Money Laundering Compliance and Investigations across EMEA

The exposure of what has been dubbed one of the ‘world’s biggest money laundering scandals’ at Danske Bank’s branch in Estonia^[1] and continued fallout following the leak of the Paradise Papers in 2017, have only strengthened the resolve of governments and regulators around the world to tackle money laundering and financial crime.

Not content with the advances made by the EU’s Fourth Money Laundering Directive (4MLD), which incorporated significant changes to the European anti-money laundering (AML) framework, the EU’s Fifth Money Laundering Directive (5MLD) came into force on 9 July 2018, to further the fight against money laundering and terrorist financing, with particular emphasis on cryptocurrencies and public registers of beneficial ownership. The EU may soon be advancing even further, with proposals for a European financial police force and an EU anti-money laundering watchdog.

The past 12 months have also seen the passing of the UK’s Sanctions and Anti-Money Laundering Act, to enable the implementation of sanctions once the UK leaves the European Union, and the continued implementation of its Anti-Corruption Strategy 2017–2022, which is largely on track. A series of successful deferred prosecution agreements, fines and unexplained wealth orders shows increasingly aggressive enforcement against financial crime in the United Kingdom. The legislative extension of public registers of beneficial ownership to British Overseas Territories such as the Cayman Islands and British Virgin Islands, and crown dependencies such as Jersey and the Isle of Man is also on the horizon.

Global efforts continue apace with the Financial Action Task Force (FATF) maintaining its focus on assessing compliance with the international set of common standards for preventing and protecting against money laundering, terrorist financing and other threats to the integrity of the international financial system. Increasing engagement from Africa and continued improvement in the Middle East are reflected in the FATF’s recent update.

Global AML efforts mean that companies and individuals across Europe, the Middle East and Africa must act to ensure that they have adequate, up-to-date compliance systems to minimise their risk exposure, particularly in light of fast-changing legislation. Such action is of particular importance in a regulatory and enforcement landscape that is increasingly hostile towards alleged money launderers and their facilitators. The global policy drive continues to be translated into a developing set of measures and tools for authorities and the fostering of greater coordination and cooperation across borders.

What is money laundering?

Money laundering is the process by which the illicit sources of assets obtained or generated by criminal activity are concealed to obscure the link between the funds and the original criminal activity. Laundered funds are frequently proceeds from crimes such as bribery, drug smuggling, human trafficking, illegal arms sales and sanctions violations.

Money laundering is distinct from, but very often related to, other financial crimes, such as bribery, terrorist financing and tax evasion. All exploit similar vulnerabilities in legal and financial systems to conceal money from regulators and authorities.

United Kingdom

Over recent years, the United Kingdom has sought to shed an emerging image as a repository for dirty money. Last year, the FATF assessed the UK for the first time in 10 years,^[2] finding that the country was compliant with 31 recommendations, largely compliant with five, partially compliant with 10 and non-compliant with three. The UK government stated that this shows it has the strongest controls of any country assessed to date.^[3] This reflects the ambitious nature of the UK’s Anti-Corruption Strategy 2017 to 2022, which sets out key priorities with concrete commitments. Priorities include strengthening the integrity of the United Kingdom as an international financial centre and promoting integrity across the public and private sectors.^[4] On 12 December 2018, the UK published its ‘year 1 update’.^[5] The report states that of 134 commitments, 30 contained elements due for completion by the end of 2018. Of those, 25 have been fully completed, two have been partially completed (an anti-corruption strategy for prisons and probation and the full implementation of the Criminal Finances Act), one has been completed ‘in ways other than originally envisaged’ (relating to a public register of beneficial ownership of overseas legal entities) and two have not been completed, but are expected to be completed by 2019 (a review of procurement risks in local government and a ‘whole of UK Government’ approach to anti-corruption in selected countries).

