KYC & EDD - Ethical Due Diligence.

I haven't shared on here for a while, I've had other things going on, and can admit to being a bit lazy as well. I hope people are doing okay during this crazy time, and staying as safe as possible despite the nonsense being spewed by the all the govs.gov.

So, let me say firstly, that having been involved in a few due diligence/know your customer (KYC) teams, I think it's one of the areas in financial crime compliance that banks and financial institutions have been reasonably successful at (parameters subject to terms and conditions). The reality is that there is only so much that can be done, both in terms of the power held by these teams and the technology entrusted to assist in the process, but from my experience, within the anti-financial crime teams (I'll use the term 'AFC teams' to cover the various specialisms including KYC, AML, sanctions, anti-bribery and corruption (ABC), tax, environmental risk, reputational risk and transaction monitoring, etc) there has been a real will to make a difference, progress and succeed, there are a couple of 'buts' though, obviously.

The first 'but' is as mentioned, these teams only have a certain amount of power, they will always be at the mercy of profit, despite the scandals, despite what we want to believe, enough said.

The second 'but' is one I have witnessed over the years, first hand, in the media, and actually in a very recent conversation, is that, the framework of progress and success isn't entirely aligned with what I/many of us expect. What I'm looking for is the adoption of an ethical stance to financial crime due diligence, which is very much lacking and is an area of oversight that can very quickly betray the perceived tone from top, if there is one. One might think it's quite obvious, that the work we do by definition, anti-financial crime, is what it is, and naturally the impetus or at least some focus might be on actually relaying the message that we are fighting financial crime. This in turn builds a solid moral grounding, you don't have to go around shouting about it, but when the questions of right and wrong arise, there should be a certain understanding, a realisation, a gut feeling, a blip on the radar, not just a deference to policy or an already misguided colleague. Granted it's difficult in large organisations, actually it's not if you want to apply it, if it's seen as important. But then, do the banks really want their staff to be thinking ethically...

My Ethical Due Diligence title is a play on Enhanced DD, which is when identified risk factors call for further information and documentation to be requested from the entity or individual being KYC'd. I know Ethical DD has been used in other contexts, humans rights and m&a, but what I mean is that the customer due diligence and enhanced due diligence frameworks that oversee the KYC process need to be injected with an ethical substance. It's what the whole tone from the top thing is about, whatever the tone is it should resonate at all levels and be present. When the bank is full of crooks, and they're all making loadsa money, it's possible that no-one talks about it, they all just know what they've gotta do, and it resonates, and everyone is successful and happy, until they get caught. It should be the same for due diligence in an ethical context.

For those bankers who aren't aware, ethics at its simplest is a system of moral principles. They affect how people make decisions and lead their lives. Ethics is concerned with what is good for individuals and society and is also described as moral philosophy. The term is derived from the Greek word ethos which can mean custom, habit, character or disposition. So yeah, remember that.

The inspiration for this post is a recent discussion I had with someone who worked in the KYC department for a major bank (1), they stated that even when studying for a professional qualification in AML/KYC, they questioned what they were learning as it was beyond what was required in their role. They looked at the study material and thought, 'what is the point of this, I don't have to do this at work'. This indifference was the result of a certain mindset that was prevalent in the institution in question. And it led to a dismissive approach and lack of connection between the internal (within the bank) and external (global fight) approaches to customer due diligence. Along these lines an analyst might not be engaged, invested in, or possibly even interested in the actual reason that customer due diligence is taking place. This kind of underlying ethos can go unaddressed and become toxic. It sounds a bit dramatic, but it is a kind of corruption of a system when the ethical and just reasoning behind an action is forgotten, and all the focus is on profit, meeting targets and simply ticking boxes. Many a scheme and scandal will have profited operationally and financially from this kind of environment. And in reality, behind the schemes and scandals there are real victims, people whose money is stolen, lives are ruined, or who exist in perpetual dire straits.

While it could be just an ignorant individual in question, in this case it was not. The viewpoint was created in part by an 'it's not in the policy' culture, where the KYC/CDD policy of an institution is taken as the law and rarely questioned. I was surprised to hear this still happening, though I shouldn't be, it's different to hear it from someone rather than in the media or on LinkedIn, after all the fines, and billions spent on financial crime compliance. Where a risk-based approach is encouraged by JMLSG et al, often this is only used in one direction, to agree upon reducing the risk profile of a client. If you go above the policy, it might be frowned upon, "why are you going above the policy", "we don't need to this", or "you are wasting time". But the times when you go above and beyond, especially with a rational premise, are the times you are going to uncover something dodgy and even if you don't, you're encouraging an ethical approach, imbuing a culture and more importantly, actually investigating potential financial crime. Often, not always, a certain type of integrity is missing from the equation, and everyone is too busy to notice, that's when things go wrong. And they commonly do.

