How to Deter Money Laundering
AML Expert: Stronger Punishments Needed
Recent penalties against financial institutions for violating money-laundering regulations may not act as deterrents, but far stronger punishments, including jail time for executives involved, would be effective, says Kevin Sullivan, a long-time anti-money-laundering expert.
"I'm a big believer that as long as the rewards are greater than the consequences, it will be worth the risk to someone," says Sullivan, a former investigator with the New York State Police.
"In other words, you have to make the cost of punishment greater than the benefit of the crime," he says in an interview with BankInfoSecurity [transcript below].
Penalties have been paid out by HSBC and Standard Chartered Bank stemming from money-laundering violations. HSBC's Bank Secrecy Act violations resulted from a basic breakdown of leadership, Sullivan contends. SCB's case stemmed from falsified paperwork and misinforming federal regulators about transactions conducted with sanctioned nations, he says.
More Regulations Needed
These cases highlight the fact that more regulation may be needed, Sullivan says. "For years, I would hear institutions complain to me about the regulators," he says. But without more regulation, banking institutions have no incentive to change, he says.
Sullivan says stricter regulations, closer monitoring of AML programs and getting those programs up-to-speed should be top priorities.
During this interview, Sullivan discusses:
- The unique aspects of HSBC's and SCB's cases;
- Why financial institutions should review their AML auditing policies and strategies closely; and
- How banking institutions can do more to ensure their BSA and AML programs meet the letter of the law.
Sullivan is a former Investigator with the New York State Police and was the state investigations coordinator assigned to the N.Y. HIFCA El Dorado Task Force in Manhattan. He has more than 20 years of police experience and holds a master's degree in economic crime management. He is a certified anti-money laundering specialist and anti-money laundering professional. He is also the director of AMLtrainer.com, an AML policy and training academy.
TRACY KITTEN: HSBC was cited for Bank Secrecy Act violations dating back to 2006, based on regulators' findings that the bank was not properly monitoring transactions with foreign affiliates. What can you tell us about the HSBC's missteps?
KEVIN SULLIVAN: There was a backlog of over 17,000 alerts that identified possible suspicious activity that had not yet been reviewed by the bank. There were ineffective methods for identifying suspicious activity; failure to file timely suspicious activity reports. There was a failure to conduct any due diligence to determine the risk of HSBC affiliates before they opened up these corresponding accounts. It was a failure to conduct any AML monitoring on over $15 billion in bulk cash transactions with the same affiliates. There were poor procedures for assigning country and client risks. There was a failure to monitor over $60 trillion in annual wire activity by customers that were rated at a lower risk. The bottom line was there was inadequate and unqualified AML staffing, inadequate AML resources and lack of AML leadership.
KITTEN: How could the bank get away with these violations for so long?
SULLIVAN: That's the million-dollar question, or in this case the $1.9 billion question. On a macro level, it's simply just the breakdown of quality leadership at the top, which managed to filter its way down to the bottom. You have people that aren't accountable and items that aren't held to the fire. If you had a better leadership system, these things wouldn't happen.
Penalties Setting Example
KITTEN: What kind of precedent do you think these penalties have set?
SULLIVAN: I would really hope that it serves as a wakeup call to all financial institutions that there are consequences for your actions. However, I'm not so sure that's going to work that way.
KITTEN: Do you think that these types of penalties will actually be a deterrent?
SULLIVAN: To some extent, but I'm a big believer that as long as the rewards are greater than the consequences, it will be worth the risk to someone. In other words, you have to make the cost of punishment greater than the benefit of the crime.
KITTEN: SCB not only was cited by federal regulators, but also the newly created New York State Department of Financial Services. What can you tell us about SCB's case?
SULLIVAN: According to the New York State Department of Financial Services, Standard Chartered Bank helped Iran launder about $250 billion, in direct violation of federal laws. They also apparently kept false records and handled wire transfers for Iranian clients. Standard Chartered Bank sent the wires through its New York unit in what's called a "u-turn" transaction, and basically they stripped the names of the clients in order to keep it from being flagged.
KITTEN: Do you think that the fines imposed were steep enough?
SULLIVAN: In my opinion, no, they were not. I find it absolutely egregious that this happened. This goes way beyond not hiring enough staff or having an outdated alert system. Stripping the information from the wires tells me that someone was well aware of the rules and they chose to circumvent them. This is not just looking the other way when the bad guy comes into the back with sacks of cash; this is holding the door for them, helping them with the bags and valeting the car.
