Money Laundering Compliance and Investigations Across EMEA
Money laundering has remained at the front of people’s minds in the past year, with the leak of the Paradise Papers following 2016’s Panama Papers leak. That led the European Parliament to set up a new investigations committee focusing on companies and individuals flouting money laundering, tax evasion and tax avoidance rules.
EU governments and firms were busy preparing for the June 2017 implementation of the EU Fourth Money Laundering Directive (4MLD), which incorporates significant changes to the European anti-money laundering (AML) framework. Not content with one transformation, EU bodies are currently finalising the Fifth Money Laundering Directive (5MLD).
The last 12 months has also seen the coming into force of the UK’s Criminal Finances Act, which introduced unexplained wealth orders and created a new offence of failure to prevent the facilitation of tax evasion. With a post-Brexit environment in mind, the United Kingdom has introduced a Sanctions Bill to enable the implementation of sanctions once it leaves the European Union.
Global efforts continue apace with the Financial Action Task Force (FATF) maintaining its focus on assessing compliance with the international set of common standards for preventing and protecting against money laundering, terrorist financing and other threats to the integrity of the international financial system.
Global AML efforts mean that companies and individuals across Europe, the Middle East and Africa must act to ensure that they have adequate, up-to-date compliance systems to minimise their risk exposure. Such action is of particular importance in a regulatory and enforcement landscape that is increasingly hostile towards alleged money launderers and their facilitators. The global policy drive continues to be translated into a developing set of measures and tools for authorities and the fostering of greater coordination and cooperation across borders.
What is money laundering?
Money laundering is the process by which the illicit sources of assets obtained or generated by criminal activity are concealed to obscure the link between the funds and the original criminal activity. Laundered funds are frequently proceeds from crimes such as bribery, drug smuggling, human trafficking, illegal arms sales and sanctions violations.
Money laundering is distinct from, but very often related to, other financial crimes, such as terrorist financing and tax evasion. All three exploit similar vulnerabilities in legal and financial systems to conceal money from regulators and authorities.
Over recent years, European authorities have started to adopt more aggressive, US-style approaches to investigating and prosecuting money launderers and the institutions that facilitate money laundering.
These efforts are perhaps clearest in the United Kingdom, which is seeking to shed an emerging image as a repository for dirty money. In 2016, the United Kingdom hosted the Anti-Corruption Summit; last year, it published its Anti-Corruption Strategy 2017 to 2022. The strategy sets out six priorities:
- reduce the insider threat in high-risk domestic sectors (such as borders, prisons, policing and defence);
- strengthen the integrity of the United Kingdom as an international financial centre;
- promote integrity across the public and private sectors;
- reduce corruption in public procurement and grants;
- improve the business environment globally; and
- work with other countries to combat corruption.
The United Kingdom has announced a number of plans to achieve the above, including establishing a public register of beneficial ownership information for foreign companies that own or buy property in the United Kingdom, or bid on UK central government contracts. It will introduce a Ministerial Economic Crime Strategic Board to oversee strategic priorities and overall performance, and align funding and capability development on economic crime.1 Further, the government has just launched the Office for Professional Body Anti-Money Laundering Supervision (OPBAS).2 The OPBAS will sit within the Financial Conduct Authority (FCA) and will directly oversee 22 accountancy and legal professional body AML supervisors in the United Kingdom.
The FCA has followed through on the statement in its 2016–2017 business plan that investigating and prosecuting money laundering is one of its key priorities. In January 2017, the agency announced that it had fined Deutsche Bank £163 million for significant deficiencies in the bank’s AML framework – the largest penalty it has handed out for inadequate AML controls.3 The FCA explained that the size of the fine reflected the seriousness of Deutsche Bank’s failings. The bank was granted a 30 per cent discount for agreeing to settle early in the investigation and for its exceptional cooperation and agreement to a large-scale remediation programme. The action was significant for the extent of the collaboration between the FCA and the New York State Department of Financial Services, which separately fined the bank US$425 million. On a smaller scale, in January 2018, the FCA fined Interactive Brokers (UK) Limited (IBUK) just over £1 million for a failure to report suspicious client transactions. Mark Steward, Director of Enforcement and Market Oversight at the FCA, said: ‘Firms not only have a key responsibility to report suspicious conduct in our capital markets, they also have an obligation to ensure their trading systems are not used for the purpose of financial crime. IBUK’s systems were inadequate and ineffective in the face of potentially suspicious transactions.’
