A recent further report of the immense amounts of illegal wealth being laundered through European banks, including Deutsche Bank, will have sent shock waves through the compliance community, as Emily Benson explains.

The fight against money laundering has been a key focus of regulators and the regulated community for many years, yet further schemes involving risky jurisdictions, opaque structures and shell companies, Russian oligarchs and billions of dollars continue to come to light, seemingly hidden in plain sight.

This month, The Guardian reported on an ongoing investigation into Deutsche Bank regarding its involvement in the ‘Russian Laundromat’ scheme, involving UK companies owned by offshore entities laundering billions of dollars using Moldovian courts through Latvian correspondent banks.

The facts surrounding the Deutsche Bank investigation

The facts reported to the Bank’s Audit Committee by the two investigators appointed to conduct an internal investigation seem a textbook case of money laundering: shell companies, secret shareholders, opaque structures entering into complex transactions through correspondent banks in high-risk jurisdictions. That the matter came to the Bank’s attention not through the Bank’s internal systems but via a report from the OCCRP (Organised Crime and Corruption Reporting Project – an association of investigative journalist that mounts collaborative cross-border investigations) should raise alarm bells with Money Laundering Reporting Officers (MLROs) everywhere.

That a Bank of Deutsche’s standing, recipient of the FCA’s highest-ever fine for failings in its money laundering systems and controls just two years ago, that presumably had undergone a rigorous overhaul of those systems, should get caught out again in this way must make any MLRO ask themselves if they are doing enough.

The facts involved seem straightforward (with the benefit of an internal investigation) and these schemes seem to be well known. The OCCRP website identifies the Troika Laundromat, the Russian Laundromat, the Proxy Platform and the Azerbaijani Laundromat, to name a few.

Although the full facts about how these criminals avoided Deutsch’s controls will not be known for some time, that this has happened again in this Bank will surely trigger law enforcement investigations both here and in the US. It seems very likely that the FCA will be considering investigating with a view to disciplinary action, although there is also a significant risk of a prosecution either for colluding with criminal activity (and there is no evidence of this at present) or for failings under the anti-money laundering regulations. These also carry a criminal sanction, although this is not widely appreciated as there has to date never been a prosecution under this legislation. This is something that FCA Enforcement are sure to want to change.

What steps should MLROs take?

In relation to suspected criminal activity, the obligations on firms under the regulations are pretty clear. Firstly, have a credible system in place for detecting the red flags for this type of activity. The presentation published by The Guardian gives some helpful pointers on Deutsche’s approach here.

Firms rely on both human wit and screening systems to detect these red flags and so it is essential to ensure that both are working to their best effect. Keeping training up to date and communicating emerging threats is essential, by for example regular circulation of new scams such as these laundromats. Likewise, transaction monitoring systems need to be maintained and kept up to date with the latest risks.

Jurisdiction risk is never static and therefore ensuring that the firm’s risk assessment approach is always up to date is essential. While a risk-based approach to any testing or verification activity is appropriate, unless the approach to risk is revisited in the light of changes, that approach can give a false sense of security – as evidenced by the many leading banks that have found themselves in this type of difficulty.

Where risk is identified, robust and difficult business decision will be needed: to exit either relationships (with clients or with other banks), business sectors or jurisdictions. There can be push-back from business partners, but the potential costs to the organisation in terms of regulatory action, reputational damage, market risk and loss of clients need to be at the forefront of the discussion.

It is also the firm’s legal obligation to investigate any suspicious activity and to consider whether a suspicious activity report should be filed with the National Crime Agency and the funds frozen. Where this is not done, it is critical that the reasons for the decision be fully recorded.

If any of the outcomes of these steps is unexpected, it may indicate that a full review of policies and procedures is merited to ensure that they fully meet current legal and regulatory requirements.

This area has seen an overhaul of the legislation with the implementation of the Fourth Money Laundering Directive in The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, which introduced standards across both customer-facing policies and procedures and in firms’ internal processes. These came into force on 26 June 2017 and the regulator will therefore have little sympathy for any firm that has not implemented them.

Proactive visiting of firms to evaluate their financial crime procedures is currently part of the FCA’s supervisory approach, so a visit from the regulator may well be on the cards.

If you require any help or advice with your financial crime procedures, or with the issues raised in this article, please contact Emily Benson.

This article is for general information purposes only and does not constitute legal or professional advice. It should not be used as a substitute for legal advice relating to your particular circumstances. Please note that the law may have changed since the date of this article.