A draft bill establishing a public register of beneficial ownership information for foreign companies that own or buy property in the UK or bid on UK central government contracts was published in July 2018 (the Draft Registration of Overseas Entities Bill) and is being considered by a Joint Select Committee.^[6] In January 2019, the Home Secretary and Chancellor of the Exchequer announced they would co-chair a new government taskforce, the Economic Crime Strategic Board, to set priorities, direct resources and scrutinise performance against the threat of economic crime. The board will meet twice a year and includes CEOs and chief executives from banking institutions Barclays, Lloyds and Santander and senior representatives from the National Crime Agency (NCA), the Solicitors Regulatory Authority, the Accountants Affinity Group and the National Association of Estate Agents.^[7]

Last year, the government launched the Office for Professional Body Anti-Money Laundering Supervision (OPBAS),^[8] which has now started operating. The OPBAS, a ‘supervisor of supervisors’, sits within the Financial Conduct Authority (FCA) and directly oversees 22 accountancy and legal professional body AML supervisors in the UK. In March 2019, OPBAS published its review of the 22 professional body supervisors. It found both poor standards of supervision, with 23 per cent having no form of AML supervision and over 90 per cent not having a fully developed risk-based approach, and a lack of intelligence sharing between professional bodies, with under 50 per cent of professional body supervisors being members of the main intelligence-sharing networks. OPBAS has asked all professional body supervisors to develop a strategy to address the findings.^[9] There is clearly a lot of work to do, but this is a step in the right direction and will ensure greater consistency and collaboration across professional bodies. The Treasury Select Committee has recommended that OPBAS be placed on a firmer statutory footing, and for it to take on supervision of statutory bodies as well as professional bodies.^[10]

The FCA’s 2018–2019 business plan lists financial crime and anti-money laundering as a cross-sector priority. The FCA will prioritise tackling money laundering, embedding OPBAS and improving intelligence-sharing with law enforcement partners and agencies to fight money laundering and financial crime.^[11] The FCA has also continued prosecuting money laundering – in January 2018, it fined Interactive Brokers (UK) Limited just over £1 million for poor market abuse controls and a failure to report suspicious client transactions.^[12] In June 2018, it fined Canara Bank £896,100 for failure to maintain adequate AML systems and failure to take sufficient steps to remedy identified weaknesses, despite having been notified of shortcomings. Mark Steward, Director of Enforcement and Market Oversight at the FCA, said: ‘Financial crime and money-laundering failures are areas of focussed priority for us. Canara was warned its money laundering controls were inadequate and so its failure to remediate them properly is at the more serious end of the range of sanctions.’^[13]

Deferred prosecution agreements (DPAs), introduced to the UK in 2014, are being used by the Serious Fraud Office (SFO) to resolve criminal actions against companies by deferring prosecution in return for certain conditions, including fines and usually changes to behaviour. The SFO has secured four DPAs to date. None of them has been brought in relation to money laundering offences, though the first DPA – agreed with Standard Bank – arose from a suspicious activity report filed by the bank in connection with suspected money laundering pursuant to the Proceeds of Crime Act 2002 (POCA). In November 2018, the SFO announced the end of that DPA. The SFO confirmed that Standard Bank had fully complied with the six terms imposed, including the payments of nearly US$26 million in fines and disgorgement of profits, and US$6 million (plus interest) in compensation to the government of Tanzania.^[14] In January 2019, the SFO shared the full terms of the fourth DPA, reached with Tesco Stores Ltd. Lisa Osofsky (the new Director of the SFO) said: ‘Tesco Stores Limited dishonestly created a false account of its financial position by overstating its profits.’ Under the DPA, Tesco agreed to pay a £129 million fine and £3 million in investigation costs, and to undertake and implement an ongoing compliance programme during the three-year term of the DPA.^[15] However, the SFO’s charges against three former senior managers over the alleged financial misreporting fell apart: two were ruled to have no case to answer in November 2018 (with that decision upheld and an acquittal ordered by the Court of Appeal in December 2018)^[16] and the third was later acquitted of all charges after the SFO offered no evidence at a hearing in January 2019.^[17]

Osofsky stated in September 2018 that before agreeing to further DPAs, the SFO will want ‘assurance that companies are doing everything they can to ensure the crimes of the past won’t be repeated long after the watchful eye of the prosecutor moves on to another target’.^[18] DPAs can also be entered into in respect of the suite of money laundering offences under POCA, which is reason enough for UK corporates to ensure their AML compliance systems are robust, up to date, and comprehensive enough to detect and prevent money laundering. Osofsky is focusing more on money laundering, and has made clear her desire for the introduction of a corporate criminal liability offence, extending rules around bribery and tax evasion to other forms of business crime, such as money laundering.^[19]

UK legislation

The UK government has also been active on the legislative front, with a number of significant new measures introduced in the past few years.

