In a week’s time, the European Union’s fifth Anti-Money Laundering Directive (AMLD5) will come into force. Here at Bruc Bond, we’ll take this opportunity to review the current state of AML regulations within the bloc and ask, is it good enough?
The last two years shook Europe with a wave of money-laundering cases brought forward against a number of big-name banks and financial institutions. Such a cascade demands serious attention and, worryingly, suggests that the EU’s regulatory frameworks for money-laundering prevention demand profound reform if they are to achieve lawmakers’ stated goals. With the fifth iteration of its AML directive, the EU is tightening the reigns, hoping to significantly curtail the illicit funneling of funds within its borders. But the actions may not be far-reaching enough.
If we take a look at the numbers, the picture they paint is far from rosy. Somewhere between 2 to 5 percent of the global GDP gets laundered each year and only 1.1 percent of criminal proceeds are apprehended in Europe. This is a large mountain to climb for regulators and compliance officers, and the provisions set out in the AMLD5 seem paltry in comparison to the size of the problem.
Under the AMLD5, supervisory powers are now anchored in the European Banking Authority (EBA), Europe’s banking regulator, and an AML action plan has been developed. These are positive steps, to be sure, but we at Bruc Bond think that Europe’s regulators could do much better.
In our research we have identified three key areas where focus is desperately needed if Europe’s anti-money laundering authorities are to have a fighting chance:
- Clarity on the interplay between the European AML framework and the GDPR
European consumers rights advocates have scored major victories, culminating in the enactment of the General Data Protection Regulation (GDPR). The protections awarded by the GDPR are extensive have been explored at length in various outlets over the years, including the sometime stringent limitations placed by it on businesses. While the debate over its efficacy has subdued somewhat, several points of friction still exist, especially as the GDPR relates to anti-money laundering efforts. As an illustration we can look at Refinitiv’s recent “Report on Innovation and Financial Crime 2019”, which finds that over 80 percent of the surveyed companies felt that data-protection laws restrict their ability to collaborate and meaningfully participate in the fight against financial crime. Europe’s regulators must provide more clarity to private sector partners on how these at times contradictory regulations can be implemented coequally and effectively, without either compromising legally enshrined privacy rights, nor hindering financial crime prevention.
- Regulatory agility in the face of fast-paced technological disruption
EU members states expend considerable efforts and resources to encourage technological innovation, in areas as diverse at artificial intelligence, distributed ledgers, cloud computing and more. These efforts are, on the whole, a net positive for the EU. However, regulators in the bloc must be quicker to adapt to the disruptions carried by innovative technologies. It is no secret that new digital products have been a boon for money launderers and perpetrators of financial crimes at large. It is now, in many cases, easier to conceal the identity of the ultimate beneficial owner (UBO) of a company or asset, such as for holders of crypto assets. Great risks also exist in emerging instant-payment systems that are yet to be adequately addressed by regulators. Convenience and speed are in tension with the demands of stringent due diligence protocols, which by their nature are not particularly speedy processes. The EU has the opportunity to lead in establishing global standards for identity verification, such as the Legal Entity Identifier (LEI). The LEI was proposed post-financial crash and has been endorsed by the G20. It is already used in a limited capacity in financial markets, but its penetration hasn’t been comprehensive enough. The landscape for digital identity verification is cluttered, messy and fragmented. The EU has the opportunity to bring order to the field by establishing the LEI (or an adequate alternative) as the de facto standard. Others would soon follow suit.
- Increase structured information sharing between relevant stakeholders
It is our view, that information sharing constitutes perhaps the most significant bottleneck in developing a better, more comprehensive AML framework. It is paramount to establish clearer and more direct communication channels not only between various regulatory and law-enforcement bodies, but between all relevant stakeholders, including in the private sphere. In the fight against financial crime, the private sector serves as the soldier on the frontlines. To take advantage of their numbers, strengths and willingness to take part in the process, the EU and its member states must show themselves as a willing and capable partner in the good fight. This goes beyond clear reporting channels by which companies can send missives to unknown bureaucrats. Information flows must be omnidirectional, with regulators providing unambiguous directions to financial institutions on how and when to act. This means, in the simplest terms, that the EU must step up when it comes to explaining what exactly regulators want from the companies and financial institutions operating within its jurisdiction. It means that the EU must step in and provide clarity when local, regional and state authorities provide information that is insufficiently clear. It means that the EU must mandate its members and their own internal regulators to provide such information as quickly as bureaucratically possible. Failure to act in this arena will hamper any good effort made by any body, public or private.
It is this last point that most significantly hampers AML efforts in the EU, in the eyes of the Bruc Bond team. We will expand on it further in the coming weeks.