EUROPEAN COMMISSION
Brussels, 24.7.2019
COM(2019) 373 final
REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL
on the assessment of recent alleged money laundering cases involving EU credit institutions
This document is an excerpt from the EUR-Lex website
Document 52019DC0373
REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL on the assessment of recent alleged money laundering cases involving EU credit institutions
REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL on the assessment of recent alleged money laundering cases involving EU credit institutions
REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL on the assessment of recent alleged money laundering cases involving EU credit institutions
COM/2019/373 final
EUROPEAN COMMISSION
Brussels, 24.7.2019
COM(2019) 373 final
REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL
on the assessment of recent alleged money laundering cases involving EU credit institutions
REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL
on the assessment of recent alleged money laundering cases involving EU credit institutions
I.Introduction
Over time, the Union has developed a solid regulatory framework for preventing money laundering and terrorist financing, in line with international standards adopted by the Financial Action Task Force. However there have been a number of recent incidents involving European banks which have focused attention on how Union rules have been implemented.
On 12 September 2018, the Commission published a Communication 1 proposing immediate actions intended to address some of the more readily identifiable regulatory and institutional inadequacies, followed by a more recent Communication on the Economic and Monetary Union 2 , in which the Commission reiterated that those immediate actions must be followed by a deeper reflection about what further measures might be needed in order to ensure the effectiveness of the framework for anti-money laundering and countering the financing of terrorism in the long-term.
The Union’s co-legislators also agree on the need to identify any structural flaws in the current regulatory and supervisory framework. 3 The European Parliament’s Committee on Financial Crimes, Tax Evasion and Tax Avoidance and the Committee on Economic and Monetary Affairs have repeatedly called for the adequacy of the current framework to be assessed. On 4 December 2018 the Council adopted conclusions on an Anti-Money Laundering action plan, 4 inviting the Commission to conduct “a post-mortem review of the recent alleged money laundering cases involving EU credit institutions.”
This report constitutes the Commission’s response. Its principal aim is to indicate the shortcomings and lessons learnt and to provide evidence with a view to informing any further policy actions, should they be considered necessary. Evidence is drawn from case studies covering a sample of ten banks 5 during the period 2012-2018, although some of the events studied date back earlier. Banks were chosen following the invitation of the the Council and with a view to ensuring a sufficiently comprehensive picture of anti-money laundering-related shortcomings, across different types of credit institutions 6 and covering a range of different supervisory responses, as well as considering the impact of the cases. The selection of cases should by no means be seen as an imputation of blame or responsibility regarding individual banks or public authorities, nor as an indication that there have not been any problems regarding other banks or public authorities. It is noted that this Report is without prejudice to the right of the Commission to launch infringment proceedings against Member States for breaches of Union law.
During the reference period, regulatory and institutional frameworks have evolved substantially. The applicable legal requirements were contained in either the 3rd or the 4th Anti-Money Laundering Directive. 7 Other requirements pertaining to governance and risk management systems stemmed from the 3rd and 4th Capital Requirements Directive. 8
The Commission drew evidence from desk research as well as discussions with the credit institutions and public authorities across eleven Member States. The European Central Bank in its supervisory capacity and the three European Supervisory Authorities were also closely associated.
While the report seeks mainly to present findings that are common to all or several case studies analysed, it is inevitable that the focus on individual cases has also identified issues which may be specific to a particular bank or jurisdiction. In such cases, the findings have only been described where, due to their severity or specific nature, they might provide specific lessons regarding the Union’s legal or institutional framework.
The findings are organised into two categories:
·highlighting events within credit institutions;
·examining how the various public authorities acted in relation to events.
While it is important to understand the context of the legal framework applicable at the time of the events, it is also useful to view the findings from the perspective of recent regulatory and institutional developments, in particular the adoption of the 5th Anti-Money Laundering Directive, the 5th Capital Requirements Directive 9 and the review of the European Supervisory Authorities. 10 Furthermore, this report should be looked at in conjunction with the Commission’s Supranational Risk Assessment Report, 11 the Commission’s report on Financial Intelligence Units 12 and the Commission’s report on the interconnection of national centralised automated mechanisms of the Member States on bank accounts, 13 all published at the same time as this report.
The fight against money laundering and terrorist financing is a continuous task underpinned by a regulatory framework that requires regular updates to keep pace with new developments. Much has been achieved to improve the existing framework, particularly through the legislative adjustments made since 2018. Yet it becomes ever more apparent that the application of the framework is largely divergent, presenting a structural problem in the Union’s capacity to prevent that the financial system is used for illegitimate purposes.
II.Findings related to credit institutions’ anti-money laundering/countering the financing of terrorism defence systems
While the review of cases has identified flaws in the anti-money laundering/countering the financing of terrorism systems across all the credit institutions included in our sample, not all shortcomings are identical and the joint analysis has resulted in the compilation of an indicative typology of failures, which is not necessarily common to all institutions analysed. 14
The analysis has identified four broad categories under which shortcomings may be grouped:
1)ineffective or lack of compliance with the legal requirements for anti-money laundering/countering the financing of terrorism systems and controls;
2)governance failures in relation to anti-money laundering/countering the financing of terrorism;
3)misalignments between risk appetite and risk management;
4)negligence of group anti-money laundering/countering the financing of terrorism policies.
1.Anti-money laundering/Countering the financing of terrorism compliance failures
Under the Union’s anti-money laundering/countering the financing of terrorism legal framework, credit institutions are required to: (i) identify and assess the risks of money laundering and terrorism financing and have in place policies, controls and procedures to mitigate and manage effectively such risks; (ii) carry out adequate customer due diligence; and (iii) adequately inform the Financial Intelligence Unit of any suspicions of money laundering/terrorist financingl.
In many of the cases assessed, credit institutions did not prioritise compliance with anti-money laundering/countering the financing of terrorism legislation in their policies. In some cases, although control systems were formally in place, no overall money laundering/terrorist financing risk assessment was conducted at either the level of individual entities or at group level. Furthermore, compliance departments were in some cases understaffed, or the compliance function was rarely involved in ultimate decision-making.
As a consequence of their failure to perform adequate customer due diligence, some credit institutions had insufficient understanding of their customers’ actual operations and were ultimately unable to draw meaningful conclusions as to whether or not a customer’s activity was suspicious. Many credit institutions had difficulties to determine the identity of the beneficial owners behind their customers due to the fact that identification is burdensome and beneficial ownership registers were not yet in place. In several cases, whereas the institutions were conducting business with a significant number of politically exposed persons, they were neither identified as such, nor treated as high-risk customers, in violation of national laws transposing the Anti-Money Laundering Directive. In other cases, shortcomings related to remote booking models rendered elements of transaction monitoring more difficult (for example, knowing the origins of orders and payments or identifying linked trades across different jurisdictions 15 ).
Finally, certain shortcomings could be identified as regards reporting to Financial Intelligence Units. For instance, in a specific case the number of alerts generated by automated monitoring systems was capped to a number that was considered appropriate in relation to the number of staff managing such alerts, whilst in other instances credit institutions did not have in place appropriate risk assessment tools to be able to analyse transactions. In most cases, the number of suspicious transaction reports filed was low – and the number of actionable suspicious transaction reports was even lower.
In a small number of cases examined, employees may have been directly involved in committing money laundering, or in assisting customers in committing the offence. 16 In other cases, negligence related to anti-money laundering/countering the financing of terrorism controls made money laundering by customers possible or highly probable.
