Anti-Money Laundering Trends & Career Opportunities
In this exclusive interview, attorney and AML expert Ross Delston discusses:
- The latest AML trends, including Trade-Based Money Laundering;
- How institutions are fighting back;
- Career opportunities for security professionals looking to pull the plug on money launderers.
TOM FIELD: Hi, this is Tom Field, Editorial Director with Information Security Media Group. The topic today is anti-money laundering, and we are speaking with Ross Delston, an attorney and a consultant and the head of GlobalAML.com. Ross, thanks so much for joining me today.
ROSS DELSTON: Tom, thank you for having me.
FIELD: Ross, tell us a little bit about yourself and your experience with anti-money laundering.
DELSTON: Well, it all started in the year 2000 when the International Monetary Fund, which at that time was our largest client, decided that they wanted to get more heavily into the AML space. And what that turned into was, starting later in 2000, working full time on anti-money laundering issues to continue for the last eight years and specifically, at the IMF what I was doing was two things. First of all, doing assessments of offshore financial centers -- that is using the FATF recommendations to assess countries compliance and writing reports. And then the other thing I was doing was writing anti-money laundering and anti-terrorism laws for countries. So that's what I did for a number of years, and I left the IMF to become a consultant and started working primarily with multinational institutions to help them improve their AML programs and policies. So I have this early warning system that basically means that if I read a policy or procedure and talk to an AML/BSA compliance officer, sometimes I can tell within a minute or two whether they are doing things correctly.
FIELD: That's a good service to have.
DELSTON: It is. It's not always helpful because it is a little bit like knowing when you go into the restaurant how the food is, but you still have to eat there. So sometimes you would rather not know. So there are little things that I have discovered over the years, terminology, and use of terminology by people in this space. I mean, a good example is this: a hedge fund administrator who was doing work for hedge funds in the Cayman Islands, but it is an American company, and we were talking about the fact that hedge funds were not covered by U.S. AML rules and they are still not, and this administrator said to me, "Well, U.S. rules should be the same as Cayman Island's." And I said to him, you're right, they should be the same, but unfortunately they are not. Each country has different requirements. There is just an incredible amount of misinformation and disinformation in the AML space that still persists to this day.
FIELD: So, Ross, you have been in the field for a number of years now. And the topic is certainly prevalent today in conversations. What are some of the top anti-money laundering trends that you are seeing now?
DELSTON: Well, Tom, it's an interesting question when you talk about trends, particularly in a post sub-prime era. An era where banks and broker/dealers are really hurting when it comes to budgetary pressures, and unfortunately the regulators are not letting up. So one of the issues that I warn clients about is that even though regulators would like to take a lighter hand, they are really not able to, and therefore the pressures to comply will not only continue, but will continue to increase. And one of the reasons is that whether it is banks or broker/dealers or mutual funds, there is a sense that the regulators have that people have had enough time; companies have had enough time to figure out compliance. There is kind of an informal grace period at the beginning, but that's gone.
So for example, a good example would be in the case of the E*Trade enforcement action that was recently announced. The SEC took a very hard line and imposed a fairly substantial fine for failure to do something very basic. There is this sense that institutions have had enough time to figure it out, and therefore the regulators are going to be firm -- that really things have to be done correctly. And that it's not a trend in the sense that it's a typical trend, but I would be careful. There is a lot of feeling in the financial institutions industry that the regulators will let up because of all the other financial pressures that regulate institutions, banks, broker/dealers are under. I'm not seeing that.
I asked the head of FINRA whether she was going to take this into account. This was a conversation after a presentation she made, was she going to take into account the problems in the industry and doing AML exams, and she was emphatic in saying that is just not possible. So the top trend is that the trends continue.
The secondary trend is, if there is another terrorist event, whether it is in the U.S. or in a country close to the U.S., in the EU for example, then you are going to see another ramp up not just in anti-terrorism efforts, but also in anti-money laundering. They go hand in hand.
And then, more specific trends, I see that trade-based money laundering is a greater emphasis. The regulators are looking at it more closely, and so is the Financial Action Task Force. And this is using export and imports as a way of moving money, as opposed to using the financial sector. So that's a definite trend. I think those would be the big issues.
FIELD: Ross, let me ask you a little bit more about trade-based money laundering. Can you tell us a little bit more about it and why it's a specific threat to financial institutions?
DELSTON: Well, the main reason that financial institutions and particularly banks should be concerned about it is that it comes into trade finance. Banks typically finance exports and imports through letters of credit, through loans and guarantees, and the banking regulators in particular -- even though there is no U.S. law that singles out trade finance or trade-based money laundering, and no FATF recommendation that singles it out -- the regulators, through the exam manual are starting to get very, very specific and asking about, for example, whether the OFAC screening is being done against every party named in an export finance/trade finance transaction. Are the banks looking at invoices and to see if there is anything suspicious? Are they doing training that is specifically going to trade finance and trade-based money laundering? Are the looking at red flags such as anomalies between what is known about the exporter/importer and the documentation connected to the LC? I mean, sometimes there are just things that don't' make sense. Why are these briefcases costing so much? Why are they taking up so much space in a container? Most of the time it is very, very hard to detect. So, even though the Red Flags are available and the exam manual lists them, FATF lists them, they are not necessarily all that useful to banks. So, a definite area that is problematic.
FIELD: Okay. You covered the Red Flags. Are there other things that people should be looking for?
DELSTON: Well, it's unfortunate, but the ones that are identified are often so general. I mean, an example is a customer doing business in a high-risk jurisdiction. Well sure, that could be a problem. We all view the former Soviet Union as being high risk, but if you read the State Department report, the International Narcotics Strategy Report (INSR) it classifies the U.S. as a high risk jurisdiction, specifically for money laundering, and put the U.S. in the same category as the Ukraine and Afghanistan. So what does that tell you? On the one hand, the red flag is customers doing business in high-risk jurisdictions and on the other hand the U.S. is a high-risk jurisdiction. Not all that helpful.
