Peace for the World

Peace for the World
First democratic leader of Justice the Godfather of the Sri Lankan Tamil Struggle: Honourable Samuel James Veluppillai Chelvanayakam

Thursday, March 21, 2019

Lip service to AML requirements: Are Sri Lankan designated institutions skating on thin ice?


logo 21 March 2019 

The recent announcement by the European Union (EU) blacklisting 20 odd jurisdictions for their failure to adhere to anti money laundering requirements (AML) comes as no surprise as all these jurisdictions have been forewarned by the EU, Financial Action Task Force (FATF) and other agencies of lax AML compliance.

The 23 jurisdictions are: Afghanistan, American Samoa, The Bahamas, Botswana, Democratic People’s Republic of Korea, Ethiopia, Ghana, Guam, Iran, Iraq, Libya, Nigeria, Pakistan, Panama, Puerto Rico, Samoa, Saudi Arabia, Sri Lanka, Syria, Trinidad and Tobago, Tunisia, US Virgin Islands, and Yemen. Currently Sri Lanka has also been identified by FATF as a jurisdiction with strategic deficiencies.

In October 2018, FATF issued a strong statement on its assessment of Sri Lanka:“Since November 2017, when Sri Lanka made a high-level political commitment to work with the FATF and APG to strengthen the effectiveness of its AML/CFT regime and address any related technical deficiencies, Sri Lanka has taken steps towards improving its AML/CFT regime, including by providing case studies and statistics to demonstrate that competent authorities can obtain beneficial ownership information in relation to legal persons in a timely manner; issuing amendments to the directive in relation to CDD obligations; and establishing a targeted financial sanctions regime to implement relevant UNSCRs related to Iran and issuing a related directive. Sri Lanka should continue to work on implementing its action plan to address its strategic deficiencies, including by enhancing risk-based supervision high-risk Designated Non-Financial Banking institutions, including through prompt and dissuasive enforcement actions and sanctions, as appropriate; and demonstrating effective implementation of its targeted financial sanctions obligations related to proliferation financing.”

The Financial Action Task Force (FATF) is an inter-governmental body established in 1989 by the Ministers of its Member jurisdictions.The objectives of the FATF are to set standards and promote effective implementation of legal, regulatory and operational measures for combating money laundering, terrorist financing and other related threats to the integrity of the international financial system.The FATF is therefore a “policy-making body” which works to generate the necessary political will to bring about national legislative and regulatory reforms in these areas.


The FATF has developed a series of Recommendations that are recognised as the international standard for combating of money laundering and the financing of terrorism and proliferation of weapons of mass destruction.They form the basis for a co-ordinated response to these threats to the integrity of the financial system and help ensure a level playing field.First issued in 1990, the FATF Recommendations were revised in 1996, 2001 and 2003 and most recently in 2012 to ensure that they remain up to date and relevant, and they are intended to be of universal application.

The FATF monitors the progress of its members in implementing necessary measures, reviews money laundering and terrorist financing techniques and counter-measures, and promotes the adoption and implementation of appropriate measures globally.In collaboration with other international stakeholders, the FATF works to identify national-level vulnerabilities with the aim of protecting the international financial system from misuse.

Blacklisting by the EU is a controversial issue. USA has been particularly critical of the new EU methodology adopted which resulted in the inclusion of four overseas US territories.In February 2018 a motion to exclude the inclusion of Tunisia, Sri Lanka, and Trinidad and Tobago from the European Commission’s list of non-EU countries considered to have strategic deficiencies in their anti-money laundering and terrorism financing regimes was defeated

Sri Lanka was a late comer in terms of enacting legislation dealing with the regulation of money laundering and the combating of terrorist financing. In 2000 the current author was invited to deliver the annual oration of the Centre for Banking Studies of the Central Bank of Sri Lanka and he chose as the subject “The Regulation of Money Laundering: A New Challenge to a Global Problem” (Central Bank Occasional Papers, No. 36). Preliminary drafts on controlling money laundering went through a long gestational period oscillating between harsh provisionsto watered-down versions. Due to pressure mounted by the US administration, the Convention on the Suppression of Financing of Terrorism Act was enacted in 2005 and this was followed by two pieces of legislation hurriedly adopted, namely the Prevention of Money Laundering Act and the Financial Transaction Reporting Act. Both became operational on 6 March 2006.

