The latest Financial Crime scandal involving HSBC, Barclays, JP Morgan and Standard Chartered is just another example of how complex issues can be and how determined the criminals are.
What has been identified?
The latest allegations to reach our mainstream media is due to thousands of leaked Suspicious Activity Reports (SAR’s) from the US Treasury dating back to 2013/14. It is worth noting the banks and indeed the Financial Services Industry generally have made a raft of changes over the last few years and these failings may have been dealt with differently in the present day.
HSBC, the UK’s biggest bank allegedly moved millions of dollars through its global operations. This money is believed to be from the proceeds of crime, yet despite the regulator informing HSBC the monies were a direct result of an illegal Ponzi scheme, HBSC continued to do so even after the US Authorities had shut down the scheme.
HSBC subsequently argued they had met all of their legal obligations by filing a ‘SAR’. This calls into question the whole purpose and efficacy of SAR’s, millions of which are filed in any given year. It seems it is impossible for the appropriate authorities to review each of them. However, a bank which fails to provide a service to their customer when requested, particularly a service which is expected to be provided the same day, is faced with the possibility of alerting the criminals to the possibility that they are being monitored. This does not mean the banks should simply continue to facilitate Financial Crime in the interim period as they await formal feedback on the required next steps. The requirement to prevent the facilitation of Financial Crime is the first obligation not a fullback position.
Financial services companies have been known to argue that it is very difficult to identify the Ultimate Beneficial Owners (UBO’S) of companies. It is true that this is not always easy. The wealthiest criminals have the ability to set up chains of companies, trusts and other arrangements in most jurisdictions around the world, thus making it very difficult to identify the beneficiary of illicit funds. The leaked documents from the US Authorities highlighted this very problem in the case of JP Morgan who it is alleged may according to the recent releases, have helped move more than 1 Billion dollars for companies allegedly owned by Semion Mogilevich, a Russian national who is named on the FBI’s most wanted list. It appears that JP Morgan, did not know who the UBO was.
JP Morgan are not the only bank who have been identified in the leaked documents for potentially having insufficient onboarding monitoring processes and procedures. There seems to be a suggestion Barclays may also have allowed millions of pounds to flow through its bank, this time relating to Arkady Rotenberg, a Russian national sanctioned by both the US and EU due to his close ties with Mr Putin. It seems that Mr Rotenberg setup various companies to disguise his association, thus allowing him to purchase expensive Artwork despite being heavily targeted by sanctions.
Given the sums involved one could ask why more rigorous checks were not undertaken from the outset though it should be noted that many financial crime schemes start small and grow over time. If key information like the UBO is missing or is insufficient in detail a financial institution can refuse to open an account for the client, thus preventing their institution from being used to facilitate illicit funds.
What can be done?
So how can the banks and the wider Financial Services community prevent further Financial Crime? We start from within. The transparency and culture of an organisation must be set at the top, at Board Level, and filter through the organisation. There needs to be clear direction on risk appetite, on what business they want flowing through the organisation and most importantly the type of business they do not want to be involved in. The lure of making money from Financial Crime will always remain, it is how the institutions manage this risk which will set them apart from their peers.
The central controls must be there of course, but without ‘buy in’ from the board, without clear policies and procedures (including a ‘Whistleblowing’ Policy) and without appropriate punishment for those operating outside the rules, there will be an opportunity to seek new profitable avenues to boost short term profits.
The UK government has introduced legislation to combat money laundering and tax evasion in recent years. The Money Laundering Regulations were updated in 2017, the Criminal Finances Act was introduced that same year, the latter led to the emergence of Unexplained Wealth Orders. This is in addition to the Proceeds of Crime Act 2002 and the Bribery & Corruption Act 2010. It is evident to all stakeholders that Financial Crime causes a huge problem for the integrity of the financial system, it is a continuing battle with ever changing complexities.
The Financial Conduct Authority and Prudential Regulation Authority remain critical in the UK. The oversight and guidelines they provide will be a key metric for organisations to follow. There is likely to be rigorous oversight and appropriate penalties for those operating below the required standards.
The introduction of the Senior Managers Regime (SMCR) with its purpose being to improve accountability and governance throughout the organisation has been extended to the Insurance Industry. Under the SMCR an individual must be personally responsible within each company for Financial Crime controls. The hope is that senior management will engage with their respective teams to ensure their function has the resources and capability to perform its task, this includes working collaboratively to prevent Financial Crime.
A Financial Crime risk framework which is supported by clear policies and procedures is essential. The three lines of defence must be involved in the design and oversight of operation for those controls and management must ensure that the appropriate tools and resources needed to address and mitigate the risk of financial crime exist and are effective. It is more than a ‘tick box’ exercise, Financial Crime takes many forms and can be incredibly complex and therefore needs an appropriate framework to reflect this complexity.
The Legal Framework is there but in reality, it needs further enhancement. Of course, the bank, the insurer or the asset manager must take responsibility for their own actions. It is perhaps the time to rethink the use of SAR’s as a means of reporting suspicious transactions. A ‘SAR’ is not necessarily evidence of wrong-doing. it is purely highlighting the need for closer investigation. Many will go without review and many will not lead to penalties or convictions so after these recent issues it may be that the lawmakers and regulators consider it to be the time to bring in a different sanction to change behaviour.
