By Irina Petrila and Federica Taccogna
In a world where technology continues to develop at a fast pace, connecting countries and promoting the growth of markets and economies, networks of criminals looking to exploit this global interdependence are becoming increasingly sophisticated and harder to prevent.
The international infrastructure currently designed to prevent money laundering (ML) and terrorist financing (TF) is overwhelmed by the scale of the problem, including in jurisdictions across Europe. The United Nations Office on Drugs and Crime (UNODC) estimates that between $800 billion and $2 trillion (roughly 2-5% of global GDP) is laundered each year. Of illicit funds generated in Europe, governments manage to seize only 1.1% of criminal proceeds annually, or about EUR 1.2 billion, according to Europol. Centrally problematic to Europe’s challenges is the lack of a harmonised approach to regulatory investigation, supervision and enforcement, which is exacerbated by limited resources and inadequate political prioritisation.
Within this landscape, it is no secret that Eastern Europe is often singled out as a key corridor for the proceeds of crime to transit the continent. Massive volumes of illicit funds, from the Baltic money laundering schemes ($500 billion) to the Russian Laundromat ($20 billion), have come to light in recent years and exposed the region to the extent of the problem.
But is it really the case that Eastern Europe lags behind other jurisdictions in preventing financial crime? The crux of concerns identified by numerous international bodies—including the European Central Bank and Moneyval—are shortcomings in the implementation of regulatory controls across the region, including in Hungary, Poland, Romania and Slovenia.
Pressed by various domestic and international stakeholders, most European jurisdictions are coming to terms with the fact that it is not enough to simply have codified laws in place to prevent financial crime. Instead, regulators must be endowed with the expertise, resources and technology to properly investigate, supervise, enforce, and collaborate within the legal structure. Without this infrastructure in place, scandal after scandal will only continue to erode public trust in the very agencies tasked with combating the problem, with additional negative knock-on effects for legitimate financial institutions.
What sort of AML/CTF shortcomings are particularly prominent in Eastern Europe?
It is becoming a cliché—but remains firmly embedded in reality—that no jurisdiction is immune to financial crime, because the problem is fundamentally cross-border in nature.
In Eastern Europe, money laundering networks and organised criminal groups set up complex webs of financial institutions in order to transfer illicit proceeds from other EU and non-EU jurisdictions. Their enterprises gain a veil of legitimacy by attaining licenses from regulators who are unaware or unable to identify and unravel the extent of the criminal activities. By weaving ownership structures through various jurisdictions, they exploit gaps in the legal architecture, lax oversight and problematically opaque instruments to avoid scrutiny.
Catching up with the EU’s legal architecture
Certain jurisdictions in Europe have not yet learnt the lessons of others across the continent and have been slow to catch up to the EU’s AML/CTF legal architecture. In July 2020, the European Court of Justice ordered Romania to pay the European Commission €3 million after failing to transpose the Fourth Money Laundering Directive (4MLD) into national law within the prescribed timeframe. The 4MLD was brought into force in July 2017, and the court found that Romania took more than three years to complete the transposition process, which is a routine component of EU law-making.
Vulnerabilities due to the slow implementation of the 4MLD are not the only concern for the region. In January 2020, the EU’s Fifth Money Laundering Directive (5MLD) came into force, amending its predecessor by strengthening the AML/CTF regime for cryptocurrency firms, FinTechs and designated non-financial businesses and professions (DNFBPs). Adding to existing regional shortcomings, several member states, including Hungary, Poland and Slovenia, missed the January deadline and are still in the process of implementing the 5MLD, whilst Romania had to adopt an Emergency Ordinance to amend previous AML/CTF laws in order to address the EU’s concerns about the 4MLD and the 5MLD.
Although EU-wide regulation continues to develop at a fast pace, financial crime is not going to wait for slower jurisdictions to catch up in adopting the core components of the regulatory framework. Criminals identify weaknesses in the collective armour—let’s say, forming an e-money institution in the Baltics, locating data servers in the Mediterranean region, and operating through a bank regulated by one of the regulators in a Visegrad Group country—and exploit them to their advantage.
Adopting a risk-based approach to AML/CTF
Without a robust legal framework, regulating and supervising firms from a financial crime perspective becomes much more difficult. And, if some of Europe’s largest, wealthiest economies—such as Germany, France, Luxembourg, Sweden and the UK—can lapse in the face of financial crime (Wirecard, anyone?), the problem is magnified in Eastern Europe’s fast-growing economies and emerging financial hubs.
Focusing on Eastern Europe, international bodies such as Moneyval often highlight that regulators in the region fail to adequately adopt a risk-based approach to financial crime supervision. After all, in the same way that regulators assess licensed institutions, regulators are also assessed in their ability to embed a risk-based approach in their governance and supervision of ML/TF concerns.
Hungary is a notable example. With one of the weakest AML/CTF regimes in Europe—ranking 31st out of 32 European countries assessed annually by the Basel Institute on Governance’s 2020 AML index—its financial crime shortcomings are a growing problem for the region. In Moneyval’s most recent evaluation, Hungary’s regulation of financial crime was found to be systemically weak on major issues such as failing to adopt a risk-sensitive approach with respect to correspondent banking and respondent institutions within the EU. Again, the issue is not necessarily with the legal architecture, per se—under Hungarian law, firms are required to apply additional due diligence on a risk-sensitive basis—but rather with the subpar level of knowledge and resources dedicated to implementing a risk-based approach. In such instances, a lack of pressure by the financial regulator can in turn have a detrimental impact on firms, exposing them to potential AML/CTF remediation exercises to ensure adherence to EU-wide requirements.
