A speech by Ian Mullen, British Bankers’ Association Chief Executive, at a recent FSA conference on Fraud and Money Laundering.
Let me first welcome the presence of the Financial Secretary and the publication of the long awaited money laundering strategy document. The industry will want to study this carefully but from the Financial Secretary’s remarks there are many points that we would strongly support, as well as others where we would put a different emphasis without dissenting from the general thrust. Let me begin with some remarks on key elements of an AML strategy for the beginning of the 21st century.
I welcome the recognition that an AML Strategy has to start from recognition that money laundering is a problem that affects society in the UK, but strategies to deal with it have to have a significant international dimension. This is particularly important given the role of London as a major international financial centre.
A first element of a strategy should be recognition that there is a necessary partnership between government and industry. Government sets high-level objectives, and the broad framework, whilst the industry has an element of discretion in providing specific guidance on how objectives and framework should be interpreted and implemented, written in the knowledge of course that the Courts, have the final say at the end of the day.
A key element of this partnership is to maintain and strengthen the element of self-regulation, flexibility and discretion that is inherent in guidance. Only 18 months ago, the JMLSG was re-established by the 16 member trade associations as a free-standing limited company with its own rules and articles of association. In that time it has showed a growing cohesion and ability to work together to represent the financial services industry as a whole, and will soon produce a more transparent and inclusive version of its guidance notes. This experience has left the JMLSG as a stronger partner in this relationship.
But an AML strategy must be, and be seen to be, more than the business of government and industry alone. The public need to be aware that money laundering and financial crime affects society as a whole, because such crime, if successful, is evidence that crime does pay. Financial crime is not, as it is often perceived to be, victimless. An effective AML regime requires communication to the general public so that they understand that it is there to help protect the public from crime – not just financial but any crime which requires finance if it is to succeed. The damage to society caused by financial crime and money laundering is not widely understood, and to date government has not, we believe, given sufficient priority to this, and we shall wait to see how the Financial Secretary proposes to develop this theme. For the public is not a spectator but a stakeholder in anti-money laundering.
A third element of a strategy is of course resources, if it is to be effective. If those who are tempted to commit financial crime reckon that the chances of it being detected, investigated and prosecuted are worth the risk to them of punishment, the strategy will be ineffective and resources wasted.
While the Assets Recovery Agency seems to be off to a good start, overall financial crime lacks sufficient priority to ensure that law enforcement agencies devote the resources to tackle it effectively. As with a better communications campaign, this is not something that can be effected from one day to the next. But improved resources are becoming more urgent as organised financial crime is moving up the agenda of many firms in the sector, in recognition of the growing threat to them and their customers.
Linked to this is the issue of feedback and the effectiveness of the anti-money laundering regime. The financial services industry devotes considerable human and financial resources making Suspicious Activity Reports under the Proceeds of Crime Act. NCIS has made progress, but the industry will continue to seek better feedback on the effectiveness of such reports, to help improve their quality, and target them more precisely. A more focused, streamlined and effective SAR regime should give a clearer idea of the added value of suspicious activity reports for law enforcement activity. If it remains unclear how the industry’s efforts are helping to investigate and as necessary prosecute money laundering the result will be a lack of motivation within firms and a reduced deterrent to money launderers. We welcome the support in the strategy document and from the FSA for increasing the effectiveness of the suspicious reporting regime. If, as reported in yesterday’s Daily Telegraph, the government is thinking of making amendments to the framework legislation, the Proceeds of Crime Act, we would welcome a dialogue on changes to improve the practical operation of the SAR regime.
A fifth element is the international dimension of an AML strategy. The financial services industry is universal, consequently competition extends across borders. In the UK firms seek a broad equivalence of implementation of AML measures in other countries. We are pleased therefore that successive governments have supported the work of FATF in raising international standards of money laundering. But it is not enough to pass laws and regulations – what matters crucially is how these are implemented, and as necessary, enforced.