Case study: Implementation of anti-money laundering policies and controls
In one instance, national criminal investigations involving several organisations that held accounts at a bank led to suspicion that the bank or its employees contributed to making money laundering through these accounts possible. The subsequent broadening of investigations to the bank’s policies and procedures revealed major deficiencies in the application of anti-money laundering/countering the financing of terrorism controls by the bank in relation to customer due diligence, transaction monitoring and reporting of suspicious transactions, despite apparently robust anti-money laundering/countering the financing of terrorism policies and controls displayed in documentation.
2.Governance failures
Under the Capital Requirements Directive, 17 credit institutions should have governance arrangements in place to ensure sound and effective risk management. This includes adequate internal control mechanisms that should prevent failures in the compliance framework. The analysis revealed deficiencies in credit institutions' anti-money laundering/countering the financing of terrorism-related governance arrangements (including the "three lines of defence"), 18 their internal reporting, group policies and the senior management’s responsibilities and accountability. Those deficiencies may have played a significant role in facilitating money laundering within a number of credit institutions, or exposing them to money laundering due to ineffective anti-money laundering/countering the financing of terrorism prevention.
The three lines of defence
In most of the cases analysed, there was evidence of weaknesses with regard to one or more lines of defence, as well as weaknesses in the way those responsible in the different lines of defence interacted with each other. In the most serious cases, the first line of defence (business units) was practically non-existent, as the employees in the business origination did not fulfil basic obligations under anti-money laundering/countering the financing of terrorism framework, such as recognising or reporting suspicious types of customer and transactions. Often the second line of defence (risk management and compliance) also turned out to be inadequate, as it either did not correctly assess and mitigate weaknesses identified by the ‘front line’ employees or did not acknowledge compliance failures by ‘front line’ employees. In several cases, the third line (internal audit) seemed not to have adequately prioritised anti-money laundering/countering the financing of terrorism work, was not independent from the ‘front line’, or did not receive sufficient attention from senior management. Moreover, the resource allocation or responsiveness of the three lines of defence was often not commensurate to the levels of money laundering/terrorist financing risks to which the institution was exposed, or remained static (and therefore increasingly inadequate) despite the credit institution engaging in higher risk activities.
Internal reporting of money laundering/terrorist financing risks
In most cases, the internal reporting of money laundering and terrorism financing risks from business lines and control functions to local or senior management was not adequately established or followed. Information reaching senior management was often also not sufficiently comprehensive to enable informed decisions. In large cross-border banking groups, reporting deficiencies also appeared to be caused by the absence of translations of audit reports, and difficulties for local staff to get access to the top management of the credit institution in another Member State.
Case study: Failures in traditional lines of defence and internal reporting
In one case, it was pursuant to a whistle-blower report about risky business and suspicious money flows in certain group entities that the Board triggered internal investigations. Local management had not reported any issues to the Board, nor did the Board read local internal audit reports (drafted in local language).
Senior management's responsibilities and accountability
In several cases, the senior management of credit institutions was not sufficiently informed about failures related to compliance with anti-money laundering/countering the financing of terrorism requirements and money laundering risks, and hence unable to recognise and address failures in an adequate and timely manner. In some cases, the corporate culture promoted by senior management focused predominantly on profitability over compliance. Where internal investigations were conducted upon request of the senior management, they were sometimes very limited in scope, although the level of risk should have triggered a much more comprehensive response. Failures in the role of senior management in large and complex credit institutions also resulted from a limited attention span of senior management for problems in smaller business units, despite the disproportionate amount of damage that would result for the credit institution as a consequence of anti-money laundering/countering the financing of terrorism issues arising in such business units.
Case study: Role of senior management
In one instance, the composition of the management board of the bank has changed several times, including upon request of the supervisory authority. The supervisor was dissatisfied with the inability of several consecutive boards to steer the business away from an exclusive focus on high risk areas or customers.
3.Business model and risk appetite
The analysis of cases suggests that certain credit institutions may have actively pursued business models that are risky from an anti-money laundering/countering the financing of terrorism perspective. More specifically, it appears that some institutions engaged in high-risk business carried out directly in certain (especially third country) jurisdictions or originating from such jurisdictions, and based their business model almost exclusively on non-resident deposits without establishing commensurate anti-money laundering/countering the financing of terrorism policies and controls. In addition, in several of the cases significant exposures to anti-money laundering/countering the financing of terrorism risks appeared in the context of correspondent banking services, whilst institutions did not have dedicated or sufficiently clear anti-money laundering/countering the financing of terrorism policies for such business. While pursuing business opportunities, several credit institutions were willing to accept risky customers without appropriately managing them, including politically exposed persons and commercial entities where the beneficial owner could not be identified. In some cases, credit institutions engaged in anonymous transactions or non-face-to-face business relationships without undertakinging adequate due diligence. In other instances, some credit institutions appear to have been promoting an aggressive business model of on-boarding clients and processing transactions on the basis of deliberately limited customer due diligence.
Case study: Increased risk appetite
In one case, a credit institution had attracted many of its customers through a system of references that paid so-called introducers to bring in new clients while relying on the same introducers to check the prospective client’s probity. Customers paid the introducers as well. There is no evidence of clients being rejected during this process, although the credit institution did close some customer accounts and cut ties with a number of introducers when it was fined for weak money laundering controls by the supervisor.
4.Anti-money laundering/Countering the financing of terrorism group policies
Some of the cases involved banking activities undertaken in different parts of a group, through branches established in different Member States or third countries, or through subsidiaries located in Member States other than where the headquarters are established. Most of those groups organised their anti-money laundering/countering the financing of terrorism compliance, governance and risk management with a view to ensuring primarily compliance with local anti-money laundering/countering the financing of terrorism frameworks. Very often, this was appropriately supplemented with a group-wide anti-money laundering/countering the financing of terrorism policy, where local regulatory needs would have been integrated in a broader group risk management and compliance policy and processes. The lack of a group-wide anti-money laundering/countering the financing of terrorismpolicy suggests that problems may have been largely left to be tackled by local management. In some instances, local management was situated in third country jurisdictions and subject to obligations that were not necessarily as strict as those applicable in the Union.
In some instances, it appears that the parent company had difficulties in forming an accurate and complete overview of the existing risks in the group. On several occasions, this seems to have prevented local anti-money laundering/countering the financing of terrorism-related problems from being taken into account in the context of wider group actions. In a few cases, the policies and control processes of acquired credit institutions (often on a cross-border basis) were not aligned in a timely manner to the group-wide risk management framework, with IT and reporting systems remaining separate and with no integration or inter-connection with the group’s system. Furthermore, in certain cases, problems in branches seem to have been discarded at group level on the basis of proportionality considerations related to the size of local peripheral group entities, while seemingly neglecting the reputational impact that even peripheral entities and activities might have on the whole group.
III.Findings related to actions by competent authorities
The review has focused on actions taken by supervisory authorities. The functioning of Financial Intelligence Units and their cooperation with other competent authorities is examined in the Report on assessing the framework for Financial Intelligence Units’ cooperation. Moreover, criminal investigations by competent authorities in Member States, some of which are ongoing, are not covered by this report.
Supervisory reactions in relation to individual institutions’ anti-money laundering/countering the financing of terrorism shortcomings were very different in terms of timing, intensity, and measures taken. It may not in all cases be possible to make generalised findings, but the analysis does allow a series of observations that give a better understanding of supervisory actions and practices. Given that the institutional framework is governed by complementary norms enshrined in the anti-money laundering/countering the financing of terrorism and prudential frameworks, findings are presented separately in relation to actions taken by anti-money laundering/countering the financing of terrorism supervisors and by prudential authorities.
