AML/CFT Measures Face Growing External Pressure in Response to Ukraine Situation
Jul. 15, 2022
Since the Russian invasion of Ukraine, the term “economic sanctions” has been in the news much more than before, and when sanctions are implemented, it is financial institutions that stand at the front line. Furthermore, these challenges are not limited the current situation involving Russia. Indeed, when suspicious transactions by terrorists etc. are not caught, this can create direct threats, but also can lead to the undeniable possibility of damage to an institution’s reputation or, in the worst cases, the levying of massive fines. Japan’s measures for anti-money laundering and counter financing of terrorism (AML/CFT) have received poor assessments from the Financial Action Task Force (FATF), an inter-governmental body which formulates the standards for AML/CFT, indicating an urgent need for improvements in the public and private sectors. We spoke with NRI’s Atsuo Takada, a certified AML specialist, about these issues.
Importance of Preventing Detection Failures in Screenings of Persons under Economic Sanction
When economic sanction measures are set in motion, financial institutions are required to freeze the assets and prohibit transfer of the funds of the people under sanction, and to conduct subsequent monitoring to confirm that no transactions slip past their oversight. For asset freezes or transfer prohibitions, the specific countermeasures involve checking an institution’s own customer attribute list against a watch list of the names, birthdates, addresses and other such information of persons under sanction to confirm whether the institution’s customers include any such persons under sanction, and, if the institution has been remitting funds to or from persons under sanction, adopting measures to halt the outgoing or incoming remittances. While the theory is quite simple, various issues can arise when the lists are checked, and the concerns around screening failures thus are not eliminated so easily.
For example, because the Russian language uses the Cyrillic alphabet, words must be converted to the Latin (Roman) alphabet when Russian is transcribed in English and spelling inconsistencies can arise when this is done. A similar phenomenon can occur when foreign languages are converted to Japanese katakana. The brothers who carried out the Boston Marathon bombing in 2013 traveled from the United States to the Chechen Republic to be trained as terrorists, then returned to the U.S. to carry out their attack, and their information was communicated to the CIA by the Russian FSB intelligence agency before the attack. Despite this, no check ever caught them on departure for Chechnya or returning to the United States, and they were able to complete their attack in the end. The cause of this is presumed to be a screening failure resulting from a spelling inconsistency that occurred when Russian was converted to English.
In addition to immigration control, there is a growing threat of money laundering and terrorist incidents occurring when funds pass to terrorists or persons under sanction in the case of similar screening failures at financial institutions. Further, any failure to notice assets or funds transfers from terrorists or persons under sanction can be reported in the news, intensifying the reputational risk to the financial institutions themselves, and leading to reduced sales resulting from customer defections and increased costs for overseas remittances. There also appears to be some possibility of administrative dispositions being imposed by competent authorities. While there are currently no Japanese cases in which massive fines have been levied, in the United States, a financial institution faced 8.9 billion USD in penalties in connection with money laundering. Improving the precision of screenings thus can be regarded as a pressing problem.
Stern Observations about Japanese Financial Institutions from Overseas
FATF’s Report on the 4th Round Mutual Evaluation of Japan was published last year, with the results of the assessment placing Japan in the second out of three tiers. Many stern observations and requests for improvement were made, and the Ministry of Finance has published an action plan in response to these recommendations. This action plan contains items intended for competent authorities and items intended for financial institutions.
A point that demands special mention as a policy pertaining to the Financial Services Agency and other competent authorities is the admonition to “strengthen risk-based monitoring”. Up to now, Financial Services Agency inspections have involved a general check, in accordance with the inspection manual, of the entire industry starting from the major banks, but this approach is being revised to a different method predicated on intensive monitoring of financial institutions that are deemed to be high-risk. In fact, beginning this year, the Agency appears to have embarked on a program in which the first inspections are conducted with priority on the financial institutions with the largest number of foreign exchange transactions. Furthermore, the competent authority action plan now incorporates requirements which obligate financial institutions that do not show proper understanding of FATF guidelines to improve their education and their understanding around the risks surrounding money laundering, terrorist financing, and counter proliferation financing*, and to conduct appropriate risk assessments.
At the same time, financial institutions are required to implement full customer controls. In the 1990s and 2000s, a single person could easily open three to four accounts with a single bank, and in some cases these persons would even end up forgetting that they had so many accounts. In response to this, account-by-account verifications of account holders will be completed by March 2024, after which it will be required that AML/CFT be implemented in a priority order beginning from the highest-risk customers. This new approach will require even small banks with little to no influence to adopt countermeasures on the same level as megabanks, while simultaneously establishing practical joint systems under the leadership of the Financial Services Agency, thus incorporating a bottom-up approach to financial institutions throughout Japan.
Issues Requiring Responses Are Becoming Much More Complex
In the following chart, the particulars of the “Guidelines for Anti-Money Laundering and Combating the Financing of Terrorism” published by the Financial Services Agency are organized according to primary systemic functions. Structured fundamentally around a risk-based approach that will implement countermeasures with a focus on high-risk customers, the chart is divided into the issues for which responses are required/expected for each of the three main functions.
- 1 AML – Short for “Anti-Money Laundering”
- 2 CFT – Short for “Counter Financing of Terrorism”
- 3 SDD – Short for “Simplified Due Diligence”. Simplified customer controls are allowed for customers deemed to have low money laundering-related or terrorist financing-related risks.
- 4 EDD – Short for “Enhanced Due Diligence”. Stricter customer controls are required for customers deemed to have high money laundering-related or terrorist financing-related risks.
The first function is “Know Your Customer (KYC)”. This practice does not look only at persons under sanction, and requires ongoing verification of risk for all customers, at time of transaction or on a routine basis in addition to when the account is first opened, including with regard to who has substantive control in the case of corporate customers.
The second function is “Filtering (Screening)”. Working from their reflections since the Boston Marathon bombing described above, U.S. immigration authorities have introduced matching methods based on ambiguous retrieval such as the Levenshtein method (minimum editing distance between character strings) or Phonics method (phonetic similarity method), and sophisticated screening based on similar methods is becoming a necessity. Moreover, amid such new developments as the need to cross-reference within 24 hours after updates to UN-related lists, the burden on financial institutions is becoming much greater.
The third function is “Transaction Monitoring”. This involves not simply one-by-one monitoring of transactions, but monitoring of sequences of transactions over a week’s, a month’s, or a year’s time to detect whether the sequences as a whole constitute suspicious transactions. In addition, sophisticated countermeasures, including behavior detection based on detection sensitivity strengths and weaknesses or profiling corresponding to customer risks, are also needed.
How should these functions be integrated into systems to achieve greater sophistication? As AML/CFT failures can lead to profound business risks, we will need to direct our attention even more earnestly than before to the countermeasures we take against those failures.
FATF’s mutual evaluations have been conducted over ten-year cycles thus far, but for the next evaluation, FATF is considering shortening this to a six-year cycle, in which case the 5th Round Mutual Evaluation of Japan will be conducted in 2027. With each country pursuing legislation in its own way and assessments related to enforcement evaluations likely to become more serious going forward, the financial institutions that bear the burden of actual enforcement will need to invest in AML/CFT, with a view to long-term countermeasures.
“Counter Proliferation Financing (CPF)” means the act of providing funds or financial services to persons who are subject to asset freeze or other such measures for having been involved in the development, storage, importing, exporting, etc. of weapons of mass destruction (nuclear, chemical, and biological weapons). The abbreviation AML/CFT/CPF, which combines CPF with AML/CFT, has recently come into common use.