A strategy must also recognise the need to strike a balance between the investigator’s right to investigate, where crime is suspected, and the law abiding customer’s right to expect a degree of privacy about his or her financial affairs. This issue has been raised recently by the European Commission’s suggestion that law enforcement Agencies should have full access to financial institution’s databases of account holders and their transactions and is likely to grow in importance in the medium-term.
Similarly, it is important that collectively we get balance right between preventing money laundering and not excluding people from the financial mainstream. This is difficult at a policy level, and perhaps, more crucially, at an operational level. Society’s priorities change when there are high profile security incidents, or high profile examples of people finding it difficult to open accounts; our partnership needs to be strong enough to help keep that balance consistent and not over-influenced by anecdotal evidence.
Let me say a few words on the radical revision of the Guidance Notes and the FSA Working Group on Identification.
As I mentioned earlier, the JMLSG has made significant progress with the major revision of its guidance notes. While the JMLSG has to take final decisions on the revision, key elements will evidence a risk-based approach, on the understanding with Government that 20/20 hindsight will not be applied when a firm has acted in good faith but gets it wrong: a greater emphasis on the responsibility of senior management to evaluate the risks facing the firm and approve measures to help reduce them: and a clearer distinction between information that a firm needs to obtain, and what it needs to verify.
After consultation with members of the 16 trade associations that make up the JMLSG, the Group has since May this year been sending draft chapters of general guidance to the government departments concerned and to the FSA. The initial reaction has been positive. Guidance which will be specific to particular financial sectors or types of business is in hand. As per the established process, once we have the go-ahead from the authorities, we will publish a full consultation draft, for a three-month period of public comment. Our aim is to publish at the turn of the year, with a view to agreement on an agreed text by-mid 2005 and its coming into force thereafter.
The JMLSG’s view is that it is more important to get the guidance as a whole right than to meet an arbitrary timetable. But it is also aware that undue delay could lead to expectations that implementation of the revised guidance should be combined with the transposition into UK law of the 3rd ML Directive – although this is unlikely to be before mid-2006 at the earliest, which is still some way off.
The JMLSG has participated actively in the Working Group set up by the FSA on Identification issues, and we welcomed the FSA’s published progress report. We are pleased that the Working Group has come out in support of the JMLSG’s approach. Our view has always been that money laundering checks should be carried out on a risk sensitive basis, and an unthinking prescriptive approach to its guidance is inappropriate. The current guidance notes make clear that its examples of suitable identity documents are neither exhaustive nor mandatory. Even if there was not total accord in the Working Group on what "defusing the ID issue" entails, all JMLSG participants welcomed the opportunity to discuss views and concerns of a wide range of those with an interest in the Guidance Notes, including consumer interests.
There is however one point on which a consensus exists. Firms – and all the staff within them who are responsible for implementing AML checks – need to be satisfied that their customers are who they say they are. There is no dispute over this as an objective. The FSA has made it clear that this applies to existing as well as new customers. At the same time, firms want to fulfil this requirement in ways that minimise the inevitable inconvenience to customers. Balancing these two requirements of satisfactory identification but at minimum inconvenience is not simple or easy, but the JMLSG has always recognised that a balance is necessary.
The Working Group has reinforced the JMLSG’s view, since the very beginning of its work in earnest on the radical revision in 2003, that it was moving in the right direction in considering – in contrast to the current Guidance Notes – advocating a single identity proof for anti-money laundering purposes for most lower risk financial products and customers, and proposing a greater use of electronic verification of identity, wherever this is possible. We must also begin to prepare for the time in the not too distant future when there is likely to be a single identity document, which everyone is likely to possess, and which offers a high degree of proof of identity.
Discussion in the Working Group also highlighted some fundamental changes that have already occurred and a number of other key points:
*The first change is Law Enforcement’s view that what matters to them is not the verification of an address at the time a new account or transaction commences, but the knowledge of the current address of the person concerned.
