It was at this time that the UK was one of the countries that had banks that were involved in late Nigerian President Sani Abacha laundering of state proceeds. This scandal can be attributed to two themes that have taken centre stage in ML regulations ever since: risk based approach to ML in firms, and the private sector becoming involved in the fight against ML. Gough34 stated that it was 'as the FSA was getting used to its new role, and while dealing with the aftermath, that found 23 London banks to be involved in the Abacha affair, that they lead their focus onto client acceptance and ID procedures otherwise known as KYC.
' Also in the wake of this scandal, 12 banks across Europe adopted the Wolfsberg Principles,35 with regard to private banking relationships, and also placed importance on identifying the customer, or their beneficiary through identification documents. 36 Many banks then conducted current customer reviews. As many customers were existing customers that had regular contact with the bank, to cut down the administration responsibilities, the banks only checked the accounts of high risk clients, which were determined on a criteria laid down by the bank.
37 Judging customers on a risk basis is the first sign of the risk-based approach that is often thought of when mentioning the third Directive of the EU. This decade solidified its move away from ML just being a by-product of another crime by introducing the Proceeds of Crime Act 200238 (PoCA). Coupled with the ML Regulations 2003, which are the product of the second EU directive, this decade like the previous decade, begins again by having a two-tier system to prevent ML.
PoCA could be viewed as an updated unified version of DTA and CJA laws of the 1990's, and EU regulations still having influence all be it with a wider application. This approach by regulators could be said to be a 'twin track fight against ML – the preventive and repressive approach. '39 The repression element being the criminalising of the ML process and the recommendations and guidelines in place through the EU directive as the preventive strategy. This two-tier idea was expressed at the turn of the century with the condition that 'criminalisation can only be fulfilled if the banks can report any suspicions they may harbour.
'40 It is PoCA that allows for this reporting, and when viewed in line with the ML Regulations 2003 that cover 'relevant businesses' as oppose to 'relevant financial businesses' it can be seen that this decades laws cover a wider ambit of businesses. This legislation can be split into three types; laundering the proceeds of crime or assisting in that process, failing to report knowledge or suspicion of ML and tipping off. Also inherent in this legislation is another double structure of sanctions, for the regulated and non-regulated sectors.
The major significance of this split is on most of the legal profession in the UK, which is now covered under ML 2003 Regulations 3(3). 41 This Act could be said to be focused more at the regulated sector by expecting a higher level of competence than the non-regulated sector. Defences for failing to report under section 330 for the regulated sector have subjective and objective elements, requiring a higher level of vigilance in the regulated sector, where as the non-regulated sector is only based on an objective test.
42 This is arguably the most sensible approach, as in theory the regulated sector deals with the bigger transactions, is often professionals, and should be held accountable to a higher degree. Another important feature of this Legislation is the nominated officer that these reports are to go too. This could be called the first stage of private companies being involved in dealing with a firm's ML responsibilities. By nominating one person to take responsibility, this clearly created the scope for the private business sector to set up a niche and offer ML services, an idea, which is carried on in third ML Directive.
43 Secondly, under section 331(7) the court will look at the nominated officers' actions and in particularly by sub-section 'a' whether they followed appropriate Government approved actions. This signalled a resurgence for the JMLSG and its guidance when it once seemed that their importance might be waiving after a move away from soft regulation. The third EU Directive on ML replaces and repeals both the directives before it and places more emphasis on the managing ML risk44 where appropriate.
This is the legislating of what the private banks had done after Abacha, whereby they placed more stringent checks on individuals that hold a higher risk of ML. Firms now vary their level of due diligence45 according the risk attached to a certain person. It will be for the individual firms to decide their own levels of due diligence. This can be broken down into simplified and enhanced due diligence with the latter having the greater degree of risk management involved.
This will apply to a wide range of sectors including many large solicitors firms but must be followed in a banking relationship – if the transaction is not face-to-face, or is in a transaction with a politically exposed person. This approach does not do away with any 'box ticking'46 but means that different box ticking will be appropriate in different situations. The obvious benefits to this approach are that firms can now play to their strengths – one firm may favour I. D checks where as another firm may focus their efforts on monitoring clients.
