Judging by my last few posts, you are probably beginning to think that FinancialTech Insider has it in for anti-money laundering systems and the banks implementing them. Make no mistake, we do feel that banks have got the raw end of the deal with financial regulators and governments effectively forcing them to police every financial transactions on their watch.
It is no easy task and despite banks throwing millions at the latest and greatest AML solutions, can any bank really say they have got it well and truly 'sussed?' The regulatory burden is only increasing with the Third EU Money Laundering Directive due to be implemented in 2008.
And as recent events have demonstrated, preventing fraud and AML is not just about monitoring transactions and implementing technology. In fact Innovations Softwaretechnologie of Germany says that transaction monitoring should not only cover the threat of fraud being committed by an external perpetrator, but also employee conflicts of interest,insider trading and market abuse.
According to a poll by KPMG of more than 220 banks across more than 50 countries, 33% of banks are not satisfied with the effectiveness of their own transaction monitoring systems, and less than 25% have the capabilities to monitor the transactions and accounts of a single customer across multiple international borders.
Why then is so much of the onus for policing financial transactions on the banks, when banks do not have the adequate systems in place to meet these requirements, and the internal threat from their own employees is not being adequately addressed?
At a time when trust in banks and government departments is being eroded, isn't it time for regulators, governments and banks to engage in a more serious debate about the effectiveness of current approaches to transaction monitoring and money laundering, rather than adding more complexity to an already unworkable solution?
Showing posts with label Anti-money laundering. Show all posts
Showing posts with label Anti-money laundering. Show all posts
Tuesday, December 04, 2007
Wednesday, November 28, 2007
Making financial crime a priority
Well it seems the HM Revenue & Customs (HMRC) incident where millions of customers personal and financial details stored on an unencrypted CD went amiss, has opened a veritable can of worms.
My inbox is suddenly being inundated with emails questioning how well customer data is protected not just by government departments, but banks and other companies.
The HMRC incident prompted the British Bankers Association (BBA)to publish these rather terse words for law enforcement officers:
Not only are government departments it seems letting the side down by not adhering to the strictest data protection principles, but the very same government that requires banks to spend millions on anti-fraud and money laundering measures, is apparently not even bothering to allocate sufficient resources to law enforcement to tackle both money laundering and fraud risks, says the BBA.
Those of you who read this blog regularly will know that we have been particularly vocal about the cost/benefit of banks investing millions in AML solutions, when there is a very clear lack of transparency as to the success of these systems in accurately identifying suspicious transactions, and the percentage of transactions that lead to successful prosecutions.
Not only are the banks unwilling to talk about how many suspicious transactions they are actually reporting (although we hear the number of Suspicious Activity Reports have increased exponentially as compliance officers are reporting everything to cover their backs), but it appears the due diligence of law enforcement officers does not match the time and money being invested by banks in generating SARs.
Not only that it appears government departments appear to be giving potential fraudsters a hand-up by failing to adequately protect consumers' personal details. Surely the government needs to be made as accountable as the banks?
My inbox is suddenly being inundated with emails questioning how well customer data is protected not just by government departments, but banks and other companies.
The HMRC incident prompted the British Bankers Association (BBA)to publish these rather terse words for law enforcement officers:
"Looking at the wider context in which this unacceptable lack of sensible data protection took place, it is clear that the Government has not yet accepted properly the case for making fraud and financial crime a priority for law enforcement in its own right," says the BBA.
Not only are government departments it seems letting the side down by not adhering to the strictest data protection principles, but the very same government that requires banks to spend millions on anti-fraud and money laundering measures, is apparently not even bothering to allocate sufficient resources to law enforcement to tackle both money laundering and fraud risks, says the BBA.
“It is quite extraordinary that the industry does so much on anti-money laundering, on fraud prevention and on identifying suspicious transactions, and yet this doesn’t feature among the priorities the police has been given by the Home Office.”
Those of you who read this blog regularly will know that we have been particularly vocal about the cost/benefit of banks investing millions in AML solutions, when there is a very clear lack of transparency as to the success of these systems in accurately identifying suspicious transactions, and the percentage of transactions that lead to successful prosecutions.
Not only are the banks unwilling to talk about how many suspicious transactions they are actually reporting (although we hear the number of Suspicious Activity Reports have increased exponentially as compliance officers are reporting everything to cover their backs), but it appears the due diligence of law enforcement officers does not match the time and money being invested by banks in generating SARs.
Not only that it appears government departments appear to be giving potential fraudsters a hand-up by failing to adequately protect consumers' personal details. Surely the government needs to be made as accountable as the banks?
Wednesday, October 17, 2007
Banks in hot water over AML
Still on my AML rant, it appears that Lloyds TSB is the latest bank to find itself in hot water under US legislation.
According to a report on Bob's Guide, Lloyds is alleged to have "knowingly assisted" Lycourgos Kyprianou, founder and former chairman of AremisSoft, in laundering approximately $500 million through his bank accounts. The Bank of Cyprus is also implicated in the allegations.
A Lloyds spokesperson stated there was no basis for the action by the US. But it does remind me of the debate we have been having on this blog over a period of months about the effectiveness of anti money-laundering measures and whether banks really know their customers or whether the solutions they are putting in place are merely to satisfy the regulators.
Well it seems US regulators are a rather difficult bunch to satisfy. Lloyds is not the first UK or European bank that has found itself in hot water. NatWest and Credit Lyonnais are the subject of lawsuits in the US that allege the banks channeled funds to organisations that raise money for Hamas, which is designated a terrorist organisation by the US, but not necessarily by other countries.
The lawsuits against the latter two banks were filed under the US's Anti-Terrorism Act, which says it is unlawful for any person or entity to provide "material support" to foreign terrorist organisations. The banks need to prove they did not knowingly channel funds and that the provision of "routine banking services" does not amount to "material support".
With reputational risk very much at the forefront and the heavy hand of regulators so eager to clamp down on any potential threat of money laundering (after all haven't some UK banks been fined under AML measures not for actually laundering money but for not having adequate measures to combat it in place?), the real question is not whether banks are "knowingly" participating in money laundering, but whether all the millions they have invested in combating AML is money well spent?
Even if there is a stray employee within a bank facilitating money laundering, what measures does the bank have in place to try and prevent that from occurring? It comes back to that age-old question, are banks spending so much time on 'ticking boxes' for regulators that they actually know relatively little about their customers?
Furthermore should the onus for 'policing' fraud and terrorist financing activities lie with the banks given that their raison d'ĂȘtre is to make money?
According to a report on Bob's Guide, Lloyds is alleged to have "knowingly assisted" Lycourgos Kyprianou, founder and former chairman of AremisSoft, in laundering approximately $500 million through his bank accounts. The Bank of Cyprus is also implicated in the allegations.
A Lloyds spokesperson stated there was no basis for the action by the US. But it does remind me of the debate we have been having on this blog over a period of months about the effectiveness of anti money-laundering measures and whether banks really know their customers or whether the solutions they are putting in place are merely to satisfy the regulators.
Well it seems US regulators are a rather difficult bunch to satisfy. Lloyds is not the first UK or European bank that has found itself in hot water. NatWest and Credit Lyonnais are the subject of lawsuits in the US that allege the banks channeled funds to organisations that raise money for Hamas, which is designated a terrorist organisation by the US, but not necessarily by other countries.
The lawsuits against the latter two banks were filed under the US's Anti-Terrorism Act, which says it is unlawful for any person or entity to provide "material support" to foreign terrorist organisations. The banks need to prove they did not knowingly channel funds and that the provision of "routine banking services" does not amount to "material support".
With reputational risk very much at the forefront and the heavy hand of regulators so eager to clamp down on any potential threat of money laundering (after all haven't some UK banks been fined under AML measures not for actually laundering money but for not having adequate measures to combat it in place?), the real question is not whether banks are "knowingly" participating in money laundering, but whether all the millions they have invested in combating AML is money well spent?
Even if there is a stray employee within a bank facilitating money laundering, what measures does the bank have in place to try and prevent that from occurring? It comes back to that age-old question, are banks spending so much time on 'ticking boxes' for regulators that they actually know relatively little about their customers?
Furthermore should the onus for 'policing' fraud and terrorist financing activities lie with the banks given that their raison d'ĂȘtre is to make money?
Monday, October 15, 2007
"Unusual" account activity?
I have been quite vocal about anti-money laundering (AML) measures put in place by banks to help combat fraud. Industry insiders, including those working for AML solution providers maintain that while banks are forced to put measures in place in order to avoid regulatory fines, no one can say with any certainty whether the millions being spent on AML and anti-fraud measures is actually working.
I alongside others have argued for a review of AML measures and legislation, which has not been forthcoming. All parties concerned appear to want to be seen to be doing something, even if it is not effective.
Recently, I experienced first hand the anti-fraud measures some banks have put in place. While travelling abroad to the US I found that I was unable to use my Maestro/Switch debit card facility to top up my pay-as-you-go telephone, although i was able to withdraw money from ATMs.
