Deep Impact? Refocusing the Anti-Money Laundering Model on Evidence and Outcomes

The Financial Action Task Force (FATF), the international standard setter in anti-money laundering (AML), marked its 30th anniversary in June 2019. April 2020 will mark the same anniversary of the first issue of FATF’s 40 Recommendations. It is thus an appropriate time to consider their impact.

FATF requires governments and their agencies to implement the standards at a national level, but on a day-to-day basis, the main gatekeepers of the international financial system continue to be the financial services sector. They are therefore the primary point of reference for this paper.

To meet the laws and regulations that have developed in response to the Recommendations, financial institutions (FIs) have invested increasing amounts of money into controls that will ensure ‘compliance’ with the AML model. Despite substantial levels of private sector investment, however, doubts remain among practitioners and academics about whether the model is effective, not only in terms of how well it is implemented, but in its impact on money-laundering metrics and wider costs and benefits.

Providing answers to these questions currently sits outside FATF’s remit as a standard setter. But they remain important questions nonetheless, because there is a considerable discrepancy between most estimates of the scale of money laundering and the levels of disruption and prosecution of money launderers, as evidenced in a 2016 study by the EU policing agency, Europol. Although it is probable that the gap would be wider without the current model, it is impossible to say by how much. It is a problem that deserves proper exploration.

The extent to which the specific AML measures required of FIs impact overall effectiveness is therefore also hard to calibrate. The requirement to file reports on suspicious client activity to national financial intelligence units (FIUs) undoubtedly added value to law enforcement’s efforts to identify financial crime. But although there is significant evidence of this requirement’s financial cost, there are limited indications to show the scale or significance of its benefits, or how impactful it might be in comparison with other elements of the AML model.

The collective experience of the practitioners interviewed also suggests that the current model is having some degree of impact, but that it is probably not optimal. Negligent implementation aside, a key issue is misaligned incentives. Although several major national regulators are now seeking to take a more flexible approach, regulatory examinations have until relatively recently focused on technical compliance and control failures. Such an approach has led to justifiable censure, fines and reputational damage for cases of FI negligence or criminality. However, a lack of information can also lead an FI to make what turns out to be a ‘wrong’ risk decision. Unfortunately, the potential punitive risk that goes with being ‘wrong’ continues to bias the private sector towards over-investment in preventative measures and over-reporting, despite regulatory advice to the contrary. This makes ‘real-life’ effectiveness for FIs a matter of balancing the costs and risks of regulatory action against the size and efficiency of their compliance functions. The ultimate focus is not therefore on the reduction of money laundering, but on protecting the institution and the bottom line.

The AML model’s further fundamental vulnerability is its fragmentation. In the face of increasingly sophisticated, fluid and networked financial crime, AML efforts face a range of operational frictions, between countries, private and public sectors, and individual institutions. Because of this, FIs tend to have a narrow view of who their clients are, and what their behaviour might signify. This makes potential criminality harder to detect.

More positively, recent scandals have encouraged some FIs, regulators and law enforcement agencies to find innovative solutions to the problem of fragmentation. One of the most fundamental changes in FIs has been the growing attempt to transform reactive financial crime ‘compliance’ cultures into proactive ‘risk management’. There are early indications that such efforts, combined with initiatives to increase organisational agility, deploy new technology and improve partnerships with other FIs and the public sector, are improving the efficiency of the current model.

These initiatives remain relatively new, but promising. Regulators thus need to provide rhetorical and practical support: primarily through practical engagement with FIs to identify and share best practice, but also by reinforcing positive commercial and reputational incentives for the private sector.

In the longer term, some experts have suggested a more radically integrative agenda to improve AML effectiveness, pooling data and expertise within the private sector, and between the private and public sectors. This agenda might have benefits in reducing fragmentation and duplication of effort, but such a radical shift is not without problems of its own – not least which sector, public or private, should take ownership and leadership.

Either way, an evidence-based approach demands that before making such decisions there needs to be consistent research to suggest that an integrated model has measurable benefits over and above the current framework. Better evidence is the most pressing need.

Recommendations

Recommendation 1: FATF member governments should create or designate a permanent mechanism for improving the evidence base on the impact, costs and benefits of the current AML framework.

Recommendation 2: Regulators and law enforcement should work with FIs to better align inter-institutional incentives on the objective of reducing financial crime.

Recommendation 3: Regulators should identify and share best practice with peers and the private sector on improving organisational agility in FI financial crime risk management.

Recommendation 4: Regulators and law enforcement should identify and share best practice with peers and the private sector on integrating financial intelligence into FIs’ financial crime risk-management structures.

Recommendation 5: Regulators and law enforcement should continue to encourage, protect and evaluate FI technological innovation for detecting financial crime risk at all stages of the client life cycle.

Recommendation 6: Regulators and law enforcement should continue to expand legal and technical frameworks for fostering financial intelligence sharing in and between both the public and private sectors.

Recommendation 7: Governments, regulators and industry associations should work with FIs to ensure that the benefits of innovation are shared equally across the private sector.

Recommendation 8: In the medium term, governments and regulators should explore the costs and benefits of a more unified approach than the current model, whether under public or private sector leadership.