Posted: 17th November 2017
The National Risk Assessment (NRA) is the UK’s second report since 2015 on money laundering and terrorist financing covering key industry areas.
The NRA 2017 will serve as a basis for assessing the risks of money laundering and terrorist financing, and demonstrates the UK’s proactive approach ahead of the Financial Action Task Force (FATF) mutual evaluation in 2018.
The NRA highlighted some key findings:
- High-end money laundering (HEML) and cash-based money laundering remain the greatest risks
- New typologies have emerged, such as laundering through capital markets and technology exploitation, although they appear less prevalent than known and established risks
- The accumulation of low levels of laundered money remitted overseas with sophisticated methods that include the manipulation of retail banking and money transmission services was noted
- Cash and cash-intensive sectors are a preferred method for terrorists moving low-level funds through and out of the UK using retail banks and Money Service Businesses (MSBs)
- Professional services are a crucial gateway to disguising the origin of fund
- Reforms have been made to tackle the abuse of professional services; improving law enforcement response and corporate transparency and enhancing public-private relations
Legal, regulation and law enforcement framework
The report recaps crucial milestones in the regulatory landscape since 2015, i.e. the Fourth Money Laundering Directive; Money Laundering Regulations 2017; the Criminal Finances Act 2017; creation of Office of Financial Sanctions Implementation; an overview of the 2016 Action Plan and the upcoming Sanctions and Anti-Money Laundering Bill and FATF mutual evaluation.
Money laundering threat
A significant amount of criminal proceeds have been generated by serious and organised crime through fraud and drug supply.
The true scale of fraud and tax evasion is difficult to assess, and there remains an intelligence gap here as a result of under-reporting and non-reporting due to a lack of knowledge by victims. There is estimated to be 1.8m computer misuse offences and 3.4m fraud incidents, with 57% cyber-related. The new National Cyber Security Centre focuses on more collaboration with industry to prevent cybercrime.
Overseas organised crime and corruption is a risk to the UK. Thinktank Global Financial Integrity estimated that China and Russia lost the most to illicit flows, with $1.39trillion (China), and $1.04trillion (Russia) lost from 2004-2013. Both have made steps to strengthen their respective AML regimes. Firms are encouraged and reminded to take a risk-based approach when establishing relations in high-risk jurisdictions.
The UK and Pakistan have strong business links, and both countries are open to money laundering and terrorist financing, undertaken via MSBs, cash smuggling, front businesses, trade-based money laundering and property.
Nigeria is considered the largest recipient of UK remittance, with $3.8bn. Anti-Corruption is a priority for the Nigerian government who have made significant progress. The UAE is an attractive hub for legitimate business, but there is exposure to cash-based and trade-based money laundering. Hong Kong is an important partner in tackling the threat of illicit transactions that provide a gateway to mainland China.
Terrorist financing threat
The terrorist threat level is at ‘severe’ although increased to ‘critical’ following the recent attacks. Terrorist financing activity in the UK has usually been low-level, with no large-scale funding activity detected. Typical funding methods used were self-funding, fraud, moving funds through MSBs and carrying cash out of the country.
There has been no significant shift in the banking sector, which remains at high risk of money laundering and low risk of terrorist financing. Retail banks have the highest exposure due to the increasing speed and volume of transactions. Money mules and their bank accounts are used to break audit trails and a primary way to launder the proceeds of cybercrime and fraud.
Wholesale banking and the risks of correspondent banking are exposed to greater numbers of high-risk clientele, and large-scale de-risking has become an increasing concern.
Wealth management and private banking is graded high-risk, with an increased exposure to politically exposed persons (PEPs) and tax evasion. Ineffective AML systems and controls and poor management of high-risk customers all contribute to the risk.
The insurance sector faces challenges with fraud and kidnaps for ransom from a terrorist finance perspective. However, the risk remains low for large-scale money laundering and terrorist financing.
The supervision issues of 2015 regarding bank compliance remain largely unchanged. Among the contributory issues were weak governance and risk assessments, poor IT and management of transaction alerts, source of funds identification, foreign PEPs and certain correspondent banking activities. The drivers behind poor compliance are underinvestment in the areas of resourcing and infrastructure, as well as weaknesses in governance and legacy systems.
Financial technology (FinTech)
‘Fintech’ covers a wide range of financial services and products. The riskiest were noted to be e-money, digital currencies, and crowdfunding. The link between digital currencies and cyber-enabled crime is likely to increase. Legacy systems pose operational challenges, but firms can mitigate risk using RegTech developments, such as software which can better verify customer identity.
Accounting and legal services remain at high-risk, due to their appeal to criminals with disguising funds and providing credibility.
Trusts and corporate structures are used for HEML, but it is difficult to gauge the extent of laundered money laundered through corporate vehicles. It is considered high-risk due to criminals’ ability to launder through the UK to overseas corporate structures. Property abuse is regarded as medium risk with estate agent’s services at a low risk.
Cash is inherently high-risk due to its anonymity. MSBs remain high-risk due to remittance of cash and are regarded to have low regulatory compliance.
Non-profit organisations were assessed for the first time and graded low risk. Although the gambling sector was also low risk, the Gambling Commission highlighted that non-remote services carry a higher risk. High value dealers are viewed as low risk due to a limited ability launder large sums of money.
Considerations for firms
Overall, there have been no significant changes to the trends observed since 2015’s NRA. However, this consistent outlook could create the risk of complacency amongst businesses. Importantly, the risks have not decreased and continue to pose a significant threat to the UK economy.
We are in a technological age where crime develops as we innovate, and this, along with the issue of under-reporting makes it difficult to analyse the true extent of the challenge. This is particularly true in relation to fraud and cybercrime. Firms must consider the risks outlined in the NRA when conducting their own risk assessments in order to be confident that their controls are tailored to manage changing or emerging threats.
Customers continuously expect innovative products and services that offer convenience and speed, particularly in payments. However, criminals are attracted to these same benefits to launder money and finance further crime. Firms that embrace technology and are stringent in their governance arrangements and control environments will go some way to withstanding the criminal threat. Maintaining a contemporary view of the nature of these threats and understanding how the business must react to them continues to be paramount.