I think it's also forgotten, without the right tone and culture, that though we are protecting the institution and it's clients, we are also looking for real criminals and crimes being committed, or links to potential crimes. Sure, in the initial phase it's not exactly a proactive pursuit to find a nexus to any crime, but it can develop into that. And that should always be on the mind of the analyst. The onus on targets and performance indicators can obscure the view, and is a real challenge for doing actual due diligence. The targets and milestones that in place are of course important and need to be met, but priorities should encompass both ethical integrity and performance. And to be perfectly honest, I expect more from those who work in the various anti-financial crime departments, than I do from sales teams and other business lines. Every manager has operations to oversee and targets to hit, they shouldn't have to be worried about the lack of moral values in their team, but if someone forgets to bring it up, it will be forgotten. I will guarantee you that a team with a well managed ethical risk radar is going to serve a company better, and the fight against financial crime better, than a team without one. Can I prove it, not right now, but I bet you my bearer shares...

If a bank wants to invest in the ethical approach and do the job right, then the points I'm making will be a useful guide, that's the issue though, do they really want to do it right. We've heard it before, but in the end is the spending on compliance the smokescreen to satisfy the regulators knocking on the door? Are the fines budgeted for and everyone is just waiting for the next scandal to pop-up? Are we just waiting for another ride on the merry-go-round?

Maybe I'm asking for too much, but I think encouraging AFC teams to learn about the real fight against financial crime is pretty reasonable. I'm not saying it's prerequisite to building a successful AFC related team, who knows, I haven't got the data. But from my experience, I know that the people who have been interested in the bigger picture, who are invested and interested, they are quite simply better at their job. Now better might be subjective here, is someone who meets targets better, or is someone who is more knowledgeable better? I guess the team might be mixed and it a balance of both kind of people is required depending on the scale and focus of the team, but this is a tangent and that's the end of it.

I've covered ethics before in the context of technological advancements in the financial crime space, and tech in general. Ethical due diligence is really not something that needs to be 'out there' and labelled if the institutions take responsibility for their approach to due diligence and ensure there is an element of ethical consideration present. As my earlier example/story shows and the many headlines do too, these things are real, they happen. And there is a reason for them happening.

So, what are the crimes we might uncover, or disrupt. Let's have a look at predicate crimes as per the EU 6th Money Laundering Directive (6MLD). This table is an example of the predicate crimes recognised in 6MLD, and these are things we are looking for when we conduct client due diligence and know your customer processes.

2) Source - Comply Advantage

It's a pretty long list of horrible things, it has been in place a while, with additions over the years. There is a point of naming the predicate crimes like this, it's to make the connection between AML efforts and the real world, not only for law enforcement on the prosecution side of things but on the investigations and realisation sides too. These are real things that unfortunately go on everyday, and if you work in an AFC function you might end up discovering one of them, helping stop one of them, stop the funding of one them, or the paying for services provided, or catch an affiliate, or a banker or lawyer facilitating bad things. At the end of the day it is up to the staff, you can't force them to care, you can only provide an example and some guidance. Of course different teams will have varying exposure to the risks, or remits of research, but every team should be aware of this. The CDD/KYC front/first line teams are the ones that bear the brunt of the potential separation, they have the targets to hit.

Some staff members, and I've known many, won't care. They are there to do the job, that's it, and often that will do just fine from their perspective. They will follow the lead, and if the ethical seed has been planted, it will be present and they'll have a lead to follow. If it hasn't then, if everyone just falls in line behind the 'it's not in policy crew', then there might be a problem. What if someone does mention it, if they do empower their staff with the message that, not only are you here to learn, build a career, connections, make friends, a successful life with the chance of creating wealth for yourself and your family, but you can also help to make the world a better, safer place. You know, make the bank a respected pillar of society again, it sounds so far fetched that I feel some anger rising.

Anyway, my deduction is that you are more likely to find these things out, and/or deal with them appropriately if you are working (albeit remotely now) in an environment that has fostered a culture that values this nexus of ethics and due diligence. If you work for the NCA, or the FBI, you likely took those jobs because you wanted to make a difference, to do the right thing and keep people safe. If you work for a bank these things may not have been on your radar, it doesn't mean you are a bad person for it, it means that you may not have considered the link in such a serious context. And if nobody in the teams that count considers it, and doesn't empower people by sharing this message, then it doesn't exist. The bank remains the bank, and the nobody is surprised either way when bad things keep on happening and banks continue to end up in scandal after scandal.

Al.

#moneylaundering #aml #kyc #duediligence #antimoneylaundering #financialcrime #banks #basel #dirtymoney #thedirtstring #knowyourcustomer #predicatecrimes #ethics #ethicalduediligence #enhancedduediligence #6MLD #6thmoneylaunderingdirective

1) disclaimer - not the institutions I'm currently working for, all I can say is that it starts with H.

2) https://complyadvantage.com/knowledgebase/adverse-media/6amld-22-predicate-offenses-money-laundering/

3) https://www.ebf.eu/wp-content/uploads/2020/03/EBF-Blueprint-for-an-effective-EU-framework-to-fight-money-laundering-Lifting-the-Spell-of-Dirty-Money-.pdf