Why money laundering, fraud and human error make compliance and risk management so costly
Firms and organisations face real and immediate risks when they’re caught by regulations around financial crime and payments. Professional service providers - such as accountants, lawyers and payroll companies - are on the firing line.
For them, little praise is given when compliance and risk management is done right, but all hell breaks loose when something goes wrong. Disciplinary action, reputational damage, malpractice claims, and even criminal charges. You name it.
When the stakes are that high, it's unsurprising why payment processes are so challenging. But what exactly are the risks and why do they create huge costs?
Money laundering
Money laundering is an enormous problem. It’s estimated that it costs the UK £100 billion annually and, globally, around $2 trillion (or 2-5% of global GDP).
In UK real estate alone, around £4.4 billion worth of property is owned by high risk individuals with suspicious, unexplained wealth or corruption ties.
And while banks provide the means to transmit laundered funds, businesses and professional service providers are on the front lines trying to stop it before it starts.
Regulators / law enforcement rely on these organisations to be vigilant against money laundering threats, but poor controls and lack of proper compliance frameworks remain far too common across all sectors. Most notably:
From 2017-2018, almost 50% of businesses subject to a compliance review by HMRC – the AML supervisor for estate agents, trust and corporate service providers, and accountants – were found to be ‘non-compliant’.
The FCA’s 2019 thematic review of 19 firms found some remained unaware of money laundering risk through capital markets.
The SRA’s number of AML-related enforcement actions against lawyers has steadily increased over the past 5 years.
Just 1% of suspicious activity reports filed to the NCA are reported by law firms, estate agents, accountants and corporate service providers (which may suggest that firms are detecting and stopping suspicious activity before a SAR is required, or firms are not properly trained to know when/if to report, or both).
Even with improvements in controls and frameworks, money laundering compliance will always be a moving target. Regulators will continue to push stringent obligations to fight this form of financial crime and organisations need to keep up.
And while there are many AML tools available that help perform checks faster and gather public and private data, much of the work around monitoring and analysis remains manual, costly and time intensive. That’s simply not going to work when operating at scale. And as the recent introduction of the Economic Crime Levy suggests, enforcement and the cost to comply are only increasing.
Bank account verification
We’ve previously talked about the problem of APP fraud in the UK, and how this affects requirements and processes around account verification.
The UK is losing an average of £450 million each year to this kind of fraud, and independent verification of bank details is an absolute must if there is to be any hope of preventing this fraud.
Professional indemnity and cyber insurers are wise to this, and have been pushing businesses - especially professional service providers with client accounts – to have robust checks and controls around bank verification. In some cases, underwriters may not pay out claims if such checks and verifications are not properly evidenced.
To date, most (if not all) of account verification checks are manual. Some verification technology is available (e.g. Confirmation of Payee), but these are broken solutions. This will remain a challenging and time-consuming area of compliance if not addressed with the right kind of technology.
Payment initiation
For most, initiating payments requires manual entry of verified payment details into finance systems. This manual entry creates risk of 'fat finger' errors.
Four-eyed checks and robust controls help prevent these errors, but they take time and cannot (and should not) be rushed. Doing so, especially when faced with a high volume of payments, leads to mistakes.
When they happen, mistaken payments can be an administrative nightmare to fix. For Faster Payments, assuming the unintended payee gives the money back, it can take 20 working days for banks to reverse the payment. Add the time it takes to file the necessary reports and paperwork with the bank(s) and regulator, plus all the emotional stress caused to the client or beneficiary, the ultimate cost is prohibitive.
For larger payments on high value transactions, mistakes can be catastrophic. The $900M Citigroup Revlon loan repayment error is probably the highest profile example of a simple clerical back-office mistake gone horribly wrong. Anything less than that still has the potential to bring a business to its knees, embroil parties in years of litigation, incur heavy fees and there still be a chance of never getting the money back.
What conclusions to draw?
There are a few:
There are real and immediate risks when it comes to handling payments.
These risks justify the need for strict compliance obligations to safeguard money and protect the integrity of businesses and professional practices.
Meeting payments compliance obligations is largely a manual endeavour that requires multiple processes (AML, account verification and payments initiation) being integrated and maintained across an entire organisaion. This comes at a heavy cost.
Current solutions only work as isolated tools tackling specific tasks within these processes.
A new kind of solution that automates processes, integrates data and provides contextual insight is needed for any organisation looking to successfully operate at scale.
As payments go digital, so must compliance. At Lucra, we’re working on delivering just that.
Alan Schweber is the founder and CEO of Lucra. Previously, Alan was a debt finance lawyer at Kirkland & Ellis LLP.