In terms of the Financial Transaction Reporting Act, there are two categories of institutions and personnel: Finance Business and Designated Non-Financial Business. Under the latter category there are at least 12 specified institutions and/or operators, including, for instance, underwriting and placement of insurance, as well as insurance intermediation by agents and brokers;trustee administration or investment management or a superannuation scheme; casinos, gambling houses or conducting of a lottery, including a person who carries on such a business through the internet when their customers engage in financial transactions equal to or above the prescribed threshold;real estate agents, when they are involved in transactions for their clients in relation to the buying and selling of real estate; (i) dealers in precious metals and dealers in precious and semi-precious stones, including but not limited to, metals and stones covered by the Gem and Jewellery Act, No. 50 of 1993 when they engage in cash transactions with a customer, equal to or above the prescribed threshold;lawyers, notaries, other independent legal professionals and accountants when they prepare for or carry out transactions for their clients in relation to any of the following activities:— (i) buying and selling of real estate; (ii) managing of client money, securities or other assets; (iii) management of bank, savings or securities accounts ; (iv) organisation of contributions for the creation, operation or management of companies ; and (v) creation, operation or management of legal person or arrangements and the buying and selling of business entities ; (k) a trust or company service provider not otherwise covered by this definition, which as a business provides and one or more of the following services to third parties :— (i) formation or management of legal persons; (ii) acting as or arranging for another person to act as, a director or secretary of a company, a partner or a partnership or a similar position in relation to other legal persons;(iii) providing a registered office, business address or accommodation, correspondence or administrative address for a company, a partnership or for any other legal person or arrangement;(iv) acting as or arranging for another person to act as, a trustee of an express trust; (v) acting as orarranging for another person to act as, a nominee shareholder for another person.

Whilst technically the listed finance businesses and designated finance business have been obliged since 2006 to comply with requirements including due diligence, in 2018the Designated Non-Finance Business (Customer Due Diligence) Rules were enacted covering the above categories. Implementation, however, leaves much to be desired.

Fenergo, the leading provider of Client Lifecycle Management solutions for financial institutions, has released data detailing the global fines activity of regional and in-country regulators over the past 10 years. A staggering $26 billion in fines has been imposed for non-compliance with Anti-Money Laundering (AML), Know Your Customer (KYC) and sanctions regulations in the last decade.

The top 10 key highlights of the research include:

The US accounts for nearly 44% of all global regulatory AML/KYC fines, yet almost 91% of the total value ($23.52 billion).

Europe has imposed 83 fines, totalling $1.7 billion, the majority being imposed by the UK‘s Financial Conduct Authority (FCA).

Asia Pacific regulators have levied 79 fines worth almost $609 million, commencing in 2011.

The Middle East still lags behind other regions for financial enforcements (recording a total of $9.5 million in the last 10 years).

The US Department of Justice is the most punitive regulator in the world when it comes to imposing financial penalties for non-compliance, levying half of the global AML/sanctions fines amount, nearly $14 billion, followed by the New York Department of Financial Services at $3.6 billion.

US regulators have hit foreign banks hard, imposing fines on European banks nearly five times that imposed against US banks.

Globally, 2015 was the most punitive year for fines, with $11.52 billion levied against banks.

$8.9 billion was the highest single fine ever levied against a bank by one regulator.

Fines for sanctions violations account for 56% of all violations levied globally (by $). This differs from APAC and Europe where AML-related fines far outweigh fines for sanctions violations.

The Nordics is the only region that fines their own domestic banks more than international banks (majority of financial institutions get fined by international regulators rather than their own regulators).

Commenting on the findings, Laura Glynn, Director of Global Regulatory Compliance, Fenergo, has stated that “Up until now, the focus of regulators had been on the US and European markets. However, we are now witnessing regulators in Asia Pacific and The Middle East markets becoming more proactive in their supervisory efforts.”