The Criminal Finances Act

The Criminal Finances Act (CFA) created the ability for the relevant authorities to obtain unexplained wealth orders (UWOs), with effect from 31 January 2018. Prosecutors and regulators can apply to the High Court for a UWO to require a person or entity, whether within or outside the UK, either suspected of involvement in or association with serious criminality, or being or connected to a ‘politically exposed person’, to explain the origin of assets with a value greater than £50,000 if those assets appear to be disproportionate to their lawful income. A failure to provide a convincing response would give rise to a presumption that the property can be recovered as the proceeds of crime.

The NCA’s first UWO case concerns the (now jailed) Azerbaijani banker Jahangir Hajiyev and his wife, Zamira Hajiyeva. In February 2018,^[20] the NCA secured two UWOs over two properties worth £22 million that were believed to be owned by Hajiyev and his wife. At a court case in which Mrs Hajiyeva applied (unsuccessfully) to have the UWO dismissed, expenditure including £16.3 million spent over the course of a decade at Harrods was noted, and Jonathan Hall QC (for the NCA) said the spending was ‘far in excess of [Mr Hajiyev’s] income as a bank official’.^[21] In November 2018, the NCA seized 49 items of jewellery with a value of more than £400,000 from an auction house in London where they were being valued for Mrs Hajiyeva’s daughter. In January 2019, a diamond ring worth £1.19 million, originally bought at Harrods in 2011, was seized from a jewellers (where it was being repaired) under the ‘listed assets’ provisions – the NCA believes that the source of the funds to purchase the jewellery requires further investigation.^[22] Donald Toon, director for economic crime at the NCA, said that UWOs ‘enable the UK to more effectively target the problem of money laundering through prime real estate in London and across the UK’.^[23] Toon has also said that the NCA was looking at sources of wealth ‘from a wide range of other parts of the world’, such as the former Soviet states, Asia and Africa.^[24] However, at the time of writing, only three UWOs have been obtained, all in respect of the above case.^[25]

The CFA extends the moratorium period for consent in respect of suspicious activity reports (SARs) filed under POCA from 31 days up to six months, on the approval of the court. POCA requires that regulated companies, such as banks and insurance companies, file SARs with the NCA where they suspect that a transaction may involve the proceeds of crime and enables them to seek consent to proceed with the transaction. Under POCA, if the NCA refuses consent within seven days, the moratorium period kicks in, allowing investigators time to gather evidence to determine whether further action, such as restraining the funds, should be taken. The NCA has long considered that 31 days is not long enough, so the CFA allows the moratorium period to be extended in increments each of 31 days, up to an aggregate period not exceeding six months. The FATF stated in its report (mentioned above) that the United Kingdom should prioritise reform of the SAR regime, including modernising the reporting mechanisms and making the online SAR form more user-friendly.

The CFA introduces disclosure orders in respect of money laundering investigations (they are already available for fraud investigations), which in relation to civil recovery investigations can be applied for by officers of the FCA and HMRC.

The CFA creates mechanisms (joint disclosure reports, or ‘super SARs’) that will enable POCA-regulated entities to share information with one another about suspected money laundering. This approach has already been piloted under the Joint Money Laundering Intelligence Taskforce (JMLIT), under which banks and the NCA share information. JMLIT has assisted law enforcement on over 500 cases, which has directly contributed to over 130 arrests and the seizure or restraint of over £11 million.^[26] Reporting entities may submit a joint report to satisfy their respective individual reporting obligations and avoid multiple and duplicative reports relating to a common situation. So far, reporting entities have been reluctant to file joint reports given the need for their interests to align before a single report can be submitted.

Finally, the CFA created a new offence, applicable against companies and partnerships, of failure to prevent the facilitation of tax evasion. A company or partnership will commit a criminal offence where it fails to prevent someone who acts for or on behalf of the company or partnership from committing a UK tax evasion offence or an equivalent offence under foreign laws, where there is a nexus to the United Kingdom and dual criminality, unless the company can show it had reasonable procedures in place to prevent such facilitation. The offence carries the potential for an unlimited fine. Since coming into force, no prosecutions have been brought, but HMRC confirmed in March 2019 that it had opened its first investigations in November 2018.^[27]

Money laundering regulations

AML laws in the UK and across the European Union all changed in 2017 when 4MLD had to be implemented by EU member states, and they will change again in light of 5MLD (discussed below), which is to be implemented by 10 January 2020.

