Anti-Money Laundering 4.0

Executive Summary

Money laundering incidents in the European Union, digitisation and a disproportionate balance between costs and benefits give rise to a fundamental review of the instruments for combating money laundering and terrorist financing. Recognized deficits should now be resolutely eliminated. Only in this way can crime phenomena that threaten the very substaaould like to contribute to the discussion on these issues, which the EU Commission opened with its Roadmap published in February 2020 [1] , with the following proposals:

1. Increased Legal Harmonisation:

EU regulation should be switched from the legal instrument of a directive to a regulation, at least in key aspects. A uniform EU-wide regulation is particularly necessary in the area of know your customer regulation.

2. Strengthening of Transparency Registers:

Transparency registers introduced by the 4th EU Money Laundering Directive must be designed in a practical manner. The data on beneficial owners contained in the registers must be comprehensive and reliable. This is currently not guaranteed.

3. Clear Basis for Transaction Monitoring:

The investigation of transactions for indications of money laundering or terrorist financing requires a comprehensive and clear legal basis and must ensure an appropriate balance with data protection rules.

4. Restarting Suspicious Transaction Reporting:

The rules for reporting suspicious transactions must be fundamentally revised. Encouraging experiences from Public-Private Partnerships in Europe show that an exchange of operational data between investigating authorities and addressees of money laundering laws can lead to a leap in quality in the prosecution of money laundering and terrorist financing. In return, the threshold for reportable suspicions must be raised in order to reduce the existing flooding of the Financial Intelligence Units. 

5. Authority Structure and Cooperation:

The primary goal must be further harmonisation of substantive law. Questions of the structure of authorities can be taken up again after the amended substantive laws have been tried and tested. The starting point for an authority reorganization must take their different roles, competences and information into account. From a banking perspective, greater involvement of police and law enforcement authorities is urgently required. A more intensive harmonisation of supervisory activities may well make sense, as already initiated recently by the expansion of the competences of the European Banking Authority. However, the primary responsibility of national supervisory authorities should be retained. 

1. Introduction

Some thirty years after the First Anti-Money Laundering[2] Directive (91/308/EEC) marked the start of a regulated anti-money laundering framework in the European Union, the debate on the right way to combat serious organised crime and the financing of terrorism remains ongoing. There are many reasons for this. The adoption of five European anti-money laundering directives since 1991 was strongly influenced by external events, most recently, in the case of the Fifth Anti-Money Laundering Directive (2018/843), the terrorist attacks in Paris and Brussels. This is also true of the current discussion at EU level, which this time is largely driven by money laundering incidents at EU banks.[3] In terms of content, the debate at EU level mainly revolves around issues of further harmonising substantive anti-money laundering law (by means of a regulation instead of a directive), improving cooperation between the various authorities involved and exploring possibilities of expanding anti-money laundering powers at EU level. On 25 November 2019, the European Commission was invited by the Council to submit proposals for further action, particularly on the above three points.

A careful review of the legal framework and the responsibilities for enforcing the resulting obligations is undoubtedly needed. There are nevertheless also other developments which make it necessary to analyse the current approach to preventing and combating money laundering. This is because the basis for the anti-money laundering policy drawn up in the 1990s has undergone fundamental changes since then.

• The scope of entities regulated by anti-money laundering legislation has been continually expanded beyond the financial sector, to which the legislation was originally addressed. This is a reminder that preventing money laundering is not the sole responsibility of the financial industry but that of society as a whole. The targeted involvement of other economic and social groups can make a significant contribution to combating money laundering more effectively.
   
• Involving the financial sector in fighting crime was based on the basic idea of being able to “follow the money” through records kept by obliged entities. In our digital society of 2020, data trails of potential interest to law enforcement will clearly not just exist in the financial sector alone. Regulation has not yet adequately responded to this.
   