The General Data Protection Act (GDPR) can lead to a maximum fine of 20 million euros or 4% of turnover for firms found to have infringed the law and breaches of competition law also bring penalties more aligned to the turnover of the breaching firm. A similarly targeted approach for failing to prevent financial crime may be favoured along with personal responsibility for those in management failing to prevent such crimes.
What can the Insurance industry learn from this?
The insurance industry operates very differently to other financial institutions however, this does not mean Insurance products are not susceptible to Financial Crime. Financial Crime can take many forms and can be incredibly complex. In the insurance industry the risk is largely covered under two overarching periods, when the policy is taken out and when a claim is payable.
We in the insurance industry would have all received a Sanctions or Anti Money Laundering Questionnaire from our banking partners asking us about our business, including details of shareholding and where in the world we do business. In my view this ‘tick box’ exercise may be sufficient for counterparts operating in a highly regulated sector, but it does not go far enough when dealing with your policyholders with complex organisational structures.
When an insurance policy is taken out there needs to be a particular focus on who you are doing business with. As part of the assessment of the risk, basic information including the name of the insured and their location will be obtained, but if there is any information omitted this information should be requested. It is not unreasonable to ask for information on the source of funds, remember Insurers and brokers are governed by the Proceeds of Crime Act 2002, we are all obliged to report suspicious activity, which can include suspected criminality used to pay the premium for an insurance product.
Where necessary there is a need to carry out enhanced due diligence on those considered higher risk of money laundering.to get to that point they must have first prepared a risk assessment which identifies the higher risk customers. Where this may involve corporate entities Insurers, brokers and MGAs must ask who owns the company they are offering insurance to and there must be some recognition of who is responsible within the chain for doing this. A request of this nature may be challenged, or it may be deemed too difficult or time consuming. If that happens the insurer or broker must consider whether they want to do business with a company where this information is so convoluted that the Ultimate Beneficial Owner cannot be identified, or the information is otherwise not being provided.
The alarm bells generally ring loudest when a request comes in to pay the premium in cash. This request is largely outlawed by the market, but criminals will still look to find alternative means to use the proceeds of crime to pay for cover. If the premium is coming from an entity or individual not covered under the policy, it should be questioned until a satisfactory response is given. If the policy is cancelled shortly after inception it is important to establish the reason for this. The process of returning the premium can mean the criminal is provided with monies from a legitimate source when the origin of the premium was anything but legitimate. Monies received by criminals in this manner is commonly referred to as ‘Integration/Extraction’.
Upon a claim, checks must be carried out to ensure the claim is legitimate and the proceeds being paid out by insurers are not finding their way into the hands of criminals? The Life insurance sector is particularly vulnerable to financial crime, with money launderers opting to buy an annuity product with illicit funds, in turn receiving regular cash payments from a recognised financial institution. Some criminals may turn their attention to expensive Artwork, I have already discussed the case of Mr Rotenberg who managed to obtain lucrative pieces despite being targeted by sanctions. A criminal may look to pay for coverage of their artwork through illicit funds, wait a few weeks or months and then make a claim under the policy. Claims monies paid in this way becoming ‘clean’ for other uses.
We all need feel confident to ask the question when something is unusual, we need the support from line managers and the board to question unusual activity. A firm can have the best policies and procedures to combat financial crime, but it is ultimately its people who play the most important role in preventing financial crime occurring within their organisation.
The insurance industry should be under no illusion of the size of the task needed in order to stay one step ahead of very organised and sophisticated criminals. This latest evidence of the extent and complexity of financial crime in our markets should act as a stark warning for all financial institutions, including those operating in the Insurance industry. We have seen the banks invest heavily in their financial crime frameworks and yet potentially still get it wrong. Insurers and brokers need to be prepared to up their game.
We will have to wait to see the outcome of the activities which have been exposed at the banks. With the increased focus and attention on the banking sector, this will be an opportunity for lessons learned, it may also lead to criminals seeking an alternative means to hide their proceeds of crime.
The Financial Action Task Force (FATF) is the governing body. Its aim is to combat money laundering and terrorist financing. The guidance from FATF highlights the ‘red flags’. There are also many firms which offer insights into UBOs. It is up to the organisation and its staff to know who they are doing business with and in many cases the information is available.
Financial crime will always be there, but the insurance industry should work together to protect its customers and the integrity of the market. This is a market wide issue, the Association of British Insures (ABI) estimates between 1-2 billion pounds a year is lost due to dishonest insurance claims. If we include the figure of undetected crime this figure will be much larger.
Is it time that the industry put together a body which worked together on this issue? There is certainly no doubt that if the difficulties of operating an organisation or Committee of such a nature could be solved it would significantly improve the protection of the industry and legitimate policyholders as well as create significant efficiencies.
Nicky Hasler
Senior Consultant
Implement Compliance Solutions & Resources
Computers4Schools
ICSR is supporting the Insurance Community initiative 'Computers4Schools'. Find out more about the way you and your organisation can support this by watching this video narrated by Huw Evans, Director General of the ABI.
