlighted in 2014 when two highly publicized enforcement actions detailed the expectation of fiduciary responsibility.
In each case fines were assessed against not only the organizations but included the compliance officers who were held personally liable for inadequate BSA/AML programs and poor controls.
More recently the State of New York added stringent requirements for banks to curb illegal transactions by known terror organizations and other criminals.
Among the more notable changes: a requirement that either board officers or senior compliance officers certify that companies’ controls are adequate, potentially opening such individuals up to criminal liability if the controls are found lacking.
It is clear based on the number of regulatory penalties that continue to be announced which highlight various institutions inclusive of those in the financial sector who are found lacking for having deficient AML programs or in the corporate world for those companies that continue to ignore foreign corrupt practice legislation that our Boards and senior executives are failing on many levels.
In order to understand why we are seeing proscriptive practices being legislated it is necessary to examine the current landscape.
My experience has confirmed that far too few organizations fully grasp the need to recognize that there is an urgent need for the implementation of a convergent financial crime strategy. What is disheartening is that if we examine our collective successes to combat financial crime it should have become abundantly apparent that compartmentalized compliance has clearly been a dismal failure.
Banks in particular, have received the lion’s share of the impact.
If we were to review the number of administrative penalties and deferred prosecutions in detail, I would submit the conclusion that should be drawn is that in each case there was a clear failing on the part of the Board, Senior Executives and senior compliance officers to recognize that a single focused approach will no longer achieve the results required and in many cases the old adage of “greed trumping ethics” still prevailed.
Since entering this industry more than three decades ago experience has shown organizations, regulators and governments have spent most of their energies focusing on money laundering compliance. Those of us who have been around to witness the evolution have seen organizations create massive departments and the development of career compliance personnel.
The question that needs to be asked by all of us is whether all of the regulation, all of the software created to assist in identifying money laundering and all of the professionals assigned to the industry has created the commensurate results?
I am sure you will agree that other than creating a whole new professional field and expanded service companies our overall success based on the continuing pace of criminal activity and money laundering is negligible.
Organized crime and entrepreneurial criminals continue to evolve at a much faster pace than what we are capable of within the anti-financial crime sector.
They are not seized with bureaucratic processes and for the most part they have budgets that appear to be endless. They openly admit that all of their nefarious activities are for profit and therefore do not hide from that fact that in their mandates greed does trump ethics.
In my opinion far too many financial industry leaders, select individuals within government and many of our law firms still look at money laundering as simply being a product of drug trafficking and therefore they do not fully endorse the need for financial controls.
Unfortunately these naysayers need to understand that money laundering stems from far more insidious crimes which include pornography, inclusive of child porn, female flesh trade, elder financial crime and terrorism to name a few.
Lawyers who successfully argued in North America that they should not be brought under the money laundering reporting regulations continue to surface as being involved in many of the major money laundering schemes. Recent news outlets have highlighted the significance of lawyers and law firms as being a catalyst to money laundering and financial crime activities.
For example in a July 20th article in law.com entitled “Big Law Firms Play Cameos in ‘Wolf of Wall Street’ Forfeiture Case” it is quoted that “several major law firms handled funds stolen in a billion-dollar global money laundering scheme, according to federal prosecutors—money that was used to finance the 2013 film “The Wolf of Wall Street” and pay for real estate, art, a $35 million private jet, and other luxuries.”
Global Witness undertook an undercover investigation and approached 13 New York law firms. They deliberately posed as someone designed to raise red flags for money laundering.
They said they were advising an African minister who had accumulated millions of dollars, and they wanted to buy a Gulfstream Jet, a brownstone and a yacht. They said they needed to get the money into the U.S. without detection and they were provided the following:
- Lawyers from 12 of the 13 firms they visited suggested using anonymous companies or trusts to hide the minister’s assets. All but one of these firms recommended using American companies.
- One of the lawyers who provided suggestions on how to move the funds was James Silkenat, the President of the American Bar Association at the time.
- Several lawyers suggested using their law firms’ own bank accounts to help prevent U.S. banks realizing whose money it really was, or to have the lawyer act as a trustee of an offshore trust and use this position to open a bank account.
- While most of the lawyers asked for some information about the minister, and his source of funds, only one lawyer refused to provide assistance during the meeting itself.
In a Canadian undercover operation in the early 2000s our operator posing as a money launderer managing Columbian funds met with Simon Rosenfeld a Toronto lawyer who agreed to help the operator launder his cocaine drug money for an 8% commission fee and to assist in setting up corporate shell companies in various jurisdictions whist all the time bragging that lawyers in Canada due to solicitor client privilege are fire proof.
In 2005 Rosenthal was convicted of laundering $250,000 Canadian and $190,000.00 US.
The recent revelations behind the Panama Papers again highlighted the adage of greed trumping ethics and the extent that a well-known law firm will go to conceal wealth, regardless of its origin.
