Nine years after the 9/11 attacks in the United States, confidential diplomatic communications leaked by WikiLeaks reveal millions of dollars still flowing to terrorists for plans to attack and kill innocent civilians worldwide. How can organisations ensure that they are compliant in the prevention of terrorist financing?
On 28 November 2010, WikiLeaks began releasing thousands of confidential US State department diplomatic cables. The contents of the cables describe international affairs from 274 embassies dated from 1966-2010. They contain diplomatic analysis of world leaders, an assessment of host countries and a discussion about international and domestic issues including terrorism.
The arrest of several suspects allegedly involved in terrorist financing activities by Brazilian authorities, an Iranian plot to launder US$5 to $10 billion in cash through the Emirates’ banks and fears that terrorists may be able to access the money and materials to build weapons of mass destruction (WMD) are only some of the terrorist schemes exposed by WikiLeaks. How can an organisation ensure that they are detecting terrorist financing activities and protect their reputation and organisation from litigation, substantial fines and a wave of ongoing negative media exposure?
What is terrorist financing?
Terrorist organisations require funding to establish terrorist networks and execute their attacks. One source of terrorist financing is criminal activity which is why countering the financing of terrorism (CFT) is often associated with anti-money laundering (AML). Terrorists use the same techniques as money launderers to evade the attention of authorities and to protect the identity of their sponsors. Unlike money launderers, terrorists also use legitimate sources of funding such as charities and donations. To move their funds, terrorists use formal banking systems and informal value-transfer systems such as hawalas and hundis.
Hawalas and hundis are unregulated networks of money lenders who provide funds largely based on trust. Transactions are often handled verbally leaving no or minimal paper trails. They are used worldwide but are predominately found in the Middle East, North Africa and South Asia. Terrorist financial transactions tend to be smaller than those used in money laundering which makes detection challenging. When terrorists raise funds from legitimate sources, the tracking of these funds becomes even more difficult.
The 1999 United Nations International Convention for the Suppression of the Financing of Terrorism (Terrorist Financing Convention) is a multilateral treaty open to the ratification of all states designed to criminalise those who finance terrorist activities and to promote police and judicial cooperation to prevent, investigate and punish financing those acts. The treaty defines the crime of terrorist financing as the offence committed by “any person” who “by any means, directly or indirectly, unlawfully and willfully, provides or collects funds with the intention that they should be used or in the knowledge that they are to be used, in full or in part, in order to carry out” an act “intended to cause death or serious bodily injury to a civilian, or to any other person not taking an active part in the hostilities in a situation of armed conflict, when the purpose of such act, by its nature or context, is to intimidate a population, or to compel a government or an international organisation to do or to abstain from doing any act.”
Counter-terrorism refers to offensive strategies intended to prevent a person or entity, from successfully using the tactic of terrorism. The US military definition, compatible with the definitions used by NATO and many other militaries, is “operations that include the offensive measures taken to prevent, deter, pre-empt, and respond to terrorism”. Counter-terrorism financing can then be described, as a set of techniques that deny a person or organisation the ability to collect or use funding for terrorist acts. Terrorists need money to commit acts of violence. To combat terrorists, organisations must cut off access to their funds.
What regulations combat the financing of terrorism?
Terrorists leverage global financial networks to collect and distribute funding. This necessitates a worldwide, multilateral approach to prevent terrorists from raising, moving and using funds. Since the terrorist attacks in the US on 11 September 2001, the international community has accelerated its efforts in the fight against terrorism by adopting new or amending existing AML/CTF regulations. These regulations require increased compliance due diligence for many organisations including banks, financial and non-financial service providers. Four key regulatory drivers include the United Nations Security Council (UNSC) Resolution 1373, the Financial Action Task Force (FATF), The EU Third Money Laundering Directive (3MLD) and US Executive order 13224 (2001).
On 28 September 2001, the UN Security Council unanimously adopted UNSC Resolution 1373. The Resolution calls on nations to “work together urgently” to prevent terrorist acts and to adopt measures that prevent terrorist financed activities. The UN maintains a list of groups and individuals for which all UN members are obliged to freeze their assets and funds. The FATF was established by the G7 to develop international measures to prevent money laundering. While not a legislative body, leading intergovernmental institutions, including the G20, UN, the World Bank and the IMF, have accepted FATF as the prime authority for setting AML/CFT standards. In 1990, it released 40 recommendations related to AML followed in 2001 by 9 special recommendations on CFT. These 40+9 recommendations have helped establish common AML/CFT policies and practices worldwide.
Over 30 countries are members of FATF including the US, UK, Canada and the Cayman Islands. The FATF evaluates members’ AML/CFT capabilities periodically. In fact, in 2007, the third-round evaluation of the Cayman Islands, the Caribbean Financial Action Task Force (CFATF) noted a “strong compliance culture” in the Cayman Islands’ financial services sector with regard to the jurisdiction’s AML/CFT regimes. The EU 3MLD built on the AML focus of the first and second MLDs and expanded to include legislation related to CFT including incorporating the FATF recommendations.
