AML and framework change at Nordea

Money laundering and tax evasion are almost certainly as old as money itself – no sooner were the first coins struck than people started scheming how to avoid handing them over, or how to conceal the origin of shadily acquired gold and silver. Enforcement and evasion have both moved on a great deal since the state-of-the-art solution was "bury it in a hole in the ground". But the last few years have seen unprecedented worldwide efforts to improve government scrutiny and control of the flow of money through the international financial system, in order to clamp down on illegal transfers of all kinds – which, the campaign group Global Financial Integrity estimates, total more than $850 billion a year. With the 2012 decision by the Financial Action Task Force (FATF), the intergovernmental body responsible for combatting money laundering, to include tax evasion in the list of predicate offences for money laundering, these efforts will only intensify.

Several major banks have already faced severe penalties for their involvement in criminal transactions. In July 2012, HSBC faced a compliance crisis over its anti-money laundering (AML) procedures in one of its Mexican subsidiaries. The failures in those procedures resulted in several billion dollars' worth of funds being transferred from Mexico into the US. HSBC's culture was described by a scathing US Senate report as "pervasively polluted". And the allegations were so damaging that HSBC's group head of compliance David Bagley stepped down after 10 years in the role.

In December 2012 UK and US authorities imposed fines totalling $1.9 billion on HSBC, including $1.256 billion as part of a deferred prosecution deal with the US Department of Justice. On top of this, the UK Financial Services Authority also imposed a number of requirements on HSBC, including appointing a group money-laundering reporting officer and employing an independent monitor to oversee the group's compliance with UK AML, sanctions and terrorist-financing requirements.

HSBC is not alone. In August 2012 the New York Department of Financial Services (DFS) accused Standard Chartered of avoiding US compliance on around 60,000 transactions with ties to Iran, worth at least $250 billion. At the time David Kwan, director of AML product management at US technology vendor Nice Actimize, told Operational Risk & Regulation that the case underlined that money laundering had become more than a compliance issue. "Its significance has expanded to symbolise banking soundness. The DFS cited some pretty egregious acts in violation of AML and sanctions regulations. If true, it means the bank was aware of violations and chose not to address them," he said.

Recognising this trend, Operational Risk & Regulation named AML compliance as one of its top 10 operational risks for 2013.

It's no surprise, then, that Anders Meinert Jørgensen, head of group operational risk and compliance at Nordea, describes AML as "the big one". In particular, he says, awareness of AML compliance has gone up dramatically since the landmark prosecutions of 2012.

When something like the HSBC scandal happens, Jørgensen says, it's a "sweet and sour" experience for other banks. Sour because colleagues in the industry are affected and, perhaps more importantly, because the credibility of the industry is called into question, which indirectly hurts banks in general, he says. But the sweet part is because an event such as this is a tremendous help in increasing awareness of the importance of AML and regulatory compliance, he explains.

"When you see one bank being hit by a $1.9 billion fine, then it is not very difficult to explain to senior management and the bank in general that this is a serious business. It gives you a very tangible example of what the impact is of regulatory risk," he says. "Things become easier in speeding up potential mitigating actions."

Nordea had focused more closely on its AML procedures regardless of the HSBC affair, he says, but there is no denying that the incident has raised awareness – at Nordea and across the industry. Nordea's risk self-assessment process, still under way, and its own internal audit have identified that there are still some issues that need to be resolved, leading to a concerted effort to improve AML procedures.

"We have increased our efforts with AML year by year, and now we're running a group-wide project," he says. "I think where we probably were influenced by last summer's events was that we speeded up in terms of the group-wide programme that we are running, which is a mandatory programme for all employees. There we have become more aware that we need to run this probably two to three times a year group-wide."

Using the events of 2012 as an illustration of the risks of a compliance failure has given Jørgensen a significant – if possibly temporary – advantage in nurturing a better risk culture at Nordea. At present, he says, the bank is "trying to ride on the wave" of last summer's news. "We want to come out with an AML programme in the spring of this year, so we make sure we keep that alive," he says.

He describes the programme as an operational risk and compliance risk management awareness programme. The first module covers information security, the second is on anti-bribery and corruption, and the third AML. All employees are enrolled on the courses, which average a 90% participation rate.

Jørgensen points out that there is no quick fix for banks when it comes to AML issues. The complexity of implementing proper AML procedures comes from their involvement with core processes within the bank.

Those processes include signing up and continually communicating with customers – and, more importantly, handling the data gained correctly, which he says is a significant process and systems challenge. "We know our customers quite well but that knowledge is not put into systems in a structured way and I think that's a very common challenge for banks – getting this information out of the heads of customer representatives and out of the various systems that may have it and putting it into a structured system."