4MLD was implemented in the UK by the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. They came into effect on 26 June 2017 and revoked the Money Laundering Regulations 2007. Since that date, HMRC has issued fines in the millions for failure to comply with the 2007 and 2017 Regulations.^[28] Between June 2017 and July 2018, 535 penalties were issued, totalling just over £2.4 million, under the 2007 Regulations (where the breach occurred before June 2017). Fines have also been issued under the 2017 Regulations – in late 2018, Countrywide Estate Agents was fined £215,000 for failure to conduct adequate due diligence and proper record-keeping.^[29] Ben Wallace, Minister for National Security and Economic Crime, said, ‘Criminals who seek to use this country as a place to launder money should be in no doubt that they have nowhere to hide. Estate agents are a crucial line of defence against them and that’s why they’re under a legal – and moral – obligation to file a report when they spot something amiss.’^[30]

Failure to prevent economic crimes

The UK Ministry of Justice’s consultation to consider law reform to criminalise a more general failure to prevent economic crimes closed in March 2017.

The legal framework under consideration is expected to mirror the offence of failure to prevent bribery in the Bribery Act, and the new law of failure to prevent facilitation of tax evasion, and apply it to a list of crimes, including money laundering, false accounting and fraud. As is the case with facilitation of tax evasion, it would be a defence for the company to show that it had reasonable procedures in place to prevent the crime, or that it was not reasonable to expect the company to have such procedures in place. The UK’s Solicitor General, Robert Buckland MP, said in 2018 that there ‘is a strong case for the creation of a new corporate criminal offence for failing to prevent economic crime’.^[31] There has been little visible progress, which was recognised by the Treasury Select Committee in a March 2019 report. That report recommends that the United Kingdom government set out a timetable for bringing forward legislation and notes the Solicitor General’s statement that ‘a lot of thinking is going on about what the precise model might be.’^[32]

The Sanctions and Anti-Money Laundering Act

In May 2018, the Sanctions and Anti-Money Laundering Act (the Sanctions Act) was passed by Parliament to provide the UK government with the necessary legal powers to implement sanctions post-Brexit, as well as to maintain the existing sanctions regimes.

Once the operative provisions of the Sanctions Act are in force, the UK government will be able to impose sanctions where it considers it appropriate for the purposes of compliance with UN and other international obligations, or for one of the following discretionary purposes (provided the UK government has (i) considered and determined that there are good reasons to pursue that purpose, and (ii) considered and determined that the imposition of sanctions is a reasonable course of action):

• national security or international peace and security;
• to prevent terrorism;
• to further foreign policy objectives;
• to promote the resolution of armed conflicts or the protection of civilians in conflict zones;
• to provide accountability for or be a deterrence to gross violations of human rights, or otherwise promote compliance with international human rights, humanitarian law or respect for human rights;
• to contribute to multilateral efforts to prevent the spread and use of weapons and materials of mass destruction; or
• to promote respect for democracy, the rule of law and good governance.

The new framework will allow the UK government to subject a person to sanctions where it has reasonable grounds to suspect that person of being involved in a specified activity and considers that the designation is appropriate with regard to the purpose of the regulations and the likely significant effects of the designation. Of note is that the UK government will be able to designate persons not only by name, but also by description if, among other things, it is not practicable to identify and designate by name all the persons falling within that description, and the description is such that a reasonable person would know whether that person fell within it. This may raise questions of how specific a designation should be and could give rise to numerous challenges.

To challenge a designation, a person must first request variation or revocation directly from the government. Only after that can a judicial review be brought in the courts, which will be via a closed court procedure where sensitive intelligence is in issue.

Sanctions regulations are to be reviewed on an annual basis and the designation of an individual is to be reviewed every three years in certain circumstances.

The framework is intended to ensure continuity and coordination with the UN and other international sanctions regimes, but there is scope, over time, for divergence between the UK and its partners, with the UK able to adopt a tougher or softer regime than its EU and other partners. This could potentially create additional compliance burdens for businesses operating within the United Kingdom. That in itself would be an incentive for the government to observe sanctions policy continuity with its partners.

