APAC has overtaken the US in terms of the value of enforcement actions for the first time since 2015 with regulators imposing approximately USD 5.1 billion in fines for AML and KYC violations in 2020.¹ This is a result of two landmark fines imposed against Goldman Sachs for its involvement in 1Malaysia Development Berhad (1MBD) and Australian bank Westpac for its money laundering scandal with links to serious crimes. As a result of this landmark year for penalties, what are some of the key high level takeaways for APAC and how can financial institutions prevent these occurrences happening in future?
Back to Basics
The material failures of Goldman Sachs and Westpac highlight that there is a need for financial institutions to go back to the very basics in understanding the underlying reasons for AML laws and why financial crime controls and oversight is so important. So often financial institutions approach financial crime compliance with a checklist attitude failing to understand the complex and evolving nature of financial crime risk, as well as forgetting the human impact of the underlying predicate crimes of money laundering. After the material failings of this year, compliance professionals, senior members of staff and board members should pause to reflect and ask themselves why AML and KYC controls are so critical in not only mitigating money laundering risk but also in preventing harm to the victims of financial crime.
Both landmark cases of 2020 highlight there were significant failings of financial institutions in performing adequate customer due diligence. In the case of Goldman Sachs, the initial red flags identified in regards to the source of wealth and suitability of Malaysian businessman Jho Low as a private banking customer were allegedly dismissed by the deals team and business was actively pursued with Jho Low and his associates indirectly through the three 1MDB bonds held with Goldman Sachs. Whilst the wrongful actions of the deals team highlight a fundamental cultural concern within the bank, the fact that Goldman’s ongoing monitoring and due diligence controls do not identify the ongoing connection between the 1MDB bond transactions and Jho Low is also an area of concern. This ability to circumvent controls by the deals team as well as failures in the ongoing monitoring of customers and transactions highlight several lessons for financial institutions:
Due diligence is by no means a one time event. It should be conducted at the start of a relationship but also holistically and throughout all relationships.
All business decisions should be recorded in sufficient detail and accessible to all business areas. If at any point the relationship is terminated or declined a clear rationale should be recorded in the customers due diligence records and used as intelligence for ongoing monitoring activity.
Deliberate dismissal of financial crime red flags for the purpose of lucrative and unsavory business or the personal gain of employees may exist and there must be adequate internal controls and oversight to mitigate this type of behavior
Similarly, the Westpac scandal in which Westpac has admitted to “breaking the law by failing to monitor whether a dozen customers were making transactions consistent with child exploitation” also touches upon the importance of ongoing customer due diligence and monitoring.² Allegedly it was known to the bank that a customer had an existing conviction for child exploitation offences and was one of many customers sending funds to the Philippines where child exploitation is a serious concern. AUSTRAC have identified this as a failure to carry out appropriate customer due diligence in relation to suspicious transactions associated with possible child exploitation cases. Here we can learn that:
Customer risk evolves and ongoing monitoring solutions should be robust enough to detect and monitor any changes to customer behavior or suspicious activity, particularly those customers and transactions that are considered higher risk.
AML professionals should be regularly trained on current and evolving money laundering typologies by regions, products, service offerings, customers types etc. Criminal groups and those responsible for laundering money are getting smarter. It is therefore important for transaction monitoring systems to stay relevant but also for the individuals monitoring the alerts.
Financial Crime Compliance is everyone’s responsibility
In this increasingly competitive climate with traditional banks losing footing to digital and neo-banks, the reputational damage and hefty fines as a result of AML/CTF breaches is no longer something banks can take lightly. As such, financial crime compliance should be at the forefront of everyone’s agenda across the business including at the most senior levels. The Goldman Sachs scandal showcases how the siloed approach between the sales team, senior management and the compliance function lead to information slipping between the cracks, and exposing Goldman to bribery and corruption.
The due diligence failings relating to Jho Low provides one example of how a siloed approach to KYC allowed the sales team to circumvent controls and onboard Jho Low as an indirect customer via the 1MDB bonds. Similarly, allegations surrounding bribery in relation to the 1MDB transactions were allegedly known to Goldman, in which the Malaysian unit admitted to “knowingly and willing” paying bribes to foreign officials.³ These red flags were allegedly ignored by the relevant personnel instead of alerting higher-ups to problems with the bonds. Chief Executive, David Solomon, highlighted that ‘while many good people worked on these transactions and tried to do the right thing, we recognise that we did not adequately address red flags and scrutinise the representations of certain members of the deal team”. The 1MDB investigation highlights there was a problem with the corporate culture in the Malaysian division which looked to emphasize revenue and sales over honest business and compliance.
