*This article was originally published in the GRC Professional: Financial Crime Edition 2019
"Do not compromise your integrity for anything, no matter how urgent the transaction, or the client, or the situation is."
“You have to live this,” says Dev Odedra, an Independent AML and Financial Crime expert who sees the financial crime space as more of a vocation than a job.
“Do not compromise your integrity for anything, no matter how urgent the transaction, or the client, or the situation is.”
In early February, Odedra spoke to GRC Professional about what meeting regulatory obligations and contending with financial crime risk means for the banks in the UK.
According to Odedra, there is a direct correlation between institutional compliance maturity and UK and EU regulations.
From the UK’s senior manager regime, to the risk of major fines that have been pushed through the media, and Anti-Money Laundering directives, Odedra said that the AMDL4 was a major driver for the Money Laundering, Terrorist Financing and Transfers of Funds Regulations 2017 (MLR2017).
“The regulations had not been updated since 2007; now, there are AML directives at the EU level. AML Directives five and six are literally around the corner, also, which is probably driving more of a focus.”
The time between AML directives is growing shorter, too. The first Directive was adopted by the EU in 1990, with a 10-year gap between the third and fourth Directives. However, Odedra believes the AML directives are reactive in nature, especially since AML Directive 5 followed soon after the increased threat of terrorism and attacks in Paris.
There has, however, been a slow shift from reactive towards proactive, as demonstrated by the maturity of financial crime compliance programs in some major institutions.
“It is becoming a little more proactive in the area of regulatory change,” Odedra said, “and I think that’s having a knock-on effect on banks to be a bit more proactive as well.”
The regulations have also acted as support for compliance professionals.
“That’s not to say that banks haven’t taken it seriously before. But maybe there just wasn’t enough attention up until the last few years, especially in light of the fines and changes we have seen,” he explained.
While the Panama and Paradise Papers have posed some difficult questions for the UK financial system, it is the recent Danske Bank scandal that graced the headlines of UK media outlets.
Last December, Richard Milne and Daniel Winter from the Financial Times published Danske: Anatomy of money laundering scandal, an article that highlighted the scandal, starting from what they described as the ‘early warning signs’.
The article detailed how, in 2007, Danske bank entered the Estonian market by taking over Sampo Bank. Even at the time, the bank was warned it was underestimating its compliance risks. However, it took a whistle-blower bringing the issue to the attention of the board in 2014 for anyone to really take notice, culminating in the arrest and detention last year of 10 Danske bank’s employees who ‘knowingly’ facilitated money laundering in the bank.
Many media outlets defined the £200 billion figure (AUD360 billion) as the biggest scandal in Europe.
Other banks have also been implicated, including Deutsche Bank, JP Morgan, and the Bank of America.
While banks are being driven to be more practice than reactive due to ever-evolving compliance risks, the challenge of being proactive is major one, since banks may not be reviewing their own process often enough.
“How often do some of these banks review their transaction monitoring alerts?” Odedra asked. “There are a lot of false positives given and, sometimes, you see large AML teams. My question is: is that an effective use of resources?”
One of the issues highlighted by Odedra in context is that there is rarely enough adoption of technology, despite the plethora of tech solutions now available as RegTech grows and adds new products to the market.
Additionally, one of the challenges with big teams is that, sometimes, staff may not be versed in financial crime.
“Are they keeping up with the latest in typologies?” Odedra asked. “Are they coming in doing the job? You can have the best processes, and you can have the best systems but, sometimes, it’s people.”
From the market perspective, the slow adoption of technology indicates a level of apprehension when it comes to the on-boarding a new product or products.
However, Odedra said that, in the UK, there are certain risk management processes that are not meant to be out-sourced.
One of the issues of leveraging technology is that it is only as good as the quality of the data, and Odedra highlighted the issue of legacy data that is held on clients.
The other issue is that banks might face challenges when adapting to the new regulations.
“For example, you issue a new policy, and then, if regulatory changes demand further edits to that policy, those changes in policy—depending on what they are—can have an effect where the results will be immediate. So, that’s the challenge.”
The changes need to be implemented by someone. Thus, the next question is where these people are going to come from. Will there be teams in the organisation that will be devoted to this, or will consultants need to be brought in?
The other issue is the impact of regulation on financial crime and whether it is genuinely making any headway towards eliminating or diminishing it.
“On a grander scale, we’ve seen lot of regulatory change, but how much of that is actually making a difference in stopping the actual activity we are trying to stop?” Odedra asked. “The challenge for the banks is that they are now having to do so much more. But the knock-on effect, in order to reach the goal of stopping financial crime…well, it doesn’t look like it is having the desired effect.”
The limits of jurisdictions and sanctions
One of the issues that came to the forefront with the Panama Papers was the uneven regulatory landscape and meeting investigative roadblocks when obtaining registry details of the UBO of a particular company.
“That has actually happened to me,” said Odedra. “There was a transaction involving a client. It wasn’t booked in our jurisdiction, it was booked in another jurisdiction in the same organisation, and they couldn’t tell us the information.”
Then there is the sanctions issue with the US’ approach to Iran and the step banks have had to take from the Joint Comprehensive Plan of Action (JCPOA).
“No bank in Europe is going to want to run the risk being cut off from the US financial system, all for the sake of trying to manage the JCPOA agreement,” Odedra said.
While the risks mentioned can be challenging, however, Odedra does not see them as insurmountable. They can be dealt with, providing you stick to some basic principles.
Odedra’s advice for financial crime compliance professionals who are trying to get this right in their organisation:
Don’t compromise integrity
Have strong rational and records of work and decisions
Stay informed of all the news and the newest industry guidance.