In the UK, in response to the crisis in the Ukraine, the Economic Crime (Transparency and Enforcement) Act 2022 received Royal Assent on 15 March 2022, just a fortnight after the draft bill was first tabled. While the Act enhances existing sanctions regulations, it also introduced a new register of overseas owners of UK property and includes provisions to strengthen the system of unexplained wealth orders. A second economic crime bill is expected to be introduced swiftly, likely later this year, which amongst other things will introduce measures to provide businesses with more confidence to share information on suspected money laundering and is likely to be a substantial piece of legislation.
This article was originally published in Global Banking & Finance Review
Anti-money laundering (AML) regulations and enforcement globally have never been stricter. Corporations face an ever-expanding list of obligations and expectations from regulators as the world adapts to the threats of post-pandemic working practices, cryptocurrencies and virtual assets and political uncertainty.
As we stand at the mid-point of 2022, we are in a good position to assess global AML trends this year, where we thought we might be, and where we actually are.
Increased regulation across the globe
2021 saw a number of countries address AML risks with more stringent regulations:
- China expanded its AML/counter-terrorist financing (CTF) legislation, growing the list of organisations subject to the legislative requirements to include various additional financial institutions, widening the definitions of money laundering activities, enhancing supervisory powers by the People’s Bank of China and increasing fines.
- Hong Kong’s Securities and Futures Commission (SFC) introduced new guidelines to tackle money laundering in the changing landscape of the way banking and finance transactions are carried out.
- The European Commission proposed a major AML regime reform, setting out a plan for a European AML Authority alongside an ambitious AML package to strengthen the EU’s AML/CTF regime. This came after the introduction of the EU’s 6th Anti Money Laundering Directive which came into effect in December 2020.
- The US enacted the Anti-Money Laundering Act of 2020 (AMLA), a substantial package of legislative reforms to US AML/CTF laws. Amongst other things, the AMLA expands subpoena powers and increases whistle-blower incentives with the aim of creating transparency in financial markets to address potential money laundering.
As anticipated, this trend has continued into 2022. Regulators across the globe continue to step up their regimes, increasing corporates’ obligations when it comes to AML policies, procedures, oversight and monitoring as well as improving authorities’ enforcement powers and focusing on corporate transparency.
A bipartisan group in the US Congress is working to pass a piece of legislation called the Establishing New Authorities for Business Laundering and Enabling Risks to Security Act which, if passed, would extend existing AML requirements to various other actors in financial transactions including lawyers, accountants, art dealers, and third-party payment providers.
In New Zealand, the government has announced plans to introduce legislation by the end of 2022 for a public beneficial ownership register that would allow domestic businesses to know who they are transacting with.
Enforcement trends: a changing tide?
Commentators and the industry in general anticipated increased AML enforcement globally in 2022.
Interestingly, and with the benefit of hindsight over 2021, Kroll’s Global Enforcement Review indicates that there has in fact been a decrease in fines issued to financial services firms for AML failings, with the global total falling from $2.2bn in 2020 to a new low of $1.6bn in 2021, just half of the $3.3bn seen in 2018. It appears that instead, regulators are focussing on imposing AML-related fines on crypto-businesses. This decline can be seen continuing into 2022. In the UK, for example, the Financial Conduct Authority (FCA) has so far in 2022 made only one enforcement action relating to AML failings by a financial institution, which related to inadequate oversight in relation to one client rather than any broader issues.
It may be the case that, given the large number of major banks and financial institutions that have been sanctioned for AML failing in recent years, regulators are confident in the resulting implementation of robust systems and controls at most of the world’s key financial institutions and so are turning their attention to the less regulated and more challenging area of crypto.
The decline in enforcement against financial services firms could also be a symptom of the effects of Covid-19 which created a large backlog of cases for investigation at regulators around the world. If this is the case, 2022 may see a boom in enforcement actions as authorities push through more cases and catch up with the workload accumulated during the pandemic.
Systems and controls failings
2021 saw a sweep of similar enforcement actions across the globe relating to the failure to prevent money laundering and inadequate AML systems and controls. Interestingly, a number of these cases were criminal rather than regulatory or civil.
- In the UK, the FCA gained its first criminal conviction of a UK bank for failing to prevent money laundering offences under the UK’s Money Laundering Regulations 2007, imposing a fine of £264.8m on NatWest. The financial regulator also published its “Dear CEO” letter which warned retail banks about the perils of any failings in their AML systems and controls, and identified in a major review that challenger banks need to improve how they assess financial crime risk, with some failing to adequately check their customers’ income and occupation and others lacking any financial crime risk assessments for their customers at all.
- Authorities in Hong Kong took action against two licensed firms over AML-related systems and controls failings, with the SFC imposing fines of HK$8m and HK$3.6m The Hong Kong Monetary Authority (HKMA) took its first enforcement action against an online payment service provider for failure to fulfil the minimum criteria relating to AML/CTF measures as required by Hong Kong AML regulations, resulting in a fine of HK$1m. The HKMA also took disciplinary actions against four banks over similar failures, imposing fines totalling HK$44.2m.
