Statement of intent

However, bank robbers, embezzlers, fraudsters and tax dodgers – not to mention corrupt public servants and politicians – all need some way of making their money appear legal when its origin is otherwise.

Exactly how, then, does the process work in practice? In truth, it's a three-stage operation, encompassing placement, layering and integration. Placement involves putting the money into the global financial system, well away from where it was made in the first place.

Then comes layering. Pushing the money through multiple transactions, using a number of countries and a handful of shell companies – also known as 'brass plate' companies, bought off the shelf and with nominee directors standing in front of whoever really benefits.

Integration entails pulling the money back to a place and form in which the original crook(s) can spend it.

While money laundering has to start with a crime, much of the cash thought to be used by terrorists does indeed emanate from legitimate sources (although it must be said that drugs, kidnapping, bank robberies, extortion and similar crimes are also sources of funding).

There may not be the proverbial 'whiff of smoke' that would alert trained investigators to the problem. That makes the task of catching the perpetrators all the more difficult for law enforcement and financial institutions, many of whom are worried that they could run into a legal minefield if asked to extend their definition of what constitutes suspicious behaviour a little too far.

To date, there has been very little research on how financial institutions in the UK are managing the compliance requirements designed to detect and prevent money laundering. In one of the first projects to systematically consider the perspectives of financial institutions, we visited many practitioners and experts to elicit their views before distributing a structured, self-completion questionnaire to the financial firms which make up the Joint Money Laundering Steering Group (JMLSG) (see panel 'What is the Joint Money Laundering Steering Group?').

A daunting aspect of this project was the sheer complexity of all the major factors in this area. For instance, there's a parallel regime comprising two sources of formal 'rules and regulations' with which firms must comply, in addition to a semi-official interpretation by the JMLSG (referred to as its Guidance Notes).

The formal system comprises the 1993 Money Laundering 'Regulations' which provide the legal framework, but the financial regulator (now the Financial Services Authority) also issues rules which govern how institutions have to work. In essence, the 'rules and regulations' require firms to make sure that they have correctly identified every customer, and then to oversee what they need do to ensure that anything untoward is noticed.

As a Financial Times (FT) article noted in the wake of investigating terrorist funding after the September 11 outrages in America, this is no easy task...

"The ambition to thwart terrorism's backers seems so reasonable as to be unexceptionable, but it's fraught with unintended consequences and practical difficulties. The request to freeze assets linked to just 27 individuals and organisations produced some surprises. One small UK building society found 1,800 accounts that appeared to have a connection with names on the list. A large United States bank found it extremely hard to convince the Federal Reserve that it needed more than 24 hours to check all business accounts."

While carrying out such procedures, if financial firms spot something they consider may be suspicious then they're required to inform the police by way of a Suspicious Transaction Report to the National Criminal Intelligence Service (NCIS).

The study in detail
The questionnaire was distributed – in part by the British Bankers' Association – to just over 1,300 separate organisations. Replies were organised according to the type of business the institution conducted (mainly banks, building societies and insurance companies were surveyed) and response rates calculated against the JMLSG address list used to distribute the questionnaire. Other responses which were not from such organisations came from companies predominantly concerned with providing investment services (eg asset management, Investment and Securities houses and Independent Financial Authorities).

Several factors complicated the calculation of response rates, as most of the replies were anonymous and some were clearly submitted on behalf of a group of companies. In other cases, each member company of a group responded separately (or, as is more likely, some did and some didn't). Despite this complicated picture, the responses were very good. 62.5% of banks replied to the survey, 76.5% of building societies, 9.9% of insurance companies and 27.8% of investment firms.

It quickly emerged that most institutions welcomed regulation to tackle the problems of money laundering, and also saw that these procedures could prevent other types of financial crime (such as impersonation fraud). However, differences emerged between respondents about whether the burden of work required by the regulations was commensurate with the risk of money laundering. The majority of banks felt it was, but few building society, insurance company and investment body managers agreed.

