Developing an effective AML and sanctions programme
July 2024 | ROUNDTABLE | GLOBAL TRADE
Financier Worldwide Magazine
July 2024 Issue
In the second half of 2024, governments across the globe continue to face a challenging landscape of shifting power dynamics. Exemplifying these challenges is the ongoing war in Ukraine – a conflict that has accelerated anti-money laundering regimes and related sanctions programmes. As the scale, complexity and criticality of such regimes and programmes escalates, so too does the need for effective enforcement efforts and criminal investigations by policymakers, regulators and courts.
FW: Could you outline some of the key developments in financial crime over the last 12-18 months? What major trends would you highlight?
Kadel Jr: The financial crime space has seen a great deal of attention from policymakers, regulators and the courts over the last 12 to 18 months. I will highlight two developments coming from the US Treasury’s Financial Crimes Enforcement Network (FinCEN). The first is FinCEN’s ‘February 13 Notice of Proposed Rulemaking’ to address illicit finance risks in the investment adviser industry and the second is FinCEN’s efforts to implement the Corporate Transparency Act (CTA). FinCEN’S proposed rule in February would require covered investment advisers to implement risk-based anti-money laundering (AML) and countering the financing of terrorism (CFT) programmes, report suspicious activity to FinCEN, and fulfil other recordkeeping and reporting requirements. Another significant priority for FinCEN is implementation of the CTA, which requires certain companies doing business in the US to report their beneficial ownership information to FinCEN. The CTA was enacted as part of the 2021 National Defense Authorization Act and required FinCEN to implement the beneficial ownership reporting regime. The requirements went into effect on 1 January 2024, but the CTA was challenged in US federal courts and, on 1 March 2024, the US District Court for the Northern District of Alabama held that the CTA was unconstitutional.
Wolf: There has a been a notable increase in the scale of sanctions evasion and the focus and scrutiny governments have placed on combatting them. This is particularly true considering the war in Ukraine, where Russia has been able to play the long game, conducting international trade with and through its allies, sympathisers and countries that remain neutral. This allows Russia to support its war effort with crucial funding, weapons and technology. Governments like the US have become more agile in their approach to combatting Russia’s war effort, as was the case with the release of executive order (EO) 14114. The EO subjects non-US financial institutions (FIs) that engage in certain activities involving Russia’s military to secondary sanctions risks while expanding certain restrictions on Russian goods import. It continues to place significant reliance, and raise expectations, on financial services firms to prevent, detect and report evasion activities.
Evangelista: Close international coordination with respect to the imposition and enforcement of sanctions – particularly sanctions targeting Russia – has been a key trend that is expected to continue for the foreseeable future. A few notable examples include the US Department of Justice’s (DOJ’s) Task Force KleptoCapture, which has been investigating and enforcing sanctions and export controls with significant cooperation from other jurisdictions, and the Russian Elites, Proxies and Oligarchs task force, through which the US, European Commission, France, Germany, Italy, the UK and Canada have also been collaborating to freeze and block assets of sanctioned individuals and companies. US regulatory and law enforcement agencies have demonstrated dramatically increased cooperation in compliance and alerts. The Treasury Department’s Office of Foreign Assets Control (OFAC) and FinCEN, the DOJ, and the US Department of Commerce’s Bureau of Industry and Security (BIS), which administers and enforces US export controls, have issued several ‘multi-seal’ compliance notices and alerts related to sanctions, AML and export controls over the last 12 to 18 months.
Munro: I would highlight two aspects of financial crime over the last 12 to 18 months that demand significant attention: the continued evolution of Russian sanctions risk and the industrialisation of fraud and so-called ‘pig-butchering’ romance scams. Russian sanctions and evasion continue to present extraordinary challenges in their scope, pace of change, complexity and criticality. The focus has shifted from direct Russian activity toward detecting the indirect risks of re-exportation of sensitive goods and access to financial services through transit countries and financial systems that have not imposed sanctions on Russia. There is increased focus on these circumvention routes including designating and sanctioning entities in these transit countries that continue to provide access to sensitive goods. In addition, in December 2023, the US authorised the use of so-called ‘secondary sanctions’ against non-US FIs that engage in material financial transactions that provide support to Russia’s military industrial base. The other key development of note is the increase in professional, industrialised, technology-enabled scam factories leading to a reported significant rise in victims of these frauds which rely on highly complex, professional money laundering operations.