FIELD: Well given that Ross, some of the Red Flags can be tough to distinguish. Is it possible for banks and financial institutions to effectively detect trade-based money laundering?
DELSTON: I think that it's possible on the margins for them to do it. I think if there are things in the documentation where there are obvious discrepancies, where there are some things whited out or crossed out, where there are too many amendments to LC's, sure they can figure that out. But if there are discrepancies in the actual shipment of the goods in the container itself, in the price of commodities, very tough, practically impossible; and what I am proposing in an article and some recent presentations is that this responsibility be given not to banks primarily, but primarily to the exporters and importers themselves and to the shippers and the freight forwarders and the companies that actually move the freight because they might see it.
The sad fact is that less than 5% of the containers entering the U.S. from other countries are inspected, and that is just a very, very low number. What it means is that if somebody wants to launder money or heaven forbid wants to move the basic precursor chemicals or biological material or nuclear material that could be used in a terrorist event, then their odds are very good when it comes to trade-based activities. And that is well known by the bad guys. So I think the responsibility should be put on industrial companies, on the sectors that actually move the goods rather than banks that are typically many steps removed from the goods themselves.
FIELD: Ross, you make some interesting points here in talking about the threats, the economic conditions and then the regulatory pressures, which aren't going to ease. In this environment, how do you see financial institutions dealing with it all?
DELSTON: Well there are some things they can do and lest you think I am touting services that I provide, the biggest single area is something that I don't do at all, which is to look at the alerts generated by transaction monitoring systems. This is not a service I provide, but a service that I recommend to clients that they look at very seriously. And that is, 95% of alerts generated by automated systems, 95% typically are considering false-positives. That is an extraordinarily high number, and that 95% number comes from the vendors themselves. I put his number out on the ACAMS list serve, I am a member of ACAMS, and no one disagreed with me except for somebody who said, "well actually it's worse than that; it's 98%."
So what that means is that when this automated system generates an alert that something is potentially suspicious or unusual and therefore needs to be looked at, that the overwhelming odds are against it and yet the regulators say, justifiably to the banks and to the broker/dealers and to the mutual funds and to everyone covered, the money services business, what they say is you've got to follow up on these alerts, and you have got to document that you followed up on these alerts because there could be something hidden in there. So that's an enormous cost for financial institutions just to keep up with the alerts.
So my suggestion is, hire a consultant; don't do this inside. Go outside, hire a consultant and find somebody who can help you fine-tune that system. You may have had that system in place for years, but to fine tune the system so that you can get that false positive number down to a reasonable level. That would be the single biggest step that I think needs to be taken, and then of course, training, although it is an additional cost, can result in additional efficiency. If employees are better trained, they can do a better job. Sometimes the training can be done in a brownbag lunch, it can be informal, and we are not talking about big fancy conferences that are enormously expensive.
And then the other thing is, gee wiz, if you are unlucky enough to get caught by a regulator, you are going to pay an enormous amount not just in the fines, but in the costs of defense, hiring a big ticket law firm and the costs of remediation, which are sometimes multiples of a fine. You can be fined $1 million dollars, yet you can spend a couple of million dollars between lawyers or a mediation. I think it is cheaper, call me old fashioned, but I think it's cheaper to spend $100,000 dollars up front and try to avoid that and get a clean bill of health from regulators so that that never happens.
FIELD: A great point. Now we've seen some big headlines this year. We've seen some big fines. People are talking about anti-money laundering, and the field is getting a lot of attention. For people who are interested in breaking into the anti-money laundering field, what are some career opportunities?
DELSTON: That's a very good question. Certainly the banks and financial institutions are always looking for compliance people. But there are other areas as well. There are a number of government agencies that are staffing up. For example the IRS has 360 examiners and probably needs 10 times that, but doesn't have the budget, but they are continuing to staff up and they are responsible for examining onsite examinations of MSB's, they are responsible for what else, gambling casinos, jewelers, insurance companies. That's a great way to break into the industry. And then there is ICE, the Immigration and Customs Enforcement Division of the Department of Homeland Security. And then there is FinCEN itself, the Financial Crimes Enforcement Network. Unfortunately FinCEN has a fairly high turnover but that creates opportunities. I have helped young people get into FinCEN, and they have had really interesting careers. So I wouldn't eliminate the government sector in addition to the private sector. I guess that is my main point.
FIELD: Good thoughts. Ross, one last question for you. If you could offer just a single piece of advice for institutions that are again, felling the pinch of the economy and the sting of money launderers, what would that piece of advice be?
DELSTON: Well, I think it comes down to efficiency. It's a word that is overused, but you just have to find a way to be more focused. One way might be to do, to really do a serious risk assessment. I talk to an awful lot of institutions that haven't done a risk assessment at all. In the banking field, the examiners, if they show up and don't' find one, will actually write it, but why does that help you? I mean forgetting about the regulatory sting, why does that help you in terms of the budgetary pressures, and the answer is because the anti-money laundering programs, policies and procedures are supposed to be risk-based, and if you haven't identified the risks then you can't target them ,and if you are not targeting them you may be spending too much money in areas that are not core areas for your financial institution. So, a risk assessment should be used as a way of targeting your overall AML program.
FIELD: Well said. Ross, I appreciate you time and your insights today. Thank you very much.
DELSTON: Tom, thank you.
FIELD: We've been talking with Ross Delston. His website is www.GlobalAML.com. Again, the topic has been anti-money laundering. For Information Security Media Group, I'm Tom Field. Thank you very much.