Investigation units at financial institutions – specialised in chasing dirty money
May 2021 | SPOTLIGHT | BANKING & FINANCE
Financier Worldwide Magazine
May 2021 Issue
The prevention of money laundering and terrorist financing is not limited to staying abreast of new regulations and updating internal guidelines. When questioning and optimising their own setups, financial institutions (FI) should consider both current legal requirements, as well as ever-changing external factors and new criminal patterns. Modified types of money laundering schemes, new virtual currencies or payment methods, data leakages and exploiting times of crisis such as the COVID-19 pandemic, are just a few recent examples of a rapidly changing world. Today, rigid, bureaucratic structures make it impossible to keep pace with malicious actors.
A scandal at a Nordic bank was uncovered in 2018, but the criminal transactions had been initiated back in 2007. It took more than 10 years to unravel this criminal scheme – and it was not even the FI which identified the pattern, but investigative journalists.
In an effort to bring an end to this vicious cycle and to stay one step ahead of criminals, FIs are starting to create their own investigation units staffed with individuals trained to perform ad hoc analyses and to implement adequate preventive and reactive measures at short notice.
Objectives of an anti-money laundering (AML) investigation unit
Regulators often criticise FIs for not dedicating sufficient human and financial resources to the prevention of financial crime. A fragmented and outdated IT landscape, a lack of adequate training tailored to specific needs or circumstances, client relationships based on trust rather than control and compliance as a second line of defence not being able to exercise its control function effectively, are just a few examples of the failings some FIs have demonstrated.
Accordingly, higher fines are imposed each year and the pressure on FIs to place a stronger focus on financial crime is increasing. An essential task for FIs to keep up with changing financial crime trends is to set up special AML investigation units in support of their compliance function to detect and prevent financial crime.
Not only do these units follow the latest financial crime trends designed to detect new fraud schemes not yet considered by their transaction monitoring systems, they also have an important consulting, reporting, coordinating and investigative function.
Employees working in these investigation units are trained experts in the field of anti-financial crime and forensics, with a solid understanding of human behaviour which allows them to detect suspicious individuals or account activities and to uncover evidence of misconduct. Where potential crimes are uncovered, the investigation unit takes appropriate measures, such as adjusting the client risk profile, enhancing due diligence and monitoring, conducting in-depth investigations, blocking bank accounts, terminating client relationship or filing suspicious activity reports (SARs) to the relevant authorities.
Best practices for setting up an AML investigation unit
Setting up an AML investigation unit can be time consuming and challenging. If done incorrectly, it could result in a costly and inefficient construct. However, with a structured approach, including appropriate staffing, it may create real added value without being expensive. Below are best practices which can help overcome initial difficulties and avoid common pitfalls.
Staffing and communication. AML investigations are complex, time consuming and require a very specific skillset. Practical experience has shown that AML investigations performed part-time only, or as an additional task to daily business, will not bring the desired results. Therefore, an efficient and focused setup requires employees solely focused on the investigation unit as their core competence. Regarding skill sets, the lead role should be assigned to an experienced employee with in-depth knowledge of AML regulations and the analytical nature of investigations. In addition, a forensic data analyst is mandatory as most investigations require a systematic extraction of client and transaction data from internal bank systems. These roles are the core functions of the investigation unit. They need to be supported by AML experts who analyse the data and initiate required follow-up activities. The number of analysts needed depends on the size of the FI and the planned investigations, however a team should consist of at least two full-time analysts.
Besides appropriate staffing, structured communication is key for a successful AML investigation unit. The more internal departments and legal entities involved, the more important communication will be. Firstly, senior leadership support for investigations is crucial to underline their importance and guarantee visibility for all employees. Secondly, a designated employee, ideally the leader of the investigation unit, should be the single point of contact for all stakeholders during the investigation. Finally, regular meetings should be organised to keep up with the pressure of time-critical investigations, ensure consistent knowledge transfer and address potential areas of improvement.