Jones: First, there has been a heavy focus on US economic sanctions and export controls, both in terms of creating new restrictions and bringing civil and criminal enforcement actions. Second, FinCEN has been particularly active in releasing new regulations and proposed rules, including the CTA and proposed rules to regulate the investment adviser and real estate industries. Third, US agencies have been aggressive in seeking ‘first of its kind’ enforcement actions, such as FinCEN’s actions against a trust company – Kingdom Trust – or for violating its relatively recent gap rule against Bancrédito. Fourth, enforcement in the digital assets space remains a top priority for US enforcers. Lastly, a number of US agencies are increasingly bringing their resources and tools to bear in fighting top policy concerns such as fentanyl trafficking.
“A regular evaluation of risks, and adjustments to the compliance programme to address new risks, is important to a well-functioning programme.”
FW: Have there been any notable legal or regulatory changes in the anti-money laundering (AML) and sanctions field? What are the implications for companies?
Wolf: A notable element of the US Anti-Money Laundering Act of 2020 is the application of Bank Secrecy Act (BSA) and AML requirements to the ‘gatekeepers’ of the financial system, such as lawyers and accountants. Gatekeepers provide critical and legitimate services to customers, however there have been known occurrences where they have helped customers hide their illicit gains. If enacted, the impact to gatekeepers would be immense in terms of developing and executing an AML programme, including suspicious activity reporting, and for financial services firms which would need to review and gain comfort over the quality of their programme when they are customers. While the legislative process to address gatekeepers is far from becoming a reality, FinCEN recently introduced a rule for one of the gatekeepers – investment advisers. This development may indicate that the government will take a piecemeal approach rather than trying to tackle all the gatekeepers at once.
Evangelista: In April 2024, President Biden signed into law HR 815, which – in addition to providing foreign aid to Ukraine and other jurisdictions – includes several sanctions-related provisions targeting Russia, Iran, China and the US fentanyl crisis. Among other notable updates, the new law authorises the president to seize Russian sovereign assets that have been blocked by US FIs and transfer them to Ukraine for its reconstruction. Importantly, the law also extends the statute of limitations for civil and criminal violations of most sanctions programmess from five to 10 years. Regulators and law enforcement will have twice as long to investigate potential sanctions violations if they were not already barred at the time the new law was enacted. In an AML context, FinCEN has implemented or proposed several new regulatory mandates. On 1 January 2024, FinCEN’s regulations implementing the CTA became effective. The CTA requires entities created or registered to do business in the US to report certain information about beneficial owners and people with substantial control over the company to FinCEN for storage in a secure, centralised database that will be made available to law enforcement agencies.
Munro: One development with global implication to keep an eye on is the Financial Action Task Force’s (FATF’s) ongoing review and update of its recommendation 16, which focuses on information completeness and transparency in ‘wire transfers’. Given the significant changes in the way payments are made, the new technologies, the new participants in payment services, and even the forms in which assets and value are held, the FATF is considering revisions to this recommendation to adapt them to these changes in payment business models and messaging standards. This could have important and significant implications for clarifying who and where in the chain the transparency and compliance obligations rest. The FATF explains that these proposed revisions aim to help make cross-border payments faster, cheaper, more transparent and inclusive while remaining safe and secure. Public comments were recently gathered on the key proposals for revisions that include additional transparency requirements on exemption for purchase of goods and services using cards, improving the content and quality of basic originator and beneficiary information in payment messages, and obligations on beneficiary FIs to check alignment of beneficiary information in payment messages. Given the importance of transparency in combatting financial crime and the necessity of complete and accurate information for effective compliance, if these obligations are misplaced, the result risks either friction in the process that undermines the objective of becoming faster and cheaper, or it could create obstacles to the end to end completeness, transparency and accuracy in the collection and transfer of relevant data necessary to fight financial crime. How the FATF balances these issues is likely to have significant impact on compliance for the various ways value is transferred between parties.
