China and Australia increase AML/CFT fines, UK regulators call time on AML flexibility, and the US grapples with the implications of the Corporate Transparency Act.
We share our financial crime regulatory highlights from the week of January 18, 2021.
Asia-Pacific Sees Tougher Enforcement
A recent report on bank fines for regulatory failures, including those involving AML/CFT controls, suggests that large penalties – common in the US, and increasingly in Europe – are becoming more prevalent in Asia-Pacific as well.
The 2020 Bank Fines Report, from financial news website Finbold, shows both Australia and China in the global top ten for fines by value (USD) last year, with China in the eighth position on $83.03 million based on seven separate fines, and Australia in second on $981.06 million, based on three fines. The report found the US to be the leading jurisdiction, with $11.1 billion levelled in 12 separate fines.
According to Finbold, the largest proportion of the Australian fines was the $910.1 million paid by Australian banking giant Westpac in September 2020, a penalty issued specifically for failures to detect the financial activities of child exploitation rings. The remainder of the figure for Australia in 2020 relates to fines for other regulatory issues at National Australia Bank, and excludes other major fines related to AML/CFT failings that were issued but not negotiated or paid in 2020, such as the $1.3 million fine against US bank, State Street.
This is the first year of the Finbold report, making historic benchmark comparisons difficult. However, these figures reflect the perceptions of many in the industry that the Australian authorities, led by the Australian Transactions Report and Analysis Centre (AUSTRAC), the country’s Financial Intelligence Unit (FIU), have been taking a purposefully tougher stance. Besides action against major banks, AUSTRAC has also been involved in high profile investigations of payment services providers such as Paypal Australia, and major casino operators, Crown Resorts. The agency has also been going through a period of internal reform, seeking to update its Suspicious Matter Reporting (SMR) system.
Much of the impetus for this change of tempo in recent years has come as a result of critical feedback on the country’s AML/CFT performance; first the Mutual Evaluation Report (MER) of Australia in 2015, issued by the Financial Action Task Force (FATF), the international standard setters on AML/CFT, and subsequently the Australian Attorney General’s (AG) review of AML/CFT legislation in 2016. (For further details of Australia’s approach, see our previous Regulatory Highlights from September 28, 2020, October 19, 2020 and November 16, 2020).
Beside Australia, the other major Asia-Pacific jurisdiction facing growing enforcement fines in the Finbold survey was China, a finding echoed in a separate study, recently published by the management consultancy, PwC China. According to this report, the PBOC (People’s Bank of China) issued a total of $97 million in AML/CFT fines to both financial institutions and individuals in 2020 – nearly three times the amount in the previous year. Although the majority of the institutions fined were banks, the report also found that notices against Chinese payment services providers were rising steeply, mirroring PBOC’s stated intention in December 2020 to focus more on the AML/CFT controls of FinTechs.
Given that China and Australia are both eager to bolster their AML/CFT credentials, it seems likely that their regulators’ increasing focus on enforcement action is viewed as one way to demonstrate this. Although they represent only two jurisdictions in a diverse region, they are economically and financially significant, as well as politically influential, suggesting that other countries might take similar approaches in the near future in order to burnish their own reputations with FATF.
It is vital therefore that the financial services sector and other obligated firms pay close attention to developments in these jurisdictions, which – along with trends in Europe and the US – suggest a future direction of travel towards more AML/CFT regulation and tighter enforcement. This means that all firms will need to take their regulatory obligations seriously, but that those in the FinTech sector, especially payment services, should take particular note.
New UK Advice on AML/CFT Flexibility
The Financial Conduct Authority (FCA), the UK’s leading financial services regulator, has recently updated its advice on ‘Financial Crime Systems and Controls During the Coronavirus Situation,’ suggesting that their more flexible attitude toward the application of Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) controls during the COVID-19 pandemic might be coming to an end in early February 2021.
The advice was first issued in May 2020, when the FCA – along with several other major regulators – made public statements about their expectations of firms subject to AML/CFT obligations during the crisis. The priority item in this advice was to encourage firms to work proactively with the regulators and the UK’s National Crime Agency (NCA) in tackling a range of financial crime trends that were emerging from the pandemic, especially cyber-enabled frauds and scams. As the FCA noted, it was “important that firms remain vigilant to new types of fraud and amend their control environment where necessary to respond to new threats.”
The advice also stressed that firms should not respond to the crisis by weakening their AML/CFT controls simply to tackle spikes in numbers of financial crime alerts brought about by rapid shifts in client behavior following the imposition of social restrictions. The FCA particularly stressed that obligated firms should not revise transaction monitoring (TM) or sanction screening thresholds “for the sole purpose of reducing the number of alerts generated.”
Nonetheless, the FCA has also explicitly recognized that the pandemic has created a range of operational difficulties for obligated firms due to lack of access to systems during prolonged periods of staff ‘working from home’, and reduced capacity due to staff illness. Where the pandemic has made ‘business as usual’ difficult to achieve, the FCA has sought to provide reassurance that as long as firms take structured, risk-based approaches with “appropriate safeguards,” they would take a sympathetic approach to variations in procedure.
One area highlighted by the FCA has been the use of remote client Identity and Verification (IDV), including the use of Digital Identity (DI) solutions to overcome limits on non-essential travel. The FCA has taken a flexible attitude on usually time-sensitive activities where firms are under operational stress, such as the scheduling of Customer Due Diligence (CDD) reviews and investigations of TM alerts.
