When regulators evaluate the financial crime defence in a bank, one of their primary demands are that the bank has an updated enterprise risk assessment and that the entire defence is built in a way that addresses the inherent risk identified – thereby leading to a residual risk which is inside the risk appetite of the bank. And if outside the risk appetite of the bank, it should lead to the identification of additional controls needed to get inside risk appetite.
A strong risk assessment should not only be made based on the high-level generic terms like money laundering, tax evasion and terrorist financing, it should go deeper into the predicate offenses.
The AMLD6 mentioned a few new predicate offenses like cybercrime, environmental crime, and wild-life trade, so the total number is now 22. For banks in Europe that means even from the perspective of living up to the law, they must be concrete on how to set up control mechanisms for these.
But for banks it should not just be about living up to the law – it is all about catching the criminals. I believe best practice is to be as concrete as possible on the predicate offenses – not only in the enterprise risk assessment, but all the way to the design and implementation of the individual controls.
By using the intelligence and analytics type of controls I mentioned in advise #7, it is possible to define modus operandi for specific predicate offenses, not just “potential money laundering” and thereby provide very qualified alerts/leads.
Also in the more traditional Transaction Monitoring, it is important that the TM analysts understand what they are looking for – it is very different signs depending on if you are looking for signs of illegal wildlife trade (e.g. the money-flows must in the end go back to the countries with supply of wild-life) or for tax crimes through invoice factories (e.g. there are no/limited signs of all the resources that should be used to create the value equal to the invoices).
This is best done by integrating descriptions of the signs of the different predicate offences into the analyst/investigator guidelines and educational material, thereby strengthening the entire defence.
It is actually quite comprehensive – e.g. take a look at the FATF guidelines on preventing money laundering from wildlife trafficking. This deep level of understanding the risk indicators on customers and transactions demonstrates the need for further specialization of the workforce.