Jones: One of the biggest AML developments is the CTA, which requires many businesses to file a form with FinCEN identifying the beneficial owners of a company. Unlike many AML laws which only apply to FIs, the CTA covers nearly all types of corporate entities. As the database becomes populated, a key consideration for FIs going forward will be to what extent to use the database – which is not independently verified – to help with know your customer (KYC) obligations and diligence. In the sanctions space, one of the most notable developments is EO 14114, which authorises OFAC to impose secondary sanctions on foreign FIs if they conduct or facilitate certain transactions, such as significant transactions or services with sanctioned or unsanctioned parties operating in certain sectors of the Russian economy, including technology, defence and aerospace. Notably, it is a strict liability standard and extends to non-US dollar transactions.
Kadel Jr: A major initiative at FinCEN is the ‘February 16 Notice of Proposed Rulemaking’ to require certain persons involved in real estate closings and settlements to submit reports and keep records on identified transfers of residential real property to specified legal entities and trusts on a nationwide basis. FinCEN has determined that, at a time when residential real estate is more expensive than ever, money launderers are exploiting the US housing market and buying homes anonymously to wash their illicitly gained funds. Thus, FinCEN’s proposed rulemaking aims to bring greater transparency to the residential real estate sector in a way that in its view would increase transparency and combat and deter money laundering in the US housing market. FinCEN has also made clear that it is considering next steps with regard to addressing the illicit finance risks associated with the US commercial real estate sector.
“One important focus of the technology strategy is directed toward removing friction in the AML and sanctions compliance processes created by the high volume of ‘false positives’ and ‘non-productive’ alerts.”
FW: To what extent have government authorities increased their enforcement efforts to target breaches of AML and sanctions rules? Do any recent cases demonstrate the current playing field for companies?
Evangelista: The DOJ and other US agencies are significantly expanding their data analytics capabilities and adding additional enforcement resources as they gear up for increased enforcement efforts. For example, in March 2023, the DOJ announced it would onboard more than 25 new prosecutors to investigate and prosecute potential evasion of US sanctions and export controls and other financial crimes. Among these new hires was the DOJ National Security Division’s first chief counsel for corporate enforcement in September 2023. The DOJ and the Treasury Department have also gone to great lengths to encourage individuals in the private sector to report potential violations of US law through new whistleblower programmes. The Treasury Department’s whistleblower programme contains broad protections and incentives for persons disclosing potential AML and sanctions-related violations, including between 10 and 30 percent of any monetary penalty collected by the government. On 15 April 2024, the DOJ implemented its own whistleblower programme that will offer non-prosecution agreements to executives and lower-level employees who provide original and actionable information falling within certain categories of corporate crime.
Munro: Enforcement is of course an essential part of any compliance regime. Particularly with respect to the many new and complex sanctions adopted in the last two years, we should expect increased regulatory focus on enforcement of those new requirements now that the regulated sectors have had time to assess and apply them. What will be important to watch in these enforcement actions is how clearly the enforcement authorities communicate the lessons for the wider community. It is not unusual for the regulated community to complain that the underlying factors triggering the enforcement and the reasoning applied by the enforcement authorities are unclear, incompletely communicated or ambiguous. In that dynamic, it becomes essential that engagement is quick and constructive to ensure the right lessons are clear and understood, and resources are directed effectively to enhance overall compliance.