1.Anti-money laundering/Countering the financing of terrorism supervision
Under the 3rd Anti-Money Laundering Directive, Member States were obliged to require the competent authorities to effectively monitor and take the necessary measures to ensure compliance with the Directive by all institutions and persons covered. In the case of credit and financial institutions, the competent authorities were required to have enhanced supervisory powers, notably the possibility to conduct on-site inspections and impose administrative sanctions and measures for violations of the obligations of the Directive.
a)Powers, organisation and resources
In most of the cases, anti-money laundering/countering the financing of terrorism supervision was carried out by the same authority that also had prudential supervision responsibilities. In one case, supervision was carried out by the Financial Intelligence Unit. With very few exceptions, relevant supervisors appear to have had sufficient and adequate supervisory powers, although there were divergences in their powers to impose sanctions and supervisory measures for violations of the Anti-Money Laundering Directive. There appears to have been a wide discrepancy in the level 19 of applicable sanctions, mainly due to the lack of harmonisation of sanctions in the 3rd Anti-Money Laundering Directive.
In several cases, anti-money laundering/countering the financing of terrorism supervisors appear to have been critically understaffed and in others, staff seem to have been lacking sufficient experience or knowledge of how to carry out their supervisory tasks. This seems to have had a direct impact on the ability of supervisors to effectively perform their supervisory duties. In most assessed cases, the intensity of actions by national supervisors appears to have been largely affected by a lack of prioritisation of anti-money laundering/countering the financing of terrorism issues more broadly both at government as well as at authorities level. In a number of cases, incidents occurred against the background of the financial crisis, when the public and political focus was geared towards other shortcomings in the financial system.
b)Supervision of local entities
In a number of cases, the anti-money laundering/countering the financing of terrorism supervisor appears to have often only relied on remote supervisory tools and to have carried out only few, limited or late on-site inspections even when the risk appeared to be high. Even in cases where on-site inspections were carried out, supervisors seem to have often only relied on documents submitted by the credit institutions, without carrying out sample checks to test whether the information submitted by the credit institutions was correct. This was often against the background of what supervisors have described as a climate of trust which existed between the supervisor and the supervised entity. In many cases, primary compliance failures kept recurring over years before being picked up by supervisory activity or before the bank reported on them. In a few cases, anti-money laundering/countering the financing of terrorism supervisors did not seem to have sufficiently rapidly acknowledged the severity of the situation, which prevented them from engaging with the supervised institutions. Despite finding violations, supervisors often did not adopt any sanctions or supervisory measures, mostly relying on informal letters and recommendations.
Case study: Enforcement culture
In one Member State the relevant national anti-money laundering/countering the financing of terrorism supervisor explained that the supervisory culture was of a "non-intrusive" nature and built on trust. The supervisor relied mainly but not exclusively on off-site reviews, written exchanges with the supervised entities and had never imposed sanctions or taken other supervisory measures.
c)Supervision of cross border entities
In most cases, the respective supervisory responsibilities and tasks of the relevant authorities were not sufficiently well understood nor pre-agreed in order to ensure comprehensive coverage of anti-money laundering/countering the financing of terrorism issues at group and individual establishment levels. In fact, no anti-money laundering/countering the financing of terrorism supervisor appeared to take responsibility for the supervision of a group, relying only on the supervision of the local business in each Member State. Some supervisors noted that the 3rd Anti-Money Laundering Directive lacked a specific obligation in this respect. Nevertheless, it was implicit that such a responsibility existed in both the Directive and Financial Action Task Force standards. This has been clarified in the 4th Anti-Money Laundering Directive.
The analysis found that in several cases the anti-money laundering/countering the financing of terrorism supervisor in charge of supervising the group was unable to understand the severity of problems in a branch, due to lack of or limited direct contact with the authority entrusted with anti-money laundering/countering the financing of terrorism supervision of the branch or vice versa. Also, the group supervisor did not receive relevant information and analysis on activities of overseas branches from the Financial Intelligence Units concerned. This may have resulted in an understatement of the impact that anti-money laundering/countering the financing of terrorism related problems had on the branch or the group.
d)Supervisory measures and their effectiveness
While divergences were found in the legal powers of anti-money laundering/countering the financing of terrorism supervisors to impose sanctions and supervisory measures, in several assessed cases, irrespective of the scope of their powers, supervisors appear to have been often hesitant to impose sanctions or take supervisory measures. While in some cases the supervisor took effective measures and imposed substantial sanctions for serious breaches, in most cases, there was a mismatch between the gravity of the violations and the sanctions or measures imposed, sometimes due to the limited legal powers available. Anti-money laundering/countering the financing of terrorism supervisors hesitated to impose new sanctions or measures in cases where a new on-site inspection revealed that there had been no or insufficient compliance with previous measures. There were in fact very different approaches across the cases in terms of recourse to sanctions to deal with identified problems and their effectiveness. Several authorities were deprived of efficient sanctioning powers, whereas others appear to have been reluctant to apply existing powers, often invoking uncertainty about available evidence. In several cases authorities imposed multiple supervisory measures which do not appear to have brought substantial improvements. It appears that the applicable frameworks and/or their implementation did not provide the necessary certainty that supervisors could apply effective, proportionate and dissuasive sanctions and measures.
In some cases, where credit institutions failed to respond to supervisory demands requiring enhanced specific anti-money laundering/countering the financing of terrorism controls so as to align them with actual level of risks, supervisory authorities explicitly required termination or restriction of certain business relationships with specific categories of customers or in specific jurisdictions. This proved to be an effective measure. In another case, supervisors introduced controlled release of deposits, through the appointment of a competent person, which also proved effective. The withdrawal of authorisation as the sanction for breaching anti-money laundering/countering the financing of terrorism rules appears to be used only as a last resort measure (further described under section 2d)).
In some of the cases, prosecutors also took measures targeted at anti-money laundering/countering the financing of terrorism failures, given that in some Member States they are competent on these matters. In addition, prosecutors also looked into criminal offences associated with money laundering. In two Member States, prosecution services have indicted and are currently pursuing charges against staff of credit institutions who were allegedly involved in criminal offences associated with money laundering.
Case study: Lack of effective, proportionate and dissuasive sanctioning powers
Although the requirements of the Anti-Money Laundering Directive applicable at the relevant time required Member States to ensure that anti-money laundering/countering the financing of terrorism authorities had the power to impose "effective, proportionate and dissuasive" sanctions for violations of the Directive, in one Member State the maximum monetary sanction available to the relevant authority was at the time limited to a maximum of €46.500 per infringement.
2.The Anti-money laundering/Countering the financing of terrorism dimension in prudential supervision
Prudential supervision, alongside anti-money laundering/countering the financing of terrorism supervision, plays an essential role in the fight against money laundering and terrorist financing. It is a role which is embedded in the prudential supervisory framework, although the anti-money laundering/countering the financing of terrorism dimension is not always explicitly highlighted. Prudential supervisors are in charge of authorisation and the withdrawal of licences, assessing the suitability of the shareholders and of members of the management body and key function holders of credit institutions and undertaking the supervisory review and evaluation process, which checks that credit institutions have sufficient capital and liquidity as well as robust governance systems.
a)Powers, organisation and resources
During the period reviewed, many prudential supervisors were predominantly focusing on crisis management and taking remedial measures in the aftermath of the 2008-2009 financial crisis and the subsequent sovereign debt crisis. As other supervisory aspects often took priority, anti-money laundering/countering the financing of terrorism issues may not always have received the required attention. Although all prudential authorities interviewed consider anti-money laundering/countering the financing of terrorism to be important, it seems priority and resources were predominantly allocated to other prudential concerns.
