Remarks on the Global Fight Against Financial Crime - Director General Derville Rowland

Opening remarks delivered at London City Week panel discussion on the Global Fight Against Financial Crime

Thank you to London City Week for inviting me to participate in this panel discussion on the Global Fight Against Financial Crime.

The Central Bank of Ireland’s role in the global fight against financial crime is driven by its mandate as the competent authority in Ireland for ensuring the effective monitoring of credit and financial institutions’ compliance with their AML/CFT obligations. In this regard, the Central Bank’s Anti-Money Laundering Division is responsible for supervising approximately 10,000 firms across a wide variety of sectors from large retail banks, commercial banks, funds sector to payment remitters and retail intermediaries. With such a diverse cohort of firms to supervise, the Anti-Money Laundering Division must by necessity apply a risk-based approach to supervision with those firms presenting the highest ML/TF risk receiving a proportionately higher level of oversight than those with a lesser ML/TF risk profile. 

In addition to our role as the competent authority for AML/CFT supervision, the Central Bank is deeply integrated in the European and International AML/CFT Supervisory System. The Central Bank is an active participant at the Financial Action Task Force (“FATF”) and sits on the European Banking Authority’s Anti-Money Laundering Standing Committee (the “AMLSC”). 

Financial Crime and the flow of illicit funds contribute to and sustain serious societal harm, including drug dealing, terrorism, and modern slavery.  It also threatens financial stability, and recent money laundering scandals have shown that the current framework to fight financial crime and money laundering is not as effective as is desired.

Given the scale of the challenge faced by regulators and law enforcement agencies in battling financial crime, especially in this time of unprecedented uncertainty, it would be easy to feel deflated. However, a number of recent developments give me cause to be positive about the global fight against financial crime.  The first and potentially most significant development is the EU Commission’s recently published AML Action Plan. It is not just the content of this plan, which I will discuss in more detail later, that is important but of equal if not greater importance is that the publication of the Action Plan marks a move towards a more coordinated and cross border focus on the fight against money-laundering.  Given the borderless nature of money laundering and the effects it can have across multiple jurisdictions there is no doubt in my mind that if we are to successfully fight financial crime we must act in a coordinated and cooperative manner. While there is no doubt that achieving all that is in the Action Plan is an ambitious goal it is beholden on all of us involved in the fight against financial crime to be brave and ambitious in order to deliver for society as a whole. The Action Plan has the undoubted potential to strengthen our collective defences against financial crime and to deliver measurable improvements in the European AML/CFT Framework. In this regard, there are two particular areas of the Action Plan, namely; a reinforced single-rulebook and a single European supervisor that I believe if implemented correctly will significantly improve our ability to fight financial crime.

Turning in the first instance to the proposal for a reinforced single rulebook. There is no denying that current EU AML rules are far-reaching and comprehensive in nature, however, there is clear evidence that the effectiveness of these rules is undermined by their inconsistent application across the Union. In my view, the development of a single rulebook by means of a directly applicable Regulation will result in greater consistency and deliver much needed regulatory clarity to, and a level playing field for, businesses that operate across the Union. Undoubtedly a European Regulation which addresses issues such as the types of obliged entity subject to AML/CFT obligations, Customer Due Diligence (CDD) requirements, internal controls, reporting requirements, as well as obligations in respect of beneficial ownership registers and bank account registers would result in more clarity, both for supervisors and the financial services industry. 

In addition, bringing so called Virtual Asset Service Providers, or VASPs, within the scope of the AML Directives in line with the FATF standards is necessary and to be welcomed.

Similarly, the proposal to insert clarity into the existing framework on how AML/CFT rules interact with other pieces of financial services legislation such as the Bank Recovery and Resolution Directive, the Deposit Guarantee Schemes Directives, and of course GDPR is extremely important. I believe that a clear legislative statement is required in order to ensure that compliance with AML/CFT requirements, is not negatively impacted by a lack of clarity in respect of the interaction between the GDPR and the AML rulebook. 