Kadel Jr: In the US, sanctions enforcement by OFAC has proceeded relatively consistently with prior periods – with one notable exception. In settlement of an enforcement action dated 17 May 2023, OFAC applied penalties to both the corporation engaged in apparent sanctions violations, as well as a former senior company executive who was determined to have engaged in egregious conduct. This case clearly signals OFAC’s willingness, in the appropriate case, to hold individuals, not just the entities that they serve, responsible. FinCEN’s more recent enforcement and compliance-related work has been noticeably more active in recent periods. FinCEN has noted that a significant component of its efforts is a commitment to implementing, and realising the full potential of, FinCEN’s new Anti-Money Laundering and Sanctions Whistleblower Program. This programme has been credited as an enforcement force-multiplier that has generated information relating to some of the most pressing policy objectives of the US, from Iran- and Russia-related sanctions evasion to drug trafficking to cyber crimes and corruption.
Jones: US government authorities have been very aggressive in recent years enforcing AML and sanctions laws. For instance, in the AML space, the DOJ entered into a deferred prosecution agreement with MindGeek, the parent company of Pornhub, for violating US money laundering laws. The theory underpinning the resolution is that MindGeek purportedly had knowledge that one of its business partners was paying MindGeek with illicit proceeds derived from sex trafficking, and that this knowledge arose from news articles, civil complaints filed by third parties against the business partner, and a criminal indictment against that partner and its senior executives. In the sanctions space, OFAC has remained aggressive in finding jurisdiction over non-US companies when they do as little as, for instance, process a transaction in US dollars through a correspondent bank account, as in OFAC’s resolution with Swedbank Latvia AS. Further, the DOJ has become increasingly aggressive in prosecuting cases of sanctions evasion by sanctioned parties and their affiliates, such as lawyers and accountants.
Wolf: While the number of high-profile, large-value enforcement actions against banks has not been as great as in years past, enforcement does continue across the globe with a few notable trends both in and out of banking. First, virtual asset service providers (VASP) are clearly in the sights of regulators. Many jurisdictions have either passed, or are in the process of developing, legislation and a regulatory framework to supervise VASPs. US regulators treat VASPs as money service businesses, holding them responsible for violations of existing regulatory obligations. Such were the cases recently with Gemini, Genesis and Binance. Second, enforcement against smaller regional and community banks remains a constant and has only intensified since the crisis involving Silicon Valley Bank and Signature Bank. We expect the trends for VASPs and smaller banks to continue, levelling the playing field with large banks which continue to be a top focus for regulators.
“The DOJ and other US agencies are significantly expanding their data analytics capabilities and adding additional enforcement resources as they gear up for increased enforcement efforts.”
FW: What advice would you offer to companies on ensuring their operations, systems and business activities are in line with current regulatory requirements? What are the essential elements of a robust approach to AML and sanctions compliance?
Jones: The financial crimes compliance space in the US is constantly changing. It is important for companies to stay abreast of the latest requirements and regulator expectations in the space. This includes new laws and regulations, such as the CTA. But it should also include monitoring enforcement actions and statements from agency leaders about the expectations they have for corporate compliance. For instance, the DOJ has been very active in the past year releasing a number of new pronouncements regarding its expectations for corporate compliance and cooperation, including fleshing out the criteria that prosecutors should use when evaluating the effectiveness of a corporate compliance programme.
Wolf: Companies should thread the needle using the identify, assess, monitor, test and report approach. Identify the legal and regulatory obligations applicable to the firm and the policies, procedures and controls tied to those obligations. This initial ‘thread’ will help you to find and address any gaps in coverage. Assess the company’s inherent financial crime risk profile and thread that to the design and operational effectiveness of the controls in place to manage the inherent risk and to comply with the obligations. Monitor the risk levels and performance of the controls continuously, test the controls periodically, and report the results of these activities. Combine the outcomes from this threaded approach with the company’s stated risk appetite to determine whether the company is compliant, needs to reduce or can take on more risk in its business activities, and, ultimately, if it needs or wants to invest in people, process and technology.