Similarly, following the findings of AUSTRAC’s investigation and the headlines linking Westpac to child exploitation, Westpac’s Senior Management and Board of Directors have openly discussed and committed to address the concerns of its corporate culture and governance and accountability frameworks and practices, admitting that Westpac has “been focused on finding individuals to blame for problems when they arose rather than addressing systemic issues”⁴. According to Westpac, it follows the three lines of defence model to detect and combat risk, however, has admitted that this is not ‘consistently understood and embedded’ in the bank meaning that roles, responsibilities and accountabilities are often misunderstood and have allowed some things to fall through the cracks⁵.
How can cultural and structural issues within a financial institution be addressed? Consider the following:
Compliance is everyone’s job. Even within the sales team compliance should be at the forefront of the business agenda, ensuring that business is conducted honestly and transparently. Compliance should not be seen as a barrier to business but as a tool for the acquisition of good business to help achieve the firm's commercial and strategic objectives.
A positive compliance culture lays the foundation for an effective AML/CFT framework. When talking about culture, this should include active engagement from the firm's leadership in terms of setting the ‘tone from the top,’ effectively integrating AML/CTF controls in business as usual and encouraging a healthy reward system where reward behaviour supports a positive AML culture
Allegations of bribery or misconduct should be taken seriously. Financial institutions should have in place suitable reporting and escalation policies and procedures to ensure red flags and concerns are identified and responded to by senior management where appropriate.
Financial institutions should ensure that their staff are aware of, and trained on, the escalation policies and procedures on a regular basis.
A speak up culture should be encouraged, where no issue or concern is too small or unimportant. But most importantly, any concern should be addressed appropriately and by the relevant personnel.
Roles and responsibilities should be clearly defined and understood in order to rapidly identify, prioritise, escalate and remediate issues.
Slipping through the cracks
Since the 1MDB scandal broke in 2016, a series of events have unfolded throughout the US, Switzerland, Malaysia, Singapore, Hong Kong and the UK. Central to the scheme were several senior Goldman bankers that managed to circumvent financial crime controls in place to siphon off approximately USD2.7 billion from 1MDB for their own personal gain as well as to pay a series of bribes to foreign officials.
The Goldman case is notorious as not only was there criminal conduct by a number of Goldman executives but as we have seen there were a number of red flags from the onset and throughout the 1MDB relationship that were raised over the years that should have allowed Goldman Sachs to either identify misconduct and follow up on it or stop it altogether. Essentially the accumulation of letting things ‘fall through the cracks’ allowed for billions of dollars being laundered and stolen from the Malaysian people.
The series of failings linked to the 1MDB transactions highlight ineffective oversight of the internal money laundering controls at Goldman and also demonstrate a number of key takeaways:
Documentation, record keeping and following up are so important. All decisions, rationales, investigations or resolutions made should be appropriately documented which will ensure that any risk is assessed and addressed at a point in time.
Corporate compliance programmes are not only adequate on paper, but companies need to ensure that they are adequately resourced, functioning properly, tested and that they can actually identify, stop and mitigate the type of conduct that lead to criminal charges.
Escalate, escalate, escalate. Where there is a concern escalate this through the relevant pathways and discuss these issues in a risk and compliance setting with individuals from the business and the compliance functions.
Ensure there are appropriate measures in place to undergo “four eye” checks or reviews prior to opening or closing accounts, particularly high risk accounts, associated PEP accounts or accounts with any financial crime concerns.
With this milestone year for APAC in terms of regulatory enforcement action, there are critical lessons that all financial institutions should take away to prevent being subject to hefty fines and reputational damage in future. Whether this is by encouraging firms to go back to the basics, pausing to reflect on the importance of a financial crime framework, ensuring that compliance is everyone’s responsibility or maintaining a robust control framework that is adequately tested to ensure nothing slips through the cracks, these are fundamental activities that financial institutions should undertake to protect the financial system and any victims from the perpetrators of financial crime.
FINTRAIL in 2020
2020 was a challenging but exciting year for FINTRAIL in Asia. We further consolidated our presence in this region by working with a number of new clients on health checks, policy and procedure drafting, risk assessments and license preparation and application. We also continued to facilitate knowledge sharing within the FinTech community by taking our FFE meetings online. As demand for our services grew, we added to our team - we welcomed Sara in December who combines her industry experience working in financial crime operations for a range of financial institutions including private and investment banking and global payments services with expertise in agile project delivery. We have plenty in the pipeline for 2021 which promises to be our best year yet.
If you would like to contact us about any of the topics raised in this article, or about your financial crime compliance needs in the APAC region, please contact payal.patel@fintrail.co.uk or sara.abbasi@fintrail.co.uk
¹Fenergo AML, KYC and Sanctions Fines for Global Financial Institutions reach 5.6 billion mid year
²Westpac admits it broke law over customers' transactions allegedly linked to child exploitation
³Goldman Sachs to pay $3bn over 1MDB corruption scandal
⁴Westpac admits it has failed to fix culture that contributed to money-laundering scandal
⁵Westpac admits it has failed to fix culture that contributed to money-laundering scandal