Cash washed, creamed off and concealed in the UK every year by money laundering, fraud and corruption, potentially rivals the vast annual NHS budget1. No one knows exactly. ‘[Economic crime] could run to tens, or hundreds, of billions of pounds per year’, guesstimated a report for MPs in April 20222.
In addition to the usual yearly swindling, officials estimate £3.3bn to £5bn lost in fraudulent Covid bounce back loan applications3; a “disgraceful waste of public money” and “a preventable fraud” says Martin Cheek of anti-money laundering (AML) software company Smartsearch.
Stopping the rogues must be done without choking off revenue, the City says. It can be done, but differently, say the data crunchers. Financial institutions themselves are why it isn't being done, say others.
Money laundering
Money laundering, the illegal process of ‘washing’ large sums generated by criminal activity so it appears to have come from a legitimate source, is a big British problem.
The Intelligence and Security Select Committee has called London a ‘laundromat’ for corrupt money4. Remarkable cases are regular. Last October the Financial Conduct Authority (FCA) fined Credit Suisse £147m for due diligence failings on $1.3bn in corrupt loans arranged for the Republic of Mozambique, alongside separate accusations of money laundering5.
Sunrise Brokers LLP was fined £642,000 in November for deficient anti-money laundering (AML) controls in fraudulent trades6. HSBC was hit for £64m for deficient transaction monitoring controls, breaching AML rules7 in December. Days later NatWest was fined £265m for allowing £400m to be laundered, the first criminal money laundering case against a British bank, in an egregious episode involving deposits of bin bags of cash8.
All retrospectively contrite, NatWest chief executive Alison Rose said the bank subsequently “invested significant resources and continues to enhance our efforts to effectively combat financial crime”9.
Financial punishment
Show-stopping fines are press released as big wins for anti-financial crime rules. The implication is regulators and lawmakers have the balance of controls right; not so onerous as to stifle even the wilder end of the money markets, not so weak as to miss the big financial crime fish.
For Mike Oaten, head of connected data at mnAI, an analytics platform for due diligence on UK companies, at issue is the wrong kind of rules. “Regulators’ intentions come from a good place, but they are running an outdated playbook,” he says. The standard response to any negative event is to ask the regulated for ‘more data’.
Oaten argues this helps neither party: “It soaks up resources and doesn’t directly tackle the problem. I suspect it’s a ‘being seen to do something’ ploy.” Increased regulation, higher regulatory fees and lifeboat fund contributions, and more extensive compliance overhead, are the most common industry, and so consumer, costs. At the same time, enforcement cases still often take years to bring wrongdoing to light; many others must never emerge at all.
Removing ‘red tape’
If the City feels overburdened (banks have complained since at least 2015 ‘too much regulation creates brain drain’10), it has reason to hope for a bonfire of some of this ‘red tape’; the Financial Services Act 2021 includes that specific aim.
Especially as London struggles to attract IPOs, (potentially losing the upcoming listing of ARM, the jewel in the British tech crown, to New York), in a tougher economic climate, and Brexit creates obstacles to trade, as well as potential new leeways in rule-making.
Financial services minister John Glen in November 2021 told regulators, alongside their protective consumer role, they must also "facilitate" the global competitiveness of London after Brexit when writing rules11. TheCityUK, lobbyists for the financial sector, were elated.
Officials at the Bank of England (BoE) have warned a formal competitiveness remit risks a return to the 'light touch' regulation discredited during the financial crisis. In February 2022 the Government confirmed it was pushing ahead with the new mandate regardless12.
A month later, in a move a year in the making, the FCA more than doubled the firms required to submit a REP-CRIM regulatory return (for data relating to financial crime risks, especially AML) from 2,500 to 7,00013, to include cryptoasset businesses, and any firm undertaking MiFid-related activities, as well as banks and building societies already included.
Data led approach
More data, but not the right data, says Oaten. He recalls he demonstrated to the FCA a surveillance tool to identify potential ‘wrong-doers’ before negative events occurred. “This doesn’t depend on harvesting data from firms,” he says Oaten of the approach, which has echoes of the film Minority Report, “it cuts out that step completely”.
Instead, a connected dataset of all UK companies and company directors runs algorithms across that network, uncovering key inter-relations between financial intermediaries. “We could identify clusters of individuals and firms who gravitate towards each other depending on their conduct,” he says.