Whereas the prudential framework ensures that prudential authorities are endowed with a far-reaching set of powers, several supervisors signaled their unease as regards using such powers in relation to anti-money laundering/countering the financing of terrorism-related shortcomings, as the prudential framework only exceptionally refers explicitly to such concerns.
With the establishment of the Single Supervisory Mechanism, 20 prudential responsibilities for significant credit institutions and, in case of certain functions (authorisation, withdrawal and assessment of qualifying holdings acquisitions), for all credit institutions in the Banking Union, were transferred to the European Central Bank. The European Central Bank, like all prudential supervisors has to take anti-money laundering/countering the financing of terrorism concerns into account in its prudential supervisory activities. When acting in its supervisory capacity, the European Central Bank is not considered to be the anti-money laundering/countering the financing of terrorism authority. 21 The transfer of prudential supervisory powers to the European Central Bank introduced an additional institutional layer for cooperation and coordination, adding interaction with the European Central Bank to the interaction between domestic anti-money laundering/countering the financing of terrorism supervisors and prudential authorities.
b)Supervision of local entities
Prudential supervision is based on the principle of home country control, which attributes supervisory responsibility to the competent authority in the Member State where a credit institution has its registered office (which is the European Central Bank for significant credit institutions established in the Banking Union). This responsibility extends also to the branches of the credit institution, irrespective whether they are established in the same Member States or outside. The prudential authority in the host Member State where branches are established has only residual competences related to the general good and for statistical purposes. 22
Given the confidentiality of supervisory decisions, it could not be ascertained whether prudential supervisors consistently used business model analysis to assess the viability and vulnerability of several credit institutions, even when such institutions engaged in activities involving substantial anti-money laundering/countering the financing of terrorism risk factors. Nor was it possible to assess whether anti-money laundering/countering the financing of terrorism-related governance concerns were consistently included in the broader review of credit institutions’ governance arrangements by prudential authorities. According to anecdotal evidence and in light of the lack of specific guidance in the single rulebook, it appears that anti-money laundering/countering the financing of terrorism concerns were not consistently factored into the supervisory review and evaluation process. Ex post, and on closer examination of the activity, some authorities admitted that some red flags could indeed have been triggered. In several cases, prudential supervisors did not appear to have acknowledged the severity of the situation in a timely manner, which prevented them from engaging in suitable substantial information exchanges and coordinated action with other authorities. In several cases, supervisors have invoked insufficient information on the adequacy of compliance or risk management systems, as required under the anti-money laundering/countering the financing of terrorism framework.
Some of the cases analysed show that certain credit institutions were authorised by national competent authorities without sufficient scrutiny in relation to anti-money laundering/countering the financing of terrorism related aspects, both from a business plan perspective, as well as from the perspective of the suitability of shareholders and members of the management board and key function holders.
c)Supervision of cross-border entities
While cross-border branches are under the prudential supervision of the home Member State authority, the anti-money laundering/countering the financing of terrorism supervision of such branches falls within the remit of the host Member State authority. Banking groups (i.e. a parent and its subsidiaries) are subject to prudential requirements (including on governance) and prudentially supervised on a consolidated basis. The consolidating supervisor is usually the authority in the home Member State supervising the credit institution with the largest assets, and where group policies are usually centralised. The group dimension in anti-money laundering/countering the financing of terrorism supervision is much less prominent, assigning very limited tasks to the home Member State authority.
The analysis found that often it was the home Member State’s prudential authority in charge of supervising the branch that failed to understand the severity of anti-money laundering/countering the financing of terrorism related problems in a branch. This appears to have been due to lack of direct contact between the home prudential authority and the host authority entrusted with the anti-money laundering/countering the financing of terrorism supervision of the branch, or due to a misunderstanding of such problems even by the anti-money laundering/countering the financing of terrorism authority in the home country with whom home prudential authorities were in regular contact. In several cases, this appears to have led to an understatement of the impact that anti-money laundering/countering the financing of terrorism related problems in a branch might have on the parent company and on group’s reputation.
As for the consolidating supervisor in charge of organising and leading supervisory colleges, some anecdotal evidence suggests that anti-money laundering/countering the financing of terrorism issues in subsidiaries were regularly discussed in supervisory colleges. Yet there is no evidence that joint decisions taken at group level required banking groups to address in a structured and consistent way anti-money laundering/countering the financing of terrorism deficiencies within the group.
In many cases, the different levels at which prudential and anti-money laundering/countering the financing of terrorism supervisiory tasks were entrusted (home/host authorities, national/Union authorities) appear to have exacerbated cooperation difficulties, including problems in identifying the relevant institutional counterparty.
Case study: Inefficiencies in group supervision
In the case of a bank with overseas branches, the home Member State supervisor and the host Member State supervisor were integrated authorities that did not necessarily draw a clear line between their responsibilitites for prudential supervision and for anti-money laundering supervision. The home supervisor, although in charge of the prudential supervision of overseas branches did not factor in anti-money laundering related problems signalled by the host supervisor. Ultimately it was the host Member State authority who required the branch to reduce and later to stop its activities that involved anti-money laundering/countering the financing of terrorism risks.
d)Supervisory measures and their effectiveness
The review found that in the absence of detailed rules on how to take into account anti-money laundering/countering the financing of terrorism concerns, prudential supervisors relied substantially on remedial action by the anti-money laundering/countering the financing of terrorism supervisors when such concens had been identified. On certain occasions, the focus of prudential supervisors was geared towards ensuring adequate provisioning for fines, an appropriate level of liquidity or increasing capital requirements for operational risk. Some prudential authorities used their broader prudential tool-kit, including on-site investigations and targeted deep-dives, when concerned about anti-money laundering related risks. This led sometimes to the adoption of qualitative measures addressing weaknesses in governance, internal controls and unsustainable business model, as well as in the risk management framework of credit institutions. Given confidentiality constraints, it was not always possible to ascertain whether prudential supervisors consistently took adequate and timely prudential measures to address governance weaknesses or risk management deficiencies that allowed the primary anti-money laundering/countering the financing of terrorism failures to occur. Some supervisors requested certain credit institutions to adjust their business model with a view to de-risking.
The withdrawal of authorisation for serious breaches of anti-money laundering/countering the financing of terrorism rules is also listed as a sanction in the prudential framework. Only prudential authorities may withdraw the licence. The tool has been used by prudential authorities in several of the cases analysed, principally for smaller institutions. It has not been possible in the analysed cases to ascertain how such breaches and their intensity were assessed in view of applying the withdrawal sanction. Among the analysed cases, there were several situations where licence withdrawal proved to be a mere formality rather than a sanction for anti-money laundering/countering the financing of terrorism violations, as the credit institution was already declared failing or likely to fail, or put under a special administrator.
No common rules exist in relation to the closure of branches, and there is some evidence that the home prudential authority is not always substantially involved in the decision on branch closure taken by the host anti-money laundering/countering the financing of terrorism authority.
Case study: Withdrawal of licence
In one case a bank saw its access to markets being cut following a warning issued by third country authorities on suspicions of money laundering in connection with that bank. This led to the significant deterioration of the bank’s liquidity, rendering it unable to pay its debts or other liabilities as they fell due. This triggered a decision by the prudential authority to declare that the bank was failing or likely to fail. The licence of the bank was withdrawn a few months later, whilst the bank was under liquidation.
3.Cooperation within the EU
Provisions on cooperation among the various authorities are scattered across the anti-money laundering/countering the financing of terrorism and prudential regulatory frameworks and vary in terms of their precision and the degree to which they are binding. Cooperation is substantially influenced by the distribution of responsibilities between home and host Member States authorities, which is centred around host Member State authorities in the Anti-Money Laundering Directive and around home Member State authorities in the Capital Requirements Directive. An additional dimension of cooperation follows from the establishment of the Single Supervisory Mechanism and the exercise of prudential competences by the European Central Bank.
Most of the authorities interviewed (prudential authorities, anti-money laundering/countering the financing of terrorism supervisors, law enforcement authorities, Financial Intelligence Units) expressed their willingness to cooperate and share information with other relevant authorities. In the cases covered by the post mortem analysis, authorities appear to have interacted with each other both domestically and across borders on several occasions. For instance, most integrated authorities pointed out that their anti-money laundering/countering the financing of terrorism and prudential departments regularly coordinated or have, on occasion, worked in joint teams. Across borders, authorities appear to have discussed anti-money laundering/countering the financing of terrorism concerns in the context of supervisory colleges or on a bilateral basis, especially when problems have become more acute. However, not all relevant authorities interacted, and where there was interaction the intensity and frequency of contacts has varied significantly. In several of the cases analysed, interaction proved to be clearly ineffective and prevented a proper understanding of the gravity of the situation or did not result in joint supervisory action.
With regard to domestic cooperation, authorities did highlight a number of issues that may have affected the intensity, quality and frequency of cooperation and information sharing, suggesting that cooperation did not always enable effective supervision. For example, several authorities mentioned that confidentiality requirements prevented efficient cooperation and information exchange between the Financial Intelligence Units, law enforcement authorities and the prudential or anti-money laundering/countering the financing of terrorism supervisor. Other authorities pointed to a lack of experience in identifying what constitutes important information to share between an Financial Intelligence Unit and a prudential or anti-money laundering/countering the financing of terrorism supervisor or between the two supervisors and observed that, with increasing experience, information sharing had recently intensified. Some integrated supervisors reported never having had requested input from a Financial Intelligence Unit in the context of prudential assessments such as for fit and proper purposes, but relying on information from the prudential departments. Furthermore, many of the cases analysed showed that Financial Intelligence Units did not share information with the anti-money laundering/countering the financing of terrorism and prudential supervisors in a structured way. Financial Intelligence Units may sometimes have been prevented from sharing information with the supervisors by provisions in domestic laws (for example when the analysis conducted by the Financial Intelligence Unit was considered to be criminal intelligence and only shareable with law enforcement authorities). On the other hand, Financial Intelligence Units very rarely received feedback from supervisors about the use made of the information provided and about the outcome of inspections performed on the basis of that information. These issues are examined in more detail in the Report on assessing the framework for Financial Intelligence Units’ cooperation.
Moreover, other potential issues affecting the intensity, quality and frequency of cooperation include several definitions and rules in the relevant directives, which may have led to different understandings of obligations and different expectations by the different authorities.
The review found effective action in instances where supervisory authorities interacted intensively with law enforcement authorities in relation to anti-money laundering/countering the financing of terrorism findings. However, it became apparent that there is a large variety of triggers for the involvement of law enforcement authorities, given that there is no common denominator in Union law. This may also explain why the contacts of law enforcement authorities with supervisors in other Member States remain reduced. There appear to be also differences in the role and scope of powers of law enforcement authorities, which may also partly explain why cooperation and coordination amongst law enforcers on anti-money laundering/countering the financing of terrorism issues remains scarce.
With regard to cross-border cooperation within the Union, the analysis did not allow identification of the intensity, quality and frequency of interaction between the various authorities. The cases showed that contacts between authorities (anti-money laundering/countering the financing of terrorism supervisors and prudential authorities) across Member States were uneven and often established on an ad hoc basis, which may be largely attributed to the differences in the applicable legal frameworks as regards the distribution of supervisory competences and the approach to group supervision. Cooperation was often reduced to mere information exchange, and did not in all cases result in a joint understanding of cross-border implications, nor the taking of concerted supervisory action. Moreover, there does appear to have been an absence of a shared strategic aim of preventing money laundering across the multitude of institutional actors involved.
4.Cooperation between authorities in the Union and third country authorities
Cooperation and exchange of information between Member States' anti-money laundering/countering the financing of terrorism supervisors and their counterparts in third countries is not regulated under the Anti-Money Laundering Directive. Instead, supervisory cooperation takes place on the basis of Financial Action Task Force Standards (in particular, Recommendation 40 23 and its Interpretative Note) almost exclusively on a bilateral basis. Prudential authorities in the Union may use prudential colleges to discuss anti-money laundering/countering the financing of terrorism concerns with their third country counterparts, yet this does not involve participation of anti-money laundering/countering the financing of terrorism supervisors. Both supervisory authorities are expected to observe principles spelt out in the Basel Committee’s guidelines on the sound management of risks related to money laundering and financing of terrorism.
Around half of the cases within the scope of the post-mortem exercise involved supervisory interaction with third country authorities. Stakeholders mentioned the following issues underpinning challenges of cooperation with certain third country authorities: lack of willingness on both sides to exchange confidential information with certain authorities, lack of mutual trust and concerns that information exchanges, in the rare cases where they included the transfer of personal data, would not be in compliance with the General Data Protection Regulation. 24
In some cases analysed, authorities reported that they had regular and broadly satisfactory cooperation and exchange of information with third country anti-money laundering/countering the financing of terrorism and prudential authorities, although in a few cases there were indications of an asymmetry in information sharing. In other cases, authorities highlighted deficiencies in cooperation with third country authorities, particularly in terms of timing and extent of information sharing or coordinating action. In a few cases, where third country authorities announced legitimate measures against a credit institution established in the Union, the prudential authorities and/or anti-money laundering/countering the financing of terrorism supervisors in the Union appear to have lacked insight about the imminence and background of such measures. Such measures had a high impact on the respective banks, but were taken without sufficient prior warning to enable the relevant authorities in the Union to take preventive actions against the institutions concerned and other measures to safeguard financial stability before publication of those measures. Those cases involved situations where measures were taken especially by third country law enforcement authorities, not by supervisory authorities in such countries.
In addition, in several cases where following supervisory findings law enforcement authorities launched investigations, these authorities faced cooperation problems with some third countries. More specifically, the authorities of third countries failed to respond to requests for mutual legal assistance from Member States’ law enforcement authorities. This prevented the latter from obtaining evidence capable of proving the criminal origin of money, and eventually led to failures of prosecution.
Only in few cases did the authorities in the Union in charge of the supervision of various group entities coordinate their interaction with third country authorities. However, in most cases analysed no such evidence could be found. Nor could the analysis ascertain that authorities in the Union have forwarded in all cases to their European peers all the relevant information received from third country authorities.