Finally, the Sanctions Act requires, no later than 31 December 2020, for the UK government to prepare draft legislation requiring the government of every British Overseas Territory (including the British Virgin Islands and the Cayman Islands) to introduce a publicly accessible register of the beneficial ownership of companies within its jurisdiction, for the purposes of the detection, investigation or prevention of money laundering. However, the requirement faced fierce opposition from British Overseas Territories, leading the UK government to say it will prepare draft legislation requiring ‘an operational public register by 2023’.^[33] MPs had attempted to reassert the original deadline of 31 December 2020 and wished to extend the requirement to crown dependencies by way of amendment to the Financial Services Bill. However, debate was pulled by the UK government.^[34]

Continental Europe

In what has been called one of the world’s largest money laundering scandals, €200 billion of non-resident money flowed through Danske Bank’s Estonian branch from 2007 until 2015, with €8.3 billion being part of suspicious transactions. Ten former employees were detained in December 2018 on suspicion of knowingly enabling money laundering.^[35] In February 2019, Danske Bank was ordered to close its operations in Estonia within eight months and repay the deposits of its customers.^[36] However, the scandal is not limited to Danske Bank. Swedbank, the largest bank in Estonia, Latvia and Lithuania, is now facing regulatory investigations by Estonian and Swedish regulators and the New York State Department of Financial Services amid reports that more than €135 billion of ‘high-risk non-resident’ money passed through the bank’s operations in Estonia over a decade.^[37] In late March 2019, the chief executive of Swedbank’s board was fired,^[38] and the chairman resigned a week later with immediate effect.^[39] These revelations show that there is still considerable work to be done to protect against money laundering in Europe.

The Paradise Papers and other investigations continue to have an impact on Europe. The European Parliament’s Special Committee on Financial Crimes, Tax Evasion and Tax Avoidance, established following media reports on tax scandals, in February 2019 adopted a set of recommendations and findings,^[40] which was adopted by the European Parliament in March 2019.^[41] Most notably, it found that seven EU countries displayed traits of a tax haven and facilitate aggressive tax planning: Belgium, Cyprus, Hungary, Ireland, Luxembourg, Malta and the Netherlands. It recommended, among other things, that the EU Commission immediately work on a proposal for a European financial police force and an EU anti-money laundering watchdog. The co-rapporteur, Jeppe Kofod, said:

Europe has a serious money laundering and tax fraud problem. We have the world’s largest, richest and most integrated single market with free movement of capital, but little to no effective cross-border supervision and 28 differing national anti-money laundering and anti-tax fraud provisions. This creates a string of loopholes, which are far too easy for criminals to abuse to launder vast amounts of money as in the Danske Bank-scandal.^[42]

The fourth and fifth money laundering directives should go some way to ensuring adequate systems are in place. The objective of 4MLD is the ‘protection of the financial system by means of prevention, detection and investigation of money laundering and terrorist financing’^[43] by way of strengthened rules and, where appropriate, to ensure consistency with the global standards laid down in the international recommendations adopted by the FATF.^[44] All 28 EU member states were required to transpose 4MLD into national law by 26 June 2017. However, the EU Commission has since referred several EU member states to the EU Court of Justice for non- or partial implementation of 4MLD, including Greece (court referral currently on hold), Ireland and Romania on 19 July 2018,^[45] and Luxembourg on 8 November 2018.^[46]

5MLD came into force on 9 July 2018 and EU member states are required to give effect to the directive by 10 January 2020. The new directive extends 4MLD in a number of areas, including bringing virtual currency exchange platforms and wallet providers within the scope of the EU’s money laundering regime, stronger enhanced due diligence for customers from high-risk countries, the requirement for EU member states to establish a national register of bank accounts holders and controllers (visible only by the authorities) and the broadening of access to information on beneficial ownership of trusts and corporates.