KITTEN: Of the two banks' offenses, which do you deem to be the most egregious?
SULLIVAN: They're close, but I think there's something about the stripping that I find is just absolutely and incredibly arrogant. That just seems to get my goat, and whether it's actually more egregious or not, I'm not sure. But for some reason, it just bugs me more. I think in addition to these fines, if you want something to be done, you have to lock them up. That may act as a greater deterrent than just some of these fines. These people can absorb the fines. These banks can absorb it. I think HSBC's fine was only about nine days' worth of profit for them. Locking some people up might act as a greater deterrent than anything else you can do.
KITTEN: Do you think that these types of violations are common?
SULLIVAN: I honestly don't know. I would really like to think that these things are few and far between, but I'm a long-time law-enforcement guy and I'm certainly not naïve about this. And to think that this is the only time would be quite naïve. I know a lot of people in the banking industry and they're really good people. But there's always going to be a negative seed. The thing is, you just can't let a few bad apples make you lose faith and trust in the institution.
KITTEN: Do you think these penalties have actually gotten other banks' attention?
SULLIVAN: Oh, absolutely. This is being talked about in every corner of every bank. I think we're dealing with a white-collar criminal type of mentality, and the white-collar criminal ego says, "I'm smarter than you. You can't catch me." I don't think we have seen the last of this type of activity or that type of white-collar mentality yet.
KITTEN: What about the regulators? Do you think they're enhancing their efforts to hold some of these banking executives accountable?
SULLIVAN: The jury is still out on that one. I understand the manpower issue, but I'd like to see some of these smaller institutions be scrutinized a little more. I do think that the New York State Department of Financial Services taking the bull by the horns in the SCB case will be very interesting to watch and see if that is a one-time event or if that becomes a trend.
KITTEN: Do you think that in 2013 we can expect to see steep penalties like this for violations that come into play?
SULLIVAN: I would say you can absolutely count on that.
Top Money Laundering Concerns
KITTEN: What would you say are some of the top money laundering concerns for the year ahead?
SULLIVAN: For years, I would hear financial institutions complain to me about the regulator: too much regulation, too many rules, too costly. And just when you start to feel sorry for them, "bam," you see this activity. You see Wachovia. You see HSBC and SCB. You think, "Maybe we don't have enough regulation." Maybe the best thing we can do for AML is to get our ship in order. There will always be some new methods that we can worry about and try to look into preventing or getting a foot-hold in it, but I think we really need to get the entire AML ship together and get our AML programs budgeted sufficiently. Maybe some of that money that we make from the fines needs to go back to some of the banks to supplement the AML program and bring them all up to speed so they have a minimal requirement for AML.
Enhancing AML/BSA Programs
KITTEN: What final recommendations do you have for financial institutions that want to enhance their AML and BSA programs?
SULLIVAN: I would start with the realization that money laundering can happen to you. You can not go cheap in this area. I understand that this is not a money-making profitable source for any institution, and we are a metrics-based society and we like to be able to put numbers on the amount we take in. It's very difficult or impossible to put numbers on money laundering, especially [since] we're not taking it in. Quite frankly, in most cases money laundering makes money. It makes profits for institutions.
I suppose the only way to effectively do that is ... stricter regulating, stricter monitoring of AML programs, or get the programs up-to-speed and monitor them very tightly. We ought to be concerned about independent auditors. I think independent auditors should be licensed. It's far too easy for an independent auditor to tell the client what he wants to hear so he can maintain that lucrative relationship with the financial institution. But if it turns out that independent auditor was in the tank with the financial institution, then they should risk having their license suspended or pulled altogether.
Follow Jeffrey Roman on Twitter: @gen_sec
The privacy profession is evolving rapidly, and security leaders increasingly need to understand...
Latest Tweets and Mentions
The privacy profession is evolving rapidly, and security leaders increasingly need to understand...
The ISMG Network
FireEye's Costanzo Calls for 'Re-Imagining' Security
OWASP's Soi on Securing the Application Lifecycle
Gartner's Scholtz on How to Educate Management
Juniper's Paul on What 'Layered Security' Really Means
Vasco's Dica on Authentication Trends in the Indian Market
Tips for Building Stronger Information Security Programs
GlaxoSmithkline's Williamson on Prioritization of Risk
Keynote Speaker Lohrmann on Setting Clear Priorities