Our findings are presented in three sections. First is 'client identification' (ie 'Know Your Customer', or 'KYC'). Second is the process of keeping an eye on account behaviour, more formally known as transaction monitoring. Finally, there's the reporting process where internal procedures (ie KYC and transaction monitoring) are evaluated by the Money Laundering Reporting Officer (MLRO), who then decides what's reported to the NCIS.

It readily became apparent to us that KYC is the source of much difficulty for institutions. Some firms believed that KYC offended customers, is overly expensive and generally interferes with the smooth running of business. The real crux of the problem, though, is the ease with which false identification can be produced (therefore undermining the whole point of carrying out checks in the first place). Only a small degree of sophistication is needed to secure a false identification, which wouldn't present any kind of obstacle to well-resourced money launderers.

The study also suggested that the majority of firms feel very vulnerable – whatever the 'rules and regulations' might say – to the tried and tested methods used by professional money launderers. A recurring problem is corrupt people in high places (such as dictators, political party leaders or even very senior officials who effectively steal their own country's assets).

Such people – referred to as 'politically exposed persons' – instruct their family, relatives and subordinates to place large sums of money in banks in their own name, although control really rests with themselves. Firms were not confident that they could detect approaches from the network of contacts such people might use for this purpose.

Another tried-and-tested method is to set up trusts – a valuable source of financial business. The nature of a trust is that one party manages the fund (The Trustees), but does so on behalf of someone else (The Beneficiary). The risk of abuse in terms of money laundering becomes particularly acute with trusts set up by businesses, which in themselves can be a front for money laundering. Cash-rich businesses spring to mind here, among them pubs, clubs, restaurants and taxi firms. The study found that firms feel the regulatory regime designed to guard against money laundering from these sources is simply unworkable.

While money laundering has to start with a crime, much of the cash thought to be used by terrorists does indeed emanate from legitimate sources (although it must be said that drugs, kidnapping, bank robberies, extortion and similar crimes are also sources

Indeed, one expert noted: "We want to work with the regulators to stop money laundering. We don't want our systems used for that purpose, even if it's profitable for us. The problem is that what the regulators want us to do is costly, burdensome and difficult, but even after we've met all the requirements there's still no guarantee we'll actually be able to stop people determined to launder funds."

What is suspicious activity?
Financial companies operate in a fast-moving and competitive environment. They develop an organisational structure needed to support their working methods, and they position themselves in such a way that they can increase sales and attract new business. Their structure and culture are not designed to pick over ongoing business unless clients vary from the standing arrangements (eg go into an overdraft, or default on a mortgage payment).

The purpose of monitoring transactions is to identify suspicious activity, but the problem is how to define what exactly is suspicious. The only option is for companies to identify unusual activity and scrutinise it for suspicious content (frequently in the absence of information needed to confirm suspicion).

Our study focused on the processes used to identify unusual activity, and specifically the use of software programs in that role. The modern financial environment makes use of computerised programs to conduct most routine activity (for example, many people use an ATM in preference to actually visiting a bank), while the demand for remote services via the telephone and the Internet promotes a reliance on IT.

We set out to discover the degree to which financial companies use software programs to conduct transaction monitoring. In the event, just under 50% of those firms surveyed use software for this purpose. A very small percentage use bespoke, 'tailored' software (which can be very expensive), but most use their own in-house IT system (often adapting this to monitor transactions).

Few respondents believed that software could reliably perform the job of monitoring transactions properly. Furthermore, such a negative assessment of software capabilities wasn't confined to respondents who don't use such software. It was a view shared by respondents who actually use software for that very purpose. The only difference between the two groups was that those without software thought it might be a more cost-effective way of monitoring transactions, whereas those with software felt it was every bit as expensive.

Those companies using a software-based approach send many more suspicious transaction reports to the NCIS than those that don't. However, readers should bear in mind that software tends (not surprisingly) to be used by larger companies (ie those employing more than 1,000 members of staff) which resulted in more serious transaction reports. Logic states that larger firms probably have more clients anyway, and thus handle more transactions.