The government is also expected to make more use of deferred prosecution agreements (DPAs). DPAs, another American import, were introduced to the United Kingdom in February 2014 under the provisions of schedule 17 of the Crime and Courts Act 2013. They are available to (and are being used by) the Serious Fraud Office (SFO) to resolve criminal actions against companies by deferring prosecution in return for certain conditions, including fines and usually changes to behaviour. The SFO has secured four DPAs to date. None of them has been brought in relation to money laundering offences, but the first DPA, concluded with Standard Bank plc, arose out of a self-report to the SFO after the bank had filed a suspicious activity report (SAR) pursuant to the Proceeds of Crime Act 2002 (POCA). That connection, along with the fact that DPAs can be entered into in respect of the suite of money laundering offences under the POCA, is reason enough for UK corporates to ensure their AML compliance systems are robust, up to date, and comprehensive enough to detect and prevent money laundering.4
The Solicitors Disciplinary Tribunal has also taken an active role in prosecuting money laundering, with a tribunal issuing a fine against Clyde & Co for failing to act in accordance with its obligations under the Money Laundering Regulations 2007 (applicable at the time).5
The UK government has also been active on the legislative front, with a number of significant new measures.
Criminal Finances Act
The Criminal Finances Act (the Act) came into force on 30 September 2017. The Act contains measures aimed at improving the ability of UK enforcement agencies to recover the proceeds of crime, prevent the financing of terrorism, and tackle money laundering and tax evasion. The Act proposes significant changes to UK AML laws and introduces new corporate criminal offences for failure to prevent the facilitation of tax evasion.
- The Act created the ability for the relevant authorities to obtain unexplained wealth orders (UWOs), with effect from 31 January 2018. Prosecutors and regulators can apply to the High Court for a UWO to require a person or entity, whether within or outside the United Kingdom, suspected of involvement in or association with serious criminality, or merely a ‘politically exposed person’, to explain the origin of assets with a value greater than £50,000 if those assets appear to be disproportionate to their lawful income. A failure to provide a convincing response would give rise to a presumption that the property can be recovered as the proceeds of crime.
The National Crime Agency (NCA) recently reported6 that it had secured two UWOs over two properties worth £22 million that are believed to be owned ultimately by a PEP. In addition, interim freezing orders were obtained, meaning that the properties may not be sold, transferred or dissipated while the orders are in effect.
- The Act extends the moratorium period for consent in respect of suspicious activity reports (SARs) filed under the POCA from 31 days up to six months, on the approval of the court. The POCA requires that regulated companies, such as banks and insurance companies, file SARs with the NCA where they suspect that a transaction may involve the proceeds of crime and enables them to seek consent to proceed with the transaction. Under the regime, if the NCA refuses consent within seven days, the moratorium period kicks in, allowing investigators time to gather evidence to determine whether further action, such as restraining the funds, should be taken. The NCA has long considered that 31 days is not long enough, so the new Act allows the moratorium period to be extended in increments each of 31 days, up to an aggregate period not exceeding six months.
- The Act introduces disclosure orders in respect of money laundering investigations (they are already available for fraud investigations).
- The Act creates mechanisms that will enable POCA-regulated entities to share information with one another about suspected money laundering. This approach has already been piloted under the Joint Money Laundering Intelligence Taskforce (JMLIT), under which banks and the NCA share information. In the second quarter of last year, such sharing helped to deliver 37 arrests of individuals suspected of money laundering as well as the closure of 114 suspicious bank accounts.7 But the Act allows for much wider sharing and provides for information to be provided to the NCA in a joint disclosure report (known colloquially as a ‘super SAR’).
Reporting entities may submit a joint report to satisfy their respective individual reporting obligations and to avoid multiple and duplicative reports relating to a common situation. So far, reporting entities have been reluctant to file joint reports given the need for their interests to align before a single report can be submitted.
- The Act creates a new offence, applicable against companies, of failure to prevent the facilitation of tax evasion. A company will commit a criminal offence where it fails to prevent someone who acts for or on behalf of the company from committing a UK tax evasion offence or an equivalent offence under foreign laws, where there is a nexus to the United Kingdom and dual criminality. The offence carries the potential for an unlimited fine and other sanctions.
Money laundering regulations
AML laws in the United Kingdom and across the European Union all changed in 2017, since 4MLD had to be implemented by EU member states by 26 June 2017.8
4MLD was implemented in the United Kingdom by the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. They came into effect on 26 June 2017 and revoked the Money Laundering Regulations 2007. Significant changes to the previous legislation include the following.
- Enhanced due diligence (EDD) now applies to domestic politically exposed persons (PEPs) (such as MPs, judges, etc) as well as foreign PEPs. Firms should apply a risk-based approach to the close family members and close associates of PEPs, as well as former PEPs. In July 2017, the FCA published guidance for financial services firms on how to conduct risk assessments in respect of certain categories of PEP.9 This guidance and 4MLD state that transactions or business relationships involving PEPs should not be refused solely due to a discovery that an individual or their close associate is a PEP; a firm must assess the level of risk associated with that customer and following that determine the extent to which EDD needs to be conducted.
