Money laundering has been taken very seriously by many governments since the September 11 terrorist attacks on America and the numerous additional terrorist attacks, organized-crime crackdowns, and drug/human trafficking prosecutions throughout the world since then.
Financial services businesses are subject to extensive, and often obligatory, governmental oversight of their AML compliance programs. Many other industries — including gaming, leisure, real estate, vehicle sales, food/alcohol, and retail — perceived to be at high risk for money laundering are also subject to specific AML regulations. Even charities, universities, and international nonprofit organizations have been investigated in recent years for AML issues because criminals have become increasingly sophisticated in moving tainted funds through organizations of all types — often with the help of rogue employees or lax internal controls.
In the United States
The USA PATRIOT Act of 2001 (PATRIOT Act) expands the scope of the Bank Secrecy Act (BSA) and gives broad additional authority to a number of federal agencies to investigate and prosecute institutions and individuals suspected of money laundering activity.
- The U.S. Department of Justice (DOJ) is increasing their work with foreign and domestic agencies with both criminal and civil enforcement powers at federal and state levels to settle large and complex cases.
- Leveraging the use of deferred prosecution agreements, compliance monitors paid for by targets and shared resources from Office of the Comptroller of the Currency, the Federal Reserve, the Treasury Department (including the Financial Crimes Enforcement Network (FinCEN), and state agencies, DOJ has extracted numerous large penalty payments, including a US$1.9 billion settlement with a global bank in 2012; a combined recovery of over US$500 million in 2010 and 2014 AML enforcement actions against the same bank; a US$1.7 billion settlement in 2014 against a bank with lax AML controls that facilitated a Ponzi scheme; a staggering US$9 billion AML/sanctions penalty against a foreign bank in 2014; and a record US$586 million forfeiture arising from AML issues at a money services business in 2017.
- The Securities and Exchange Commission and the Financial Industry Regulatory Authority (FINRA) repeatedly have stated — and shown — that AML enforcement remains a top priority in their reviews of public companies, broker-dealers, and other regulated companies, with FINRA settling claims of inadequate AML controls with the investment arm of a major global bank for US$16.5 million in December 2016.
- While U.S. regulations require financial services businesses to generally report suspicious financial activity or currency transactions over a certain size to FinCEN, these regulations have been expanded to require — among other things — reports of cyberbreaches/attacks and enhanced customer due diligence and even for nonfinancial entities to report cash transactions or other information to FinCEN or the Internal Revenue Service, sometimes because of the mandates within detailed and often-changing geographic targeting orders.
- If a financial institution (broadly defined under the BSA to include entities like casinos, pawnbrokers, travel agencies, vehicle sellers, and real estate companies) fails to put in place procedures reasonably designed to ensure compliance with the BSA/PATRIOT Act, and law enforcement discovers the presence of money laundering, that institution could be charged criminally.
- The PATRIOT Act makes the smuggling of cash into or out of the United States or across state lines a federal crime. This provision could be a source of liability for financial institutions that accept cash or property as collateral for loans that could eventually be traced to “smuggled cash.”
In the United Kingdom
AML laws are essentially made up of the following three component parts (not taking into account the rules imposed by the UK Financial Conduct Authority in relation to regulated businesses and authorized persons):
- The Money Laundering Regulations 2007 and 2017 (the latter which came into force in June 2017 to transpose regulations contained within the European Union’s (EU’s) Fourth Money Laundering Directive) require the establishment of administrative procedures to be followed by those regulated by them relating to, among other things, risk assessments, customer identification (customer due diligence and enhanced due diligence), record keeping, internal controls, policies and procedures, training, and having a money laundering nominated office.
- The Proceeds of Crime Act 2002 (as amended by the Crime and Courts Act 2013 and Serious Crime Act 2015), which contains the principle money laundering offenses.
- The Terrorism Act 2000 (as amended by the Anti Terrorism Crime and Security Act 2001, the Terrorism Act 2006, and the Proceeds of Crime Act 2002 (Amendment) Regulations 2007), which contains money laundering offenses that apply in cases of knowledge or suspicion that an individual is involved in terrorism (as opposed to any other crime).