 The Commission has also identified the need for a reinforcement of the obligations on prudential supervisors to share information with AML/CFT supervisors – this is of key importance, given that in the recent Banking money laundering scandals there were ML red flags present – not least non-euro, non-resident accounts that generated a disproportionately high level of profits – however these are not the type of red flags that prudential supervisors are traditionally trained to look for.  A better flow of information between prudential and AML supervisors can result in money-laundering being identified and stopped in early course. 

Under the present European AML/CFT framework, despite the existence of a European Directive, each individual Member State is responsible for the manner in which AML/CFT rules are supervised and enforced in their jurisdiction. The inconsistency that this framework facilitates results in gaps and loopholes in the European AML/CFT framework, which are exploited by criminals.  The establishment of a single European AML/CFT Supervisor will deliver a consistent application of the rules and eliminate gaps that can be exploited by criminals.  An issue which has generated much discussion recently is the scope of any EU level supervisor.   My view is that in line with the risk based approach to AML/CFT supervision, an EU level AML/CFT supervisor should target those entities that pose the greatest money laundering and terrorist financing to the Union and therefore in the first instance any single supervisor should focus on the financial sector.  However, the non-financial sector or DNFPBs have consistently been called out by FATF for weaknesses in their AML/CFT frameworks and it is also very apparent that the supervision of the non-financial sector in many Member States is less than satisfactory. Therefore, it would appear to make sense to carefully analyse the means by which EU level supervision could, at least eventually, encompass the non-financial sector. 

Moving away from the specifics of the Action Plan no conversation on AML/CFT can be meaningfully had without a discussion on data and how it can assist in the fight against ML/TF.  From identifying criminal transactions to providing information vital to the assessment of a senior executive’s fitness and probity, data gathered by industry and regulators alike is invaluable. To unlock the potential in this data, and notwithstanding the challenges it presents, it is necessary to facilitate the effective and timely sharing of this data. Financial regulators and experts alike have long been pointing to the need for financial institutions to share information to combat global criminal networks. There have been a number of initiatives at a European level designed to enhance cooperation and the sharing of information e.g. AML/CFT colleges, the requirement for EU AML/CFT Competent Authorities to share information with the ECB/SSM and the development by the EBA of a central database of AML/CFT findings from all Member States. While all of the developments in information sharing between National Competent Authorities and EU Authorities are very welcome, the fact remains that it is often the data held by credit and financial institutions as opposed to regulators, that is most useful in the detection and prevention of financial crime. While of course firms are required to report suspicious activity to national FIUs, reports of suspicious activity would arguably also be very useful to other market participants, particularly when onboarding new customers. It is acknowledged that challenges remain to financial institutions sharing this information within the current legislative frameworks. The EBA has recognised the need to facilitate this kind of information sharing between market participants in its recent response to the EU Commission’s Call for Advice.  Despite these challenges resources need to be expended by all involved in the fight against financial crime to find solutions that allow for the sharing of information, thus creating a richer dataset to (a) identify suspicious transactions and (b) to drive decisions to prevent illicit funds entering the financial system in the first place.

The issue of sharing information brings me to my final point on the fight against financial crime which is the area of new technologies. Of course, as regulator, I recognise that advancements in technology can bring both major benefits and significant risks. One such benefit is that the burgeoning privacy enhancing technology has the potential to convert sensitive customer information into anonymous or pseudonymous attributes could eventually present a solution to the sharing of sensitive and private information between market participants.  It must at the same time be acknowledged that this same privacy enhancing technology is what creates the enhanced money laundering and terrorist financing risks that emanate from virtual assets. Any discussion on the potential of new technologies in combatting global financial crime would not be complete without referencing digital identities. Since the onset of the Covid-19 Pandemic, there has necessarily been more reliance on remote on-boarding and the increased use of nonface-to-face delivery channels for financial products and services. The development of digital ID that will be acceptable across the Union is the Holy Grail and is something that many Member States are currently grappling with. In order for this to be achieved challenges in respect of data privacy, security and Member States’ willingness to accept each other methods for verifying identity must be overcome.