*The second change is the FSA’s view that verification of an address can be an option but it does not need to be obligatory. These changes will facilitate the work of the JMLSG. They will support another change that the JMLSG is considering – that a useful distinction can be made between obligations to collect data for ID purposes, and obligations to verify it (or part of it).
*A third change that we welcome is the recognition by the FSA that the "fear factor" arising from its supervisory approach and enforcement actions, has caused firms to take a more rigid approach towards ID than the guidance notes would permit, in order to reduce the risk of regulatory sanctions. In my view this has been one of the most important factors that has led to the perception of an "ID issue" and of banks pursuing ID "over enthusiastically". We understand that the FSA will be giving guidance and training for supervisors on a risk-based approach and I am sure that firms will consider carefully whether they could help by contributing to this. The FSA has signalled a change of emphasis in its approach to supervision, with less emphasis on checking ID and record keeping, where a good standard is being achieved, and more on looking at failures in wider systems and controls. This should lead to a greater focus on the essence of the problem, rather than simply checking whether firms are "box ticking", and is essential if a risk-based approach is to be adopted generally. But both the regulator and the industry should note that the broader approach above may well be more difficult to apply and enforce than checking ID and records systems, and does not in my view signify a relaxation in the regulator’s approach.
*Another point to emerge from discussion in the Working Group is the heightened awareness of the risks from fraud, about which Philip Robinson spoke earlier today and that ID plays an important role in helping to protect firms and their customers from fraud (including ID fraud) and, as appropriate, credit risk.
This is one reason why, as the progress report recognises, ID is apparently simple but it takes place in a complex – and rapidly changing -context.
The financial services industry would like to emphasise two further points in respect of the ongoing work on revising the guidance notes. First, it has no intention of reducing the effectiveness of anti-money laundering standards in the UK – how could there be, unless the high-level but stringent legal obligations on firms were relaxed?
Second, any changes to firm’s procedures can only take effect once the radical revision has received Treasury Ministerial approval and has been launched. The changes advocated in the Working Group are radical and retraining staff and changing the electronic systems involved cannot be undertaken overnight – each of the six largest retail banks alone has around 20,000 staff likely to be directly involved in customer identification.
Speaking for a moment with my BBA bankers’ hat on, I would like to mention a further point. Until very recently, the FSA and government departments concerned were pressing the banks and other firms to do more to verify their customer’s identities. To take just two examples, the reverification of existing customers’ identities which began in 2002, and the 2002 FSA report on money laundering – still available on the FSA website – which specifically encourages firms to check their lists of acceptable identity verification documentation including both name and address, as not all firms were undertaking full KYC when they opened new accounts for existing customers.
This approach was understandable in the wake of Abacha and 9/11. The need, to quote the progress report, to "defuse the identity crisis" is a recent development. The banks’ experience is that the vast majority of their customers are able to open accounts quickly, with little hassle, by producing the standard documents that most people have. To judge from the progress report, the FSA’s consumer research would appear to bear this out. But problems have occurred for customers who do not possess the standard ID documents and it is in this area that further work is needed. As the progress report notes, the Guidance Notes have already significantly broadened the range of documents that may be used to verify ID, but this may, paradoxically, have made the system more complex to administer, and this needs to be looked at again. But after a period in which the pendulum has been swinging, firms will expect to see a period of "steady as she goes" in respect of ID issues.
I am glad to see recognition of these issues by the FSA, and of the steps needed to remedy them. Together with a clear policy on what firms can expect from their supervisor. This is essential if a risk-based approach which does not regard every customer as a potential criminal until he or she has proved otherwise, is to succeed in being more user friendly and at the same time more effective.
There is also a growing recognition, reflected in an FSA DP earlier this year, and in the Working Group that effective anti-money laundering requires better Know Your Customer procedures, including electronic and other monitoring. Know Your Customer procedures and monitoring are particularly important in wholesale business, where the risks of money laundering are different from the retail area, but no less real.