The UK Financial Conduct Authority has not been slow in imposing fines for noncompliance with AML procedures. Over the past few years, a number of prominent UK-based banks have been fined millions of pounds for money laundering violations for breaches of UK regulations and system and control failures.
AML laws are essentially made up of the following two component parts (not taking into account the obligations imposed by German tax laws to obtain and record data of client identity in case of a maintenance of accounts and the custody of valuables):
- The German Banking Act (Kreditwesengesetz, KWG) sets out specific requirements for a proper business organization to support the prevention of money laundering, financing of terrorist activities, and other criminal activities (including the ongoing development of strategies and measures against a misuse of new financial products and technologies); and
- The German Money Laundering Act (Geldwäschegesetz, GwG) sets out dedicated obligations and requirements to prevent money laundering activities, including requirements to identify counterparties and any economic beneficiaries prior to the establishment of a business relationship or the execution of a transaction and to report “suspicious transactions.”
The German implementing measures in relation to the EU’s Fourth Money Laundering Directive were enacted on June 26, 2017 and significantly increased the granularity of the regulatory framework. Further guidance in relation to this framework has been provided by the Financial Services Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht, BaFin) and the German Banking Industry (Die Deutsche Kreditwirtschaft, DK).
K&L Gates’ Comprehensive Approach
As a fully integrated global law firm with lawyers located across five continents, we are uniquely positioned to provide a comprehensive range of services to any company wishing to negotiate the regulatory maze created by money laundering legislation. Our diversified AML team stands prepared to help guide our clients through assessment and analysis of vulnerabilities, training on policies and money laundering-detection methods, revising and strengthening existing procedures, providing independent audits for internal purposes or use with regulators, and developing new methods of oversight and compliance assurance.
When financial services companies are faced with a compliance mandate or investigation (for even a possible consent order or a deferred prosecution agreement), our multi-office team brings lawyers from both industry-specific and procedure-specific groups together to provide comprehensive services under one roof. Our AML team has lawyers with experience in a variety of disciplines and skills. We have lawyers with technical degrees (e.g., accounting and computer science), advanced certifications (e.g., Certified Anti-Money-Laundering Specialist and Certified Fraud Examiner), multilingual fluency (e.g., Arabic, Chinese, and Spanish), and prior experience working for financial institutions or the government to conduct policy/control audits, enhanced customer due diligence, transactional or data analysis, witness interviews, and case assessment. This seasoned group analyzes a client’s unique needs, recommends efficient and reasonable solutions, and guides it through implementation — all with the respect for and protection of its (and its customers’) privacy that only an effective lawyer-client privilege relationship can offer. We also work with our Internal Investigations, White Collar, Anti-Corruption, Sanctions, and CFT (Combatting the Financing of Terrorism) colleagues to create synergies within clients’ existing policies/controls designed to address similar issues and to detect proceeds of crime before they enter the financial system or a client’s network for laundering by recognizing the underlying offenses at issue.
Leveraging our years of AML experience representing clients before prosecutors, civil investigators, and regulatory oversight bodies, our cross-practice team can assist with:
- Strategic risk assessments of present business practices (account handling practices, due diligence for new customers, and transaction trading and clearing processes) and information systems infrastructure;
- Structuring and performing internal investigations and being sensitive to employment law issues, as well as privacy regulations for both employees and customers;
- Responding to regulatory inquiries and enforcement actions thoroughly and effectively while maintaining the security of sensitive competitive information;
- Establishment, review, and documentation of compliance practices, including procedures, literature, programs, and training;
- Thorough analysis of the privacy, data protection, information security, and cybercrime prevention considerations inherent in reviewing customer accounts and reporting activity to governmental supervisory bodies; and
- Review and drafting of third-party vendor relationship agreements, as an enhanced technology infrastructure may be the best way to bring current practices into compliance with the requirements under the PATRIOT Act or the UK AML laws and regulations.
Each client faces a distinct set of challenges in complying with AML law. We anticipate that AML issues and the significant financial and reputational risks they pose will continue to be of major concern to all companies.