AML: Cross-Border Payments ConcernsInternational AML Mandates Expected to Make Waves in 2011
"Some issues come from innovation," he says. "Innovation offers convenience for consumers, but the technology is not usually backed by those who approach it from a compliance angle." Mobile payments are a prime example. "When we think about mobile, and mobile-to-mobile payments, how are those payments being screened?" Jones asks. "And what about prepaid cards? How do we ensure the security of those?"
Jones says U.S. financial institutions are making strides, but keeping up with continual growth in global transactions is challenging. In fact, Jones says an estimated 35 percent U.S. banking institutions do not believe their anti-money-laundering budgets are well aligned with regulatory compliance demands; and the smaller the institutions, the greater the concern. "Community banks that thought they were outside the fray, I would suggest, are anything but," he says. "They are actually in the sweet spot for criminals." During this interview, Jones discusses:
- The impact of international compliance mandates, such as the Single Euro Payments Area scheme;
- The role AML detection and prevention solutions and technologies will play in the future;
- How emerging technologies such as mobile and prepaid could be used for money laundering.
Hugh M. Jones IV leads the global businesses for Accuity and NRS, providers of payment routing solutions and KYC, SEC and FINRA compliance adherence solutions. Jones also led Accuity's strategic acquisitions of European payment data supplier CB.Net and a stake in compliance screening provider WorldCompliance. Prior to joining Accuity, Jones spent five years at IntrinsiQ Research. He also served as a global managing director at Datamonitor and an engagement manager at Deloitte Consulting. He holds a bachelor's degree from Yale University and a master's degree in business administration from the University of Michigan.
More Cross-Border Payments and FraudTRACY KITTEN: As international payments increase, the payment's landscape is becoming more global. An uptick in cross-border payments has heightened concerns about money laundering, and 2011 is expected to see greater pressures from international agencies aimed at fighting AML. It's also expected to be a year when holes in global payment structures are increasingly targeted by international criminals. I'm here today with Hugh Jones, the CEO and president of Accuity, a global AML solutions provider. Hugh, could you give our audience a little background about some of the global agencies you work with and why you see 2011 being a year of increased cross-border money laundering.
HUGH JONES: Accuity has been in the payment-routing and compliance business for over 100 years. We are celebrating our hundredth year as the registrar for the United States routing numbers with the ABA (American Bankers Association). We work with similar organizations in Europe, with the European Payments Council and the European Banking Association. In those roles and others we have a seat at the table to see what regulations will be, what payments look like when they cross borders, and, unfortunately, we're able to also see, of course, when people try to stop playing by the rules. I don't think it's surprising to anybody to understand the cross-border payments are increasing. Certainly SEPA (the Single Euro Payments Area) has an increased number of cross-border payments in a single day; and despite the current economic trends, there is no end in sight. Basically, what this is showing is that businesses and markets continue to globalize, and it follows that as businesses and markets continue to globalize, financial crime will certainly follow the same path. The bad guys will look to exploit loopholes across financial systems in the same way they do within other systems. As we increase the complexity of cross-border transactions, that creates some opportunities for what I will call "nefarious intent."
Technology Investments and ComplianceKITTEN: You've noted that many financial firms have not made adequate investments in anti-money laundering solutions. What evidence do you have that suggests the industry is lagging?
JONES: We can see that investments can be have both direct and indirect costs You might buy better data lists, or you might buy better filtering software. And indirect costs, such managerial focus, let's say, or staff training on how to screen and when you screen, as well as your policy and procedures for keeping documents or screening people that have already passed procedures, also have to be considered. So, companies and banks look for ways to reduce costs. What we are finding is there are so many companies, large companies and banks, that use free lists. Lists that are available for free on the Internet, but those lists are full of holes. Unless the company deploys significant resources to fill those holes, they are at risk of a violation. It is the burden of companies to make sure they are not doing business with any particular bank branch on that list, regardless of whether that bank branch is in a sanctioned country or an unsanctioned country. Regulations are going to become tighter in the future. It's not simply my word; a report about a year ago noted that only about 65 percent of financial institutions felt that budgets for anti-money laundering were aligned with regulatory compliance demands. But the news actually gets worse, because, according to this report, only 25 percent of the community banks that responded said budgets were aligned with demands. I do want to make sure people understand that. Criminals go where they see opportunities. So, are they really going to go to a Tier 1 bank, where they can reasonably believe they will have a number of security measures? Maybe they will, if they are very sophisticated; or maybe they will use an opportunity to go to a community bank, where the security protocols are lax. So, actually, those community banks that thought they were outside of the fray, I would suggest, from our experience working in the trenches, they are anything but outside the fray. They are actually in the sweet spot, if you're a criminal.