The US Executive Order 13224 (2001) enables the disruption of terrorist support networks by authorising the US government to block the assets of terrorism related foreign individuals and entities. The US Treasury’s Office of Foreign Assets Control (OFAC) executes the Order through its Anti-Terrorism Sanctions Programme. OFAC’s Sanctions have become increasingly important in recent years due to their extraterritorial scope by which a great number of national and international financial service organisations can be potentially held liable. Violating OFAC sanctions not only damages an institution’s reputation but may also result in substantial fines and criminal action.
The level of regulation is only expected to increase. In a November 2010 press release, the European Union (EU) Commission announced its intent to develop an EU approach for freezing the assets of suspected terrorist individuals and groups active inside the EU and for the extraction and analysis of financial messaging data. It is expected that in 2011 the Commission will also propose legislation to strengthen the EU legal framework on confiscation. This is expected to only increase regulatory and reporting requirements for organisations.
Who needs to comply?
Anti-money laundering and combating terrorist financing legislation is far reaching and impacts organisations independent of size. Broadly speaking, small, medium and large firms that receive, release or manage funds in some way are affected. This includes banks, brokers, casinos, futures dealers, investment advising services, issuers of securities, life insurers, moneychangers, trust and loan companies. In addition to these financial services firms, legislation may also impact non-financial businesses and professionals such as accountants, lawyers, real estate agents and jewellers. This group is expected to come under more regulatory pressure in the future.
As the growth of businesses to which AML/CFT compliance applies, the cost of non-compliance also increases significantly. Regulators have taken strong action against firms violating AML/CFT regulations. These firms face the direct costs of fines and litigation but also the indirect costs and consequences of adverse publicity and reputational damage. A recent International Monetary Fund (IMF) report cites several prominent cases involving large/multinational banks from the US and Europe such as Riggs Bank, Citigroup and Abbey National. Riggs Bank was fined US$25 million in 2004 by the US Office of the Comptroller of the Currency.
The charges included AML/CFT concerns involving accounts of foreign governments and politically exposed persons. Citigroup was ordered in 2004 by the Japan Financial Services Agency to close its private unit in Japan due in part to improper client screening and failing to prevent suspected AML activity. In 2003, the UK Financial Services Authority fined Abbey National £2.3 million for AML/CFT more recently UBS were fined US$780 Million and Credit Suisse US$536 million these compliance failures included failure to promptly submit suspicious activity reports to the National Criminal Intelligence Service.
What do firms need to do to be compliant?
The demands of AML/CFT regulations, the complexity of translating high level global guidelines into executable local procedures and the costs of implementation contribute to the challenge of implementing AML/CFT programs. Three elements should be considered in designing these programmes. They are the strategy, the systems and the staff required to ensure financial compliance. The approach used, and scope of each element depends on the size and risk exposure of the organisation.
- Strategy – Organisations should develop policies, practices and procedures and the supporting infrastructure to ensure compliance with AML/CFT legislation. The first step towards achieving compliance is to understand how the AML/CFT legislation and regulations affect your organisation including what will be required and your level of risk exposure. Several countries have developed their own AML/CFT legislation. As outlined above, many countries have aligned themselves with FATF. The FATF 40+9 recommendations provide a core set of international best practices that would benefit the risk mitigation efforts of any organisation.
- Systems – Organisations should implement reliable and robust systems for monitoring financial activities for AML/CFT compliance. As part of its AML/CFT supporting infrastructure, organisations should consider IT systems that enable them to detect AML/CFT activity. This includes screening new clients and business partners, and monitoring their ongoing financial transactions.
- Criteria to consider when selecting IT systems include the timeliness, comprehensiveness and automation of compliance related data. An organisation should ensure that data is automatically captured and intelligently sorted thus eliminating the possibility of human data entry errors, that the latest watch lists and sanctions data are included and continuously updated and that false positives are significantly reduced when executing queries. Workflow and reporting capabilities are also critical in ensuring the efficiency of business processes while also ensuring that compliance audit requirements are met.
- Staff – Organisations must ensure that staff are appropriately trained to detect and mitigate money laundering and terrorist financing activity. No strategy or system is effective without knowledgeable and diligent staff. Organisations need to identify and address the level of compliance resourcing required for the size and sector of their organisations. A corporate executive with the credibility and capability to lead the financial compliance programme should be identified. Organisations should tailor the training to ensure it is appropriate for the different roles of staff members.
- Training should also be tracked and its effectiveness validated through testing and audit programmes. Training and its effectiveness is becoming more and more important for regulators. A report this year from the FATF questioned the efficacy of India’s banking sector. Though India has AML/CFT legislation in place and senior staff appear to support it, implementation and adoption of compliance programmes at front line tellers is weak. This weakness has contributed to hundreds of millions of dollars in AML/CFT activity in India annually.
The challenges that financial services organisations face continue to grow due to changes in the global marketplace, increased product complexity and greater participation with emerging markets. These challenges will result in more risks related to money laundering and terrorist financing that businesses around the world will need to curtail. Choosing the right strategies, systems and staff programmes now is critical in combating the terrorist activities.