On 24 July 2019, the European Commission (the Commission) published a set of reports assessing the EU’s anti-money laundering (AML) and counter terrorist financing (CTF) framework. This included a report highlighting shortcomings and lessons learnt from recent alleged money laundering cases involving ten banks during the period 2012-2018. The report seeks to present an “indicative typology” of failures and examines how the various public authorities acted in response.
We’ve explained the Commission’s findings below, and what this means for AML/CTF supervision and enforcement going forward.
The Commission identified four broad categories of AML/CTF deficiencies across the ten cases:
1. Ineffective compliance with AML/CTF legal requirements: in many cases the Commission found that firms had insufficient understanding of their customers’ actual operations and were unable to draw meaningful conclusions as to whether or not a customer’s activity was suspicious. The report highlights shortcomings relating to remote booking models and the challenges these models create for transaction monitoring.
2. Governance failures: the Commission’s analysis revealed deficiencies in firms’ internal reporting, and senior management responsibility and accountability. In the first line of defence employees in business origination roles often failed to recognise and escalate suspicious activity. Senior management were not sufficiently informed about failures related to AML/CTF compliance and prioritised business profitability over compliance. The report also notes that senior management often ignored problems in smaller business units thereby exposing the firm to a risk of disproportionate damage if an AML/CTF risk crystallised.
3. Failure to mitigate higher-risk business models: the report notes that a number of firms actively pursued riskier business models (for example, focusing on business in high risk jurisdictions or entering into business relationships with politically exposed persons) without implementing commensurate AML/CTF policies and controls.
4. Ineffective group AML/CTF policies: some firms had difficulties forming an accurate overview of risks across the group and failed to align local AML/CTF processes with group-wide initiatives. In certain cases, central functions did not engage with problems at local subsidiary/branch level even though these activities exposed the group to potentially significant AML/CTF risks.
EU’s AML/CTF priorities
The Commission’s analysis was conducted against a backdrop of recent money laundering scandals involving European banks and increasing public and political pressure to improve the existing AML/CTF framework.
The report acknowledges that there are outstanding structural issues and calls for greater harmonisation in supervision by national authorities, closer prudential supervision especially in cross-border situations, and more structured and systematic international cooperation with key non-EU authorities.
The report also emphasises the importance of recent developments in the EU’s AML/CTF framework including the proposed role of the European Banking Authority (EBA) which, from January 2020, will take the lead in coordinating and monitoring the EU’s efforts to combat money laundering and terrorist financing. The EBA will be responsible for ensuring that breaches of relevant rules are investigated by national supervisors and facilitate international cooperation.
For AML/CTF professionals at financial institutions, the Commission’s findings underscore the importance of implementing effective systems and controls which are proportionate to the business activities and risk appetite of the group (including local subsidiaries or branches). The Commission’s focus on governance and senior management responsibility reflects the expectation of regulators that AML/CTF risks are given appropriate consideration at all levels of the organisation.