Money laundering crimes, when discovered, are dealt with a heavy hand by law enforcement authorities. Record penalties and fines have been imposed on some of the world’s largest institutions held responsible for supporting money laundering in any way, knowingly or not, and violating laws relating to money transfers and payments.
Could the blockchain concept, in its extended application – more precisely, distributed ledgers, do better?
Sure there are some big breakthrough cases and record penalties inflicted on some of the world’s largest financial institutions. But these cases are the products of painstaking detective work undertaken over a long period of time and often involving insiders / whistle-blowers. Despite the AML controls that must be complied with and exemplary punishments, global money laundering flows are estimated to be as high as 5% of the world’s GDP – just over $2 trillion.
Critics claim that Anti-Money Laundering (AML) rules and regulations are outdated and pretty much ineffective. The approach favoured by regulators is to encourage banks and other financial entities to hire more people and invest more money to implement AML controls and impose penalties. Yet the effectiveness of these controls has never been empirically established. No serious studies have been undertaken to determine the results these procedures produce.
When discovered, money laundering cases can be seriously damaging for the financial institutions involved. Money laundering, aiding and abetting anyone involved in illegal transfer of funds, non-compliance with AML controls, attract criminal prosecution in most markets, hefty fines, and this also means losing the privilege to continue all or some of the legitimate business activities such as currency trading or payment facilitation.
In 2012, HSBC Bank was fined a whopping $2 billion by US authorities for violations of AML regulations in Mexico. The bank had allegedly been the partner of choice for Mexico’s Sinaloa cartel which counted Guzman “El Chapo”, the drug lord who was recently arrested and extradited to the United States. In a 300-page report to the US Senate, the Mexican office of the bank was shown to be a willful partner of the Sinaloa cartel. Other money laundering violations involved the Colombia Norte del Valle cartel. A drug lord was on record saying that HSBC Mexico “was the place to launder money”. Despite all this and the issues relating to money laundering in the country, the bank assigned Mexico its lowest risk rating and reportedly excluded hundreds of billions of dollars from AML monitoring reports.
The US Senate investigation into the matter said that the bank acted as a conduit for “drug kingpins and rogue nations”.
In addition to aiding and abetting criminal businesses, facilitating international payments for “rogue nations” which are on a country’s sanctions list are also classified as money laundering by the US authorities. Banks who violate these sanctions can be heavily fined or else risk losing the privilege of taking part in dollar denominated international transactions (if they violate US sanctions). Whether one agrees with the political arguments or subscribes to a different definition of what constitutes a rogue nation, a bank or any business for that matter must not violate the sanctions imposed by the nation in whose jurisdiction or with whose currency the organisation runs a significant part of its business.
In 2014, the French bank BNP was charged by the US authorities for undertaking, “through a series of egregious schemes to evade detection and with the knowledge of multiple senior executives, BNP employees concealed more than $190 billion in transactions between 2002 and 2012 for clients subject to U.S. sanctions including Sudan, Iran and Cuba”. The bank was said to be “essentially functioned as the central bank for the government of Sudan…
Outdated AML Controls
Industry observers believe, notwithstanding the high profile prosecutions, most of illegal money flows continue to pass through the preventive network of anti-money laundering rules and regulations, undetected.
The Financial Crimes Enforcement Network (FinCEN) in the United States or internationally, the Financial Action Task Force (FATF) or several other organisations in regional or domestic jurisdictions including central banks set out rules and guidelines that must be complied with.
There are specific laws that must be respected such as in the US, the International Emergency Economic Powers Act (IEEPA) and the Trading with the Enemy Act (TWEA) which BNP had been accused of conspiring to violate. In the EU, the Money laundering Directive has to be applied to develop laws and rules at the state level.
Critics say that there are a number of serious problems with the Anti Money Laundering systems and procedures that are in place today. But AML compliance requirements are so far entrenched in the financial infrastructure that it will be difficult to displace without disrupting the whole system.
