6th May 2021

Australian Suspicious Transactions, European Bank Compliance, US Sanctions Enforcement 

Australia clarifies the grounds for reporting suspicious transactions; European banks face ongoing AML/CFT compliance challenges; the US fines a major payments provider for sanctions failures. 

We share our financial crime regulatory highlights from the week of May 3, 2021.

Australian Regulator Asks for Better Reporting

The Australian Transaction Reports and Analysis Centre (AUSTRAC), the country’s Financial Intelligence Unit (FIU), has recently asked firms obligated to make Suspicious Matter Reports (SMRs) to review the quality of the material they are filing. The statement comes in the agency’s most recent Suspicious Matter Reporting: Reference Guide published on April 29. 

SMRs are the Australian version of what is also known as ‘Suspicious Activity Reports’ (SARs) or ‘Suspicious Transaction Reports’ (STRs) in other jurisdictions and are the key channel for the provision of private-sector financial intelligence to the authorities under Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) legislation. 

Most jurisdictions have ongoing problems with the quality and relevance of transaction reporting. However, according to local media reports from the end of 2020, AUSTRAC has been facing a particularly acute SMR challenge, having been deluged with a stream of defensive reporting filed in order to avoid the kinds of compliance fines faced Australian banks such as Westpac and Commonwealth Bank. According to AUSTRAC, around 265,000 SMRs were submitted in 2020, a figure 258% higher than four years before. An AUSTRAC official quoted in the media said that many of these reports were “junk”.  

Although the SMR Reference Guide does not explicitly outline the scale of the problem currently facing AUSTRAC, it notes at the outset the challenges caused by the receipt of low-quality reports; “incomplete, inaccurate or unstructured [SMRs]”, it says, “can make further meaningful analysis difficult,” and even “impossible.” It is therefore incumbent on reporting entities – primarily in financial services, but also gambling and the gold bullion trade –  to undertake the task with speed and diligence. 

To help obligated firms, the Reference Guide restates the basic requirements for SMRs, stressing the need for clear explanations of the grounds of suspicion, “in plain English, with information structured in a clear and logical way”. It also provides more practical support, with examples of good (and bad) practice reporting on cases of high-level money laundering, insider trading and identity theft, and a checklist of areas that should be covered in an SMR. The Guide also includes a sensitive reference document containing crime types and keywords for use in reporting to help AUSTRAC analyse the material more efficiently. 

Although the overall message of the new AUSTRAC Guide is that there is much still to do to raise the average quality of SMRs, it does provide grounds for optimism that improvements can be made. As the Guide suggests, many of the most simple of those improvements will come from basic in-house changes to the structure and style of submitted reports. 

However, these are unlikely to be enough in themselves to ensure optimal reporting; as the Guide further notes, good quality SMRs are not only well written but rooted in a genuine understanding of financial crime risks and rich data. AUSTRAC does not specify where firms should find these – as is common amongst regulators, they take a ‘solution neutral’ stance. Nonetheless, as industry experience increasingly indicates, delivering good quality financial intelligence is difficult to do alone. In a complex and fluid risk environment, businesses need trusted platforms, data, and partners to help them deliver.  

European Banks Face More Compliance Woes

In the last week, several major northern European banks have faced further problems with regard to their AML/CFT compliance frameworks, continuing the saga that has dogged the region’s financial services sector since the revelation of an interrelated number of Nordic and Baltic banking scandals from 2017 onwards. 

The most heavily targeted of the banks has been the major Danish financial institution, Danske, which has been under investigation in several jurisdictions for its facilitation of around 200 billion euros’ worth ($242 billion) of suspicious transactions through the bank’s Estonian branch between 2007 and 2015.

In the most recent developments, Danish authorities are reported to have dropped money laundering charges against the bank’s former chief executive, Thomas Borgen, and other senior leaders. However, criminal investigations against the bank itself remain ongoing, and the bank has recently stated that despite undertaking a year-long internal investigation of its non-resident portfolio at its Estonian branch, it has been asked by authorities to conduct a further re-investigation of the unit in 2021.  

Deutsche Bank – linked in the media to Danske’s travails as well as a range of other illicit finance scandals over the last few years – has also recently faced further censure from its domestic regulator, the Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht, commonly described as ‘BaFin’). 

In an announcement on April 30, BaFin stated that Deutsche would need to “adopt further appropriate internal safeguards and comply with due diligence obligations, in particular with regard to regular customer reviews,” if it was to meet its AML/CFT obligations. The regulator also extended the remit of KPMG, appointed as its special monitor of Deutsche in 2018, to ensure the reforms take place. 