U.S. Banks Trail EuropeKITTEN: And Hugh, would you say that U.S. banks and financial-services providers are lagging?
JONES: In some cases, yes; in some cases, no. Certainly, some of the Tier 1 financial banks in the United States are best-in-class, when it comes to attacking this issue. I think that in many cases, with the exception of screening for politically exposed persons, those are on par with the Western Europe. In Eastern Europe, I imagine that the United States, from what I've seen, is actually ahead; and the same is true with Latin America, A-Pac (Asia-Pacific), the Middle East and Africa. But even in those regions, they are pouring investment dollars in to try to bring up their systems up to speed with the United States. We are seeing a shift away, from institutions all over the world, from buying check-the-box services toward reviewing their real risk exposure. The demands are increasing, and they are increasing in many of the growing economies as they wake up and realize, "Wow. I want to do business with Western Europe and I want to do business with the United States. In order to do business with those two regions, I need to play by their rules. Therefore, I better do something more than check the box."
New AML RequirementsKITTEN: Now, when we talk about fraud detection and prevention, it's get to be a touchy issue with a number of financial institutions and one reason is that it is difficult to show the return on investment. You've talked about non-compliance when it comes to AML requirements and of course those are picking up. Can you explain, and do you think that banks are actually beginning to understand that there is a return on investment; it's just not something that they may see immediately?
JONES: Yes, I think that is a great question. Let's first start by what happens in the board room when you disclose to the board that OFAC is handing down a $100 million dollar fine. Do you really think at the board level they are saying, "Geez, that $2 million dollars we could have spent on drawing up our services would have been a wise investment?" So, simply by the framework of fines, I think, at the board level, firms around the world are realizing that actually increasing their investment is a way to reduce the risk argument, which makes sense. You take the expected value of the fine times the chance of being caught; you're going to get a higher number now of people assigned to those fines. That is one. The second can actually be calculated in many ways. It can be delivered as an improvement in the end-to-end disposition process. And by that I mean the false-positive reduction and case-management efficiencies that you can find by using a sophisticated software and data provider. So, whatever you were spending before you made that investment probably required people in seats to take a look at hits and they have to discover whether that is a true hit or a false hit -- a false positive or a real bad guy -- and that takes money. It takes money and it takes people. There are Tier 1 banks in the world today that use well over 100 people to do that every single day. Now, if using a solution, it reduces that by 80 percent. That is eighty heads, so there is ROI there. You need to understand that the game has changed since just a few years ago. We had, really, only a list in which maybe 10 entities on that list changed five or six times a year. Today, Tracy, we have about 80 sanction lists and over 200 subsets of those lists in multiple languages that change daily. And if you are a global organization, you are going to be affected by the vast majority of those lists. Even if you are regional, going on a regional and global footprint, you are going to be affected by a number of those lists.
What used to be managed by sort of one or two individuals, at most, now sometimes takes an army of people to manage. So, if you make that argument, that we are under-invested, that we need to make this kind of investment in order to handle all of these lists and all of these hits, then you might want to make an argument that by using superior software and data and great process control, we will then reduce our capital outlay while maintaining an acceptable risk level.
Globalization and Payments GapsKITTEN: Now you've talked quite a bit, Hugh, about globalization and the fact that it is fueling money laundering; but can you talk a little bit about the gaps in the global payment's infrastructure. How are those gaps to blame? How are they fueling money laundering?