Similarly, Moneyval’s 2019 evaluation of Slovenia identified flaws in the risk-based approach to AML/CTF supervision. In turn, shortcomings at the national level create a ripple effect on perfectly honest firms by creating uncertainty around regulatory expectations. Once regulators strengthen their approach to ranking firms on the basis of ML/TF risk, higher-risk firms are more likely to attract deserved scrutiny, which provides firms with greater clarity.
Improving due diligence and transaction monitoring
Through our work across the region, we have seen additional weaknesses within regulatory and control frameworks with respect to due diligence and transaction monitoring. In recent cases we have investigated networks of firms controlled by the Italian and Russian mafia who easily set up bank accounts using rogue corporate service providers (CSPs) to avoid the right level of scrutiny that would, in normal circumstances, expose and prosecute their illicit operations.
It should be no surprise, then, that the recent EU Directives, FATF guidance and Moneyval assessments focus squarely on strengthening existing due diligence requirements. Nonetheless, small and large jurisdictions alike in Eastern Europe have found it difficult to supervise CDD requirements in practice.
Returning to a few examples, MONEYVAL’s assessment deemed Hungary’s AML/CTF regime to have lapses in regard to the assessment of politically exposed persons (‘PEPs’). The regulations provided a limited definition of PEPs – for instance, the definition of a PEP did not include close associates and therefore firms did not need to consider the higher risks of doing business with individuals with whom the PEPs might have a personal relationship. The regulations also did not stipulate any requirements with respect to conducting enhanced monitoring on PEP relationships or identifying and verifying the PEP’s source of wealth.
Whilst Hungary’s main CDD deficiency focused on PEPs, MONEYVAL highlighted that Poland lacked regulatory requirements for firms to conduct periodic due diligence reviews on existing business relationships. This represents a critical gap in regulations, as firms should conduct periodic reviews on their clients as part of their approach to monitor business relationships on an ongoing basis. Weaknesses in such areas pose systemic risks to firms and investors in Poland, and Polish prosecutors have launched investigations into suspected money laundering at multiple financial institutions in recent months. With an upcoming MONEYVAL assessment scheduled for 2021, Poland will likely find its approach to preventing financial crime under greater scrutiny in the coming months.
In Romania, Moneyval focused on gaps related to existing CDD requirements for non-bank financial institutions and payment institutions in order to become compliant with the FATF Recommendations. Romania is not alone in this respect, and similar issues plague the AML/CTF efforts of other jurisdictions across Europe, particularly those that lack the technology and expertise to investigate ML/TF involving electronic money institutions, payment service providers and cryptocurrency firms.
Ultimately, the absence of strong due diligence practices in these jurisdictions means that even the most obvious money laundering typologies will be allowed to wash their illicit funds with relative ease. Without probing regulatory visits and a culture of compliance within the private sector, jurisdictions will continue to remain exposed to some of the more obvious financial crime schemes.
What can countries and firms do to address AML/CTF shortcomings?
Weaknesses in Eastern Europe mirror the challenges that we see in other European jurisdictions: a stricter—and often smarter—regulatory approach is required to deter and prevent financial crime from exploiting bona fide efforts to grow the economy and attract investment. Although certain “free market” ideologies equate stricter regulation to less economic growth, the opposite is actually the case: in the absence of strong financial crime supervision, certain jurisdictions have had their credit ratings affected by pervasive economic crime, major financial institutions have attempted to ‘de-risk’ from certain markets and the negative effect of financial crime on the ease of doing business are well documented challenges.
For many Eastern European jurisdictions, it would be wise to first address Moneyval’s findings with targeted action to demonstrate a sustained—and sustainable—effort to improve. Depending on the shortcomings identified and the regulator’s unique context, measures could include reforming the operational model to improve regulatory efficacy, implementing an algorithmic approach to ranking authorised firms by ML/TF risk or boosting resources in the supervisory and inspections directorates. The point here is not that every regulator should look or act the same, but that these public institutions fulfil the mandates endowed to them by taxpayers and firms by preventing financial crime within the context of the unique economic factors and risks that prevail within each jurisdiction.
When regulating from a financial crime perspective, the aphorism “a rising tide lifts all boats” serves well to describe the spill-over effects from the authorities to the private sector. As regulatory standards rise, so too will awareness and knowledge within regulated firms. In jurisdiction after jurisdiction, we find that the modus operandi in relations between regulators and firms is one of animosity and distrust, rather than the collaborative and cooperative approach that the enormous task of fighting financial crime demands. Across Eastern Europe, there is an urgent need for regulators to make broad and deep improvements to financial crime supervision and encourage firms to build the knowledge, resources and technologies needed to prevent ever-changing criminal networks from exploiting the status quo. The future of the region’s economic growth, reputation, and ability to generate clean economic growth and investment very much depends on these combined efforts.
The Authors: Irina Petrila is a Senior Director at FTI Consulting (Irina.Petrila@fticonsulting.com) and Federica Taccogna is Senior Managing Director at FTI Consulting (Federica.Taccogna@fticonsulting.com)
Share this on:
Follow us on: