After yesterday’s post about KYC, PEPs and AML, someone said: “so what’s the point Chris?”
@FSClub not quite sure of the point you are making here. Money L bad. Hard to catch. Harder if not in official channels. It was ever thus?— Julian Lee (@JulianDDLee) May 8, 2014
Interestingly, this is not cybercrime where criminals are robbing the bank, but terrorism and drug runners who are robbing from the government.
Governments view banks as police for financial crime.
It’s an interesting nuance in our world of money.
Banks are commercial businesses but, for money laundering purposes, they are the police.
That is why governments fine banks so heavily when they’re not acting as effective police.
If banks do not effectively stop the use of accounts for criminal purposes, it is not the criminal held accountable but the bank.
That is how banks get a licence and can lose it, although I cannot think of any bank that has lost their licence due to money laundering weaknesses (StanChart sailed close in the USA).
So physical police protect our home, assets and person, with insurances to ensure that when they fail you are covered; banks protect our digital assets and ensure that society is not compromised by crime through the gains that criminals could make through money flows.
Yesterday’s blog highlighted the challenges of being the money police, heightened by the global network.
When Georgian criminal gangs use Chinese servers to harvest European consumer credit card numbers to buy goods from American websites, the physical police break down.
That’s why banks have to be at the heart of global crime, and why cover notes and sanctions tests are offered through the SWIFT network http://thefinanser.co.uk/fsclub/2008/07/mt202-cover-pay.html.
It is why we have PEP databases and KYC.
The question then is: do banks apply such rules effectively? and the answer is no.
Banks apply the rules as much as they feel they need to, within budget.
It was interesting that one of the regulators from the SEC was asked how much banks should spend on AML in a conference recently, and he answered: “that’s not how we look at this.”
How do you look at it? he was asked, and the response was: “we ask ‘could you have done more?’”
In other words, a bank will apply the minimal level of AML controls to meet the rules, but the regulator will ask if you did enough if the find a breach of those rules and, if not, will go after you.
That’s what happened with StanChart and HSBC.
I remember for example, that the head of compliance for HSBC told me that he had been aware of the exposures in Mexico well before they came to light. He reported it and recommended that the bank change approach. However, the Latin American management team were making good profits and ignored the advice.
So ti’s that balance between culture and rewards, risk and reputation, control and cost that all feed into the mix of having an effective financial crime unit.
But there are some things that are starting to change the game.
For example, we had a very interesting presentation from Joachim (Achim) von Haenisch of KYC-Exchange at the Financial Services Club two weeks ago.
Achim’s venture is to get clients to enter their KYC data into one central hub that then shares the KYC with all salient entities.
This means that you don’t need to enter KYC with every counterparty globally – sometimes you have banks that have to fill out KYC requests for every country of operations, in other words 100’s of KYC registrations – but just once and it’s shared on request, and updated through the cloud as anything changes.
That’s an elegant solution, and there are others (SWIFT is developing something similar to KYC Exchange).
But the core of all of this really is identity.
As Dave Birch puts it, Identity is the New Money.
It’s identity that is at the core of KYC and if you have effective digital identity management then the policing of financial crime should become much easier.
That’s where the solution lies.
Until banks and governments create workable digital identity schemes, the financial crime unit will therefore continue to suffer.