Case study: Interaction with third country authorities In two cases, the national authorities were not able to intervene or to ascertain the breaches that undepinned the actions of third country authorities, given that the latter gave notice of the proposed measures to the authorities of the Member States only very shortly before they were published. Following the publication of the proposed measures, two European credit institutions had to terminate their business. |
IV.Recent progress made in the Union
During the last years, credit institutions and public authorities responsible for fighting money laundering and terrorist financing have taken measures to improve their anti-money laundering/countering the financing of terrorism defences. Such progress, along with remaining challenges, is documented in the Country Specific Recommendations and the accompanying country reports. 25 Moreover, several developments have taken place at Union level.
1.Developments of the Anti-money laundering/Countering the financing of terrorism regulatory framework
Since the introduction of the Anti-Money Laundering Directive, the Union’s legal framework has been substantially enhanced with the 4th Anti-Money Laundering Directive which had to be transposed in Member States by June 2017, while the 5th Anti-Money Laundering Directive makes further enhancements and should be transposed by January 2020. This new framework is an improvement on the previous rules, in particular because it: (i) clarifies the need for credit institutions to carry out risk assessments and have adequate policies and procedures in place to prevent money laundering/terrorist fianncing; (ii) sets up registries of beneficial ownership, of credit institution accounts and of lists of politically exposed persons, which will greatly enhance the ability of institutions to carry out effective customer due diligence; (iii) clarifies the role of the parent institution in implementing anti-money laundering/countering the financing of terrorism policies for the whole group; (iv) clarifies the role of the anti-money laundering/countering the financing of terrorism supervisor of the parent institution to supervise the group for such purposes; (v) substantially enhances the powers of supervisors to impose sanctions and administrative measures for breaches of relevant obligations, while requiring that such sanctions and administrative measures are public; (vi) substantially enhances the exchange of information between the relevant competent authorities, notably by removing the confidentiality obstacle to exchange of information between supervisors and through the conclusion of a memorandum of understanding for exchanges between the supervisors and the European Central Bank; and (vii) enables Member State supervisory authorities to conclude memoranda of understanding with third country counterparts for purposes of collaborating and exchanging confidential information.
Directive 2018/1673 on combating money laundering by criminal law complements this preventive framework by harmonising the definition of the crime of money laundering and related sanctions. The Directive entered into force in December 2018 and Member States have two years to transpose it. This new framework is an improvement on the previous rules, in particular because it (i) makes money laundering punishable with a maximum of no less than four years of imprisonment; (ii) considers cases as aggravated when the offender is an obliged entity and has committed the offence in the exercise of their professional activities; (iii) ensures that law enforcement can make use of effective investigative tools, such as those used in combating organised crime or other serious crimes; ((iv) allows Member States to criminalise also money laundering committed with recklessness or serious negligence.
2.Developments of the prudential regulatory framework
The prudential framework was substantially updated in 2018 with changes due to be applied by the end of 2020. 26 In relation to anti-money laundering/countering the financing of terrorism, amendments introduced an explicit cooperation obligation between prudential authorities and anti-money laundering/countering the financing of terrorism authorities and Financial Intelligence Units and removed confidentiality barriers to effective information exchange between those authorities. The European Banking Authority has been mandated to develop guidelines detailing various aspects of the cooperation requirement.
Furthermore, the 5th Capital Requirements Directive clarified the possibility for prudential supervisors to use available prudential tools to address anti-money laundering/countering the financing of terrorism concerns from a prudential perspective. The 5th Capital Requirements Directive provides more details on the assessment of the internal controls and risk management systems during the authorisation process. It also introduces an explicit power to remove members of the management board in case of concerns related to their suitability, including from an anti-money laundering/countering the financing of terrorism perspective.
Moreover, the 5th Capital Requirements Directive mentions explicitly the anti-money laundering/countering the financing of terrorism dimension in the context of the supervisory review and evaluation process, requiring competent authorities to take necessary measures using the tools and powers at their disposal should money laundering/terrorist fianancing concerns be significant from a prudential perspective. There is also an obligation for competent authorities to notify the European Banking Authority and the authority responsible for anti-money laundering supervision where they identify weaknesses in the governance model, business activities or business model, which give reasonable grounds to suspect money laundering or terroris financing.
3.Developments of the European Supervisory Authorities' role with regards to Anti-money laundering/Countering the financing of terrorism
At Union level the current mandates of the three European Supervisory Authorities - the European Banking Authority, the European Insurance and Occupational Pensions Authority and the European Securities and Markets Authority – extend to the area of anti-money laundering/countering the financing of terrorism. They are empowered to develop rules and guidance in this area, and to promote cooperation and information sharing among authorities, supervisory convergence and to ensure that the anti-money laundering/countering the financing of terrorism legislation is properly applied. However, the European Supervisory Authorities are not themselves supervisors with their own set of binding powers and tools to ensure compliance and enforcement of rules and recommendations or to be adequately involved in cooperation with third country authorities. They instead have to work with relevant national authorities using the powers conferred upon them by their founding Regulations. 27
In the past years, the focus of the European Supervisory Authorities with regard to anti-money laundering/countering the financing of terrorism has been on delivering on a number of mandates of a regulatory nature delegated to them under the 4th Anti-Money Laundering Directive. However, more recently there has been more focus on carrying out convergence work, including focusing on the proper application of the relevant rules.
For example, last year in July in the case of one bank, the European Banking Authority Board of Supervisors adopted recommendations to the anti-money laundering/countering the financing of terrorism supervisory authority to take measures to ensure compliance with the Anti-Money Laundering Directive. The Commission followed up by issuing an Opinion addressed to that supervisory authority on the action necessary to comply with Union law. 28
Earlier this year, following a request by the Commission, the European Banking Authority also investigated supervisory authorities in two Member States in relation to circumstances of the operation by a bank of a high-risk portfolio of non-resident clients through its overseas branch. In that case, the European Banking Authority opened in February 2019 a formal breach of Union law investigation under Article 17 of the Regulation (EU) No 1093/2010 (the European Banking Authority Regulation) 29 . Following the opening of the investigation, and extensive analysis by the European Banking Authority staff, the European Banking Authority’s independent breach of Union law panel proposed a draft recommendation to its Board of Supervisors in relation to a number of breaches of Union law by both supervisory authorities with respect to effective supervision and cooperation. The European Banking Authority’s Board of Supervisors (composed of heads of Member States’ prudential authorities) rejected the recommendation on 16 April 2019.
The final decision of the European Banking Authority’s Board of Supervisors in the breach of Union law process related to the respective bank may have been driven by the following issues:
·Board of Supervisors members, while agreeing that there may have been deficiencies in supervision, appear to have considered that the obligations on supervisors in the relevant directives were not sufficiently clear and unconditional and so could not be used to fund a breach of Union law recommendation. Moreover, the Board of Supervisors members took into account the fact that the legislative framework changed during the time-period covered by the Authority’s investigation.
·Board of Supervisors members also considered that this case concerned the past and that Article 17 on breach of Union law proceedings in the European Banking Authority Regulation is not the right tool for remedying past issues. 30
The above findings raise questions for the future, including on how to ensure that supervisors can be held accountable for their actions to ensure financial institutions’ compliance with Union law, especially when working with minimum harmonisation Directives. At the same time they also highlight the need to use the full range of tools by the European Supervisory Authorities, including forward looking implementation reviews, to strengthen anti-money laundering/countering the financing of terrorism supervision in practice across the EU. It is noted that the decision of the European Banking Authority does not affect the right of the Commission to launch infringment proceedings on the basis of the same facts.