47 As the amount of persons that are caught by the ML legislative net has increased over the last two decades, it seems sensible that different types of firms can adopt differing approaches. However, one marked benefit of a universal system based more on 'KYC' and the ID checks involved, is uniformity. Smaller firms especially could take comfort in knowing that their peers mirrored their procedures48 and the risk-based approach could signal the breakdown of this standardisation, for a time at least.
The JMLSG guidance49 for firms highlights that for many, delivery channels of products is a standard procedure50 for ML that will still be appropriate. It could be contended that standardisation will return again once smaller firms adapt to any new procedures. It will be up to individual sectors to form advisory boards, adopted codes of practice and work together to combat ML, not unlike some of the banking industry and the Wolfsberg principles.
The fact that Article 14 of the directive leaves open the possibility to sub-contract this due diligence, highlights the growth of the ML industry and also creates a better vehicle for firms to be able to cope with the increase in cross-border, in particular European business relations. MiFiD51 came into effect on 1st November 2007 and aims to increase financial services across Europe, towards one large ubiquitous financial market which will inevitably lead to more non-face to face business, and also more administration duties and changing due diligence policies.
Having the ability to farm out some of the due diligence workload will only help with this transition. However, it can be seen that ML and anti-terrorist financing legislation has made it particularly difficult for banks in the way they deal with customers and their accounts. One difficulty is the conflict between their duty of confidentiality and their obligation to report suspicions of ML or terrorist financing has been addressed by legislation.
52 A bank that becomes suspicious that proceeds of crime are in customer's account faces a number of difficulties. If it does nothing and allows the customer access to the account, it risks being criminally liable for ML, most probably by 'assisting' to the offence. 53 In addition, it commits an offence in not reporting its suspicions. Moreover, it risks civil liability, on the basis that it has assisted in a breach of trust by the customer, if it permits the payment out of funds.
Indeed, the KYC obligations in the ML legislation increase the likelihood of such accessory liability, if the proper inquiry would have given rise to suspicions. 54 If its suspicions are aroused, the bank is obliged to report them to National Criminal Intelligence Service (NCIS). Such a 'required disclosure' is likely to qualify as an 'authorised disclosure' and hence to provide a defence to any potential ML offences, but the bank will have to wait for 'appropriate consent' from NCIS before permitting any payment out, freezing the account in the meanwhile.
However, if customer wants to use the account and the bank refuses the customer access to the funds, the customer is likely to become suspicious that he is under investigation and therefore the bank risks criminal liability for 'tipping off', especially if the customer presses for an explanation. In Governor & Company of the Bank of Scotland v A Ltd 55 it was stated that, in effect, a bank may commit a criminal offence if it pays or refuses to pay. If suspicions turn out to be unfounded, the bank risks civil liability for breaching its contract with his customers, in freezing the account and not permitting payments out.
Such dilemmas have already given rise to litigation and this has resulted in some limited guidance to banks. 56 However, if this dialogue did not result in an acceptable solution, the court would rule on matter, holding the balance between the interests of the individual seeking redress through the courts and the State fighting crime, as explained in C v S . 57 The fact that this legislation stretches across Europe creates possible application problems between the UK and jurisdictions that operate on a civil system.
Member states that operate a civil system cannot impose criminal sanctions on legal entities. 58 The administrative sanctions in the directive help tackle this problem in civil systems. However, in the UK this is the first time in which firms are subject to administrative proceedings. The standard of proof needed for the traditional civil proceedings are always lower than the criminal standard of proof, so in effect the standard of proof now on UK firms is a lower. 59 By the third directive, the sectors covered by ML regulations have increased but so have the ways in which firms can regulate themselves.