According to the most recent update, however, this advice is to come to an end on February 7, 2021, despite the ongoing lockdown in most of the UK. Although it is possible that the advice will be renewed closer to the deadline, this seems less likely than at previous junctures. In other regulatory areas where the FCA has changed its guidance to suit the particular conditions of the pandemic, such as the appointment and authorization of senior managers, the FCA has also already partially reverted to normal practice, with full reversion expected by the end of April. According to the FCA, the end to these temporary arrangements have become possible due to the adaptability and resilience many firms have shown in the face of the pandemic.
This announcement means that compliance teams in the UK will need to be prepared for regulatory relationships to resume to ‘normal’ in the very near future, especially with regard to key CDD and reporting turnaround times. However, as the FCA has also stressed in recent months, this does not have to mean – indeed, should not necessarily mean – the reversion to old practices. The FCA has thus continued to highlight the role that RegTech can play in meeting the needs of obligated firms in a crisis, especially in helping firms respond with agility to new risks. Leading regulators are keen to see firms use technological innovation to tackle AML/CFT challenges, and from the perspective of the firms themselves, it will pay to face the current – and future – crises with resilient but flexible systems.
Impact of US AML/CFT Reform Emerges
On January 2, 2020, the US National Defense Authorization Act for Fiscal Year 2021 (NDAA) became federal law, after the Senate voted to overturn the veto exercised by former President Trump in December 2020. Although primarily intended to provide funds for the military, this year the act has also been substantially amended by a new Anti-Money Laundering Act (AMLA).
So far, much of the coverage of AMLA has focused on the provisions drawn from the previously stymied Corporate Transparency Act (CTA), with the creation of a central registry of company beneficial owners, administered by the Financial Crimes Enforcement Network (FinCEN), the US’s FIU. Focused on small US tax paying corporations and Limited Liability Companies (LLCs), it requires obligated firms to report their true beneficial owners – natural persons who own 25% or more of the business – to FinCEN at the point of company formation, and file annual updates. The provisions have been praised by transparency campaigners as a notable step forward for the US, where more than two million anonymous corporations are created each year. (For further background on the provisions of the CTA, see out Regulatory Highlights, October 9, 2020).
With AMLA now passed, media interest has begun to shift towards the practical impact of the changes. A particular area of interest has been how transparency will affect the real estate market, especially in sought-after luxury locations such as South Florida. Before the Act, LLCs were used as a common vehicle for those purchasing property anonymously, and even though there were legitimate business reasons to do this including tax efficiency, it was often used by criminals to integrate illicit funds back into the economy without detection.
Under the new law, however, both domestic and foreign LLCs will have to disclose a natural person(s) behind the company. Talking to the Miami Herald, Larry Kellogg, a financial crime lawyer with experience of pursuing money launderers, commented that “trying to find…assets can be difficult,” but that “this law will make tracing that money much easier.” Nonetheless, the law is not without loopholes. According to Ville Rantala, Assistant Professor of Finance at the University of Miami, (also quoted in the Herald), the Act still allows “straw buyers…beneficial owners who are not the true owners” to buy property on behalf of unseen criminals.
Besides the headline beneficial ownership provisions, AMLA has also included other requirements, which were explored in detail in a recent CA blog post. These include an increase in both financial rewards to AML/CFT whistleblowers and penalties for those convicted under the Bank Secrecy Act (BSA). The Act points toward structural AML/CFT reforms as well, mandating FinCEN to appoint dedicated FinCEN liaison officers to other nations FIUs, and asking the agency to evaluate the potential for changes to the current Suspicious Activity Report (SAR) system.
The Act also features some aspects intended to help compliance teams in the private sector. Under previous US law, US businesses owned by a foreign group were only allowed to share SAR material with their holding company but not other affiliates, leading to the fragmentation of several international banks AML/CFT efforts, a situation well-dramatized by some of the cases revealed in last year’s unauthorized US SARs leak (the ‘FinCEN Files’). With AMLA, in contrast, there will be greater flexibility for sharing US SAR materials with affiliates, unless other national security concerns are involved.
Other aspects of the Act are likely to have a more uncertain impact on foreign firms with interests in the US. Previously, the US Treasury or Department of Justice could subpoena the ‘correspondent’ accounts of foreign banks that maintained relationships with banks in the US, meaning that the authorities could look at broad international flows between institutions. Under the new law, however, US authorities are also allowed to request documents related to any bank account held by foreign banks which also maintain US correspondent relationships. If the foreign institution fails to comply, it is liable to be fined and to lose any access to the US financial system.
Although this will provide a further deterrent to those who seek to use international transfers to launder illicit funds through the financial system, it will almost certainly place further reporting demands on non-US banks. Talking to the Wall Street Journal recently, Jessie Liu, a US compliance lawyer, commented that as a result of the law, “there’s going to be more investigations of money-laundering violations and more requests to foreign banks for documents that are abroad and to trace where the money has gone.” She also noted the potential conflicts this would create for foreign firms, with US law requiring them to comply with a subpoena, but domestic bank secrecy and data privacy laws requiring them to do the opposite.
What these developments suggest is that the full implications of the AMLA are only just beginning to become apparent and that there are potentially more unforeseen effects to come along the way. There is also a reasonable chance that the arrival of a new administration will also lead to further strengthening of the law in due course. These changes should signal to those firms which wish to operate within the US financial system – both foreign and domestic – that having robust AML/CFT controls in place is a greater priority now than ever.