Kadel Jr: Sanctions and trade laws are constantly changing, as are AML and CFT requirements. And the costs of making a mistake are continually increasing. So, a compliance programme absolutely must be dynamic and able to change in response to developments in the laws and regulatory expectations. Moreover, since compliance programmes work most effectively if they are risk-based, a regular evaluation of risks, and adjustments to the compliance programme to address new risks, is important to a well-functioning programme. The best companies will be able to balance proactive review and the need for efficiency in implementing changes with appropriate caution and deliberative process to ensure that personnel are able to keep up with changes and apply compliance policies, as revised, appropriately. Two particular areas merit specific attention. First, with the introduction of FinCEN’s new Anti-Money Laundering and Sanctions Whistleblower Program, any corporate entity would be wise to review its whistleblower programme and ensure that it is robust and effective. Second, it is critically important to ensure that appropriate resources are available to the compliance teams charged with administering compliance programmes, in order to meet regulatory expectations and to ensure that data can be received and processed quickly and effectively, and the integrity of data can be maintained.
Munro: Companies should understand and approach AML and sanctions as a core risk that must be managed as a fundamental part of the business strategy through a comprehensive risk management framework. It is more than the challenge of technical, operational compliance. The ability to satisfy the technical requirements of regulations is only one aspect of managing the risk effectively. Toward that end, the Wolfsberg Group published a paper setting out three core principles for an AML and sanctions programme that focus on effective outcomes in financial crime risk management. First, complying with financial crime laws and regulations. Second, establishing a reasonable and risk-based set of controls to mitigate the risks of a company’s products and services being used to facilitate illicit activity. And third, providing highly useful information to relevant government agencies in defined priority areas. Designing a programme across these three core principles helps build a strategic approach to the challenge that brings focus, and directs resources toward, fighting the underlying financial crime effectively that not only ensures technical compliance but addresses the shared purpose and objectives underlying the regulations.
Evangelista: One fundamental requirement of both AML or sanctions compliance programmes is that they are risk-based, meaning that they are tailored to address the specific risks posed by the organisation’s business activities. This fundamental requirement underscores the importance of performing periodic risk assessments to identify and quantify AML and sanctions risks and understand the effectiveness of existing internal controls. The BSA requires US FIs to implement and maintain AML compliance programmes that provide for, at minimum, the designation of an AML officer, a system of internal controls to ensure compliance with relevant laws and regulations, training for employees and independent testing. Specific requirements may vary depending on the type of FI. Non-FIs that implement AML compliance programmes as a best practice can model their compliance frameworks after what is required under the BSA. Although US law does not specifically require companies to maintain US sanctions compliance programmes in the way the BSA does with respect to AML compliance for FIs, implementing and maintaining a risk-based US sanctions programme is a baseline expectation, and US FIs are examined for sanctions compliance as a practical matter. OFAC has published guidance that outlines the ‘five pillars’ of an effective US sanctions compliance programme, which largely track the structural components of an AML programme.
FW: How are companies deploying technology to assist them with AML and sanctions compliance? In what specific areas is technology being applied?
Wolf: More financial services firms than ever are embracing artificial intelligence (AI) and machine learning (ML) technologies to improve their AML and sanctions programmes. Transaction monitoring and transaction filtering for sanctions have benefitted the most by moving beyond largely ineffective rules-based monitoring. AI and ML uses advanced computing power to collate vast amounts of data from internal and external sources to identify hidden relationships and patterns that older technologies and the most experienced investigators could not detect. Beyond effectiveness, AI and ML is providing operational benefits, such as eliminating the necessary, yet time consuming, need for investigators to obtain all the necessary foundational source information before they can even begin their investigation. AI and ML also aids at the tail-end of the investigation, by automating and summarising the results of the investigation into the narrative that gets included in a suspicious activity report.
Kadel Jr: There are many ways that technology might help strengthen and enhance an AML and sanctions compliance programme. For FIs, it is surely the case that technology already has been utilised to help enhance controls and compliance, especially for transaction screening and detection of payment evasion attempts, such as resubmissions of payments with slightly changed details. But as technology advances, even more applications and enhancements will be identified. I understand that various companies, especially in the financial sector, are exploring AI pilot programmes and determining how AI and ML can assist with compliance. Will it be possible for non-financial sector companies to utilise technology as effectively as financial sector companies? Perhaps certain applications will be able to help address supply chain issues, such as those presented by conflict minerals reporting and the Uyghur Forced Labor Prevention Act. It remains to be seen, but I think that the promise is there and it will be interesting to follow developments in this space over the course of 2024 and beyond.
