Privacy fears slow spread of UK-style data-sharing to combat money laundering

COPYING AND DISTRIBUTING ARE PROHIBITED WITHOUT PERMISSION OF THE PUBLISHER: SContreras@Euromoney.com

By:
Dominic O’Neill
Published on:

Legal hurdles await race for European equivalents to UK AML partnership between banks and police.

cyber-security-hack-lock-tech-780.jpg


European banks are ramping up spending on the fight against financial crime, after a wave of money-laundering scandals on the continent.

euro-money-laundering-peg-780.jpg
EUROPE'S MONEY LAUNDERING PROBLEM
1. Can Europe's banks wash themselves clean?
Calls to make those in charge responsible
2. Why Europe can't stop money laundering
Is Brexit good news for money launderers?
3. Regulators find few lessons in Danske
4. How privacy fears slow UK-style data sharing
5. Danske wields risk axe after Estonia scandal

However, industry insiders betray little optimism about the impact it will have on crime, let alone on banks’ reputations.

Rob Wainwright, a former head of Europol now working at Deloitte, gives a typical assessment: “Banks are spending more and more on anti-money laundering (AML) staff and technology over the past 10 years, but the problem of financial crime in the system as a whole is arguably not getting any better.”

A public-private partnership developed in the UK during the past three years is a rare point of enthusiasm. Some see it as a model for other European countries. Europol has even pushed for an EU-wide version, in part thanks to Wainwright’s legacy – he left the agency last year.

Privacy concerns, however, are slowing a new push to emulate the UK approach, which has also faced separate criticism for bringing banks too close to policy decisions that could hurt their interests.

The UK scheme, known as the Joint Money Laundering Intelligence Taskforce (JMLIT), gets more than 40 banks together with police to share intelligence and give banks a better sense of what they should be looking for.

The Serious Fraud Office, fraud prevention service Cifas and the Financial Conduct Authority (FCA) are also part of it.

Rob-Wainwright-Deloitte-780.jpg
Rob Wainwright, a former head of Europol now working at Deloitte


Late last year, the Financial Action Task Force, a multilateral body that monitors countries’ AML framework, described how JMLIT helped speed up the search for the payments details and related spending patterns for the van hire involved in the London Bridge terrorist attack in 2017.

Partly as a result, interest in the scheme is spreading. The establishment of similar models in countries such as Australia, Canada and the Netherlands, all following the UK’s example, has further piqued the curiosity of regulators elsewhere in Europe – especially in Scandinavia, where the worst scandals have happened during the past year.

The problem JMLIT tries to get around is not the shortage but the proliferation of so-called suspicious transaction reports (STRs), or in the UK suspicious activity reports (SARs). These have been the cornerstone of the fight against financial crime in Europe for the past 30 years.

Penalties against banks tend to be for AML failures, rather than for money laundering. So, the question is not whether a transaction is illicit, but whether the bank worked to establish if it might be illicit. The most basic breach of AML rules then happens when the bank does not submit a report.


[JMLIT is] a rare example of where banks can share data with law enforcement in a safe harbour, created by the regulators 
 - Matthew Elderfield, Nordea

Banks have responded by submitting more reports, even if grounds for suspicion are negligible. Euromoney hears an anecdote of a report in the UK about a customer who lent up against the wall in a branch.

Only about 10% of them get investigated by the police, according to Europol. Only about 1% of criminal proceeds are ultimately confiscated.

According to its defenders, JMLIT makes it much more likely that some of the reports from the banks will go on to be properly investigated, partly as it is a more focused approach. It might concentrate on examining the characteristics of flows associated with sex traffickers one month, then on Russian kleptocrats the next.

Alison-Barker-FCA-160x186.jpg

Alison Barker,
FCA

“The advent of public-private partnerships marks a big change in the approach,” says Alison Barker, director of specialist supervision at the FCA.

“Ten years ago, it was a much more tick-box compliance approach. Now we see a genuine desire to work in partnership, between agencies and the private sector, looking at information and intelligence.”

This year, Germany, whose AML authorities have suffered their fair share of bad press – in part thanks to Deutsche Bank’s importance as a correspondent to the Danske Bank unit behind a €200 billion money-laundering scandal – has started a similar initiative, with JMLIT as the model.

The German version involves the local Financial Intelligence Unit, 12 banks and the federal police. However, it only meets quarterly and, unlike JMLIT, only shares typologies of criminal flows, rather than specific transaction data. Changes to privacy laws may be needed to allow for the latter, insiders say.

Sweden is considering setting up a similar programme, but there, too, the authorities remain wary about whether the country’s privacy framework would prevent sharing client data such as JMLIT does.

Denmark has observed the UK model with special interest after the Danske scandal. It is moving to include private-sector actors in a newly formalized forum, which brings together the various authorities in the country that have responsibility for AML.

Eleni_Tsingou-cbs-copenhagen-160x186.png

Eleni Tsingou,
Copenhagen
Business School

Yet Danish concerns, such as other EU states’ human-rights records, could prevent it joining international data-sharing frameworks, unless there are strong safeguards to ensure that only critical data is shared, says Eleni Tsingou, financial governance professor at Copenhagen Business School.

JMLIT mitigates privacy concerns as it is a restricted forum, overseen by the FCA. Even this is more restrictive than the US, where it is much easier for banks to swap information by email and telephone, thanks to the draconian regulatory response to the 2001 terrorist attacks.

Despite the privacy worries, banks still argue for the spread of similar schemes elsewhere in Europe.

JMLIT is “a rare example of where banks can share data with law enforcement in a safe harbour, created by the regulators”, says Nordea’s compliance head Matthew Elderfield. “We need a more collaborative approach between the banks and the public authorities.”

Patricia Sullivan, global co-head of financial crime compliance at Standard Chartered, agrees. She says JMLIT is useful as “every bank only has a couple of pieces of the puzzle”.

The former New York prosecutor adds: “JMLIT is a big step forward. Now the rest of Europe needs those mechanisms in place.”