Recent money laundering scandals in Europe have led to calls for tighter controls and an overhaul of Europe’s system for combatting financial crimes.
As European governments assess what went wrong and consider their options for reforms, they will confront challenges unique to Europe’s system – and many challenges that are universal. But Europe also has the chance to create a system that is more effective and consistent across internal borders, and to break down barriers that stymy financial institutions’ anti-money laundering and counter-terrorist financing efforts. Financial institutions will face additional scrutiny in this area and should increase their vigilance, but they should also seize the opportunity to educate and influence governments’ thinking about the contemplated reforms.
Recent events at two of Europe’s most venerable banks show that preventing money laundering is still a major problem. The Danske affair sent tremors through Europe, raising the spectre that other systemically important banks in Europe have similar problems on their hands and raising questions about the sufficiency of government oversight in this area.
A consensus has rapidly emerged that something must be done. But what? Whose fault is it? Are the rules the right ones? If so, are they applied properly? Do supervisors have the resources they need? Should supervision be more centralised? If so, where? If not, how can national supervisors up their game and work better together? And, perhaps most disturbingly, after decades of public policy attention to anti-money laundering and countering the financing of terrorism (AML/CFT) rules, and significant investments by financial institutions to follow those rules, are we any better today at combatting illicit finance than we were decades ago?
One thing is clear. The EU financial sector faces significant risks if the AML/CFT picture does not improve. Given the interdependence of the euro area, the wider EU and the rest of the continent, not to mention their historical links and geographical proximity to parts of the world well known for financial crime and its nefarious uses, the EU financial sector is only as strong as its weakest link in resistance to illicit finance. At the heart of Europe lies the regulatory system of the EU. The EU, in many respects a great success story of the modern world, has faced huge challenges in recent years. The financial crisis starting in 2007 morphed into an economic crisis revealing incomplete economic and monetary union to buttress the euro, a currency shared by 19 countries as different as Germany and Greece, Spain and Slovakia, Ireland and Italy. Increased immigration revealed incomplete border sharing arrangements to support the abolition of internal frontiers between the 26 Schengen countries.
The question of how best to supervise and enforce AML/CFT regulations in the EU’s 28 member countries is yet another test for EU integration. Brussels must grapple with 28 financial sectors with individual personalities, uneven public sector resources, and illicit finance risk that, arguably, is exacerbated by its common borders and integrated financial relationships. The stakes for European financial institutions are high. Reforms could correct inefficiencies, remove barriers and support innovation in Europe’s AML/CFT system. But reforms are also likely to mean increased scrutiny, tougher penalties, and less room for error.
We will focus on “Brussels” in what follows, but the EU is not alone in grappling with the need to strengthen its approach to illicit finance. Many of the world’s financial centers – both large and small – have embraced the need adopt the necessary laws and regulations to fight financial crime but are struggling to improve the effectiveness of their systems to implement them. Much work remains to be done globally.
What are the problems?
The EU’s approach to combatting financial crime in its financial system is, by anyone’s estimation, complicated. EU-wide regulations – known as the Money Laundering Directive – establish, in theory, a consistent legal framework across all EU countries. In practice, however, each country is responsible for the effective implementation of those regulations within their own borders: assigning the appropriate resources, expertise and efforts to fighting financial crime. In addition, EU countries are hindered from independently or rapidly addressing a regulatory gap or illicit risk identified within their own financial sector. The European Central Bank, which plays a role in the prudential supervision of financial institutions across the EU, has not had a role in supervising EU financial institutions’ compliance with AML/CFT regulations or imposing penalties when they fall short. EU countries have retained the responsibility to ensure that their financial institutions are implementing effective systems in this area, and for holding them accountable when they do not.
While the recent highly publicized money laundering scandals have offered dramatic examples of what happens when their efforts fall short, technical experts and policymakers in Europe have been identifying weaknesses in the EU system for a number of years. The Financial Action Task Force (FATF), the global standard setter for AML/CFT, conducts intensive assessments of countries’ compliance with its standards. The assessments cover all aspects of a country’s system for combatting money laundering, terrorist financing and proliferation financing -- from how well illicit finance risks are understood to how well a country carries out financial investigations and prosecutions. Key among the areas assessed are the effectiveness of a country’s supervision of its financial institutions and others with roles that are relevant for combatting financial crime.
Just over a third of EU countries have recently undergone FATF assessments, and only two of the EU countries assessed – Ireland and Spain – fared well in the area of supervision. Eight countries were rated only moderately effective in the area of supervision, and one country – Denmark – received a failing grade. Even the United Kingdom’s recently published mutual evaluation, which is viewed as the best evaluation to date, included a moderate rating for supervision for a variety of reasons. The FATF’s assessments of EU countries indicate many have similar challenges, including difficulties properly prioritizing the highest risk financial entities for supervision, a lack of appropriate strict penalties for compliance failures, and a lack of supervisory resources to conduct the necessary on-site visits and oversight. In Denmark, for example, there were only three full-time supervisors assigned to oversee AML compliance for 96 banks, among other financial institutions. Last month, the FATF approved increased scores for Denmark’s mutual evaluation, based on new laws Denmark has put in place since its evaluation, but its overall effectiveness score will not be revisited by FATF for several years.
In addition to the individualized risks and resource constraints each EU member state faces, the EU’s regulatory regime for AML/CFT is designed for more than two dozen countries in a single market with no or limited borders between them. For example, the EU’s regulatory regime allows banks within the European Union to extend “simplified” due diligence procedures to other banks within the EU when establishing relationships with each other. The EU’s regime for overseeing non-bank money services businesses – such as foreign exchanges and money remitters – allows agents to enjoy “passporting” privileges from the these money services businesses home office that reduces the requirement for oversight in the countries where the agents are operating. An assessment of the effectiveness of the EU’s AML/CFT system as a whole would be useful, but this is not currently done at the FATF, which conducts assessments of individual EU countries. In Europe, that risks missing the wider picture.