Rule breakers gathered together and shared worst practice, it found, just as high-quality firms do around best practice. “Birds of a feather flock together. But now we have a way of tracking and predicting it in near real time,” Oaten says. Other innovative providers in this area could similarly make a positive impact in the financial and professional services sector. “But don’t hold your breath,” Oaten says, “I’ve not heard back from the FCA yet.”
Jonathan Cary, partner at City law firm RPC and a litigator specialising in banking and finance disputes, holds no truck with claims Britain-based money houses are over regulated. “Some UK financial institutions have complained they're being squeezed until the pips squeak for the last 20 years or so, but it is important to recognise so much financial regulation has been standardised across different jurisdictions in that time, particularly with the European legislation,” he says.
Among the large banks and financial sectors, New York, Hong Kong, Singapore, London, Frankfurt, the standard of regulation isn't that different, he says. “I don't feel here in the UK regulations and the rules imposed are significantly more onerous than elsewhere,” Cary says. “Obviously, you'll always have more left-field jurisdictions which have, purposely in some circumstances, more limited regulation in certain areas,” he adds, “but generally those jurisdictions aren't seen as reasonable competition for a jurisdiction such as the UK”.
Managing tax policy
Cary believes British financial institutions' funny money problem is very much of their own making. “I don't think it's necessarily a failure of the standards or regulations in place,” he says, “I think it's just simply in certain circumstances, people or processes failing and falling short of those standards. And that's where we've seen the larger fines”.
Issues can be more institution-wide than a few bad apples. “It's difficult to know when banks make statements about their commitment to fighting financial crime whether they genuinely see it as part of their principal purpose or whether they're just making the right noises because it's what the regulators expect,” he says.
The fact is, Cary adds, whether you're talking about money laundering, terrorist financing, large scale fraud, or fraud on retail customers, often it is only really the banks who can be the first line of defence. “They are the only ones interacting with the fraudsters or the customer and processing payments and, therefore, able to identify and then alert others of suspicious activity”.
Vigilance to financial crime can be expensive, but so, as the FCA fines show, can negligence. “This now needs to be very much factored into the cost of a large financial institution doing business,” Cary says.
“These institutions are remarkably well resourced. They have significant legal and compliance functions and they're able to staff with their pick of people coming out of law enforcement, military intelligence or regulators,” he says.
Technology-led reform
Technology-driven processes have also transformed reporting. “Maybe 20 or 30 years ago, banks could more reasonably say, “well, there’s only so much we can do”. Now so much is done electronically that whilst it does impose obligations on banks, “a lot of it is done on an automated basis and then it is escalated up,” he says.
Sometimes overreporting is the problem, Cary says, especially in cases of suspicious activity reporting, which has led to many bank customers suddenly having their accounts frozen, often at huge personal detriment. “Having been told by the authorities ‘you need to report suspicious activity’, banks have become overly sensitive, reporting everything because they feel that's the best way to avoid any liability,” says Cary.
Then the authorities have to deal with thousands of reports, many unnecessarily, that hamper regulators’ ability to identify what is most important for the purposes of stopping corrupt payments or money laundering, he adds.
Ongoing efforts to look at the suspicious activity reporting regime are, he says, “long overdue”. “But overall, personally,”, he says, ”I don't think the [regulation] pendulum has moved so far that it's becoming too difficult for financial institutions.”
Paul Pisano, UK Financial Crime Director at Aviva, also backs “strong legislation and regulation” as “essential in leading financial services markets like the UK”, and “vital” for consumer protection.
“The rules are the same for all, so it is incumbent on financial organisations to implement them in a way that ensures that the appropriate consumer protection is in place while also ensuring that processes are smooth and efficient for customers,” he says.
Other legislation
Financial institutions are keen for others to share the burden, however. When the Department for Culture Media and Sport announced it would include paid-for advertising in the Online Safety Bill14, the financial sector sent out a flurry of press releases praising the move many had lobbied hard to see enacted.
“Financial services businesses have invested huge sums to help protect customers and consumers…but there were no repercussions for social media platforms on which the fraudsters advertise,” says Debbie Barton, financial crime prevention expert at wealth manager Quilter.
The Online Safety Bill will ensure technology companies face a new legal duty to tackle harm caused as a result of fraudulent content on their platforms. “We hope it will go some way to easing the burden on UK financial institutions that have effectively helped to police social media platforms that are akin to a wild west when it comes to consumer harms,” Barton says.
Achieving a complete balance of how little regulation financial institutions want to be tied by, versus how much regulators say is needed, may never be possible to keep both sides happy. Better application of the current rules, by both sides, would be a start.