Munro: One important focus of the technology strategy is directed toward removing friction in the AML and sanctions compliance processes created by the high volume of ‘false positives’ and ‘non-productive’ alerts. This is a well-known and significant challenge. Without such technology, analysts review the alerts and collect information necessary to determine that most of what they review actually presents no AML or sanctions risk. That is a misdirection of resource focused on evidencing and documenting why something is not a risk versus directing resources to mitigate actual risk that is passing through the organisation. Several technology-driven solutions have been developed using advances in data mining and application, entity resolution, ML and generative AI (GenAI) that are generating a lot of excitement. However, this comes with a different challenge: evidencing that these new approaches and technologies are producing an outcome that is better than what it is replacing. Where this conversation lacks a well-defined and shared understanding of what ‘better’ means in this context and how this is demonstrated, the implementation can face paralysis. It is not an easy question, but one that must have a shared understanding in order to move forward effectively.
Evangelista: Many digital tools have been developed in recent years to improve the efficiency of a variety of AML and sanctions compliance processes. AI, including GenAI, is the new hot-button technology, and stakeholders are exploring a number of ways to employ AI in the compliance setting, such as automating elements of transaction monitoring, customer due diligence and the preparation of suspicious activity reports that would otherwise require significant human intervention and thus be susceptible to human error. GenAI and other forms of ML are also capable of digesting and analysing large volumes of data with immense speed and accuracy to detect suspicious patterns of activity more effectively and more accurately to help reduce false positive alerts. AI has use cases beyond merely analysing data. It has the potential to produce new content, simulate scenarios and predict outcomes to improve the risk assessment process and streamline customer interactions. As with any novel technology, there are risks, and these are potentially magnified in the context of AI.
Jones: Companies are using technology in several ways for sanctions and AML compliance. For AML compliance, technology can play a critical role in helping FIs meet KYC obligations by helping confirm the identity of a customer and, if necessary, conducting further due diligence. Technology is also useful for FIs in satisfying transaction monitoring obligations, as software is critical to help identify potentially suspicious transactions. In the sanctions space, technology can be critical to help businesses automatically screen customers against ever evolving sanctions lists or to conduct geofencing to prevent persons from certain jurisdictions from accessing a platform.
“AI and ML uses advanced computing power to collate vast amounts of data from internal and external sources to identify hidden relationships and patterns.”
FW: How important is to continually assess and improve systems and controls to ensure they allow a company to meet its compliance obligations while pursing viable business opportunities?
Jones: It is very important for companies to continually assess and improve compliance controls. For example, FinCEN will frequently release alerts based on certain risk typologies that companies should be aware of. In recent months, the FinCEN alerts have included everything from fentanyl trafficking to the financing of Hamas to pig-butchering romance scams to environmental crimes. Further, it is important for companies to stay on top of the latest technology developments to try to stay one step ahead of ways that bad actors can try to skirt controls, such as using technology to create fake identification documents or using virtual private networks to obscure access from a restricted jurisdiction.
Munro: Continually assessing and improving systems and controls are essential aspects to an effective programme, because the threat and the typologies are continually evolving. It is also important to recognise that there is no perfect system and no control framework that will catch everything. An effective risk-based approach inherently requires allocating resources to the controls that produce the most impactful outcomes against the current threats and removing resources and stopping processes that have the least. But unless there is a shared agreement on how to measure, evidence and respond to relative impact, there is a tendency to think that continually assessing and improving systems means you just do more and more, adding new processes on top of old, because, of course, everything has some level of impact. The paradox is this produces overall worse outcomes as trying to operationalise multiple complex systems and processes tends to create more operational risk, less focus, more costs and overall worse quality. An effective risk-based approach requires continual assessment and improvement and an agreed path for nimble implementation through impactful allocation of resources.