The investigative journalists of the International Journalist Consortium found that Mossack Fonseca was the key to the concealment of massive funds which one could argue a large percentage had questionable origins. ICJ confirmed:
- “Files reveal the offshore holdings of 140 politicians and public officials from around the world
- Current and former world leaders in the data include prime ministers of Iceland and Pakistan, the president of Ukraine, and the king of Saudi Arabia
- More than 214,000 offshore entities appear in the leak, connected to people in more than 200 countries and territories
- Major Banks have driven the creation of hard-to-trace companies in offshore havens. A massive leak of documents exposes the offshore holdings of 12 current and former world leaders and reveals how associates of Russian President Vladimir Putin secretly shuffled as much as $2 billion through banks and shadow companies. The leak also provides details of the hidden financial dealings of 128 more politicians and public officials around the world. The cache of 11.5 million records shows how a global industry of law firms and big banks sells financial secrecy to politicians, fraudsters and drug traffickers as well as billionaires, celebrities and sports stars.
The files expose offshore companies controlled by the prime ministers of Iceland and Pakistan, the king of Saudi Arabia and the children of the president of Azerbaijan.
They also include at least 33 people and companies blacklisted by the U.S. government because of evidence that they’d been involved in wrongdoing, such as doing business with Mexican drug lords, terrorist organizations like Hezbollah or rogue nations like North Korea and Iran.
One of those companies supplied fuel for the aircraft that the Syrian government used to bomb and kill thousands of its own citizens, U.S. authorities have charged.
“These findings show how deeply ingrained harmful practices and criminality are in the offshore world,” said Gabriel Zucman, an economist at the University of California, Berkeley and author of “The Hidden Wealth of Nations: The Scourge of Tax Havens.” Zucman, who was briefed on the media partners’ investigation, said the release of the leaked documents should prompt governments to seek “concrete sanctions” against jurisdictions and institutions that peddle offshore secrecy.” (http://jakebernstein.net/panama-papers/page/2/)
If just focusing on money laundering and corruption issues were not enough organizations also need to recognize that Cyber-attacks are becoming more prevalent, with attack techniques evolving at a rapid pace.
The bureaucratic decision processes and lack of understanding at the most senior and Board levels of the organization are creating situations wherein the organization is incapable of maintaining a balanced approach with the existing threats.
Risk management and compliance need to be identified as a higher priority within organizations, and the responsible teams need to have the necessary expertise and resources to be effective.
The other mistake that is being made is that senior organizational leaders are often lulled into a sense of security through the acquisition of new technology that is alleged to be the next greatest firewall which will thwart most attacks.
What is being overlooked is that the modern criminal and/or criminal organization has become experts at Social engineering which is a collection of techniques that can be used to manipulate people into revealing sensitive or personal information.
This really is a game of con and with the evolution of the data through social media this has become child’s play for criminals. This non-technical kind of intrusion enables criminal to interact with an organization’s staff either personally or through social media.
Once the desired information is obtained, it can be used for unauthorized access to information or systems, to commit fraud (identity theft), industrial espionage, and other criminal activities or to simply disrupt normal business processes.
Most social engineering techniques utilize some form of emotional pressure in order to obtain what is wanted. Techniques are used to persuade people to do things they wouldn’t ordinarily do.
When we look at some of the latest statistics is projecting that the global fraud detection & prevention and anti-money laundering market will be valued at $21.44 Billion by 2019 from $9.62 Billion in 2014, at a compound annual growth rate (CAGR) of 17.4% from 2014 to 2019. (http://www.prnewswire.com/news-releases/global-fraud-detection-and-prevention-and-anti-money-laundering-market-2015-2019—market-will-be-valued-at-2144-billion-by-2019-from-962-billion-in-2014-300116928.html)
Much of this will stem through an explosive increase in cyber threats which is a direct result of increasing mobile and web usage and social media.
Also, the “Internet of Things (IoT”), is another major contributing factor that has resulted in various cyber threats at various sensors, terminals, and end devices. Considering this, every sector has a wide scope for cyber security requirements.
Organizations should be looking for integrated security solutions these days to cater their various security needs through one platform for cost benefits and to reduce complications.
The aerospace, defense, and intelligence vertical needs the most advanced cyber security solutions due to increasing security need of the nations. E-governance, increasing concerns regarding territorial security like military, navy, and economic has led the government to think more seriously about cyber threats.
These increasing demands for cyber security has led our governments to legislate more stringent cyber and IT laws, legal and regulatory compliances, and data security.
These driving factors and the increasing strictness of government regulations from evolving cyber threats are forcing organizations to focus more on cyber security. However, lack of talented security professionals in organizations is one of the major problems that have to be tackled.
More complex Fintech regulation by governments continue to be issued. This increasing complexity stems from new technical standards and practical implementation measures that firms must interpret and implement.
