A new European Central Bank (ECB) unit dedicated to the cross-border coordination of anti-money laundering (AML) is a sign of an increasing focus on AML at the European level. There will be no immediate impact on supervision, but banks should be aware that the growing harmonisation of AML efforts is only likely to heighten scrutiny of their defence mechanisms. Cutting corners on AML may save costs, but carries heavy long term risks.
The experience of recent incidents shows that anti-money laundering efforts can all too easily be weakened by lacking cross-border co-ordination. The last two years have therefore seen the launch of several major initiatives intended to strengthen the EU framework for AML and combating the financing of terrorism (CFT). Prominent examples include:
- The fifth Anti-Money Laundering Directive, which entered into force in July 2018 and is now awaiting transposition into national law;
- An ambitious AML action plan endorsed by Ecofin, to be implemented by the European Banking Authority (EBA), European Insurance and Occupational Pensions Authority (EIOPA), European Securities and Markets Authority (ESMA), ECB and national authorities; and
- The fifth Capital Requirements Directive (CRD V), which states that - together with national authorities - prudential supervisors have “an important role to play in identifying and disciplining [AML-related] weaknesses.”
But as Andrea Enria, Chair of the Supervisory Board of the ECB, commented in a recent speech, Directives alone are not enough to achieve effective cross-border co-operation; harmonisation is vital too. It is this thinking that underpinned the announcement of a new function within the ECB to co-ordinate AML activities within the single supervisory mechanism (SSM). The creation of this unit and its responsibilities were subsequently confirmed in the ECB's supervisory report of April 2019.
This represents a new departure for the ECB, which has no remit to enforce AML and CFT legislation. But it should not come as a surprise. First, it helps the ECB to address the requirements of CRD V. Moreover, it reflects the potential risks that AML failures pose to significant institutions (SIs), given that breaches of AML or CFT requirements can be symptoms of unsound governance or internal controls. And it builds on actions the ECB has already taken to strengthen its AML-related supervisory capabilities in response to high profile AML failures involving European banks.
The overall role of the new unit will be to facilitate the productive exchange of information between the ECB and national competent authorities, and to co-ordinate the work of joint supervisory teams (JSTs) on AML-related matters. More specifically, its three key functions will be:
- To provide a central point of contact for information sharing on AML and CFT issues relating to SIs, facilitating the direct exchange of information between the ECB in its role as prudential supervisor and national AML authorities.
- To promote the integration of AML considerations into prudential supervision, by setting up and chairing an AML network connecting the JSTs of banks that could be prone to AML vulnerabilities.
- To create a centre of expertise collecting data and expertise on AML and CFT as they relate to prudential supervision, helping to refine the ECB's position on AML and CFT.
The new unit's ability to perform these functions is reinforced by a recent information sharing agreement between the ECB and around 50 national authorities with AML or CFT responsibilities. This agreement provides a practical framework for the ECB to pass on information uncovered during its supervisory work, and for national authorities to share information that may be of prudential relevance. It should also help to eliminate any uncertainties over the respective responsibilities of the ECB and national authorities.
So far so good. But what are the implications for SSM banks, and SIs in particular? Though the ECB will remain uninvolved in AML and CFT enforcement, it has wide powers to address related areas of supervisory concern. AML-related factors could in theory affect the assessments of business models, governance and risk management that form part of the Supervisory Review and Evaluation Process (SREP), resulting in additional capital or liquidity requirements, or other supervisory measures such as withdrawal of banking license. The creation of the new unit is unlikely to have any direct effects on the technical aspects of banks' supervision and in reality, it might be more likely to see the ECB applying heightened scrutiny to banks where AML or CFT failures have occurred.
The ECB has also reminded banks they have the most important role to play when it comes to preventing money laundering and the finance of terrorism. Banks need to ensure that AML and CFT receive the proper attention from management. They may need to consider redefining their risk appetites, enhancing their governance frameworks or even rebalancing their business models. As Mr Enria has pointed out, effective AML requires a combination of elements. These include the tone from the top, the right culture, appropriate incentives, robust controls and internal checks and balances.
We therefore believe that banks should consider taking the following measures in order to mitigate AML and CFT related risks:
- Regular customer due diligence: Banks should periodically conduct due diligence on their customers and ensure that all KYC (Know Your Customer) documents are up to date. Enhanced KYC checks should be performed where needed, and banks must adhere to relevant regulatory and supervisory guidance.
- Adequate senior management engagement: Banks should ensure that AML/CFT issues are escalated to senior managers in a timely and effective way; and that AML/CFT policies are periodically reviewed and approved by senior management.
- Periodic training of employees: Banks should ensure that employees are adequately trained on AML/ CFT areas. For instance, banks should consider using case studies or historical incidents to train employees in order to increase employees' awareness and to prepare them to prudently handle AML/CFT related matters.
- Business process enhancement: Where possible, banks should aim to automate processes that could help in AML/CFT efforts. One example could be to automate the monitoring and evaluation of client transactions for suspicious activities.
- Collaboration among teams: One team or department alone cannot manage AML/CFT related risks. A collaborative effort is required, especially for a multinational bank, to mitigate AML/ CFT related risks. Various teams across the bank should work together and adopt measures to establish robust framework to combat AML/CFT.
In summary, banks should have these considerations in mind as they review their AML and CFT efforts. Ensuring that they not only meet their legal requirements, but also the growing focus of supervisors, may have a short term cost. But that would be far outweighed by the financial and reputational consequences that could follow from suspicion - or evidence - of AML failures.
Connect with us
- Find office locations kpmg.findOfficeLocations
- kpmg.emailUs
- Social media @ KPMG kpmg.socialMedia