Evangelista: Periodically reassessing the scope and effectiveness of sanctions and AML compliance programmes is critical, particularly given how quickly risks and regulatory landscapes are shifting globally. Compliance breakdowns tend to happen most frequently, and be the most damaging, where an organisation is launching a new product or service or entering a new geography and does not fully understand the unique risks and challenges presented by the new activity or geography. A risk assessment will help an organisation understand new risks and whether its programmes are adequately designed and resourced to address those risks. A risk assessment does not always need to be a top to bottom, enterprise-wide undertaking. Companies that are exploring new business opportunities should consider performing more targeted risk assessments to understand the risk presented by the new business or geography and whether their existing controls are capable of mitigating those risks.
Kadel Jr: Without a strong diligence effort, it is very hard to know risks that global business dealings present. At the same time, OFAC has been clear that a compliance programme should be risk-based, and even FinCEN recognises the importance of tailoring aspects of compliance programmes to the risks presented. It is not the case that a programme must be ‘one size fits all’ in all elements. But failure to perform an adequate assessment through diligence, and to back up that diligence through appropriate assurances from counterparties, increases the chances that a violation could occur. And, in the sanctions areas, because OFAC has emphasised that a sanctions compliance programme, including screening and due diligence, is an important factor in its evaluation of enforcement matters, a weak or non-existent programme will increase the chance that penalties, if a violation occurs, will be more robust.
Wolf: Achieving compliance and improving the customer experience are both highly important and do not have to conflict with each other. As important as it is to prevent and detect the bad actors, we should never forget the critical role financial services firms provide to people, society and the globally connected economy. While the primary purpose of upgrading controls is to improve effectiveness in risk detection and mitigation and to improve efficiency of operations, the customer experience must be considered as a benefit. For example, tapping into and analysing large amounts of external and internal data can reduce the number and frequency of unnecessary questions to customers for KYC purposes, such as onboarding, periodic review and event-driven review, and can speed up the time to release legitimate payments that were stopped in a transaction filtering systems for sanctions. The opportunities are there.
“A change in administration in 2024 could change some US government priorities in the financial crimes space, but much of the current focus on financial crime would likely remain.”
FW: What are your predictions for financial crime trends in the months and years ahead? Will companies need to keep this issue high on the agenda?
Munro: The consequences of financial crime are expanding across more victims. There is a direct connection between the evasion of sanctions and the capability of Russia to inflict harm in Ukraine. Fraud schemes are more sophisticated and are increasingly more devastating and reaching more and more victims. Professional money laundering as a service allows drugs like fentanyl to kill more people. Companies need to keep this high on their agendas not because consequences of insufficient regulatory compliance will remain costly, but because the consequences of failing to prioritise this work and the ineffective allocation of resource are simply too important.
Evangelista: Lisa Monaco, the deputy attorney general, has described sanctions as the new FCPA in terms of DOJ priorities. I expect that preventing the circumvention of Russia-related sanctions and export controls will remain a top priority. The transition from focusing on Russia sanctions implementation to Russia sanctions enforcement is coming, if it is not here already, and companies whose operations create potential exposure to Russia, Russian interests, or jurisdictions that have been identified by regulators like FinCEN and BIS as potential transshipment and evasion hubs, should continue to treat compliance as a top institutional priority. We expect the trends of international coordination and interagency cooperation in the implementation and enforcement of sanctions and export controls to continue, and all signs point to robust enforcement activity in the coming years.
