The anti-money laundering efforts of European banks is being hamstrung by failures to manage key customer data and perform proper due diligence, regulators say
Banks’ failure to collect know-your-customer (KYC) data聽and their tendency to manage聽high-risk customer due diligence聽manually are聽hampering聽their聽anti-money laundering (AML) efforts, according to regulators in the United Kingdom. Further, many banks’ assessment of financial crime risk聽has also been found to be inadequate.
Some UK banks, are聽failing to collect customer information such as income and occupation details.聽In some cases, customer risk assessment frameworks are underdeveloped or non-existent, which translates into poor initial due diligence and weak enhanced due diligence for high-risk customers and politically exposed persons, UK regulators said.
Inadequate customer due diligence will聽make transaction monitoring systems less effective, the UK Financial Conduct Authority (FCA)聽.
“One of the problems is not being aware, habitually, of the actual risk they are managing,鈥 says Gabriel Cozma, head of Lysis Financial and Fintech at the Lysis Group in the UK, adding that too often banks ignore the risk. 鈥淎nd once you don’t understand the risk, you cannot apply controls. How would you create scenarios and rules when you don’t really understand the risks you have to manage?”
Deficiencies highlighted
Business-wide risk assessments that the FCA reviewed were “generally poor”, with insufficient detail on the financial crime risks to which the business聽was exposed. The FCA observed a lack of consistency in customer risk assessment.
“We also see instances where there are significant discrepancies in how the rationale for specific risk-ratings are arrived at and recorded by firms. There is often a lack of documentation recording the key risks and the methodology in place to assess the aggregate inherent risk profile of individual customers,” the FCA .
The FCA has had a particular focus on failures observed at UK retail banks and challenger banks. UK enforcement action against聽听补苍诲听,聽together with Credit Suisse’s 2022聽聽in a Swiss court for laundering Bulgarian drug dealers’ cash, and Deutsche Bank’s , are just a handful of examples聽which demonstrate聽that global systemically important banks are experiencing similar challenges in the battle against dirty money.
Spending billions
Big banks have reported that they 聽on financial crime prevention and employ thousands of experts to run transaction-monitoring programs. NatWest Group, for example,聽has said it is聽聽on financial crime controls over the next five years and has more than 5,000 staff working in specialist financial crime roles.
NatWest has paid out 拢279 million in three UK fines for financial crime control failures since 2010. The bank’s from August 2022, however, stated that Royal Bank of Scotland International was referred to the Isle of Man’s Financial Services Authority’s enforcement division after an inspection聽of AML/CFT controls and procedures relating to specific customers.
Indeed, banks’ continued reliance on spreadsheets and other manual processes means their approach to financial crime compliance and detection lacks coherence and consistency. “We often identify instances where CDD [customer due diligence] measures are not adequately performed or recorded. This includes seeking information on the purpose and intended nature of a customer relationship (where appropriate) and assessments of that information,” the FCA聽.
Firms聽are unable to聽track clients effectively in a spreadsheet for AML and KYC purposes, and spreadsheets are not conducive to tracking changes in client behavior or bringing any consistency to聽continuing due diligence. Yet few banks have invested in workflow technology that could bring more consistency and assurance to client on-boarding, continuing due diligence and client management, particularly when it comes to high-risk clients.
Managing financial crime policies through spreadsheets and static documents聽such as PDFs posted on an intranet portal means policies and guidance are difficult to access or may not be current, which makes taking a consistent approach to financial crime risk assessment and client onboarding difficult.
“Of course, firms use some technology in places, but some of the challenges and what we’re seeing now is the risk of workflow type solutions that provide some level of consistency across the board,” says Henry Balani, head of industry and regulatory affairs at regtech firm Encompass Corporation in London.
Manual processes
When regulators mention manual processes, most of the time that means firms are using a spreadsheet to manage financial crime risk across a range of activities, such as onboarding or transaction monitoring. For example, the FCA’s 2017聽聽fining Deutsche Bank 拢163 million for the mirror trading-related control failures notes that the bank lacked automated AML systems for detecting suspicious trades.
“When it was informed by Deutsche Bank’s operations team that ‘providing a spreadsheet will not be possible as this is done manually by a team member and capturing so many records will be painful’, the AML team did not persist with its enquiries,” the FCA wrote in its 2017 enforcement notice.
Deutsche Bank says it has since “beefed up” resources to combat money laundering, spending 2 billion euros between 2019 and 2020 and employing 1,600 members of staff worldwide聽“to fight financial crime”. In April 2021, however, the German financial markets regulator BaFin聽聽to further improve its AML safeguards and comply with due diligence obligations. And in May 2022, prosecutors, federal police, and other officials聽聽Frankfurt headquarters to investigate suspicions of money laundering it had reported to the authorities.
Manual processes also come up in relation to sanctions screening, which the FCA has been assessing聽following the introduction of sanctions on Russian individuals and companies. The FCA has found “varying levels of adequacy”, and聽much of that hinges on whether firms are using manual or automated screening systems.聽“Issues we have identified tend to be around the effectiveness of firms’ customers’ sanction-screening processes,” explains Nikhil Rathi, the FCA’s chief executive, 聽to the Treasury Select Committee on July 4.
The FCA聽had written to firms that use manual sanctions-screening tools to remind them to have “well-established and well-maintained systems and controls to counter the risk of their business being used to further financial crime, including evading sanctions,” Rathi said.