Closer to home, the Commonwealth Bank of Australia (“CBA”), the largest bank in Australia, agreed to a proposed civil settlement involving a fine of approximately $700 million Australian dollars regarding numerous alleged Anti-Money Laundering (“AML”) and Counter Terrorism Financing (“CTF”) violations.AUSTRAC filed on August 3, 2017 a claim seeking civil monetary penalties against CBA for over 53,000 alleged violations of Australia’s AML/CTF law.Remedial steps taken include the following:
  • Spent over $400 million “on systems, processes and people relating to AML/CTF compliance;”
  • Hired additional financial crime operations, compliance and risk professionals, so as to employ over 300 such professionals;
  • Strengthened its Know Your Customer policies by establishing “a specialist hub providing consistent and high-quality on-boarding of customers;”
  • Enhanced the technology used to monitor accounts and transactions for suspicious activity, and to perform digital electronic customer verification to reduce the risk of document fraud;
  • Imposed an account-based daily limit of $10,000 for cash deposits using IDMs;
  • “[C]hanged senior leadership in the key roles overseeing financial crimes compliance supported by significant resources and clear accountabilities;”
  • “[S]tarted implementing our response to the recommendations provided to us by our prudential regulator;” and
  • Adopted a risk-management approach which recognises the importance of non-financial risks, including a process to escalate operational and compliance issues.
The CBA noted in a press release what it had done during the relevant time period: filed over 44,000 Suspicious Matter Reports, including 264 relating to the individuals or organisations at issue in the enforcement action; submitted a total of over 19 million reports to AUSTRAC; and responded to approximately 20,000 law enforcement requests for assistance in 2017.

In the USA, HSBC Holdings Plc (“HSBC”) announced recently that its five-year Deferred Prosecution Agreement (“DPA”) entered on 11 December 2012 with the US Department of Justice has expired. HSBC lived up to all of its commitments, and, therefore, under the DPA, the Department of Justice will file a motion with the US District Court for the Eastern District of New York seeking the dismissal of the charges deferred by the agreement.

In its statement HSBC stated that it is pleased that the Department of Justice has recognised HSBC’s progress in strengthening its anti-money laundering and sanctions compliance capabilities over the past five years. HSBC is working to ensure that the reforms it has put in place are both effective and sustainable over the long-term, and, given the increasing sophistication of criminal networks that seek to circumvent banks’ controls, HSBC intends for its programme to evolve and improve further over time.

HSBC’s work in this area will continue to be consistent with its strategic objective of implementing the highest or most effective standards to combat financial crime across its operations globally. As a condition of the DPA, HSBC had to ensure that its AML staff would receive training and duly certified by the International Compliance Association.

The author of this article conducted workshops for the HSBC staff in Colombo, Mumbai, Kuala Lumpur and Ho Chin Min City and ensured that all participants passed the on-line test for certification. However, HSBC’s worries are far from over. It was estimated last year that HSBC has set aside $632 million to settle a number of investigations into allegations of tax evasion and other crimes such as money laundering, but expects the amount could go up to $1.5b, according to its interim results. The bank is currently being investigated and reviewed by various authorities around the world, including in the United States, Argentina and India.

At least 18 of the 20 biggest banks in Europe, including five UK institutions, have been fined for offences relating to money laundering. Europe’s biggest banks, including HSBC, Barclays, BNP Paribas, SociétéGénérale and Santander have fallen foul of anti-money laundering authorities, while recent crises at the likes of ING, Danske Bank and Deutsche Bank “only reinforce this impression, demonstrating how no bank is immune to money laundering sanctions, no matter how large”, says Fortytwo Data. With a number of leading British banks also implicated in money laundering scandals,Donald Toon, Director at the National Crime Agency,recenly admitted that money laundering in the UK was “a very big problem” and estimated that the amount of money laundered here each year has now risen to a staggering £150 billion.

Optimism has been expressed by the Central Bank of Sri Lanka that FATF will favourably reviewSri Lanka’s compliant record during an upcoming mission later this year. However, Sri Lanka needs to demonstrate more in terms of implementation to be delisted from the EU list. Both finance business as well as designated finance businesses have much to do to fall in line with mandatory requirements. Ernest Heminway’s famous novel in 1940 was titled ‘For Whom the Bell Tolls’; applied to the Sri Lankan context one would venture to say that it tolls for our finance businesses and designated finance businesses.

(The writer is a Fellow of the International Compliance Association (UK) and can be contacted via ichpl@hotmail.com.)