AML Camelot: “Alert“ centralisation to unwittingly facilitate criminal behaviour

AML Camelot: “Alert“ centralisation to unwittingly facilitate criminal behaviour

„FinCEN files“ [1] – data leaked from the US financial market regulator. Members of AML Camelot gathered to identify potential causes of money laundering and suspicious transactions which the relevant bank departments either detected extremely late or left completely undetected thus allowing organized crime groups to launder their profits through unsuspecting financial institutions.

AML Camelot meeting conclusions:

The FinCEN files case mainly concerned global banks, which the perpetrators abused over years to launder proceeds from crime or evade measures implementing international sanctions. The HSBC Group, for example, which was detected as one of the banks concerned, has been repeatedly and globally sanctioned for violations of measures to prevent legitimization of proceeds of crime and terrorist financing (hereinafter only “AML/CFT“). [2]

Apart from situations where transfers of illegal funds are made with the bank’s knowledge, there are several problems that may cause ineffectiveness of relevant detection mechanisms.

The first and most obvious issue is the poor monitoring system which analyses individual transactions and client behaviour and, based on predefined parameters, subsequently generates indicators of potentially suspicious transactions, i.e. “alerts”. As a rule, large banks use very expensive and robust dedicated software solutions, which should be adequate provided the system gets regularly calibrated and keeps receiving proper input.

Resources or their allocation, however, may become a more serious issue. What does that mean? Due to their cross-border operations, globally operating banks are heavily regulated and must be ‘in compliance’ with numerous rules. The European Union’s anti-money laundering rules keep getting stricter and, at the same time, individual countries continue tightening their risk management nationally through dedicated national laws and bylaws. The banks have become overburdened with the constant influx of new measures and their HR and technical capacities suffer.

Banks work hard to manage their costs and AML/CFT measures tend to be costly. Most big banks have realized that to cut their costs, they must both centralize their software solutions and downsize their human resources. Their solution is called “HUBs”- centres often established in countries offering cheap labour. The primary task of these centres is to centralise examination of “alerts” from the transactional monitoring systems in individual countries of the bank´s operation. Unfortunately, staff of such HUBs tend to examine the “alerts” rather mechanically following standardized process manuals. Moreover, these people usually lack awareness of the country specifics of the location where the suspicious transaction was detected. Similarly, the subsequent examination of “alerts” is often very formal – there is a manual which says that the client must be requested to submit an invoice and is they comply, everything is OK. The chances that somebody would probe into the submitted documents and see whether they make sense in the context of the client in the given country´s environment are low.

There is yet another problem in the deadlines for “alert” examinations in these centres. To reduce costs, “alerts” are often examined in batches in given deadlines. Moreover, individual centres may have so-called escalation levels in place which depend on when the suspicion is confirmed or negated. Each such level has its own additional deadlines. Adding the individual time limits up, we see that it may take hundreds of days for the “alert” to go through the HUB – from the day when it is generated through the time necessary for the examination by the individual levels of investment centres all the way up to the day the notification is sent back to the local level. Due to the above described process, suspicious transactions are sometimes is reported only a year after their actual execution.

The above have also resulted in reduced powers of the local AML/CFT officer, the so called Money Laundering Risk Officer (MLRO). A local MLRO often becomes a “formal element” simply to comply with the local condition requesting a dedicated contact person to communicate with the financial analytical unit, the so-called FAU/FIU, and report suspicious transactions. The local MLRO is thus not part of the alert examination and is reduced to a recipient of a notification from the relevant centre about the results of the examination in which it reads whether the case is or is not suspicious and if it should be reported to the FAU/FIU

Considering the above, we may only conclude that the banks face cumulated risks and system deficiencies, such as the absence of local knowledge, formalistic examination of alerts, disproportionately long examination deadlines and reduced competences of the local MLROs. The combination of all these facts must sooner or later result in system insufficiencies rendering the system to prevent the legitimisation of proceeds of crime or terrorist financing inefficient, as seen in practice in the current FinCEN files case.


[2]     Eg.