11th February 2021

Australia’s ‘Buy Now, Pay Later’ Fears, German Regulator Warnings, and US Focus on Hedge Funds

Australian banks express AML/CFT concerns about FinTech lenders, BaFin addresses Goldman Sachs’ financial crime vulnerabilities, and the Biden Administration looks at hedge fund compliance.

We share our financial crime regulatory highlights from the week of February 8, 2021.

Australia’s ‘Buy Now, Pay Later’ Market in the Spotlight


The Australian Banking Association (ABA), the industry body for Australia’s banks, has recently made a submission to the Federal Treasury’s consultation on the future of payments systems. The association has highlighted particular concerns about the potential risks from the country’s ‘Buy Now, Pay Later’ (BNPL) market.

In the BNPL business model, merchants provide credit to consumers directly or pay for consumers to access it through third-party providers. The sector has seen remarkable growth in Australia and elsewhere over the past five years, with fintechs such as Afterpay, Zip, and Laybuy leading the way.

The ABA argues that such providers, currently subject to self-regulation, can operate without the same legally binding regulatory burdens as legacy financial institutions (FIs), leading to “regulatory gaps or uneven application of regulatory obligations…[that]…can create problems for both the payments system and end-users.” The ABA highlights capital requirements, consumer protection, and AML/CFT compliance in particular. 

With regard to AML/CFT, ABA expresses most concern about the potential opacity that BNPL providers bring when it comes to FI’s statutory requirement to monitor transactions for potentially suspicious activity. With the BNPL as the ‘merchant of record’ on the transaction, this becomes the only counterparty of their client the FIs can identify, rather than the retailers involved in the underlying transaction. 

According to the ABA, this makes it more difficult for FIs to understand the pathway of payments, thus hampering “the detection and prevention of financial crime.” It goes on to say that “some risks and harm may not become visible for some time, liability may not be clear or may fall disproportionately on traditional participants” – in other words, the banks. 

Although the ABA stops short of calling for an end of self-regulation, it does suggest there needs to be greater coordination of public and private regulatory bodies, arguing that there needs to be a “comprehensive application of regulatory obligations, including reciprocity…[to]…to achieve policy objectives in related areas such as anti-money laundering and financial crime.” 

ABA’s comments might seem a little out-of-step with the tone of debate on BNPLs in Australia at present, coming after a recent independent audit of Afterpay, instigated by the Australian Transaction Reports and Analysis Centre (AUSTRAC), led to no further action. In a statement last October, AUSTRAC said the firm had “uplifted its AML/CTF compliance framework and financial crime function, and completed all remediation necessary to ensure compliance.” Federal Senate inquiries and reports from the Australian Securities and Investments Commission (ASIC) over the last three years have also judged current self-regulation arrangements to be sufficient.

Nonetheless, AUSTRAC has stressed that self-regulation is not a ‘free pass’. Its Afterpay decision noted that all fintechs “must consider whether they have AML/CTF obligations and if they do, put in place systems and controls that identify and mitigate money laundering and terrorism financing risks.” In other jurisdictions, moreover, there are moves to strengthen the mandatory regulations of BNPL providers, largely in light of concerns about weak affordability checks. In the UK, for example, the Financial Conduct Authority (FCA) has recently issued a statement saying it will be imposing more stringent supervision in the sector. 

It seems likely that if self-regulation is to continue in Australia, it will remain dependent on the practical demonstration of effective financial crime risk management and compliance by the sector. To take the lead now in acting responsibly on AML/CFT is likely therefore to be the best way for the industry to avoid a much heftier regulatory price later.   

BaFin Makes AML/CFT warning to Goldman Sachs


BaFin, Germany’s financial regulator, has in the last week issued a statement ordering the European subsidiary of Goldman Sachs’ to comply with AML/CFT rules. In a short statement released to the public on 4 February, the regulator asked the bank to meet Customer Due Diligence (CDD) rules and risk analysis requirements under German law. The German regulator has the power to impose fines on the bank if it deems that it has not complied with the order. 

Media requests for further information have garnered no further comment from BaFin, and Goldman Sachs has only responded with a statement that said the order was related to an audit that the regulator had undertaken in 2020. Media reports said that Goldman Sachs had not challenged the findings and that the required remediation was  “already underway.”

In the absence of further details, the media has been left to speculate as to the cause of BaFin’s action. Goldman Sachs already faces reputational challenges with regard to its AML/CFT controls, having recently been subject to regulatory censure in the US and Malaysia for its role in the 1MDB corruption scandal. In this case, regulators found that the bank had played a central role in facilitating money laundering from the scheme. 

However, anonymous leaks have suggested a less dramatic scenario, with the problems arising as a result of the end of the Brexit transition period at the end of 2020. The bank has been in the process of transferring British clients with $60 billion in assets to its European subsidiary. BaFin is reported to have found that the bank has not met the necessary Know Your Customer (KYC) requirements of German federal law in the process. According to these reports, the data collated by the bank’s UK subsidiary was not sufficient to meet the more exacting requirements in Germany, and there were particular problems with linking customer names to accounts. 