- HM Revenue and Customs now maintains a register of beneficial ownership over trusts with tax consequences. Trustees are required to update the register on an annual basis to identify the trust’s beneficiaries, trustees and other significant controllers.
- Corporates are now required to provide significant identifying information to regulated businesses ahead of transactions. This builds on the government’s creation last year of a register of persons with significant control (PSCs), which itself implements a requirement of 4MLD that companies and other legal entities hold and make available ‘adequate, accurate, and current’ information on their beneficial owners to competent authorities and any other person or organisation that can demonstrate a legitimate interest.
- The turnover threshold to exempt persons who engage in financial activity on an occasional or very limited basis from AML requirements was lifted to £100,000.
- Simplified due diligence (SDD) is no longer available for a pre-defined set list of customers or transactions. Rather, firms now need to consider in each case whether the customer and transaction are sufficiently low risk to warrant the use of SDD. Evidencing the risk assessment conducted is important, especially where the use of SDD has been decided under the new 4MLD framework.
- Sanctions for breaches of the regulation have been increased. The 2007 Regulations included a criminal offence, punishable by a fine and up to two years’ imprisonment, for contravention of a relevant requirement. In addition to that offence, which is maintained under the new regime, the 2017 Regulations create a new criminal offence where a person recklessly makes a statement which is false or misleading in purported compliance with a requirement applicable to them, with potential liability of a fine and up to two years’ imprisonment.
Failure to prevent economic crimes
The UK Ministry of Justice’s consultation to consider law reform to criminalise a more general failure to prevent economic crimes closed in March 2017.
The legal framework under consideration is expected to mirror the offence of failure to prevent bribery in the Bribery Act, and the new law of failure to prevent facilitation of tax evasion, and apply it to a list of crimes, including money laundering, false accounting and fraud. As is the case with facilitation of tax evasion, it would be a defence for the company to show that it had reasonable procedures in place to prevent the crime, or that it was not reasonable to expect the company to have such procedures in place. The UK’s Solicitor General, Robert Buckland MP, recently said that there ‘is a strong case for the creation of a new corporate criminal offence for failing to prevent economic crime’.10
The UK government published a policy paper in September 201711 in which it states its commitment, post-Brexit, to maintaining and developing a partnership with the European Union’s member states with respect to sanctions, to tackle serious and organised crime as well as coordinate on their use as a foreign policy tool. In October 2017, the Sanctions and Anti-Money Laundering Bill (Sanctions Bill) was introduced in Parliament to provide the UK government with the necessary legal powers to implement sanctions post-Brexit, as well as to maintain the existing sanctions regimes, including those imposed through EU law. Currently, the UK’s implementation of sanctions relies heavily upon the European Communities Act 1972 and that legal basis for implementation will no longer be available post-Brexit.
Following Brexit, the framework proposed in the Sanctions Bill will enable the government to impose sanctions where it considers it appropriate, in order:
- to comply with UN and other international obligations;
- in the interests of national security or international peace and security;
- to prevent terrorism; or
- to further its own foreign policy objectives.
The new framework would allow the government to subject a person to sanctions where it has reasonable grounds to suspect that person of being involved in a specified activity. Persons can challenge this designation, including by application for a review by the court. Sanctions regulations are to be reviewed on an annual basis and the designation of an individual is to be reviewed every three years with a positive obligation to revoke or vary the same where there are no longer reasonable grounds to suspect that person is involved in the relevant activity and the government no longer considers it appropriate for that person to be designated.
The framework is intended to ensure continuity and coordination with the UN and other international sanctions regimes, but there may, over time, be divergence between the United Kingdom and its partners, with the United Kingdom adopting a tougher or softer regime than its EU and other partners. This would potentially create additional compliance burdens for businesses operating within the United Kingdom. That in itself would be an incentive for the government to observe sanctions policy continuity with its partners.
Governments of other European countries have continued to adopt US-style approaches to targeting money launderers and its facilitators.
As noted above, all 28 EU member states were required to transpose 4MLD into national law by 26 June 2017. It was reported12 shortly after this date that the EU Justice Commissioner had contacted 17 member states expressing concern about their failure to meet the deadline fully. 4MLD was implemented by the deadline in the United Kingdom, France, Germany, Italy, Spain, Slovenia, Sweden, Austria, Belgium, Czech Republic and Croatia. 5MLD has also progressed through the EU institutions. Political agreement on 5MLD was reached in December 2017 between the European Parliament and Commission and it is to be adopted by the European Parliament in April of this year, with the European Commission expected to approve it later this year, following which an 18-month period will run before implementation by member states. The new directive will tackle a number of areas, including stronger EDD for customers from high-risk countries, greater intra-EU information sharing, national registers of current accounts (visible only by the authorities), efforts to minimise the use of anonymous payments through pre-paid debit cards and extending the scope of AML regulation to virtual currencies, tax-related services and works of art.