Upon my return to the UK still finding I had problems using the Maestro facility, I rung my bank upon which they informed me that they had identified some "unusual" activity on my bank account and had barred the Maestro facility.
The "unusual" activity turned out to be cash withdrawals I had made from ATMs in the US and a switch payment to my UK internet provider. According to the bank's anti-fraud department its "automated" anti-fraud system, which had just been updated, flagged the transactions based on the logic of how can someone be withdrawing money in the US while a Maestro payment on their card is being made in the UK?
Well the Maestro ISP payment comes out of my account every month and if they had bothered to check they would have seen a record of that, but as the anti-fraud officer I spoke to told me, automated anti-fraud solutions do not provide that level of detail, they merely flag things, which to them look unusual.
While I appreciate my bank's efforts in trying to combat card fraud, I do question the reliability of automated systems that flag everything without some form of manual verification of my transaction history and spending behaviour.
If my bank really knew their customer then they would have realised that I do make regular overseas trips and that the Maestro payment to my ISP is a regular payment made from my account.
I alongside others have argued for a review of AML measures and legislation, which has not been forthcoming. All parties concerned appear to want to be seen to be doing something, even if it is not effective.
Recently, I experienced first hand the anti-fraud measures some banks have put in place. While travelling abroad to the US I found that I was unable to use my Maestro/Switch debit card facility to top up my pay-as-you-go telephone, although i was able to withdraw money from ATMs.
Upon my return to the UK still finding I had problems using the Maestro facility, I rung my bank upon which they informed me that they had identified some "unusual" activity on my bank account and had barred the Maestro facility.
The "unusual" activity turned out to be cash withdrawals I had made from ATMs in the US and a switch payment to my UK internet provider. According to the bank's anti-fraud department its "automated" anti-fraud system, which had just been updated, flagged the transactions based on the logic of how can someone be withdrawing money in the US while a Maestro payment on their card is being made in the UK?
Well the Maestro ISP payment comes out of my account every month and if they had bothered to check they would have seen a record of that, but as the anti-fraud officer I spoke to told me, automated anti-fraud solutions do not provide that level of detail, they merely flag things, which to them look unusual.
While I appreciate my bank's efforts in trying to combat card fraud, I do question the reliability of automated systems that flag everything without some form of manual verification of my transaction history and spending behaviour.
If my bank really knew their customer then they would have realised that I do make regular overseas trips and that the Maestro payment to my ISP is a regular payment made from my account.
Wednesday, December 06, 2006
Are money laundering solutions really working?
A few weeks back I commented on the research of a Dr Jackie Harvey at Newcastle Business School who concluded that there was not enough evidence to back up data about the volumes of money being laundered. Click here to read the post.
She was basically saying that it suited the authorities to inflate the figures pertaining to the incidence of money laundering for their own political ends, and we mustn't forget the 'war on terror'.
I am currently reading a fascinating book, "The Washing Machine," by Nick Kochan,an investigative journalist who has written for the likes of The Economist and The Financial Times. His book is on money laundering and it makes a very strong argument about the self perpetuating cycle of money laundering, encouraged by corrupt governments and politicians, as well as the forces of globalisation itself exposing developing countries to the forces of black money.
More importantly, though the book reinforces some of the points I was trying to make in my earlier post about some of the hype around money laundering and how the banks are bearing the brunt of the cost of having to comply with anti-money laundering legislation, which arguably has been relatively unsuccessful in reducing the incidence of money laundering by terrorists or other dubious individuals.
Kochan's point in the book is that terrorist money being spent to buy arms, for example, is unlikely to be detected by conventional anti-money laundering solutions as the deals are often not done not through conventional financial or payment channels, but on the black market. Furthermore, he says the small amounts of money used to support terrorists while they may be preparing for an "illegal act," are unlikely to raise alarm bells.
Effectively, he says, today's anti-money laundering policies are "convenient and cheap for governments as they place most of the burden on the legitimate banking and financial system." He argues that intelligence agencies working with police are likely to be more effective in stopping terrorist trade than banks.
Whey then did we have intelligent agencies monitoring SWIFT network traffic in the hope that they were going to find some unusual financing activity which may lead them to the nearest terrorist cell? Let's face it most of the payments on SWIFT are high value anyway, how are you going to distinguish what is an unusually high payment, let alone one that in most cases is more likely to occur on the black market than through conventional payment channels?
We know why banks are spending money on AML software. Their hand is being forced by the regulators. But is it money well spent? Are the banks getting value for money from these solutions? Are their AML compliance solutions helping detect and reduce the incidence of fraud; is it assisting George Bush and Tony Blair in their dubious 'war on terror'?
