are the banks complicit in money laundering?

global initiative suggests that banks and governments turn a blind eye to money laundering

by Bob Blower

In case you missed it, Global Initiative has published a challenging article about FinCEN documents leaked to BuzzFeed. Gabriel Moberg suggests that money laundering is going on with the knowledge both of banks and regulators.

Gabriel's article is here. He makes a persuasive case, though I'm slightly worried by the vagueness of some of the statements: "Of the $2 trillion worth of transactions accounted for in the files, billions of dollars' worth of transactions have been identified as illegal." smacks uncomfortably of tabloid journalism. Identified by whom? Just how much is "billions?. While I don't accuse him of sensationalism, I'd like to see a little more provenance before we draw conclusions.

But let's take Gabriel's conclusions as correct; it's a fine article, and I have no wish - or indeed right - to criticise it. There are other facts in the story that bear closer scrutiny and comment. The sheer volume of SARs being submitted is almost certainly moving beyond policeable thresholds. Regulators and law enforcement agencies are being drowned in reams of virtual paper. In 2018, 433,000 suspicious activity reports were filed, leading to just 46 prosecutions. The penalties, though, have been far more than a slap on the wrist. In 2019, non-compliance fines totalled around $10 billion, with UBS being fined more than $5 billion.

Such penalties have two almost inevitable consequences:

  1. The banks are likely to file more SARs to cover themselves, transferring the pressure from themselves to the regulators
  2. The banks become even more risk-averse, increasing derisking activities and isolating more and more regions and industries

Giving the banks, regulators and law enforcement agencies the benefit of the (considerable) doubt that they're willingly supporting money-laundering, it's easy to see that the former of these two consequences creates an environment in which money-launderers can hide in plain sight. If just over 0.01% of cases in 2018 led to prosecution and, as is suggested, the volume of SARs has increased, how can already overloaded authorities hope to give proper attention to every case? As anyone who's attended a fraud court case will attest, financial fraud is complex and deliberately obscure. Detecting where the bodies are buried can take months.

As a conscientious and vocal objector to bank derisking, I find it hard to criticise those organisations who choose to be more diligent, rather than the baby-and-bathwater solution of simply avoiding entire regions. The human cost of derisking is vast and has be halted. But increased diligence that makes laws unenforceable is no answer.

I'll return to this in a moment, but now let's turn to the length of time banks take to submit their reports.

When a suspicious activity is detected, banks have 60 days to submit an SAR, yet the top five banks took an average time of between 136 days (Deutsche Bank) and 1,205 days (Barclays). That's more than three years to submit a report that should have been tendered within two months. Gabriel attributes this delay to a wilful decision to cover up illegal activity by reporting it only when it's too late. I suspect a less nefarious cause. SARs are assembled from information gathered from a variety of sources, usually based around KYC information gathered at onboarding (which is often out of date), and transaction records (which are often incomplete). This diverse material has to be gathered together from multiple storage repositories, gaps filled, stock movements and shipping records found and collated, and a great deal more. All of this while an MLRO tries to stay abreast of the everyday business that pays their wages. Is it altogether surprising that it keeps sinking to the bottom of the too-hard pile?

Delay in filing SARs
Decline in correspondent banking compared to payments

Once the SAR is filed, the responsible authority now has to make sense of it. But it's not an orderly, chronological record, presented in a coherent order; it's a mish-mash of scanned documents from a lot of different sources. If money-laundering has been going on, it's a fair bet that every opportunity for creating confusion has been taken.

So is there a way out of this stalemate? Derisking has provided no answer; tightened compliance regulation hasn't worked, and increased suspicious activity reporting simply shifts the problem further along the food-chain.

At the risk of executing a shameless plug, this is exactly the problem we've set out to resolve with biz.Clarency. Sixteen years of supporting and evolving the due diligence of an international payments organisation has taught us a lot of lessons about what's required for due diligence to do what it's intended for: to prevent financial crime, not simply to shift blame. To do that it must fulfil a list of criteria:

  • It must automate as many as possible of the onboarding processes
  • The majority of the information gathering should be done by the end customer, not by the bank
  • Document verification must be automatic and multi-regional/multi-lingual
  • Sanctions, PEP, prohibited companies and other such listings must be checked automatically without separate log-ins
  • Background checks must be automated, multi-lingual and creative
  • The onboarding information, gathered from a variety of sources, must be available to the MLRO as a single, scored and traffic-lighted report
  • It should be possible to make any adjustments to the terms of engagement via interactivity within the report
  • Diligence must be applied to every transaction, not just as a single process at onboarding
  • Transactional data, including invoices, shipping documents and account movements, should be captured automatically as far as possible. Where not possible, it should be uploaded via a mandatory invoice by the end customer.
  • This transactional data must be analysed automatically for rational market values, realistic volume:container ratio, shipping routes and product compliance
  • Any deviation outside terms must be instantly flagged to the MLRO
  • All documentation, followed by every transaction, event or decision, must be recorded and stored immutably using blockchain locking
  • The date of an alert must be stored on the blockchain. The system must then prompt automatically for an SAR to be lodged or for the alert to be cancelled following corrective action.
  • The decision following the above alerts is also stored on the blockchain
  • Assembly of SARs should be a single-click action, auto-assembling all relevant information from the blockchain record
  • SARs should be consistently formatted and visualised to improve readability and comprehension
  • All relevant data should be shareable with authorised parties, either by access via API to the biz.Clarency system, or by sharing the blockchain hash key to that data via SWIFT messaging

It can be seen from the above that the system becomes essentially self-policing. Its primary purpose is to aid transparency by reducing workload - and hence costs - for everyone concerned, but its unbreakable imposition of process and flow control gives any bad actor in the chain very few places to hide. I believe Gabriel is wrong about systemic insitutional support for money-laundering but it's quite possible he's dead right. If he is, it's not just important that we rethink our approach to compliance, it's urgent and vital.

We inhabit a world in which labels and "best practice" obfuscate the goal we're aiming for. It started when religion took the place of believing in God. Now we think racism is about changing "blackboard" to "chalkboard"; that sexism is combatted by calling someone a Chairperson. Human Resources began as a means of protecting the employee, now it's a multi-million industry to protect the employer and make no one rich but consultants. We've all stood by and watched financial compliance become Health and Safety for banks. Instead of fighting the underlying problem, we turn our energies to being blameless.

And that's where the real crime lies.

Clarency 'C'

Clarency Singapore PTE. LTD. Guoco Tower, 1 Wallich Street #14-01, 078881 Singapore   +65 6403 3956