Remediating CDD/KYC standards between the UK and European Union (EU) jurisdictions for international FIs has been one of the predicted outcomes of the ‘bare minimum’ trade deal agreed between the UK and EU in December 2020. Under the deal, the UK and EU both treat each other as third countries with regard to AML/CFT regulations, despite the UK’s adherence to the 5th EU Anti-Money Laundering Directive (5AMLD), transposed into national laws in January 2020. Mutual regulatory equivalence is not recognized, meaning that FIs in the EU need to ensure their UK-based customers comply with the specific national requirements of the country in which the FI is operating, and not just the UK’s, as was previously the case. 

Goldman Sachs’ CDD/KYC difficulties with transferring British customers to European subsidiaries will not be unique, suggesting that further cases might yet come, not only in Germany but other EU jurisdictions. Businesses operating in both the UK and EU, therefore, need to ensure they fully understand how their obligations play out in the post-Brexit world (see our blog post from last November on the topic). 

The statement also comes at a time when BaFin is seeking to strike a new tone on financial crime supervision. As noted in last week’s regulatory highlights, the German federal government has recently announced the departure of Felix Hufeld, the President of BaFin, as a result of the agency’s failures in the Wirecard scandal. The departure of Mr. Hufeld is expected to lead to extensive structural changes at BaFin. According to the German Finance Minister, Olaf Scholz, “the Wirecard scandal has revealed the need to reorganize German financial supervision so that it can fulfill its oversight role more effectively.” 

The announcement is likely to be an early indication of BaFin taking an aggressive approach on AML/CFT, and financial crime in general, in 2021. This is likely to accelerate under new leadership, with the regulator seeking to demonstrate renewed credibility. Businesses operating in Germany will do well therefore to review their own AML/CFT controls in light of the changing ‘tone from the top.’ 

US Considers Making Hedge Funds AML/CFT Compliant


The US business news outlet Bloomberg has recently reported that the Biden administration is considering whether to extend AML/CFT obligations to investment advisers such as hedge funds and private-equity firms. The idea was first mooted under the Obama administration but was not brought into practice by President Trump. 

The US Treasury’s Financial Crimes Enforcement Network, (FinCEN), the national Financial Intelligence Unit (FIU), first published the proposed changes in September 2015. Under the preexisting (and still current) regulations, investment advisers are not defined as financial institutions for AML/CFT purposes, making them exempt from FinCEN’s jurisdiction. 

However, the rule proposes that investment advisers already registered with the Securities and Exchange Commission (SEC) should also be registered with FinCEN, and fully adopt AML/CFT obligations under the Bank Secrecy Act (BSA). This would entail investment advisers of all sizes undertaking ongoing CDD, records maintenance, and the filing of Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs). FinCEN has argued previously that the changes are necessary because of the operational similarities between investment advisers and similar providers such as broker-dealers, who were already subject to the BSA.

Despite the proposal’s publication, the change was not introduced during the remainder of President Obama’s term, and in February 2017, the Trump administration issued Executive Order (EO) 13771 making the introduction of every new regulation dependent on the removal of two existing rules. In the intervening period, the US Treasury under Steve Mnuchin did not see extending AML/CFT rules to the investment sector as a priority.

With the arrival of President Biden and the appointment of Janet Yellen as Treasury Secretary, previously appointed chairperson of the Federal Reserve by Barack Obama, there is an expectation in industry and media circles that the proposed rule will soon be revived and implemented. After Biden’s victory in November 2020, the non-partisan advocacy group the Financial Accountability and Corporate Transparency (FACT) coalition called on the President to quickly introduce the rule, which, it argued, had “already undergone the comment process and could be quickly finalized.”

Yellen has made it clear that fighting financial crime will be one of her priorities, and it is known that law enforcement agencies of the federal government already see investments as a highly vulnerable sector. In May 2020, a leaked FBI report stated that hedge funds and private equity firms were being used “to launder money” by drug cartels and that if left unregulated, would provide “ever-increasing opportunities for threat actors to co-opt investment funds without being overly scrutinized.”

For the time being, several obstacles stand in the rule’s way. First is the post-inauguration blanket pause in new regulations that the White House has issued across the federal government, withdrawing rules not yet formally published in the Federal Register, and requiring 60-day delays for rules that have already done so. The second is EO 13771 that requires the repeal of regulations. The third is the likely push-back from industry groups; given the six-year gap since the rule’s initial publication, the sector is almost certain to argue for a new period of consultation. 

Nonetheless, none of these factors is likely to stop the rule’s eventual implementation. The regulatory freeze will come to an end, and even if the anti-regulation EO remains in place, there are exemptions under national security that could allow the new rule to be introduced regardless. 

Opposition from the investment industry is also unlikely to carry as much weight with the administration as the concerns of law enforcement and regulators. As Michael Buffardi and Kyle Daddio of FTI Consulting argue in a recent report, “FinCEN will finalize the AML rule for registered investment advisers,” during the Biden Presidency, and it will “be sooner rather than later.”

With an eye to the future, Buffardi and Daddio also note that FinCEN will continue to “close perceived gaps where there is AML risk.” Given the posture of the new administration on financial crime, federal agencies are likely to be encouraged to extend and enforce AML/CFT regulations. As ever, businesses operating in the US that are exposed to such risks are therefore well-advised to ‘tool up’ to manage them.