AML solultions may help banks demonstrate compliance, but no matter how sophisticated or intelligent they become, are they going to be able to detect Al Qaida money raised in Africa's diamond markets or money paid for arms or explosives, when these transactions are not financed by conventional means?
Tuesday, October 24, 2006
A lot of fuss about nothing?
For all you bankers out there losing sleep at night over whether your anti-money laundering (AML) measures comply with regulatory requirements, according to a noteworthy academic, Dr Jackie Harvey, a principal lecturer in Accounting and Financial Management at Newcastle Business School, Northumbria University in the UK, who has been researching the costs and benefits of AML regulatory compliance since 2001, it appears the threat of AML has been somewhat overstated.
Interestingly, according to the PR blurb accompanying the publication of Dr Harvey's research, as long as compliance officers are personally liable under AML legislation, they "will continue to report everything to cover their backs," which makes it even more difficult to assess the real threat of AML, as opposed to the perceived threat.
According to Harvey, there is "absolutely no evidence" to back up the data on the volume of money being laundered – but it suits the authorities to keep it as high as possible, she suggests. Surely not, the authorities talking up the threat of AML? Is it a classic example of banks being held to ransom by the regulators applying pressure on financial service providers to address a threat, which is non-existent or at best, a relatively low-scale threat?
The over-inflated importance given to AML monitoring software smacks of President George Bush and his fight against terror, which we have all seen takes on strange and varied forms; are the banks essentially doing the work of the CIA and other intelligence agencies in Bush's never ending 'war against terror'?
Well if Bush can get Iraq wrong; as we all know there were no weapons of mass destruction; it is not too much of a stretch of the imagination to suggest that perhaps he and the authors of the Patriot Act, which first thrust AML into the spotlight, may have also got it wrong in terms of overstating the threat of money laundering?
You may laugh, but having spoken with a software vendor recently who specialised in AML, I am convinced that AML monitoring is a lot of work and expense for what? Financial service firms have grappled with the high fail rates of AML monitoring software, which often throws up names that are similar to those on OFAC wanted lists, but are not the actual person wanted.
Dr Harvey more or less says as much by concluding from her research that, regulators unable to quantify the effectiveness of legislation in deterring money laundering, have adopted what she terms a 'second best' approach, with emphasis on the demonstration of compliance with systems and procedures (the 'tick-box' culture).
She goes on to say that the benefits of AML (taken from Government impact assessment reports of legislation) are non quantifiable and generally 'fudged'. Meanwhile the financial services sector is bearing the brunt of the cost of compliance with AML, whilst reaping very little if at all any quantifiable benefit.
Interestingly, according to the PR blurb accompanying the publication of Dr Harvey's research, as long as compliance officers are personally liable under AML legislation, they "will continue to report everything to cover their backs," which makes it even more difficult to assess the real threat of AML, as opposed to the perceived threat.
According to Harvey, there is "absolutely no evidence" to back up the data on the volume of money being laundered – but it suits the authorities to keep it as high as possible, she suggests. Surely not, the authorities talking up the threat of AML? Is it a classic example of banks being held to ransom by the regulators applying pressure on financial service providers to address a threat, which is non-existent or at best, a relatively low-scale threat?
The over-inflated importance given to AML monitoring software smacks of President George Bush and his fight against terror, which we have all seen takes on strange and varied forms; are the banks essentially doing the work of the CIA and other intelligence agencies in Bush's never ending 'war against terror'?
Well if Bush can get Iraq wrong; as we all know there were no weapons of mass destruction; it is not too much of a stretch of the imagination to suggest that perhaps he and the authors of the Patriot Act, which first thrust AML into the spotlight, may have also got it wrong in terms of overstating the threat of money laundering?
You may laugh, but having spoken with a software vendor recently who specialised in AML, I am convinced that AML monitoring is a lot of work and expense for what? Financial service firms have grappled with the high fail rates of AML monitoring software, which often throws up names that are similar to those on OFAC wanted lists, but are not the actual person wanted.
Dr Harvey more or less says as much by concluding from her research that, regulators unable to quantify the effectiveness of legislation in deterring money laundering, have adopted what she terms a 'second best' approach, with emphasis on the demonstration of compliance with systems and procedures (the 'tick-box' culture).
She goes on to say that the benefits of AML (taken from Government impact assessment reports of legislation) are non quantifiable and generally 'fudged'. Meanwhile the financial services sector is bearing the brunt of the cost of compliance with AML, whilst reaping very little if at all any quantifiable benefit.
Subscribe to:
Posts (Atom)
