Bosnia-Herzegovina, Ethiopia, Guyana, Laos, Sri Lanka and Tunisia have been taken off the European Union's list of 'high-risk third countries with strategic deficiencies in their regime regarding anti-money laundering.' Even more, however, have been placed onto it. Meanwhile, plans are afoot for further AML centralisation.
The 12 states that today have been 'listed,' as the EU puts it, are the Bahamas, Barbados, Botswana, Cambodia, Ghana, Jamaica, Mauritius, Mongolia, Myanmar, Nicaragua, Panama and Zimbabwe. The new list is now more similar to the lists (both blacklists and 'grey lists') published by the Financial Action Task Force, the world's anti-money-laundering (AML) standard-setter.
The list of highly risky countries - or so the EU believes them to be - is now 20-strong. It consists of Afghanistan, the Bahamas, Barbados, Botswana, Burma/Myanmar, Cambodia, Ghana, Iraq, Jamaica, Mauritius, Mongolia, Nicaragua, Pakistan, Panama, Syria, Trinidad and Tobago, Uganda, Vanuatu, Yemen and Zimbabwe.
The list came from the European Commission, the nearest thing that the governmental club has to an executive branch. It changed the list by means of a so-called delegated regulation and will now submit it to the other organs of the EU for approval within one month (with a possible one-month extension). Because the Coronavirus is holding up business all over Europe, and especially in Spain and Italy where it is raging the hardest, the effective date of today's regulation is quite far in the future, on 1st October.
The six pillars of questionable wisdom
For the longer term, the commission is planning to revolutionise the EU's AML strategy with its favourite remedy for all ills - centralisation. It has come up with an action plan that consists of six sub-strategies - or, as it bizarrely calls them, 'pillars.' These are as follows.
National rules to be changed to be "in line with the highest possible standards." This is an ambiguous phrase that will no doubt become clearer with time. As part of this sub-strategy, or at least in parallel with it, the commission is encouraging the European Banking Authority (EBA, which has moved from London to Paris) to make full use of its new powers to tackle money laundering and terrorist finance.
A single EU rulebook. The commission, quite against the evidence, believes the EU's AML rules to be 'effective.' It thinks, however, that it could make them even more effective by stamping out the differences in interpretation that EU countries place on them. Its solution is - to nobody's surprise - "a more harmonised set of rules" in the first quarter of next year. "Harmonisation" is an EU term for standardisation between countries. The EU has published six Money Laundering Directives already in the past 30 years, with no sign of the rate slowing down. This will be the seventh.
Centralised supervision. It is currently up to each EU country to subject its reporting institutions to the EU's AML laws and this is not good enough. In the first quarter of 2021, the commission will propose the setting-up of a central supervisor, presumably under its control. This will make a refreshing change from the 24 regulators that the UK has in the AML field.
Some kind of central organisation to crack the whip over the EU's national financial intelligence units (FIUs). Also in the first quarter of 2021, the commission will propose to establish an EU mechanism to "help further co-ordinate and support the work of these bodies."
Guidelines for public-private partnerships by which various state and private institutions share data.
A stepping-up of diplomacy. The EU talks to the FATF already but wants to step up its efforts to become "a single global actor in this area," an ambiguous phrase that suggests that it wants to deprive the nations that it encompasses from being members of the FATF and to be the only EU member by itself. It does not say whether this is the case or not. Whatever shape this proposal might take, Brussels is definitely determined to treat non-EU countries - or at least ones that are not powerful - more harshly.
The commission has, moreover, issued a "new methodology for the identification of high-risk third countries." A "third country" is its rather confusing name for a non-EU country.
More business for the right kind of vendor...
Some AML software vendors are rubbing their hands at the prospect of more onerous regulation. David Shrier, a director at Oxford Cyber Futures, told Compliance Matters: "I’m hopeful that the new EU financial regulatory body will take a nuanced approach that incorporates awareness of and sophistication around cyber-crime, digital identity and the intersection with the financial systems.
"Earlier this week we saw both US and UK officials warn of a new sustained wave of cyberattacks, as the disruption caused by the coronavirus pandemic creates a perfect storm for cyber criminals. They will be seeking to launder their ill-gotten gains through the financial systems, including both traditional banks and newer cryptocurrencies such as bitcoin. For example, some malware attacks require payment using cryptocurrencies to create difficult-to-trace crime.
"Almost all banks use AML systems from one of two vendors, which each have high false positive rates and low true positive rates in identifying bad actors. The error rates can exceed 95%, according to an executive at one of these vendors that we spoke to.
"One major European bank we know has more than 4,000 people employed manually correcting these errors, and other major banks have similar efforts in place, contributing to the estimated $270 billion annual cost of AML/KYC compliance.
"Better digital identity systems incorporating next-generation biometrics could significantly improve performance, taking the error rate below 1%, and thereby improve compliance. We hope that digital identity is a priority area for the new EU body, since it’s a natural fit for multilateral action incorporating both banks and governments."
...but less business for the small countries
Others, however, share this publication's disapproval of the EU's approach to blacklisting powerless countries while leaving the real money-laundering centres - and powerful countries in general - off its list and off the hook. Charles Delingpole, the CEO and founder of ComplyAdvantage in New York, told Compliance Matters: "Given the EU’s relationship with Saudi Arabia and the US, it’s no surprise their interests are being given due consideration. The EU has already antagonised the US with its decision to press on with Instex [the Instrument in Support of Trade Exchanges, which helps European trade with Iran] after the US decision to withdraw from the JCPOA [the so-called "Iran nuclear deal" on which the USA has reneged] - adding to that, blacklisting US territories would just be pouring petrol on a fire. And with EU nations having moved away from dependency on Russian oil, it makes sense that they would want to maintain a stable relationship with Saud Arabia.
"Money laundering, corruption and loopholes are inherently political activities. Supranational bodies like the EU need to take into account the needs of the members before they make any rash decisions. Cracking down on financial crime is important to the EU but not at the cost of souring much-needed political relationships.
"The EU has simply adopted the FATF recommendation list of blacklisted countries and ignored those [countries that] it had to [blacklist]. While it’s politically expedient to keep certain countries off blacklists, the behaviour is never whitelisted. What’s needed is to make sure that the activity in those countries and territories is noted and flagged for investigation. Further, strong controls should be adopted by all financial institutions to capture the illicit money that is moved through those areas and render the political leeway granted meaningless. That’s the only way to accommodate political needs while clamping down on financial crime."