What we really wanted to do was elicit an estimate of the effectiveness of a particular method of monitoring transactions in the process of detecting and preventing money laundering. We found that over 90% of respondents encountered unusual behaviour which wasn't suspicious, which then leads you on to another question. What becomes of the activity which firms report might be suspicious? To answer that particular conundrum, you'd need access to NCIS records of submitted serious transaction reports and their outcomes.

Submitting transaction reports
The study uncovered new ground in determining the processes used by Money Laundering Reporting Officers when evaluating internal reports for forwarding as serious transaction reports to the NCIS. First, we were able to show that firms use a variety of criteria to decide what constitutes unusual activity for further scrutiny, but there was a clear preference for assembling as much information as possible rather than shooting from the hip and disclosing on the basis of an individual issue (such as a transaction over a certain fixed sum).

Bearing in mind that submitting a serious transaction report involves releasing highly confidential client data, another valuable finding of the survey is that self-interest is a low priority for most firms. Respondents were presented with a sizeable list of self-interest reasons why they might not submit a disclosure, such as breaching client confidentiality, whether competitors disclosed differently or the risk to reputation (a major issue for institutions trusted with other people's money). Such reasons were strongly rejected as reasons for not submitting serious transaction reports.

We discovered that there was considerable disparity in evaluating internal reports of unusual activity, and in deciding whether or not to forward them as serious transaction reports. Almost four in every ten firms sent over 50% of their internal reports to the NCIS, while over three in ten passed on less than 20%. As many as 16.5% of responding firms didn't submit their internal reports at all.

This last finding highlights the efforts made in some firms to filter out unnecessary reports to the NCIS. In truth, the NCIS doesn't help itself in this regard because it publicly measures the performance of the financial sector by discussing the numbers of serious transaction reports received in bland terms of numbers (figures are either 'up' or 'down') rather than in any qualitative terms such as investigations launched, arrests made, cases prosecuted or convictions secured.

Comments made to us indicated that some Money Laundering Reporting Officers resented this approach because it fails to recognise the very considerable time, trouble and expense needed for private sector companies to take proper care of client data, and to avoid wasting investigators' time.

Out of 341 responses, only nine companies couldn't say how many serious transaction reports they submitted, while 37 firms gave their disclosure rate as less than one per year. Of the remainder, 145 companies (ie 42.5%) submitted between one and ten serious transaction reports in an average year, 27.8% (95) submitted 11 or more and 16.5% (55) submitted none.

Further analysis established that the numbers of serious transaction reports disclosed depended upon the size of firm (by number of employees) and type of business conducted. Generally speaking, banks and building societies sent more serious transaction reports than did investment or insurance companies.

As with the findings concerning the use of software to monitor transactions, sheer company size also probably governed the number of clients and therefore opportunities for suspicious activity to be encountered. Some other factors were common to companies which disclosed more serious transaction reports. These firms monitor money laundering compliance in the auditing process, conduct money laundering risk assessments and, during money laundering training, actually measure awareness and competence. Evaluating the effectiveness of this system proved to be beyond the scope of this project.

Financial Action Task Force
The Financial Action Task Force was established in 1989 to provide an international framework for concerted efforts to address money laundering (and specifically to tackle the problem of drugs).

In early 2001, the Task Force released a report entitled 'Anti-Money Laundering: Mutual Evaluation Procedures 1992-1999' which outlined the number of disclosures received in various countries (where the data was available) and gave a breakdown of the numbers of both prosecutions and convictions.

By piecing this information together with reports produced by the NCIS, it's possible to show that, in 1996, the NCIS received 16,125 serious trading reports and in the same year there were 13 convictions from 32 prosecutions. The figures for 1997 were 14,148 serious transaction reports, 76 prosecutions and 43 convictions. The following year, there were 14,129 reports, 52 prosecutions and 26 convictions. In 1999, there were 14,500 reports, 64 prosecutions and 12 convictions.

While it's clear that not every serious transaction report will be connected with crime, and it's entirely possible that a single case may give rise to more than one serious trading report (from separate firms), it's difficult to present such figures as evidence of a convincing system. During the period of time under consideration here, evidence suggests that for every worthwhile serious transaction report there are far too many others which cost time and money to prepare.