The EU Commission, in February 2019, adopted a controversial new list of third countries with weak anti-money laundering and terrorist-financing regimes, which reflected the stricter criteria of 5MLD. It was designed to replace the list of 16 countries put in place in July 2018. The EU Commission concluded that 23 countries have strategic deficiencies, which includes 12 countries listed by the FATF and 11 further jurisdictions.^[47] Four US overseas territories were also included in the list (American Samoa, Guam, Puerto Rico and the US Virgin Islands), prompting the US Treasury to publish a strong rebuttal, stating that it had ‘significant concerns about the substance of the list and the flawed process by which it was developed’ and that the ‘commitments and actions of the United States in implementing the FATF standards extend to all US territories’.^[48] Shortly afterwards, the EU Council unanimously rejected the list, including on the basis that it was not established in a sufficiently transparent way.^[49] The EU Commission will now have to propose a new draft list that will address member states’ concerns.

Middle East

Three Middle Eastern and West Asian states continue to be identified by the FATF as having strategic deficiencies in their AML regimes: Pakistan, Syria and Yemen.^[50] One Middle Eastern state, Iran, is subject to an FATF call on its members and other jurisdictions to apply enhanced due diligence measures proportionate to the risks arising from the jurisdiction.^[51] None of these has fully implemented systems to address their AML deficiencies. However, some significant developments have taken place.

For both Syria and Yemen, the FATF determined in June 2014 that they had substantially addressed their agreed actions plans at a technical level, but because of the security situation, the FATF has not been able to conduct an on-site visit to assess whether the process of implementing the required reforms and actions has begun and is being sustained. The FATF will conduct an on-site visit when possible.^[52]

In June 2018, Pakistan made a high-level political commitment to work with the FATF and the Asia/Pacific Group on Money Laundering to strengthen its AML regime. The FATF has said that Pakistan should continue work on implementing its action plan to address its strategic deficiencies, but that given the limited progress on items due in January 2019, swift action is required to complete its action plan and in particular those items with timelines of May 2019.^[53]

Across the Middle East, though, there is notable progress in the development of sophisticated corporate AML programmes. Afghanistan in 2017, and Iraq in 2018, were deemed by the FATF to be jurisdictions no longer subject to its global AML compliance process, with the FATF, noting that the countries had established the legal and regulatory framework to meet the commitments in their action plans regarding the strategic deficiencies that the FATF had identified.

In February 2019, the FATF continued the suspension of countermeasures for Iran, following its decision to continue the suspension of countermeasures in 2018, in light of its political commitment to addressing its strategic AML deficiencies and the relevant steps it had taken. In August 2018, Iran enacted amendments to its Counter-Terrorist Financing Act, and in January 2019, Iran enacted amendments to its Anti-Money Laundering Act. However, Iran’s action plan expired in January 2018 with a number of action items remaining incomplete. The FATF will consider what further steps to take in June 2019 and has noted that if remaining legislation in line with the FATF standards is not enacted, then it will require increased supervisory examination for branches and subsidiaries of financial institutions based in Iran.^[54]

Africa

From the recent 2019 FATF update on its ongoing review of AML standards, Botswana, Ethiopia, Ghana and Tunisia were identified on the FATF’s list of jurisdictions with strategic deficiencies for which an action plan has been developed with the FATF. Each jurisdiction has provided a written high-level political commitment to address the identified deficiencies and taken steps towards improving their AML regimes.^[55]

By way of example, Ghana has been raising awareness on risk-based supervision in the financial sector since it made its high-level political commitment in October 2018, and Tunisia has enacted decrees to establish the National Registry of Companies and a decree for its proliferation finance-related targeted financial sanctions regime. Ethiopia and Botswana have agreed to work with both the FATF and the Eastern and Southern Africa Anti-Money Laundering Group to strengthen the effectiveness of their AML frameworks.^[56]

It is evident that certain African states are increasingly committed to improving their AML efforts, but more work remains to be done to effectively combat money laundering on the continent.

Conclusion: compliance policies as strategy

Financial services firms and their advisers should implement robust and comprehensive compliance policies to detect and prevent money laundering and must ensure that they continue to be compliant with all applicable AML legislation, especially considering the speed at which these laws are changing. Non-compliance with AML laws can be an expensive mistake, as evidenced by the FCA’s continued enforcement and penalisation efforts. Effective systems, on the other hand, can serve not only to prevent failures, but may also prove a defence to findings of criminality by rogue employees. There is, therefore, no reason not to invest the time and resources into getting it right.

Notes