Before concluding, I should say a few words on the draft Third EU Money Laundering Directive
Such is the pace of change on money laundering that, although we have not finalised the review of the guidance notes, HM Treasury is already consulting extensively on a proposed 3rd Money Laundering Directive. So far, I do not see immovable obstacles for UK firms in what is proposed. But firms are concerned about the definition of beneficial ownership and of how that ambiguous phrase "taking reasonable measures" will be interpreted in UK law and supervision in respect both of beneficial owners and of PEPs. This is an area where one man’s view of "reasonable measures" on a risk-based approach may not be the same as another’s, and the Government should play its part in making beneficial ownership more transparent. The Commission’s draft of the identity measures to be taken when the customer is not physically present is also unsatisfactory.
Firms are also aware that a risk-based approach is not necessarily consistent with a level playing field between different member states. They will want to see that a firm-based assessment of risk management, rather an attempt to codify different risks that is likely to be rigid, and ultimately unsustainable, can achieve broad equivalence of implementation throughout the Community, while allowing for different legal and regulatory systems in member states. Different approaches to risk management should not make money laundering systems a competitive element between member states.
There are two points to make here. First, the 3rd Money laundering directive will effectively transform into law what exists as guidance, in the form of the FATF revised 40 recommendations. The significance of this apparently small, but potentially far-reaching, change is not fully appreciated, particularly, as it could affect implementation of a risk-based approach, which is a key aspect of the Directive and which we welcome. Industry and government negotiators need to give further thought to a change that could give firms less flexibility in implementing AML systems.
Second, firms are concerned lest the Directive does not make it easier for reports by bank staff of suspicious activity to be disclosed to the defence in a court case. In many cases the staff involved can be identified. The result would be threats to the staff concerned, which have already occurred, and reluctance among staff to make reports if they feel that they could come to harm as a result.
Finally, on the important issue of Financial Exclusion
Last time round with the guidance notes we undertook an extensive consultative exercise with voluntary organisations, banks, regulators and others to lengthen the ‘long list’ of appropriate documents for people who are financially excluded. This resulted in an expanded list of documents from which banks can choose when they consider account opening. This has made a difference: for example, in the 15 months since the beginning of the Universal Bank programme – an unprecedented partnership between Government, Post Office and the banks to help the financially excluded – over 800,000 basic bank accounts have been opened.
As I said in my introductory remarks the key is ensuring balance. Our contributions to this are:
*a financial inclusion module will shortly be included in the anti-money laundering training we offer members.
*the central helplines which many of our members have in place to assist branch staff grappling with these issues.
*a number of pilot projects which banks have undertaken with groups representing financially excluded people, where third parties are asked for help with ID and V.
We need to continue working with the regulator, HM Treasury, groups like the National Consumer Council and other voluntary groups as well as with banks and building societies to ensure that the best possible balance is struck, and that bank staff – who have the unenviable task of getting this right on the ground – are doing the best to ensure accounts are not opened for financial crime, and are equally doing their best to ensure that accounts are opened for people who have in the past been financially excluded.
On Fraud
JMLSG members welcomed the opportunity to comment on DP 26 – developing our policy on fraud and dishonesty. The FSA’s consultative approach in seeking views from industry on how it should conduct its future activities was appreciated. Fraud threats are constantly changing and dynamic and require constant vigilance, monitoring and adaptability to changing attacks. With increasing technological opportunities such as the growth in internet capabilities and the extension of the EU, the UK has become an attractive target for fraudsters, a significant proportion of whom are not necessarily based in the UK. Firms increasingly tackle fraud and money laundering within the same department. A response needs to be flexible, recognise that some firms have made more progress than others that should be shared but not hold up their further development, and examine the synergies between anti-fraud and anti-money laundering efforts but one which also recognises the difference between the two.
Conclusion
In all these proposed changes to the way that AML checks are performed, the industry needs to be careful to assure the UK public – and those in other countries – that the UK is not "going soft" on money laundering, nor are firms seeking simply to cut their costs; rather we are all engaged in better targeting of the resources that we – the industry, government and law enforcement – deploy.