JONES: Well, there are a few areas there. First, geographically, in some of the emerging economies of Asia and Africa, we have various payment infrastructures that have not developed to the types or standard regulatory controls that we would argue are necessary to combat and avoid criminal malfeasants. So, there are emerging players in the global sphere that, in the same way a single security checkpoint at a single airport in a single country actually makes the whole system of their traffic control more dangerous, if it is lax, we have the same thing here. There are holes in emerging economies for checks of new customers who are OK one day but then turn bad. They were co-opted, let's say, but they never screened again. Those types of checks don't happen, and therefore the security is lax, much like it would be if you had a lax security checkpoint in an airport. So, again, the more jurisdictions that exist with the lack of developed AML controls, the greater propensity for criminal activity in a globalized world.
KITTEN: And what steps are international regulatory bodies taking to fight money laundering, and what new global requirements do you expect banks to face in the coming year?
JONES: The types of regulations we've seen in the past five years or so in the United Kingdom and the EU and the U.S. will likely become far more prevalent in Eastern Europe, Russia, China, Africa and Latin American countries. It is still acceptable to bribe, for example, in certain cultures. It is accepted to even bribe government officials in the police forces of the world, as well as the business forces of the world. Those types of cultural methods will likely be changing, as the countries wish to participate on a global sphere. So, specifically, you should expect to see increase screening for politically exposed people, and you should expect to see increased regulatory pressure on audit trails to show that you not only screen new clients or customers, but that you also screen old clients and customers, as well as your employees.
Think, for a moment, of what would happen if somebody provided a large transport company with a box, and the box had a bomb and that bomb was caught, let's just say, in the port of Dubai; and it happened to look like a toner cartridge. Sounds familiar, right? But what would happen if the person who actually delivered that box to be mailed was actually delivering it to a customer behind the counter? All of a sudden you've got a major leak in your security system. So, I believe that international regulatory bodies will take finer points to these regulations to say, "Here are the rules for screening." And they are far more significant than simply know your customer when they come in to open an account. It will be, "Always know your customer. Continually know who you are hiring, and know your employees once they are hired." That will increase the burden, but it will also increase safety.
SEPA's Global EffectKITTEN: I would like to ask a question that might not necessarily be applicable when we talk about the regulatory environment, but what about the Single Euro Payments Area and some of the initiatives that you are seeing in Europe? What are those initiatives, and how are they expected to impact U.S. organizations, if at all?
JONES: Well, the SEPA change will impact many corporations around the world that are not currently in compliance with the SEPA payment scheme. It will increase their cost, if they are non-compliant. They will be charged for non-compliant payments, and you'd be surprised how many businesses around the world are not SEPA-compliant. So, that will be a significant investment for them. We suspect that within the next 12 to 15 months that it is going to really start heating up and corporations around the world are going to need to know what it takes to be SEPA-compliant. What we're seeing, of course, is that they are looking at their records of payment that they have in-house and are cleansing them, or, in effect, transforming them into SEPA-compliant payments; so that is a cost. It is also true that if you make a SEPA payment, which is a faster payment, it's a lower cost and that also will be screened. So, you will certainly have screening for SEPA payments and you will not be, in the future, able to simply rely upon correspondent banking relationships to handle that for you. They will either charge you for the privilege or they will ask you to get your house in order before you actually send them a payment.
KITTEN: And for U.S. organizations, how might they meet this compliance or what are some of the ramifications?
JONES: Well, I suppose if you are a U.S. organization and you don't make cross-border payments, then you don't have to worry about it as much. But most organizations do, either for supply chains or for clients. So, if you are sending payments over into the Euro world, you do need to worry about it. Otherwise, your costs are going to go up. So, even if you are a U.S. company, SEPA is coming right at your doorstep; and, again, as I said, that will be in 12 to 15 months, in my opinion.
Security RisksKITTEN: Now, let's go back to talk a little bit about some of the payment holes, the payment gaps that we talked about earlier, Hugh. What are some of the potential payments gaps that are likely to impose increasing risks for bankers and other businesses?