• There is also another important point to remember: the original aim of the fight against money laundering was to create an “intervention alliance” between the state and businesses to combat a crime phenomenon that threatened the rule of law itself. The intensity of the current discussion about the need to step up cooperation both among authorities and between authorities and those subject to anti-money laundering laws demonstrates that this aim has not yet been achieved. In the view of the German banks, the extensive identification and documentation requirements set out in the legislation – requirements, moreover, whose effectiveness in preventing money laundering is sometimes questionable – have largely come adrift from their original goal, namely to help catch and convict serious criminals. Respected experts have questioned the efficacy of the entire current policy.[4] This all suggests it is high time to recall and return to the objectives of combating money laundering and make forward-looking adjustments to prevention policies.

With this in mind, we would now like to make some concrete proposals for changing prevention policies – in some cases radically so.

2. Weaknesses of the current prevention policy

Contrary to what the current debate at European level implies, the weaknesses of the current prevention policy are not (only) due to inadequate harmonisation of the legal framework and to the scope of supervisory responsibilities and powers at EU level. The main flaws are instead, first, an overemphasis on formal requirements (data collection on the customer [KYC], person acting on the customer’s behalf [which we believe is sometimes interpreted too broadly or does not fit certain business relationships such as trading transactions and correspondent banking] and beneficial owner, and documentation of the results). The second problem is the insufficient exchange of information when it comes to investigating suspicious activity, both between obliged entities and the directly responsible authorities and among obliged entities, including on a cross-sector basis.

There are practical difficulties in the European Union with setting uniform requirements for establishing identities (i.e. regarding what data to collect depending on what role is involved as well as what sources to use to verify these data). Some member states, such as Germany, have mandatory ID cards, while in other countries other sources have to be used as proof of identity. Irrespective of this, the adoption of the eIDAS Regulation (910/2014)[5] shows that uniform EU-wide requirements for electronic identification are indeed possible. There are no such requirements, however, governing identification under the Anti-Money Laundering Directive. Similarly, the requirements of the Anti-Money Laundering Directive for transparency registers are not sufficient to deliver the benefits of a single repository of data on beneficial owners in practice. On the contrary, the transparency registers are expected to generate considerable additional work while delivering very limited added value.

Errors in establishing and verifying data and in recording the identification process or, in particular, the process of identifying beneficial owners are easily made under the “box-ticking” method currently prescribed. These can, in turn, give rise to easily substantiated objections which can result in the imposition of fines. The concentration of supervisors and supervised entities on this “formal” side of combating money laundering is ultimately a distraction from the central objective of anti-money laundering legislation. To put it bluntly, by increasingly focusing on sanctioning obliged entities because of formal errors, we are progressively losing sight of the effective pursuit of serious criminals.

As a result of Germany’s federal structure, the exchange of information between obliged entities under the German Money Laundering Act and investigating authorities varies in intensity. Overall, it falls short of what is currently possible and what would help to optimise law enforcement. Since the fight against money laundering first began, the investigating authorities have refrained from providing regular, case-specific feedback on suspicious transaction and suspicious activity reports. To this day, it is not possible to show what contribution suspicious transaction reports have made to the outcome of criminal proceedings, either generally or in a specific case, because the necessary information is not collected. It is true that the annual reports of the Financial Intelligence Unit (FIU) show the number of suspicious transaction and suspicious activity reports submitted each year. And annual law enforcement statistics show the number of convictions for money laundering under section 261 of the German Criminal Code. These figures can be found in the chart in the annex. These data are of limited value, however, for the following reasons. The figures on convictions do not indicate whether these can be attributed to filed reports of suspected money laundering. On top of that, experience suggests that reports of suspected money laundering may well lead to convictions for other offences, in particular fraud under section 263 of the German Criminal Code. But whether and to what extent this is the case is even less clear from the statistics.

