The thing is, it’s a far from new problem. And supranational bodies, trade associations, legislators and regulators are hounding an already exhausted fox into a hole where the bites will cause irreparable harm, if they have not already done so.
Let’s be clear: the headline is clickbait. Laws and regulations are not “useless.” But they are not fit for purpose and they are widely counter-productive.
In the late 1990s, I called for the Financial Action Task Force to let itself expire, as having concluded its mission. The reality is that, ever since, it has merely changed priorities within the scope of that original mission. And caused lots of paperwork.
Far from letting itself expire under the sunset provision in its original mandate, it renewed itself and later, in a brazen change of policy, announced that it would continue sine die unless its members decided otherwise.
As between its members, the FATF has continued as a policeman through its mutual evaluation process. The process has value as a more-or-less independent inspection of compliance with the 40 Recommendations and a list of exceptions to compliance. However, what the inspection reports show is that those countries with the most muscle are amongst the least compliant and have been throughout the life of the FATF.
In relation to non-members, even those that are members of affiliate organisations, the FATF is far less sympathetic, even though most of those countries are amongst the world’s poorest or those with very small GDPs.
In fact, the FATF’s biggest achievement since establishment has been as the armed wing of the OECD in its aspirations for homogenised tax regimes and, as was confirmed recently after years of vociferous denials, rates.
Some would argue that the “plus nine” Recommendations following the 11 September 2001 were an achievement: I would argue that their absence from the original R40 represented a failure to effectively include the funding of future crime within the original scope.
Note “effectively” : it was, if you read through the imprecise terminology, there. Having said that, so was tax evasion although the UK’s British Bankers’ Association persistently denied this until the FATF issued an interpretative note. Ironically, that was one of the points which did not require “interpretation.” It was plain from the original drafting.
In terms of policy, the FATF has made no beneficial improvements other than to be more specific in relation to the financing of terrorism since the late 2000s. Indeed, even today it has failed to include the funding of future crime in general. Its position on bribery and corruption, areas in which it could have useful input has been left to the International Standards Organisation.
There are things that the FATF could usefully do: it could produce a model law. But the UK’s Commonwealth Office did that a quarter of a century ago when the FATF was young. It could produce model regulations but the EU has done that.
Instead what it does is follow trends and put out reports that have been done before, and better, in the private sector. Those reports inform policy in member jurisdictions and therefore priorities which means that, ultimately, front line staff in financial institutions are told that they must be on the alert for the FATF’s topic du jour.
This is a truly dumb approach: more change always equals more resistance as change managers discovered, and reported on, in the 1980s. So the FATF’s approach is actively counter-productive. It also wastes a huge amount of resources – both manpower and financial – in financial services businesses. What those businesses need is stability not constant change. Not, of course, that the FATF is the only culprit in this respect.
Oh, and it “trains” those who draft law and regulation in a closed school where diverse opinions are not permitted and discussion is frowned upon. It’s not education, it’s re-education.
The FATF is funded by tax-payers in its member countries. It is not money well spent.
It is not the only organisation that is influential beyond its value.
The Wolfsberg Group
When the Wolfsberg Group was formed, I argued that it was a self-serving publicity drive by a handful of private banks with the objective of heading off criticism from, in particular, the Committee of US Senator Levin who, incidentally, adopted the definition of “private bank” as used by Citibank, not that in use across the rest of the world.
Was I right? Consider how many of those original members have so demonstrably failed to meet the criteria that they, themselves, set and have suffered substantial fines.
The work in relation to correspondent banking was also a move against long-telegraphed (since the mid 1970s, in fact) intentions in the USA. That work, it has to be said, after a rushed and bumbling start has improved and is of value but far from perfect. In this way, a self-congratulatory, self-serving group of banks has, somehow, become recognised as the leading authority on this topic. How many members have been in trouble where correspondent banking has been a factor?
The European Union
The EU plans ever-more form filling and analysis, reaching this simple point: risk awareness and assessment has been ousted by compliance. This follows the EU’s only strategy: if something isn’t working do it bigger, harder, longer.
It never considers that the fundamentals are wrong, even when that is obvious to anyone with any common sense.
The bigger, harder, stronger approach results in cost not benefit and empire building by supra-national bodies, industry associations and, of course, regulators. Again, mostly, the taxpayer pays.
Risk v Compliance
We talk about financial crime risk and compliance but in truth that’s not correct.
Now, we should talk about financial crime risk versus compliance because the actions of governments and supranational bodies have resulted in a clear divergence between the two.
The simple fact is this: in financial crime risk, one can only measure failures.
In compliance, companies satisfy one set of box tickers by employing another set of box tickers and that can be measured. So that is what tiny-minded policy makers and regulators focus on.
It’s all about quantity and rarely about quality.
Independent reviewers of policies “benchmark” them against regulations and regulators’ criteria (a list) and informal statements of what they, at that time, denote as priorities. They do not undertake fundamental review of policies and procedures to ascertain their value in risk assessment. Of course they don’t: what can anyone do in a couple of days, especially when it’s an unrecoverable cost for small businesses such as law firms many of which are struggling to survive?
Defence against regulatory risk has become more mission critical than defence against money laundering, terrorist financing, bribery etc. And I know: before coming into this field in 1994, regulatory risk was one of my areas of work in private practice and thereafter has been central to the work I have done, along with the risk of being a victim of a money laundering scheme.
When training focuses on laws and a narrow set of so-called “red flags” and fails to teach awareness – one of the original objectives of required training – it is not surprising that there is so little success. That focus arises because of the approaches of supra-national bodies, legislators and regulators.
Measuring failure : start with law and regulation
There is, quite simply, no evidence that, as they are currently structured and enforced, the regulations imposed on financial services business have any significant effect on money laundering or the funding of criminal conduct.
We don’t need more of the same, we need much, much less.
Laws need to be simple yet they are increasingly complex and self-defeating. Regulations should not be prescriptive. Regulators need to stop assuming that there are measurable “metrics” that businesses must achieve.
They must recognise this: every transaction that is connected to a crime and is stopped is a win.
Policy makers and regulators should take it.