Some of the problems with today’s AML controls are discussed below:
Brawn Not Brains
Reports and papers authored by academics have found systemic flaws in the AML guidance and in the form of controls and rules that exist today.
Regulators seem to encourage banks to spend more by hiring more and more employees to comb through an institution’s financial transactions and to check compliance with the rules and regulations.
In a paper published in the Notre Dame Law Journal, the paper’s authors observe that no tests have been carried out nor has any data been collected and analysed to understand how effective AML controls are in the first place. Just spend more and hire more seems to be the message from the regulators (Lanier Saperstein, Geoffrey Sant & Michelle Ng – Notre Dame Law review).
The present compliance frameworks set out by authorities focus on processes and not on performance or the unintended consequences of the threat of punishment that brings untold suffering on many people. For example, the abandonment of money transfers to Somalia by most banks over the last few years because of fear of heavy fines has created intense humanitarian hardship in the war torn country and has sent money transfers underground.
Though the prosecution of cases against some of the world’s largest financial institutions as described above does happen, a majority of money laundering channels remain undetected and when they do get discovered, the perpetrators simply move to new means and new partners to continue the monetary traffic. There is little sharing of information across governments and regulators.
For The Sake Of Compliance
Banks and other institutions are fined for non-compliance not because there was something illegal or irregular that took place but simply because AML rules had not been complied with.
Standard Chartered Bank was fined $300 million a few years ago not because there was evidence of money laundering available to the authorities but simply because the bank’s compliance was considered to be below par and there were supposed weaknesses in its New York branch in relation to AML systems and controls.
There are other cases like that.
In the Notre Dame Law Journal paper the authors argue that, “the regulators have been punishing the banks not because of any actual money laundering, but rather because the banks did not meet the regulators’ own subjective vision of the ideal anti–money laundering or counter–terrorist financing program.”
Most of the time international banking transactions that are caught in the preventive net of automated controls and sanctions lists are flagged as suspicious are only missing some necessary information.
These are sent back to the originators who complete the information and resubmit. The red flags are thus raised in an overwhelming number of cases for regular transactions making the personnel overseeing these, view these as just ordinary transactions.
Every institution engaged in transfer of funds is obliged to prepare and submit detailed reports such as, in the US, Currency Transaction Reports (CTRs) for transactions above $10,000 and Suspicious Activity Reports (SARs) relating to what could be illegal activity.
Reports are filled out in such huge numbers, hundreds of thousands, that it is impossible for an entity with even with vast resources of a governmental agency at its disposal to process and review and identify potential illegal activity.
Often after a high profile case such as those described above, the filing of SARs suddenly goes up as people become over-cautious to ensure compliance.
The international money movement system is complex and criminals often channel transactions through multiple accounts so that the origination and termination of transactions cannot be fully tracked or understood. In the BNP case, the bank admitted to setting up elaborate “structures” to route payments through other “satellite” banks in order to disguise the point of origination for such transactions.
Risk management systems as they are available today are not always able to track complex transaction trails especially when the practice of “information stripping” has been deployed where some key information is deliberately left out by those in the know so as not to trigger any key words in sanction list databases.
Can Distributed Ledger (DL) Systems Help?
Two things to note: First, this article is focused on money laundering via international value transfers only, which are usually high value not on the variety of activities that fall in the broader definition of money laundering. Second, references to blockchain in the context of this article relate to distributed ledger systems and not necessarily to blockchain as envisioned within the Bitcoin system.
A little context around blockchain and distributed ledgers repeated from a previous blogpost:
- The concept of blockchain was developed to support a virtual decentralised currency system called Bitcoin but the world’s financial systems work with centralised or “fiat” currencies, those issued by governments and considered legal tender in the country of issue. Decentralised systems are essentially “trust-less” systems since there is no central “trusted” authority or a single entity so decisions are driven through logic and consensus programmed into the system.