Flexibility is the key to applying successful ML laws, and efficiency is key to maintaining a profitable financial industry. 60 Furthermore, suddenly a number of organisations and experts in the field are stating that the ML legislation in the UK is not working. 61 Some say that the banks are wasting millions of pounds to comply with the FSA, when in the reality it is seen as little more than box ticking. Another expert observes: "The UK's attempts to curb the problem were pretty pathetic with a recovery rate of 0. 02% of cash laundered over the past ten years.
" 62 Also, the JMLSG announced proposals to relax the checks which would include the need to produce just one document, rather than several, to prove identity. The British Bankers Association said: "The one-size-fits-all approach is not the most cost effective way. We do need to be targeted and to cause the least inconvenience to low risk customers. "63 The comment "one size does not fit all" perhaps best sums up the fundamental flaw in the anti ML legislation; what works in rural areas, where KYC is a fact of life rather than a requirement, will not work in the London, where you may never actually meet your client.
Allowing a tick box approach of course provides poor quality anti-ML, after all identity theft and the provision of high quality forged ID is more and more prevalent. Much of the overzealous approach to ML procedures can be attributed to the somewhat unpredictable behaviour of the FSA. Over the past three years, the FSA has handed out six and seven figure fines to some of the major banking institutions in the UK for what it perceived as insufficient documentation or inadequate conduct of anti-ML procedures.
Some may conclude that none of these cases evidenced that successful ML had been in operation as a consequence of these inadequacies. 64 More targeted approaches to ML require greater sharing of information by NCIS. It needs the NCIS to emerge from the excessive volumes of suspicious transactions, with which it is swamped, if targeting is to be effective, as its resources are currently unable to take a focused approach to follow-up. Sharing their views and intelligence with the financial institutions would provide a more efficient approach and hopefully a higher recovery rate of laundered money.
We shall never know if the one-size-fits-all approach acted as a deterrent to those engaged in ML. The software can clearly be deployed on a more focused basis, narrowing the parameters of suspicious transactions. Whether the numbers of people involved in anti-ML compliance are necessary for the future is questionable, unless they have the forensic minds and aptitude which are required by an effective NCIS. It appears that the anti-ML legislation (not just in the UK) is not creating the required results.
Any anti-ML legislation must strike a balance between protecting one's financial institution without making it difficult or frustrating for customers to do business, or creating an unnecessary and unproductive burden on the financial institutions. Having an unworkable anti-ML Legislation is quasi impossible ( or extremely expensive) for the financial institutions to follow; or makes it extremely difficult for legitimate customers to do business with the financial institutions; or results in an undue number of STRs submitted to NCIS; will have the opposite results i.
e. frustrated financial institutions, unhappy customers and an over burdened NCIS. No-one stands to gain in such an unworkable environment. The current ML laws have come under criticism for expecting the private sector to take on too many regulatory responsibilities. 65 However, what has emerged in the private sector are firms that will train staff on ML. 66 If the Government was to offer this kind of protection and change, as these firms do, they would come under criticism that the rules are designed to need interpretation by a paid Government official.
It will not be until the decade that the successes of this decade will be apparent, but what is clear from the past two decades is that the ML industry, regulation, and its effect on businesses shows no sign of slowing down.
Books: Alldridge, P. (2003), Money Laundering Law: Forfeiture, Confiscation, Civil Recovery, Criminal Laundering and Taxation of the Proceeds of Crime, Hart Publishing. Blair, M. , Minghella, L. , Taylor, M. , Threipland, M. and Walker, G.(2000), Blackstone's Guide to the Financial Services and Markets Act 2000, OUP. Ellinger, EP. , et al (2006), Ellinger's Modern Banking Law, OUP. Farrell, S. , Yeo, N. , Ladenburg, G. , (2007), Blackstone's guide to the Fraud Act 2006, OUP. Fisher, J. , et al (2003), The Law of Investor Protection, Sweet & Maxwell. Millington, T. and Williams, MS. (2007), The Proceeds of Crime: the law and practice of restraint, confiscation and forfeiture, OUP. Rees, E. , and Hall, A. (2008), Blackstone's Guide to The Proceeds of Crime Act 2002, 3rd Edition, OUP.