All this means that obliged entities have no robust empirical material which would enable them to optimise their reporting behaviour on the basis of actual money laundering incidents. Instead, they base their reports on abstractly formulated risk factors, typology papers and their previous reporting behaviour. There is no end in sight to the rapid increase in suspicious transaction reports and the inevitable upshot: quantity, not quality. In Germany, for example, the threshold for a reportable suspicious transaction was lowered in 2011 by the German Act to Optimise the Prevention of Money Laundering (Gesetz zur Optimierung der Geldwäscheprävention).[6] The situation was further exacerbated in 2018 by a decision of the Frankfurt Higher Regional Court.[7] The decision interprets the reporting bank’s scope for analysis and plausibility checking very restrictively, thus severely limiting the discretion of the money laundering officer to determine whether an activity needs to be reported. This has led to a further sensitisation of reporting behaviour. Meanwhile, ever less attention is being paid to whether there is an actual basis for a suspicious transaction report, namely sufficient indication that assets are of illegal origin (predicate offence for money laundering or link to the financing of terrorism). Yet with the interests, and rights, of customers in mind, as well as the interests of the law enforcement authorities in receiving well-founded information, obliged entities should be allowed a certain amount of scope to look into potential cases of suspicious activity.

Irrespective of these developments, contacts between obliged entities and investigating authorities arose over time which have proved a valuable source of information for the obliged entities. The banking industry believes the best way of optimising the toolbox for combating money laundering is to intensify, consolidate and regularise this exchange. But granting a monopoly of responsibility to the FIU, which is located at the German Customs Criminal Investigation Office, has reduced the practical and local exchange of information which sometimes used to take place between obliged entities and federal and state law enforcement. The FIU needs to obtain access to the relevant information held by the investigating authorities if it is to effectively assume their role. We therefore welcome the fact that it was decided when transposing the Fifth Anti-Money Laundering Directive to empower the FIU to access police and public prosecutors’ databases (section 31 (4) and (4a) of the German Money Laundering Act). It nevertheless remains to be seen whether this measure will achieve the desired success in practice. There are grounds for some scepticism inasmuch as the real key to clarifying potentially suspicious cases lies in the swift exchange of operational data. This means information about personal and transaction-related data needs to be exchanged both between authorities and obliged entities and among obliged entities (ideally even across sectors) before suspicion is identified since this will help to determine whether or not a case of suspicious activity exists. This is already practised in other countries (such as the United Kingdom) on a legal basis created specifically for this purpose.[8] There is no such legal basis in Germany at present.

3. Proposals for optimising the fight against money laundering

The German private banks believe the following proposals have the potential to substantially improve the fight against money laundering.

a. Fully harmonise the legal requirements for identifying customers

The obligations to identify customers (including persons acting on the customer’s behalf and beneficial owners) form a large part of anti-money laundering rules. Given their objective – the creation of a data trail – this is understandable. It is nevertheless open to question whether, in the changed conditions of this digital age, this “first stage” of anti-money laundering measures should not be formulated in a more uniform and stringent way and implemented in a more up-to-date manner. So-called know-your-customer utilities have emerged in a number of EU member states. These are companies that offer to implement the technical and organisational requirements of the identification process on behalf of obliged entities. This requires a uniform and practicable (i.e. concretely descriptive) legal framework. This should be established in the form of an EU regulation specifying precisely and exhaustively what data needs to be collected and what data sources should be used for this purpose (identity documents, etc.). A critical look should be taken at whether it remains appropriate to apply the risk-based approach to this “first pillar” of the fight against money laundering. We consider a rules-based approach to collecting and verifying data to be clearly preferable. The fact that requirements differ even within the EU as to the data to collect on a beneficial owner, the sources to use for verification purposes and the calculation method to apply to determine the beneficial owner in the event of multiple participation levels well illustrates the current problems of the risk-based approach. It is also crucially important that EU lawmakers make identification requirements technology-neutral. In addition, a clear legal basis should be created for practices which have proved their worth in the market such as Germany’s Video-Ident procedure.

b. Improve the collection and provision of data on beneficial owners in transparency registers