- The blockchain is an irrefutable and unchangeable record of past transactions and as such serves to establish ownership and the right to transfer bitcoins. It also guards against a rightful owner spending bitcoins twice. A Bitcoin transaction is validated by consensus by a network of computers or nodes participating in the virtual currency system and not by a single centralised authority responsible for record keeping. The blockchain ensures the Bitcoin system is “permissionless”, requiring no central authority approval or decision, and therefore autonomous.
- Distributed ledger systems encompass a much broader definition. While a blockchain as originally envisaged by its creators works essentially within the Bitcoin system, distributed ledger architecture can support all types of systems. In financial services a distributed ledger system is likely to be permissioned and therefore less autonomous. It can be deployed with varying levels of control and flexibility.
Distribued ledger systems can provide the basic infrastructure and tools for various areas within risk management and money laundering. Of-course developing a DL based system will require incurring costs and pooling shared resources and will take time to come to fruition.
In the context of AML activities, there are some clear benefits of following a DL approach:
The legitimate credentials of the two primary parties to a transaction – the originator and the beneficiary – must be verified. A DL system can provide a digital certificate that can be checked quickly by any participating entity to ensure the credentials are verified and also to review the types of credentials verified at the time of onboarding (and check if any information is missing).
DL systems will not revolutionise the Know-Your-Customer (KYC) process but enable banks and other financial entities as well as law enforcement officials to check credentials of parties involved in a value transfer transaction in a quick and timely manner.
An additional element could be added to the KYC process which is the reputational score or track record of the financial intermediary undertaking the KYC check. There is already talk about multi-market KYC “utilities” that provide more robust proof of identity. But such utilities are likely to be controlled by technology vendors while a distributed architecture would benefit everyone provided they are eligible and meet the criteria for joining the network.
A distributed ledger approach will not be able to discover or prevent KYC fraud where individuals or entities use fake or stolen credentials to open bank accounts as was the case with the Bangladesh Bank heist when hackers stole millions from the bank’s accounts with the NY Fed earlier this year and routed the funds to account opened with fake credentials at a Philippine bank.
Maintaining Audit Trail
A fundamental feature of a DL architecture is that it validates and authenticates the chain of value transfers in an open and transparent manner so that each transaction is checked and validated by anyone participating in the system without the need for centralised oversight.
In the DL approach, funds transfers can be recorded using private digital keys by both the originator and the beneficiary. While this may not be feasible for smaller money transfer transactions, the large funds transfers between institutions and corporates will be digitally recorded and verifiable by those who participate in the distributed ledger system.
In other words, it will be much harder to lose track of the source and destination of a transaction simply because criminals undertake several transactions and deploy multiple “satellite” banks to break off the trail. This type of transparency does not mean that all bank transactions will be out in the open for everyone to examine.
In fact, the DL system, unlike the blockchain which is inherently open and transparent, will be confidential and only accessible to those involved in the transaction to validate the potential risk of a transaction without revealing to third parties the details of that particular transaction. The transaction trail could also be checked by those responsible for risk management in an organisation or the authorities and law enforcement officials.
Speed of Discovery and Intervention
In a fully deployed DL system, participants whether banks, central banks, or corporates or any other related entities, will be able to share information on all transactions by contributing to the extended distributed ledger. Algorithms built in to the DL system will be able to identify patterns and analyse data on an aggregate level. Regulators will be able to monitor activity at many levels and determine the risk of a specific transaction channel in a much more scientific and meaningful manner.
Arguably, a mega centralised system will be able to do the same but in the DL environment, local databases will be leveraged so there will be no need to construct and maintain a monstrously big centralised authority complete with its own army of compliance staff and special technology and infrastructure. The work of individual entities and specific markets will be taken into consideration and the system will be updated for law enforcement authorities both at local and global levels in a very timely manner.
Today this sharing of data across institutions is at a very rudimentary level. Information that is shared is not readily available to everyone in the system.
DL systems would better determine the probability that a certain corridor or institution or even specific transactions have been compromised. This will reduce, if not eliminate, the ease with which criminals are able to send money over international payment systems. It will also help one institutional system to alert another of a transaction or set of transactions that potentially could be illegal or on the borderline requiring further checks.