The recent European Supervisory Authorities review has brought more emphasis on anti-money laundering/countering the financing of terrorism matters. As of January 2020, the current anti-money laundering/countering the financing of terrorism mandate residing with each of the three European Supervisory Authorities will be concentrated within the European Banking Authority, which shall take a leading, coordinating and monitoring role in promoting integrity, transparency and security in the financial system in order to prevent and counter money laundering and terrorist financing. New rules on information sharing and dissemination should significantly improve cooperation among prudential and anti-money laundering/countering the financing of terrorism supervisors, and strengthen the European Banking Authority’s role in ensuring that breaches of relevant rules are consistently investigated and that national anti-money laundering/countering the financing of terrorism supervisors comply with Union rules. Moreover, the European Banking Authority will have a role in facilitating cooperation with third country authorities in cases where there are indications of breaches of the Anti-Money Laundering Directive.
V.Conclusion
The prevention and fight against money laundering/terrorist financing is crucial in preserving the integrity of the internal market and in fighting crime. Different entities have a different role to play in this task, starting from credit institutions, the anti-money laundering/countering the financing of terrorism and prudential supervisors (including the European Central Bank acting in its supervisory capacity), Financial Intelligence Units, law enforcement authorities (police, prosecutors and courts). It is imperative that these entities give sufficient prioritisation to their tasks in preventing and fighting money laundering/terrorist financing. It is also essential that the laws are fully and effectively applied by credit institutions and consistently enforced by public authorities endowed with sufficient investigatory and supervisory powers and disposing of effective and dissuasive sanctions. Cooperation and effective information sharing between the multitude of relevant authorities are key in addressing ever-growing cross-border anti-money laundering/countering the financing of terrorism concerns, including outside the Union. The analysis showed that often in practice these essential aspects were not sufficiently taken into account.
1.Findings related to credit institutions Anti-money laundering/Countering the financing of terrorism defences
The analysis of the selected cases revealed substantial incidents of failures by credit institutions to comply with core requirements of the Anti-Money Laundering Directive, such as risk assessment, customer due diligence, and reporting of suspicious transactions and activities to Financial Intelligence Units. Cases showing prolonged anti-money laundering/countering the financing of terrorism compliance deficiencies often also displayed broader anti-money laundering/countering the financing of terrorism related governance flaws, especially in the control function as well as in some cases in the attitude of senior management.
Many of the banks examined pursued risky business from an anti-money laundering/countering the financing of terrorism perspective, without establishing commensurate controls and risk management. Often, risks materialised long before credit institutions identified shortcomings. Even when shortcomings were identified, some banks took a long time to address them.
Many of the cross-border banking groups analysed organised their anti-money laundering/countering the financing of terrorism functions locally, with an emphasis on compliance with local rules, without supplementing such approach with a rigorous and consistent implementation of a group policy and control processes.
While some of the shortcomings identified seem to have been mainly driven by negligence, there were also instances where employees or the management of credit institutions seem to have supported money laundering/terrorist financing or deliberately lowered defences, in quest of profitable but highly suspect business. In a few instances, deficiencies were so severe that they ultimately led to the failure or closure of the credit institution or specific business.
In the past years, however, thanks to the gradual development of the anti-money laundering/countering the financing of terrorism legal framework, many of the credit institutions reviewed have taken substantial measures to improve their anti-money laundering/countering the financing of terrorism compliance systems. They have increased their risk management and compliance teams and are working on their procedures and internal controls. Some of the related obligations are also expected to be clearer once the 5th Anti-Money Laundering Directive and the 5th Capital Requirements Directive will be transposed. Moreover, pursuant to the anti-money laundering/countering the financing of terrorism action plan adopted by the Council in December 2018, the European Banking Authority is currently working on more detailed guidance for the application of the relevant rules. These actions are intended to clarify expectations vis-a-vis credit institutions and help them to better prepare for playing their part in fighting money laundering and terrorist financing. Yet, several aspects of the anti-money laundering/countering the financing of terrorism framework might require to be reinforced through binding rules that leave little room for divergent interpretation.
2.Findings related to actions by public authorities
The analysis examined actions and responses by supervisory and other public authorities in each of the cases. In some, public authorities were effective in pre-emptively identifying shortcomings in credit institutions and requiring remedial action, but in a number of other cases, public authorities only intervened after significant risks had materialised or in the face of repeated compliance and governance failures. The timeliness and effectiveness of subsequent supervisory measures imposed on credit institutions varied greatly.
A number of factors seem to have driven the effectiveness of supervisory action. Public authorities attributed different degrees of priority and resource allocation to anti-money laundering/countering the financing of terrorism related activities, which may explain the divergences in the degree of intrusiveness and intensity of supervision. Supervision was often not carried out with sufficient frequency, while in other cases the staff of the authorities suffered from from a lack of relevant experience. An additional focus of supervisory implementation and convergence in anti-money laundering/countering the financing of terrorism supervision through reviews annd training by the European Banking Authority will be important in this respect. Several prudential authorities were also uncertain about the extent and the modalities of factoring in anti-money laundering/countering the financing of terrorism concerns into their toolboox. The European Banking Authority’s work on guidelines, as well on the integration of such concerns in prudential supervision is expected to inform supervisors’ work in the future.
The decentralised anti-money laundering/countering the financing of terrorism supervisory framework based predominantly on a host country approach focused on supervising domestic entities’ compliance with local frameworks, without necessarily paying attention to their cross-border activities. In fact, no anti-money laundering/countering the financing of terrorism supervisor appeared to take responsibility for the supervision at group level, relying only on the supervision of the local business in each Member State, therefore leaving group anti-money laundering/countering the financing of terrorism policies unsupervised. Although anti-money laundering/countering the financing of terrorism group supervision has been introduced more clearly in the 4th Anti-Money Laudering Directive, it remains to be effectively applied in practice by the authorities. The framework still lacks clear group supervision tasks, any specific coordination mechanism and joint decision-making process with all relevant anti-money laundering/countering the financing of terrorism authorities, which stays in contrast with the effective mechanisms characterising cross-border prudential supervision since the 4th Capital Requirements Directive and the establishment of the Single Supervisory Mechanism. The formation of anti-money laundering/countering the financing of terrorism colleges and their oversight by the European Banking Authority will be important in this respect.
In relation to cooperation and information exchange between relevant authorities, some cooperation and information exchange did take place, but it was not always timely nor effective. Underlying drivers seem to have included lack of direct contacts between prudential and relevant anti-money laundering/countering the financing of terrorism supervisors and Financial Intelligence Units, diversity of institutional setups throughout the Union and related complexity of coordination, lack of resources and legal impediments to information sharing.
Cooperation with third country anti-money laundering/countering the financing of terrorism authorities and enforcement authorities has proven difficult in some cases, and actions by third country authorities remain largely unpredictable, despite their potential major effects in the Union’s jurisdictions. Although the European Banking Authority has been attributed a strengthened role in coordination with third countries, such role is likely to remain limited given the nature of their powers.
In the context of the evolving Anti-Money Laundering framework, supervisory authorities have greatly increased attention on anti-money laundering/countering the financing of terrorism issues, particularly in the last two years. The wave of recent incidents also led to some targeted amendments of the relevant legal framework, particularly with respect to the prudential framework and the enforcement through the European Banking Authority. Many authorities have been or are being reorganised and are acquiring additional resources and new expertise. This is expected to continue and should be supported by implementation assistance and also with effective information flows across the EU based on the future database of the European Banking Authority.