Investigation plan. After establishing an investigation unit, a structured procedure is required. To retain a better overview, it is recommended that companies draft an annual investigation plan with predefined focus areas, such as high-risk services, vulnerable business partners or current illicit schemes. This plan should serve as a general guideline for the upcoming year, without being considered a static document, as short-term adjustments in response to newly emerging trends might become necessary. The involvement of all stakeholders in the planning phase, such as different business units or legal entities, is recommended to allow for potential dependencies or challenges to be dissolved before commencing the investigation. Once the focus topics are set, the clear scope and procedure of each investigation need to be defined. This is an essential phase requiring a structured and reflective approach to find a good balance. A narrow scope might result in major issues going undetected while a broad scope may lead to an unfocused, high-level check without targeting the issue at its core. When drafting the investigation plan it is essential to consider the existing IT landscape and its technical feasibility: not all theoretical ideas can be realised from a technical point of view, or they might require extensive adjustment and manpower with costs exceeding the benefit.
Investigation process. Companies should implement and communicate common standards and a formal process for investigations to ensure efficiency and high-quality results. They should include general procedures and best practices, FAQs, roles and responsibilities, as well as escalation and reporting lines. In addition, specific requirements for each investigation must be determined and communicated, such as phases and steps in the investigation lifecycle, kick-off documents, methodology used, relevant deadlines, existing dependencies and background information. It is also essential to have a clear distribution of roles among departments or sub-legal entities involved, and to set standards for data storage and privacy, such as deletion rules, storage location and approval processes. Furthermore, the handling of results is the most important thing when it comes to ensuring and conserving the benefits of an investigation. This requires clearly defined reporting rules and follow-up requirements, such as consistent and structured reporting templates and adequate follow-up measures for all three lines of defence.
Current focus topics
Virtual currencies. The virtual currency market is currently on the rise, with an increase in transactions and online platform providers. Even though not all crypto-related transactions are connected to illicit activities, the internet as a legal vacuum allowing anonymous money to flow and the lack of coherent regulation, registration and control of platforms and users, pose specific risks to FIs. Practical experience has shown that prohibiting such transactions based on a general suspicion is neither required nor expedient. Instead, targeted investigations can significantly reduce the inherent risks by focusing on specific risk patterns. Parties should screen their own customer base for existing money service providers and analyse their connection to virtual currencies, to identify the individual risk and to decide on targeted measures. Client transactions should be analysed using keywords related to virtual currencies and subsequently investigated with a focus on the source and usage of funds.
COVID-19 pandemic. The COVID-19 pandemic led to changing client behaviour in the use of online services. Criminals are exploiting the upheaval generated by the crisis by adapting their tactics to this new COVID-19 reality. One common pattern favoured during the pandemic has been the misuse of state relief measures. A good starting point for FIs to uncover such schemes is to consider all client information available to them to identify, for example, individuals not targeted by specific measures, such as students, pensioners or unemployed persons. Another common scheme gaining ground is the abuse of individuals as so-called ‘money mules’ by criminal organisations. One possible way to detect this is by identifying accounts formerly used for low-value transactions as suddenly being utilised for high-volume transfers. Some criminal organisations not only exploit individuals but also companies in financial difficulty, taking control of these companies and misusing them as money laundering vehicles.
Conclusion
Establishing an investigation unit is advantageous for companies in many ways. It can, for example, serve as a centre of excellence responsible for detecting and analysing client or account activities potentially linked to financial crime. The success of an investigation unit depends on clarity around topics and objectives, the expertise and experience of employees, support from senior management, the availability of information and required tools, and the ability to work seamlessly across jurisdictions. All these factors will contribute to improving the effectiveness of overall AML compliance programmes established in FIs.
Martina Madleniger, Christina-Maria Pichler and Saskia Isabell Platte are managers at PwC. Ms Madleniger can be contacted on +43 699 1630 5013 or by email: martina.madleniger@pwc.com. Ms Pichler can be contacted on +43 1 501 88 1225 or by email: christina-maria.pichler@pwc.com. Ms Platte can be contacted on +49 151 1911 3414 or by email: saskia.isabell.platte@pwc.com.
© Financier Worldwide
BY
Martina Madleniger, Christina-Maria Pichler and Saskia Isabell Platte
PwC