Because of this, 69% of compliance professionals at financial firms around the world expect the volume of regulatory information published by regulators and exchanges to increase within the next year, according to Thomson Reuters. But this figure is still less than 70% in 2015 and 84% in 2012
In a 2015 report undertaken by Grant Thornton relying on responses from AML compliance officers the results highlighted the realities for AML compliance as follows:
“Variable compliance resources: Although all regulated entities are expected to comply with similar requirements, not all sectors are dedicating equivalent resources to compliance. Compliance officers at financial institutions, for instance, report spending over 33% of their time exclusively on AML compliance, while only 12% of credit union respondents do the same. That number drops to 7% for securities dealers. The contrast demonstrates that size and scale do have an impact and perhaps some sectors are ahead of others.
- Compliance gaps remain: Despite the strides regulated entities are making, program gaps remain. In general, most boards lack a mandated AML function and do not yet well understand the organization’s tolerance for risk. Compliance staff members are not consistently visiting their various locations and training is rarely tailored to the needs of different roles. Most significantly, a percentage of respondents indicated they have no unusual transaction reporting process— and no high-risk clients. These responses suggest that some organizations have weaknesses in their risk assessment process.
- Risk identification: The work to keep risk assessments updated and relevant varies by sector. Most respondents are making efforts to update assessments annually. Fairly consistently across sectors, respondents are primarily relying on front line staff to identify suspicious transactions.
- Support is at hand: On the plus side, the majority of survey respondents feel that they are well-supported by management and say compliance is viewed as an important function within their organizations. This bodes well for entities that continue to face rising and more complex regulatory requirements. As the survey responses show, some of Canada’s regulated entities are well along the maturity curve when it comes to AML compliance (note: throughout this report, references to AML include ATF). Yet more work remains to be done.”
From my perspective what is missing from the focus of this report is that targeting only AML and not adopting a convergent approach to compliance serves to substantiate what we are seeing within organizations and that is silo’ d compliance departments.
Organizations need to connect their compliance departments, data and technologies pervasively to promote fully informed, client-centric risk assessment and surveillance across organizational boundaries
A singular focused approach of compliance has failed on so many levels in my opinion and needs to be refocused. This fragmented approach has resulted in duplication of data, technology and efforts, resulting in rising costs. It is estimated that the largest global banks spend $1 billion to $1.5 billion annually on financial crime compliance.
Therefore, in my view without consolidated data, an approach that is being espoused by the OCC, which considers multiple channels and geographies, it will continue to be more difficult to identify suspicious activities or gain a unified view of organization-wide risk.
The one clear finding of the Grant Thornton survey which does highlight an overall serious gap within organizations is the findings around Board engagement:
“The board’s role: When it comes to AML compliance, the board seems to be playing a relatively minor role at most regulated entities. Only 15% of respondents said their board has a mandated AML function; only 18% said the board regularly reviews the company’s risk assessments or the risk assessment updates; and only 13% said the board regularly reviews client acceptance, recordkeeping and Know Your Client (KYC) procedures. Moreover, almost 83% of respondents report that the board does not fully understand the organization’s tolerance for money laundering and terrorist financing risk”
Lastly we need to collectively realize that the arena in which we work in also can play an integral role in keeping our country safe.
Terrorism is taking on many new forms and the recently “lone wolf” tragedies has evidenced over and over again that no country is completely safe and that law enforcement along cannot tackle this problem.
We in the compliance world must remain vigilant and not dismiss activities of a suspicious nature as being the norm, since to do so could have catastrophic consequences. Leadership must be driven from the top and constant reminders, not just through the news but internally are required to everyone at every level.
As I learned from my parents do not criticize unless you can offer a solution so if we agree that the financial crime world is changing and that we will continue to be subjected to greater demands and expectations relative to how compliance is viewed, then we need to consider possible options that will achieve effective and efficient results.
In my view the first ingredient necessary is that every professional engaged in some capacity relative to the financial arena needs to assess their core values and ensure that ethics is placed ahead of the bottom line, otherwise greed will prevail.
Boards of Directors and senior management needs to ensure that someone in their peer group has the necessary background, skills and experience to ask the tough questions relative to their compliance programs and strategies. We need organizations to adopt a convergent approach to its compliance focus and ensure that the past silo’d approaches become the compliance of history.
Within legal circles we need our lawyer community to accept responsibility for their past willfully blind practices and become the leaders they profess to be, thereby evidencing that being exempted from regulatory practices is justified.
Governments also need to fully accept that without providing the necessary funding to ensure regulators and enforcement agencies have the necessary specialized and commensurate number of personnel, organized crime will continue to capitalize on the changing financial landscape and the regulations alone will fail.
To quote Steve Jobs: Here’s to the crazy ones. The misfits. The rebels. The troublemakers. The round pegs in the square holes. The ones who see things differently. They’re not fond of rules. And they have no respect for the status quo. You can quote them, disagree with them, glorify or vilify them. About the only thing you can’t do is ignore them. Because they change things. They push the human race forward. And while some may see them as the crazy ones, we see genius. Because the people who are crazy enough to think they can change the world, are the ones who do.”