3.Outstanding structural issues
Whereas some of the causes underlying the events analysed have already been or will shortly be addressed thanks to the recent changes in the regulatory framework, the analysis underlines a number of outstanding structural issues. The findings in this report are intended to inform the debate about how the anti-money laundering/countering the financing of terrorism framework could be further improved and to provide the basis for further discussions with relevant stakeholders.
Some of the shortcomings highlighted in this Report are structural in their nature and have not yet been addressed. The different approaches to anti-money laundering/countering the financing of terrorism compliance by credit insitutions and to its supervision by national authorities are the consequence of minimum harmonisation at Union level. The integration of anti-money laundering/countering the financing of terrorism concerns in prudential supervision especially in cross-border situations is not yet sufficiently well articulated in the prudential framework. This results in a degree of regulatory and supervisory fragmentation in the anti-money laundering/countering the financing of terrorism area that appears ill adapted in light of ever increasing cross-border activity in the Union and centralised prudential supervision in the Banking Union. Weak links pose threats to the integrity of the Union’s financial system as a whole and will continue to exist unless it is ensured that all entities implement in a coherent and effective manner common rules and are subject to supervision of the highest quality. This implies that the tasks of the various relevant authorities involved in the fight against money laundering and terrorist financing should be clearly spelled out and appropriately attributed, while ensuring that no activities involving money laundering/terrorist financing risks are left unsupervised. Furthermore, at international level, cooperation with key third country authorities should be more structured and systematic, ensuring concerted positions in the cooperation with third countries. Consideration could be given to further harmonising the anti-money laundering/countering the financing of terrorism rulebook both as regards the obligations of credit institutions as well as the powers, duties and tools necessary for effective supervision. In particular, transformation of the Anti-Money Laundering Directive into a Regulation, which would have the potential of setting a harmonised, directly applicable Union regulatory anti-money laundering framework should be considered. Moreover, the anti-money laundering/countering the financing of terrorism cross-border dimension would merit further development to bring it in line with the current degree of integration in the banking market. Different alternatives could also be envisaged in order to ensure high quality and consistent anti-money laundering supervision, seamless information exchange and optimal cooperation between all relevant authorities in the Union. This may require conferring specific anti-money laundering supervisory tasks to a Union body. |
Communication from the Commission on Strengthening the Union framework for prudential and anti-money laundering supervision for financial institutions, COM/2018/645 final, 12.9.2018
Communication from the Commission to the European Parliament, the European Council, the Council and the European Central Bank Deepening Europe's Economic Monetary Union: Taking stock four years after the Five Presidents' Report, COM(2019) 279 final, 12.06.2019
The relevant framework is set out principally in Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) 648/2012 of the European Parliament and of the Council, and repealing Directive as amended (the Anti-Money Laundering Directive), and complemented by provisions in Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, as amended (the Capital Requirements Directive).
The ten banks included in the sample have not been subject to a holistic analysis, but the review focused on specific publicly known events linked to individual banks and the related supervisory actions. The findings in this report do not necessarily characterise each of the cases studied, nor do they have equal weighting in all cases where they apply. The sample of cases included: ABLV Bank in relation to events that led to the closure of the bank, Danske Bank in relation to events that led to the closure of its Estonian branch, Deutsche Bank in relation to the mirror trade case that led to the imposition of fines, FBME Bank in relation to events that led to its closure, ING in relation to events that triggered the settlement with the Dutch Public Prosecutor, Nordea in relation to events that triggered fines for anti-money laundering compliance deficiencies, Pilatus Bank in relation to events that led to its closure, Satabank in relation to events that led to restrictions of its operations, Société Générale in relation to events that led to the imposition of fines for anti-money laundering compliance deficiencies, Versobank in relation to events that led to the bank’s closure.
In terms of size, business model, cross-border presence, governance models, etc.
Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC, OJ L 0849, 09.07.2018, p.1.
Directive 2006/48/EC of the European Parliament and of the Council of 14 June 2006 relating to the taking up and pursuit of the business of credit institutions, OJ L 177, 30.6.2006, p. 1–200 and Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC, OJ L 176, 27.6.2013, p. 338–436.
Directive (EU) 2019/878 of the European Parliament and of the Council of 20 May 2019 amending Directive 2013/36/EU as regards exempted entities, financial holding companies, mixed financial holding companies, remuneration, supervisory measures and powers and capital conservation measures, OJ L 150, 7.6.2019
Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU and Directive (EU) 2019/878 of the European Parliament and of the Council of 20 May 2019 amending Directive 2013/36/EU as regards exempted entities, financial holding companies, mixed financial holding companies, remuneration, supervisory measures and powers and capital conservation measures (OJ L 150, 7.6.2019, p. 253–295 ) and the European Supervisory Authorities’ review to be formally adopted on XXX.
Report from the Commission to the European Parliament and the Council on the assessment of the risk of money laundering and terrorist financing affecting the internal market and relating to cross-border activities COM (2019) 370
Report from the Commission to the European Parliament and the Council assessing the framework for cooperation between Financial Intelligence Units COM(2019) 371
Report from the Commission to the European Parliament and the on the interconnection of national centralised automated mechanisms (central registries or central electronic data retrieval systems) of the Member States on bank accounts COM(2019) 372
There are large variations in terms of detailed causes or manifestations of anti-money laundering/countering the financing of terrorism related flows, as there are variations also in relation to their intensity
One credit institution assessed had complex group structures executing transactions in foreign jurisdictions, which were then booked via an overseas branch into the Union. This particular model presents risks around third-party involvement in payments and tends to be associated with the full delegation of customer due diligence to the entity booking remotely.
It is noted that these cases are for national authorities to investigate. The European Commission has no competences in this regard.
Article 74 of the Capital Requirements Directive 2013/36/EU.
The three lines of defence involve: (1st line) the business units, (2nd line) the compliance and risk management function and (3rd line) the internal audit function.
While some authorities could only impose a maximum of 46.500 euro per infringement, others could impose millions of euro in administrative sanctions.
Council Regulation (EU) No 1024/2013 of 15 October 2013 conferring specific tasks on the European Central Bank concerning policies relating to the prudential supervision of credit institutions, OJ L 287, 29.10.2013, p. 63–89 (Regulation establishing the Single Supervisory Mechanism).
Recital 28 of the Regulation establishing the Single Supervisory Mechanism.
Host authorities are more closely associated to the supervision by the home authorities where branches in their territory have been designated as significant.
http://www.fatf-gafi.org/media/fatf/documents/recommendations/pdfs/FATF%20Recommendations%202012.pdf
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ L 119 4.5.2016, p. 1
https://ec.europa.eu/info/publications/2019-european-semester-country-specific-recommendations-council-recommendations_en
Directive (EU) 2019/878 of the European Parliament and of the Council of 20 May 2019 amending Directive 2013/36/EU as regards exempted entities, financial holding companies, mixed financial holding companies, remuneration, supervisory measures and powers and capital conservation measures, OJ L 150, 7.6.2019
Regulation (EU) No 1093/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Banking Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/78/EC, Regulation (EU) No 1094/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Insurance and Occupational Pensions Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/79/EC; Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC OJ L 331, 15.12.2010
C(2018) 7431 final, 08.11.2018
Regulation (EU) no 1093/2010 of the European and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Banking Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/78/EC, OJ L 331 15.12.2010, p. 12.
Specifically, members considered that while the scope of investigations under Article 17 is not restricted to current breaches, the remedy of issuing recommendations “setting out the action necessary to comply with Union law“ may not be well-suited to cases relating to past supervisory activities.