The European Parliament PANA Committee, established after the Panama Papers leak of 2016, published its final report in November 2017, which included the following recommendations:
- publication of national bank account registers and of statistics of transactions with tax havens and high-risk countries;
- publication of country-by-country reports for large companies;
- prohibition of commercial dealings with legal structures in tax havens where the beneficial owners cannot be identified;
- tough sanctions on banks and intermediaries that are knowingly, willingly and systematically involved in illegal tax evasion and money laundering; and
- the inclusion of certain EU member states on the EU list of non-cooperative tax jurisdictions.
Some of these recommendations have been reflected in the 5MLD measures, such as greater cooperation between and among financial crime authorities and beneficial ownership registries.
Following the leak of the Panama Papers, late last year a further 13.4 million documents covering several decades (labelled the Paradise Papers) were leaked, exposing the financial affairs of many multinationals, politicians and other wealthy individuals and how they were using complex structures to protect their wealth from higher taxes.13 In February 2018, the European Parliament’s Conference of Presidents voted to set up a new committee that will investigate money laundering and tax evasion practices exposed in the Paradise Papers. The committee is envisaged to complete the work of the PANA Committee and will make recommendations in respect of increased coordination among EU and non-EU countries.14
Three Middle Eastern states continue to be identified by the FATF as having strategic deficiencies in their AML regimes: Iraq, Syria and Yemen.15 None of these has fully implemented systems to address their AML deficiencies. However, some significant developments have taken place.
In Syria, because of the security situation, the FATF has not been able to conduct an on-site visit to assess whether the country’s process of implementing the required reforms and actions to its AML action plan is under way. The FATF continues to monitor Syria, but the current potential for progress would seem limited. Yemen poses the same problems: the FATF has been unable to conduct an on-site visit there since 2014.
While Iraq is still regarded as a high-risk jurisdiction, the FATF recognises that Iraq has made substantial steps towards improving its AML regime, including by adequately criminalising money laundering and terrorist financing and establishing an adequate legal framework for identifying, tracing and freezing terrorist assets (among others). The FATF announced in February 2018 that it will be conducting an on-site visit to confirm implementation of the reforms.16
Across the Middle East, though, there is notable progress in the development of sophisticated corporate AML programmes. Afghanistan last year was deemed by the FATF to be a jurisdiction no longer subject to its global AML compliance process, with the FATF noting that the country ‘has established the legal and regulatory framework to meet its commitments in its action plan regarding the strategic deficiencies that the FATF had identified in June 2012’.17 In November 2017, the FATF continued the suspension of counter-measures for Iran in light of its political commitment to addressing its strategic AML deficiencies and the relevant steps it had taken. Since that time, Iran has established a cash declaration regime and introduced draft amendments to its AML laws. Notwithstanding that Iran’s action plan has expired with a majority of action items remaining incomplete, the FATF decided in February 2018 to continue the suspension of counter-measures because Iran has draft legislation before Parliament. The FATF will consider what further steps to take in June 2018.18
From the recent 2018 FATF update on its ongoing review of AML standards, Ethiopia was identified as the only African nation on FATF’s list of jurisdictions with strategic deficiencies, and it has yet to meet the targets identified by FATF.19 In February 2017, Ethiopia made a high-level political commitment to work with both the FATF and the Eastern and Southern Africa Anti-Money Laundering Group to strengthen the effectiveness of its AML framework, fully integrate non-financial businesses and professions into its AML regime and implement the results of the country’s national risk assessment. This is still, however, a work in progress.
It is evident that certain African states are increasingly committed to improving their AML efforts, but more work remains to be done to effectively combat money laundering on the continent.
Conclusion: compliance policies as strategy
Financial services firms and their advisers should implement robust and comprehensive compliance policies to detect and prevent money laundering and must ensure that they continue to be compliant with all applicable AML legislation, especially considering the speed at which these laws are changing. Non-compliance with AML laws can be an expensive mistake, as evidenced by the FCA’s continued enforcement and penalisation efforts. Effective systems, on the other hand, can serve not only to prevent failures, but may also prove a defence to findings of criminality by rogue employees. There is, therefore, no reason not to invest the time and resources to get it right.
11HM Government - Foreign Policy, Defence and Development – A Future Partnership Paper. https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/643924/Foreign_policy__defence_and_development_paper.pdf
12 Financial Times 23 July, 2017 - www.ft.com/content/3ea2f836-6f92-11e7-aca6-c6bd07df1a3c.