When it comes to implementing an effective AML/CFT system, the European Union also faces many of the same challenges that vex policymakers and financial institutions worldwide. Chief among these are severe and persistent obstacles to financial institutions’ ability to share information about financial crimes. Legal regimes intended to protect customer data and privacy, and to prevent the inappropriate disclosure of sensitive financial reporting about financial crimes, have unintended consequences that impede efforts to prevent and prosecute financial crime. Financial institutions are often unable to share information with each other, with law enforcement, and even with relevant parties within their own financial institutions. The problem is particularly acute for large financial institutions operating across borders who must comply with different laws in each location. The ability to share information – with other financial institutions or within their own group – helps financial crime experts within banks to connect the dots, map criminal networks, and report more meaningful information to law enforcement. And, most importantly, it allows banks to know where and how their customers are operating within their own bank globally and, whether a customer been off-boarded in one location but try to gain access in another. But the current global regulatory regime, including in Europe, does not support necessary information sharing.
Another challenge prevalent throughout the world, and which the EU most certainly faces, is to ensure its system is truly risk-based, as recommended by the FATF standards. Quite simply, are the EU’s bank supervisors focused on the right things? Are their financial institutions, in turn, properly focused on their highest risks? The structure and content of AML/CFT examination – a subject of longstanding contention for banks operating in the United States and globally – is of critical importance. When examinations are focused on documentation and a “tick the box” approach, financial institutions argue that resources are wasted, and the goal of prosecuting financial crime is not advanced. The quality of a bank’s efforts on financial crime may not be rewarded. But setting aside some of issues– in favor of higher priority issues – also puts examiners at risk. Balanced exams are foundational for an effective system.
What’s next for the EU?
The political context and calendar in the EU are of great importance in this context. The coming year will see a thoroughgoing change of leadership in the major EU institutions following European Parliamentary elections in May. By then, the EU will for the first time have diminished in number, having lost the UK on 29 March.
AML/CFT reform will not be the major topic on the political hustings, but it will rise in importance as the political processes drill down to the precise commitments of the new politicians and senior officials in charge of justice and financial service policies.
The European Commission has been asked to propose further measures to improve prudential and AML/CFT frameworks following a thorough assessment of the current situation, including what is being called “a rigorous post-mortem exercise.” Current plans call for presentation of this assessment to ministers in the third quarter of 2019.
A number of Brussels beltway issues with enormous potential consequences will require elucidation. Should the AML/CFT rules be enshrined in a directive, which sets goals for national laws to meet, or in a regulation, which is the law of the 27 lands with no need for national intermediation? For comparison, the predecessor of the GDPR (General Data Protection Regulation) was a data protection directive. Is this a justice/law enforcement issue or one of financial regulation? Which agencies are responsible for what? Should supervision and enforcement of AML/CFT rules be centralized in one large regulatory body, or should it continued to be handled largely by EU member supervisors with greater oversight by a central body? If so, should it stand alone or be attached to the European Central Bank or the European Public Prosecutor’s Office or Europol? Initial proposals have centered on strengthening the European Banking Authority’s powers in this area, but even these have encountered skepticism in Brussels. Are these questions important or a distraction from more pressing needs to strengthen the substantive rules and, most critically, provide additional resources to the EU member level? Does Brexit facilitate or complicate matters? Above all, who will pay?
As the EU contemplates a new system, scrutiny of financial institutions’ efforts in AML/CFT will increase. There is also an opportunity for financial institutions to educate and influence governments’ thinking about how best to address shortcomings and constraints. There is certainly the potential for Europe to create a system that operates more effectively, removes barriers that financial institutions face in their AML/CFT compliance efforts, and sets a new standard for AML/CFT globally. The EU should consider the following in its reforms:
Commit adequate resources to deal with the problem. Whether responsibility for supervision is centralized in Brussels, or delegated to individual countries, additional resources are needed to oversee Europe’s financial institutions.
Ensure a consistent approach to supervision … Financial institutions operating in Europe would benefit from consistent supervisory expectations in EU member countries. Consistency is a key element in helping financial institutions determine where best to allocate resources to AML/CFT risks and to effectively identify and prevent illicit finance.
…. and one that is based on risk. Recognize that examinations should be focused on the highest risks, reward a similar approach within financial institutions, and prioritize accordingly. In this respect, EU member level supervisors may have the best understanding of their financial sector risks, but bodies in Brussels – such as the Commission – have a valuable broader view of the EU system as a whole.
Break down information-sharing barriers. Steps should be taken to remove obstacles in all directions: between governments, between financial institutions, between financial institutions and law enforcement, and within financial institutions. This is easier said than done, since protections on the sharing of financial data are central to privacy protections that are fundamental rights in Europe and elsewhere.
Adapt to the realities of open borders in Europe. The EU’s structure and legal regime is unique among the world’s financial sectors. It warrants a bespoke AML/CFT supervision and enforcement system that acknowledges the EU is a single market and some cross-border activities are therefore treated more like domestic transactions than international ones. The EU’s open borders raise the stakes for transparency and cooperation among the EU’s regulators, law enforcement bodies, policymakers and financial institutions.
Recognize perfect laws won’t prevent the next money laundering scandal. What will matter most is whether the EU can reform its system so that policymakers assess its performance on the basis of its effectiveness and the results it produces – not whether its laws and regulations meet international standards.