Separately, in Norway, the local regulator Finanstilsynet has announced it will fine DNB, the country’s largest financial group, 400 million Norwegian kroner (equivalent to $48.1 million) for AML/CFT failings. The fine is related to “serious breaches” in compliance identified in a supervisory inspection in early 2020, as well as a separate investigation of DNB’s handling of its relationship with the Samherji Group, an Icelandic fisheries company accused of money laundering and corruption.

In all three cases, Danske, Deutsche and DNB have stated that they are willingly cooperating with the authorities, and continuing to undertake remediation efforts to address the failings identified. Deutsche responded to the BaFin announcement by saying that the bank would work “intensively to…comply with the new requirements within the given timeframe,” while DNB said it acknowledged shortcomings in its Customer Due Diligence (CDD) and had done a great deal of work on reviewing the customer portfolio since the Samherji case.

Although the banks’ responses will be welcomed by regulators, it seems likely that these most recent developments will mark not the end, but only another new chapter, in a story that still has some way to run. As the series of European banking scandals have indicated, there seem to be long-term and deep-rooted vulnerabilities in the AML/CFT frameworks of many major European financial institutions that will need sustained reform to address; it is little surprise, therefore, that the European Union (EU) is putting so much emphasis on its forthcoming AML/CFT reform plan, with a proposed ‘single rulebook’ and supranational regulator.

There are obvious lessons to be learned here for the private sector, not least of which is to seek effective and innovative ways to reform and improve AML/CFT frameworks before, rather than after, regulatory censure. This is the obvious requirement for legacy institutions with well-established frameworks, but there is also a clear message here for fintechs at an early stage of their compliance journey. As outlined in our recent report on building AML/CFT frameworks for fintechs, the key is to ensure that the right approach is ‘baked-in’ from the start. 

US Sanctions Regulator Fines Payments Provider

On April 29, the US Treasury’s sanctions enforcement administration, the Office of Foreign Assets Control (OFAC) announced that it had reached a $34k settlement with MoneyGram Payment Systems, a Texas-based firm and one of the world’s largest money transfer providers, for violations of US sanctions programs. 

According to OFAC, MoneyGram’s primary failure was providing payment services without a license to designated individuals incarcerated in U.S. federal prisons. Between March 2013 and April 2016, MoneyGram was an accredited provider of money transfer services to the Federal Bureau of Prisons (BOP), which allowed inmates to send and receive funds into and out of personal commissary accounts. However, MoneyGram did not screen the inmates’ transactions against the OFAC List of Specially Designated Nationals and Blocked Persons (SDN List), even though the company knew that some inmates could be on the list. OFAC found that Moneygram incorrectly believed that such screening of inmates in federal prison was not expected, and assessed that as “a large and commercially sophisticated international financial institution”, Moneygram should have been aware of these requirements from the outset. 

When the company identified the issue in 2016, MoneyGram began screening the relevant transactions, but still continued to breach requirements because of errors in the configuration of ‘fuzzy logic’ used in its platform. Other screening weaknesses – technical and human-led MoneyGram to process transactions for a further designated individual, not in prison, and several commercial transactions related to Syria. In total, between March 12, 2013 and June 21, 2020, MoneyGram processed 359 transactions totaling just over $105k, on behalf of approximately 40 designated individuals.

OFAC noted that the statutory maximum fine for the violations was around $300k, and the base minimum just over $52k, but a range of mitigating factors made a lower fine appropriate. MoneyGram was judged to have a good historic record on sanctions screening, and OFAC suggested that many of the designated individuals erroneously allowed to transact would have probably been allowed to do so if the proper license had been secured. 

OFAC also stated that MoneyGram had made initial efforts to improve its performance in 2016, making timely self-disclosures, appointing a new Chief Compliance Officer, and increasing its compliance investments. Following its subsequent problems, the firm also actively cooperated with the federal investigation and undertook further remedial compliance measures, including the replacement of a legacy screening system with a more agile and flexible alternative. 

In its statement on the fine, OFAC said that its enforcement action had highlighted the need for firms involved in volume cross-border payments to “understand the sanctions risks associated with those services and…take steps necessary to mitigate those risks”, as well as underlining “the importance of maintaining robust sanctions screening software and processes.”

In addition, MoneyGram’s recent challenges suggest the need to keep screening issues constantly under review. As MoneyGram found in 2016, firms can be lulled in a false sense of comfort by entrenched legacy platforms that are poorly configured. With increasingly sophisticated screening alternatives on the market, the MoneyGram case should prompt payments services providers to think again about whether they have adequate protection from their current screening solutions. As noted in our European news item above, it is easier to tackle these issues before a regulatory intervention, rather than in its wake.