The function of the transparency registers introduced under the Fourth Anti-Money Laundering Directive should be enhanced. The objective must be to create a network of interconnected registers which, on the basis of a single set of requirements as to the data to be collected, offer a single point of truth on the circumstances of beneficial owners. The accuracy and reliability of the data in the registers can best be guaranteed if they are run by the state. Requiring obliged entities to collect these data is an outdated practice in this day and age. It also creates sources of error, which could be avoided by maintaining a state-run register. Where necessary, the existing requirements for entities to report data on beneficial owners should be adjusted. To ensure maximum harmonisation, these requirements should also be set out in the form of an EU regulation (including clear rules on the calculation method to use for determining beneficial owners in the event of multi-level participation structures).

c. Strengthen the legal framework governing transaction monitoring

The banking industry takes the view that transaction monitoring is of central importance to present-day money laundering prevention by banks. Transaction monitoring serves to extract from the data held by banks indications of activity that need to be examined more closely to see if they constitute grounds for suspicion. The quality of the underlying data has a decisive role to play in this context. For this reason, it is important to intensify cooperation with other obliged entities in the financial sector and with the competent authorities (including the joint use of utilities as in the area of customer identification). Since transaction monitoring cannot normally be carried out without the use of personal data, a clear legal basis is required, which should again be established in the form of an EU regulation to ensure data protection requirements are respected.

d. Restructure the treatment of suspicious cases

As the chart in the annex clearly shows – even if caution is warranted in its interpretation – only a fraction of the suspicious transaction reports filed actually help to support formal investigations into serious organised crime and terrorist activities. This phenomenon is not limited to Germany but can also be found in other jurisdictions, where in some cases the number of reports filed is even higher. It is therefore hardly surprising that it was in these jurisdictions that criticism of the existing reporting system was first voiced and that solutions were first sought.

Judging by the results available to date, a promising approach seems to have been taken by the Joint Money Laundering Intelligence Taskforce (JMLIT) in the United Kingdom. The centrepiece of this approach is a joint examination of potentially suspicious circumstances in a dialogue between operational law enforcement on the one hand and obliged entities on the other. In other words, the two sides discuss the situation prior to establishing that there are grounds for suspicion, each side hoping that the exchange with the other will furnish further information. Since this involves intrusion on fundamental rights ahead of suspicion, it is essential to establish a clear and constitutionally appropriate legal basis.

Despite the considerable degree of intrusion it entails, this novel approach seems preferable to current practices. Owing to an exponentially expanding notion of what constitutes suspicion, these are continually generating new records in the number of suspicious transaction reports to the point where reports can no longer be adequately dealt with by the authorities. It should also be borne in mind that those obliged to file the reports have a duty to ensure they are not unnecessarily exposing the person concerned to the unpleasant consequences of a suspicion of money laundering. This arises from the duty to contribute responsibly to preventing and combating money laundering and terrorist financing while at the same time keeping the interests of the affected customers in mind. On top of that, obliged entities have to consider whether it will be possible to continue doing business with a customer once a suspicious transaction has been reported. In addition to a more focused approach to the creation of suspicion along the lines of the JMLIT model, a significant rise in the threshold triggering suspicious transaction reporting is needed. It may be advisable follow the example of some other member states and begin by testing out a restructured suspicious transaction reporting strategy of this kind. Consideration should also be given to the involvement of criminological research in such pilot projects.

e. Organisation of the competent authorities

Various money laundering incidents in the European Union have sparked a keen debate about how the competent authorities are structured and about the distribution of powers between the Union and member states. The German banks believe discussions are sometimes too quick to focus solely on the question of which EU authority might be best suited to taking over powers from the national authorities. Considerations of this kind should be preceded by a thorough analysis of the official function of each authority involved. The following aspects are especially important, in our view.