JONES: Well, some of the issues stem from innovation, and new payment methods are actually quite useful at exploiting convenience for the consumer. That convenience is almost always backed by new technology, excited entrepreneurs, and it's not normally backed by people who look to the compliance angle. So, for example, if I think about emerging payment methods like mobile payments using your phone, going from mobile phone to mobile phone, is that payment going to be screened? Is my mobile phone payment going to go to somebody who works for Al-Qaeda? Are 500 payments going to go to people from Al-Qaeda? What about prepaid cards? So, if I can put cash on a card and then I can ship the card and that person can use that card any way they wish and get cash back in some way, shape or form, maybe they don't spend all the cards. They can get cash back from the customer service rep. Is that screened? Of course it is not screened right now. What about instant cards? It's actually quite captivating. You can create a series of instant credit cards for your employees to be used on specific things or specific cards, or specific gasoline payments; but when you create those, are they screened? How are they being screened? And then, of course, you have the sort of fun ideas of gold dispensing ATMs, so I'm putting currency in an ATM and getting gold. That one is always exciting to me. I certainly hope that they are screening there at that ATM. I'm not sure that anyone would argue that it is very difficult to turn gold into money. That is about as liquid as you get, in some ways.
Regulatory PressuresKITTEN: When we talk about regulatory pressures within the U.S. and outside the U.S., what mandates do you see putting the greatest pressure on financial-services provider?
JONES: The U.K. Bribery Act comes to mind. It has been put only slightly on a back-burner; but only for a little bit. It has implications that are far broader than the U.K.'s borders. Although the focus has slowed some, it basically says you need to make sure that your organization is not conducting business in a way that we would consider to be bribery. The FCPA are increasing their staff, by over 200 percent in about 12 months. There are fines. The idea that bribery can get things done in the world is going to go away as these fines increase, and in order to make sure and to prove to those regulators, whether they are coming from the U.K. or they are coming from the U.S., that you do not engage in bribery is difficult. I've heard many times that people say the FCPA does not force you to screen for politically exposed people, but actually screening for PEPs is one of the best defenses that you have for showing the regulators that you are in compliance. It's OK to do business with PEPs, but you've got to know who you are doing business with and you've got to know that they're not using their role as a political podium to extract business in unfair ways. So, I think that those two areas are going to be increasing. Certainly the creation of the IACH, or International ACH, and requirements for screening those types of transactions is something still a bit new to the industry. It is 18 months old, and we have some Tier 1 financial institutions that have incorporated these capabilities. The downstream institutions, in our experience, are relying on their correspondent banks to handle it. We believe that will permeate all the way through. So the international ACH transaction protocol does create a burden for downstream banks and they will need to screen for that, and they will need to comply with International ACH codes.
It is also possible, finally, that we will see increasing regulations on beneficiary owners. Is it OK to do business with somebody who has a bad guy on the board, or who has a bad guy who is beneficial owner, somebody who is a minority owner but still has weight in the company. It is very difficult. There are number of solutions on the market for determining beneficial owners, but obviously, Jack Bauer and "24" aside, it's that not easy to determine who is the beneficial owner. How deep do you need to go to make sure that the business that you are about to transact with is clear of beneficial owners who are not on sanction lists?
KITTEN: And before closing, Hugh, could you give us a two-minute global overview of payments and AML in 2011. What are the top issues and concerns banks and credit unions should be mindful of?
JONES: Well, first of all, every time you open the paper you're seeing regimes change right, Tunisia, Egypt and Sudan. So, just consider that for a second. Who stays on as a sanctioned person or entity or country and who moves off a list? Remember that one regime's hero is another regime's goat, right? If I just pick Egypt, you can just easily see that the ruling party in Egypt used to be, of course, beyond suspicion and certainly was fine to do business with. But a year from now, do you think that is going to be the case? Will that be the case in Tunisia, or will it be the case in Sudan, because now they've had a peaceful split and the United States has said publically that should they follow the laws, Sudan will be taken off of a sanction list? So, the changes that are going to occur in the next 12 months are going to be historic; you really do need to stay on top of that or you're going to be screening against the wrong people. And I do also believe that link that I suggested earlier between FCPA and politically exposed peoples screening will increase. Regulators will increase their investigation of are you truly compliant or are you not. I've heard many times that screening is not necessary in United States. I suggest that you take a look at that, and I argue it may not technically be necessary, but it sure does provide a great defense against FCPA.
Finally, an understanding that the smaller banks around the world, community or regional banks, are actually at higher risk for money laundering. Those are three large trends that I see playing out over the next one to three years.