CREDIT AGRICOLE LOSES SUSPICIOUS AML TRANSACTION CASE 23 June 2015 A March ruling against Credit Agricole (PDF) by the UK Privy Council in a suspicious transactions case has again highlighted the persistence of major weaknesses in the banking industry's anti-money laundering (AML) compliance system. The case centered on Credit Agricole failure in 2000 to properly investigate transactions involving proceeds from stolen art. In its defence, the bank argued that the incident occurred 15 years ago and that compliance systems were not as advanced as they are today. Earlier this year, HSBC offered a similar defense when it was accused of criminal tax evasion in Switzerland. Whistleblowers, however, claim that very little has actually changed within banking industry AML practices. Industrial research reports, such as KPMG 2014 Global AML Survey (PDF), also reveal that AML training and resources are lagging behind current requirements. The Credit Agricole case involved former businessman Robin Symes, who illegally sold an art deco furniture collection belonging to a wealthy Greek family for $15 million in 2000. Through a series of complex transactions, Symes allegedly deposited $10 million from the sale into an account he indirectly controlled at the branch in Gibraltar. The Michailidis family sued the French bank for failing to treat the transaction with reasonable suspicion, thereby allowing Symes to launder the illicit funds. In a final ruling, the Privy Council ordered Credit Agricole to pay $9.8 million to the Michailidis family, upholding previous judgments that Credit Agricole should have blocked the funds. An important angle in the case was that a non-customer third party reported the bank (PDF) to authorities for handling the illegal proceeds. The reporting of AML violations by a third party – rather than a regulator – has major implications for the potential liability of banks, because the judgement emphasised Credit Agricole responsibility for determining the source and use of money entering their system. Accordingly, AML compliance and risk assessment processes must now ensure a strong focus on protecting banks from liability. They can no longer be viewed solely as a regulatory compliance or reputational risk issue. Suspicious transactions Understanding the implications of this case requires a focus on the suspicious-transaction monitoring component of AML detection. The illicit activity that Credit Agricole allegedly failed to detect included $10 million worth of large transfers sent to a foreign Crédit Agricole branch, where the recipient account belonged to the same client making the transfers. At that time (2000), AML systems focused on two major areas: client behaviour and transaction patterns. Even with this simple system, transfers totaling $10 million should have been noted, but the bank allegedly failed to investigate the beneficial element of where the money was going and who ultimately was benefiting from the transactions. Credit Agricole and HSBC, as well as most of the main global banks, will all claim that AML systems were weak and not clearly understood over a decade ago. However, beneficial ownership information is still not being obtained by many banks, even in cases covering more recent periods. The systems might be advanced, but the resources and staff skill levels are not necessarily keeping pace. Four areas of concern for suspicious transaction alerts In order to raise a suspicious transaction alert, the bank must first discover evidence that a transaction may be linked to criminal activity. There are many documented indicators used by firms to identify red flags, but nearly all fit into four main categories. The following descriptions use the Credit Agricole case to illustrate where the various risk indicators should have been: Client behaviour: The client's failure to give accurate information (use of false identities) and having a high media profile, which may have lowered the perception of risk. Transaction patterns: Moving large sums of money and using overly complex transactions that do not make business sense. Geographic risk: Using a number of accounts across multiple banks in several European countries. Third-party involvement: Determining the beneficial ownership of companies involved in the client's transactions and highlighting as a red flag where the company is registered in the client own name as the end beneficiary. Traditional risk-assessment processes have tended to focus only on client behaviour and transaction patterns. However, one of the weaknesses in the Credit Agricole case was the complexity of the transactions. The client was laundering money gained from illegal art sales, moving it off-shore through multiple European bank accounts into another of his own accounts, registered through a different company. The judge in the latest appeal case determined that the client's transactions were overly complicated and that the bank should have been alerted that this was suspicious. As a result, Credit Agricole was charged with facilitating money laundering, even though the Gibraltar Supreme Court noted (PDF) that this was not done intentionally by any of the staff. Implications for future AML compliance The use of complicated transactions across multiple jurisdictions and banks is a growing strategy (PDF) employed by sophisticated money laundering ventures. Furthermore, these schemes are likely to increase in complexity as banks get better at detecting and disrupting simpler attempts. Risk assessment for money laundering and other financial crime can no longer be left to one or two individuals within an institution. It must become a priority for all units: frontline staff must assess client behaviour, trade-financing units should detect shipping and trade anomalies, and business units should analyse beneficial ownership information. For small organisations, AML screening could involve staff at all levels. An effective AML programme will aggregate all this information for use in a comprehensive assessment of clients and their banking behaviour. Money laundering is a very profitable crime that will continue afflicting the financial sector for the foreseeable future. As such, there can be little doubt that more cases of AML non-compliance will come to light from each of the major banks. The Credit Agricole case reinforces the basic principle that banks must detect and report transactions that raise reasonable suspicions based on appropriate due diligence. AML compliance standards have developed sufficiently that banks cannot claim that clients bare exclusive responsibility for the source and use of their funds. If banks facilitate a client's fraudulent activity, internationally or otherwise, they face potentially severe legal repercussions.