• As already mentioned in the section on reporting suspicious activity, the banking industry considers the factual input from, and dialogue with, operational law enforcement to be of particular importance. We see this function as being not only a matter of exchanging information on cross-border operations or abstract typologies, but also of a practical local exchange of information. Centralising this function at EU level would not be unproblematic, in our view, since the distance from circumstances on the ground would be too great. Whether this function could be centralised at national level – as with the FIU in Germany – and still be effective remains to be seen.
   
• Monitoring compliance by the banking industry with those obligations under money laundering legislation that require no criminological expertise should remain the responsibility of banking supervisory authorities. One point worth discussing, however, is whether banking supervisors should also retain responsibility for monitoring compliance with obligations connected with reporting suspicious transactions. Experience shows that the interests of the authorities involved in this area differ. While banking supervisors are usually interested in dealing with the risk situation as quickly as possible (normally by ensuring business relations with the relevant customer are terminated), the investigating authorities generally prefer the business relationship to be continued so that they can follow the “data trail” further. Resolving this conflict of interest could help to make anti-money laundering measures more effective. A sensible alternative to the present arrangements might be to orient the reporting requirements more towards the benefit of the reports to the investigating authorities while ensuring an accompanying dialogue with the FIU is also maintained. 
   
• The private banks believe the issue of legal harmonisation by means of a directly applicable regulation is more important than the question of which authority should be responsible for what. Based on this premise, we nevertheless have the following observations on the discussion at EU level about allocating responsibilities:
   
  • We are not in favour of organising oversight of compliance with obligations under money laundering legislation along the lines of the Single Supervisory Mechanism (SSM). We oppose the idea of separate supervision – of some banks at EU level, of others at national level – not least because of the need for cooperation with law enforcement at local level. What is more, such a system would run counter to the objective of uniform supervision and thus uniform application of anti-money laundering rules and regulations.
     
  • Transferring supervisory responsibilities to the European Central Bank meets with strong reservations in Germany relating to the legal basis under Article 127(6) of the Treaty on the Functioning of the European Union (TFEU). On 30 July 2019, the Federal Constitutional Court justified its rejection of two constitutional complaints against banking union[9] by citing, among other things, the responsibilities remaining with the Federal Financial Supervisory Authority (BaFin). These include not least the supervision of compliance with obligations under the German Money Laundering Act. If this task were to be transferred to the ECB, the judicial assessment of banking union’s conformity with the constitution might change. This does not affect the ECB’s monitoring of compliance with anti-money laundering rules within the framework of prudential supervision.
     
  • The idea of transferring further responsibilities to the European Banking Authority (EBA) for the oversight of money laundering prevention is likely to raise more practical concerns. The EBA’s current level of staffing and resources is unlikely to be sufficient to ensure effective on-site supervision of the banks in member states. It is also open to question whether the EBA would be in a position to also supervise entities outside the financial sector that are subject to the anti-money laundering regime. On the other hand, it is true that the legal framework in which the EBA operates already gives it considerable powers of intervention and that there is no obvious reason to expand it with a view to making practical supervision more effective.
     
  • Finally, consideration is being given at European level to the creation of a new anti-money laundering authority in the shape of an agency. This agency could be responsible for monitoring all entities subject to the anti-money laundering regime and the scope of its powers could be defined from scratch. It is true that the boundaries of the Meroni doctrine[10] were considerably extended by the so-called ESMA ruling of the European Court of Justice (ECJ) on 22 January 2014.[11] According to this judgement, agencies with direct rights of intervention vis-à-vis EU citizens can most certainly be created on the basis of the authority to adopt harmonisation measures in the internal market under Article 114 of the TFEU. This extension of authority must, however, be balanced by appropriate substantive requirements and procedural obligations.[12] The creation of an EU anti-money laundering agency with new powers would therefore require procedural rules to be in place on a scale likely to be considerable. In addition, an EU agency with responsibility for supervising all entities subject to the anti-money laundering regime would need substantial resources and a corresponding lead time until it became operational.