Kadel Jr: The regular publication of coordinated interagency guidance really emphasises that the US government is looking at national security and foreign policy challenges through a whole of government lens, and helps to illustrate the continued convergence of sanctions, export controls and trade controls, as well as the need to think about compliance from a civil and criminal law perspective. The first two publications in this series were the Tri-Seal and Quint-Seal compliance notes. The Tri-Seal guidance note warned of efforts to evade Russia-related sanctions and export controls through third-party intermediaries and transshipment points, and was designed to aid the public in detecting common sanctions and export controls evasion schemes. The Quint-Seal guidance described practices that may indicate evasion of US sanctions and export control laws specifically in the transport of goods in maritime and other forms of transportation. Each note highlights increased interagency enforcement efforts, including regulatory actions, administrative enforcement actions and criminal investigations.
Wolf: New and improving technologies can and do enhance our lives. From medicine to space exploration and how we work, GenAI has the potential to impact society more than the internet did. When exploited, GenAI can create a whole host of new problems. I expect fraud related to near-perfect impersonation to skyrocket and to see more sophisticated and faster approaches to launder money and evade sanctions detection. Financial crime risk is arguably the highest type of risk affecting non-FIs because of the real impacts to individuals, society, the financial system and the broader economy. The proliferation of AI and its use for nefarious purposes dramatically increases an already complex problem. Companies must keep it high on their agendas because it is the right thing to do and because our governments expect it. Fortunately, we can use GenAI to combat this rise.
Jones: US agencies are likely to remain aggressive in the financial crime space in the months and years ahead. Ms Monaco has repeatedly stated that sanctions are the new FCPA, meaning that they will be a major focus for the DOJ. And in the AML space, FinCEN is likely to continue expanding the scope of businesses covered by the BSA, including by finalising rules regulating investment advisers and the real estate industry. Limitations on export controls are also likely to be a continued area of focus for the US government. As a result, companies will need to keep this issue high on their agenda, particularly given the high potential penalties. A change in administration in 2024 could change some US government priorities in the financial crimes space, but much of the current focus on financial crime would likely remain.
Chris Jones is a senior associate in the Los Angeles office of Gibson, Dunn & Crutcher. He is a member of the white-collar defence and investigations, litigation, anti-money laundering and national security groups. His practice focuses primarily on internal investigations and enforcement defence, regulatory and compliance counselling, and complex civil litigation. He can be contacted on +1 (213) 229 7786 or by email: crjones@gibsondunn.com.
Aaron Wolf is the head of financial crime compliance and deputy chief compliance officer at Mizuho. His 20-plus years of experience in financial crime compliance at large and complex global banks spans all major lines of business. He has successfully designed, implemented and executed effective and sustainable programmes to address current and emerging financial crime risk and challenges. He can be contacted on +1 (646) 949 9725 or by email: aaron.wolf@mizuhogroup.com.
Alessio Evangelista advises global financial institutions and multinational corporations on compliance and enforcement matters involving anti-money laundering, economic sanctions, export controls, anti-bribery and corruption, and other corporate crimes. His clients range from international banks and investment management companies to multinational technology companies and industrial firms. He can be contacted on +1 (202) 371 7170 or by email: alessio.evangelista@skadden.com.
Stevenson Munro is the global head of economic sanctions compliance, high risk clients and emerging threats at Standard Chartered Bank. He has over 20 years’ experience in all aspects of economic sanctions compliance both within the US Treasury Department and in multiple financial institutions where he has been responsible for setting the strategy, programme design and implementation of comprehensive sanctions and financial crime compliance programmes. He can be contacted on +1 (202) 255 5341 or by email: stevenson.munro@sc.com.
Eric Kadel is a partner at Sullivan & Cromwell LLP, where he serves as co-head of the firm’s national security, foreign investment and trade regulation and economic sanctions and financial crime practice groups. He is also a member of the firm’s cyber security, capital markets, corporate governance, financial services and investment management groups. He counsels and represents clients on a wide range of corporate, transactional and regulatory matters, with a focus on international and national security matters. He can be contacted on +1 (202) 956 7500 or by email: kadelej@sullcrom.com.
© Financier Worldwide
THE PANELLISTS
Gibson Dunn & Crutcher
Mizuho Group
Skadden, Arps, Slate, Meagher & Flom LLP and Affiliates
Standard Chartered Bank
Sullivan & Cromwell LLP