- Swiss authorities in December 2021 handed down the first criminal conviction against a bank for failing to maintain effective internal controls and compliance systems.
- Elsewhere in Europe, the Dutch bank ABN Amro reached a settlement with prosecutors to pay €480m for serious shortcomings in combatting money laundering.
- The US also brought its first criminal charge under the Bank Secrecy Act (BSA) against a broker-dealer, Central States Capital Markets, LLC, due to the company’s wilful failure to file a suspicious activity report. The Financial Crimes Enforcement Network (FinCEN) enforced a notable penalty of $390m against a US bank for failing to report millions of suspicious transactions, which although not a criminal penalty, is interesting for its focus on the systems and controls failings which allowed the wrongdoing to happen and the size of the fine.
Moving into 2022, this trend towards enforcement for systems and controls failings has continued. In February 2022, Swiss prosecutors announced criminal charges against Credit Suisse for failings which allowed an alleged Bulgarian drug trafficking gang to launder millions of Euros through its accounts. FinCEN announced in March 2022 a £140m civil penalty against a Fortune 500 financial services company which admitted that it wilfully failed to implement and maintain an AML programme that met the minimum requirements of the BSA. Similarly, the Australian Transactions and Reports Analysis Centre brought action in March 2022 against Australia’s largest casino operator Crown Resorts for alleged systemic breaches of AML/CFT laws. We can expect this to remain a focus for authorities going into the second half of the year and onwards into 2023.
The focus of regulators and companies alike in 2022 has been, as expected, on managing the risks associated with cryptocurrencies and virtual assets.
In October last year, the US Department of Justice (DOJ) published its Cryptocurrency Enforcement Framework and announced the creation of a National Cryptocurrency Enforcement Team dedicated to investigating and prosecuting cryptocurrency cases. Moving into 2022, President Biden has shown his administration’s desire to establish a comprehensive federal approach to crypto-policy and regulation in an Executive Order on 9 March 2022.
Recent US enforcement action reflects this: on 24 March 2022, the DOJ charged two individuals with conspiracy to commit wire fraud and conspiracy to commit money laundering in connection with a million-dollar NFT fraud. On 8 February 2022, the DOJ announced a landmark seizure of 94,000 Bitcoin valued at over $3.6 billion, their largest seizure of cryptocurrency ever and the largest single financial seizure in their history. Two individuals were arrested and charged with conspiracy to commit money laundering and conspiracy to defraud the US.
On an international level, in late October 2021 the Financial Action Task Force (FATF) published updated guidance on AML requirements for virtual assets and virtual asset service providers (VASPs), which clarifies important questions for the industry in evolving areas, such as stablecoins, peer‑to‑peer transactions, non-fungible tokens and decentralised finance. Over the past six months of 2022, we have seen many countries update their AML regulations in line with FATF guidance to address crypto-risks. For example, from 1 July 2022 the “travel rule” will commence in the Cayman Islands in relation to VASPs, which requires that they report to the regulator with any identifying information from the originators and beneficiaries of domestic and cross-border wire transfers over a certain value in order to create a suitable AML/CFT audit trail. Several other countries have introduced the same requirement, recommended by FATF, and will continue to do so throughout 2022. FATF has confirmed that this rule should also apply to crypto-asset exchange providers and custodian wallet providers.
A post-Covid world
Individuals and companies alike are still adjusting to hybrid working. Many employees continue to work from home, and this is unlikely to change as the workforce appreciates the benefits of agile working.
AML policies and procedures need to reflect this new working model. Companies should ask themselves practical questions to find out where changes need to be made. How can we implement a suitable tone from the top when employees are not in the office to absorb the culture? How can we appropriately monitor and oversee our employees’ work to ensure compliance with our policies and procedures? Is virtual training as effective as in-person training? What should our policies and procedures be in relation to the use of personal device and the corresponding use of apps like WeChat and WhatsApp?
Banks and financial institutions in particular must be aware of their role in combatting money laundering in this new working landscape and bolster their policies and procedures accordingly. Now two and half years since the beginning of the pandemic, regulators will expect firms to have updated their approach to AML and already be implementing updated policies. They are unlikely now to accept the difficulties caused by this new working environment as an excuse for any failings.
We have yet to see any enforcement actions in 2022 based on issues resulting from changing working practices. However, in the coming months and years we can expect to see this being a key reason for fines and other penalties. Companies should pay close attention to the decisions made and reasoning given by regulators in these cases and learn from any mistakes highlighted.
The world of AML has largely followed its expected path so far in 2022. Companies, and in particular banks and financial institutions, should continue to pay close attention to the ever-changing regulatory landscape and monitor the outcomes of enforcement actions. Crypto-assets continue to be a source of concern for authorities, entities and individuals alike, and will only pose larger and more complicated risks as their popularity rises. As we try to manage in a post-Covid world, corporations must continue to devote sizeable resources to their AML programmes in order to face these new threats and meet the expectations of authorities across the globe.