Exploring vulnerabilities in the financial market

Data misappropriation, money laundering, damage to reputations, and increasing cyber activities are challenging the managers of both large and small financial institutions - especially as stricter compliance with and implementation of the Swiss Anti-Money Laundering Act (AMLA) is required. Depending on the circumstances, the new audit procedures to regulate the new AMLA could cost the economy dearly.

"Criminals appreciate the Swiss banking center."

"In the case of two companies with the same number of clients but different levels of complexity, the company with the more complex cases may incur two to four times higher supervision costs, as the examination of a dossier is correspondingly more time-consuming," states the "Explanatory Report on the Consultation Draft" of 1 June 2018 (see info box on the right) on the "Amendment to the Federal Act on Combating Money Laundering and the Financing of Terrorism".

Moreover, the costs of supervision are higher in highly automated business areas (e.g. in the area of payment systems), where entire IT systems have to be audited, than when manual controls are involved. Ominous money, such as black money or bribes, also circulates between legitimate money transfers. Identifying such illegitimate money transfers is and will remain the be-all and end-all for compliance officers, in addition to technical upgrades. Financial experts advocate the correct implementation of a transparent financial business model, but also alarm systems for anti-corruption officers. However, what are the current

Weak points are pointed out by an experienced "Regu latory & Compliance" expert, and how could one arm oneself against various, irregular business and crimes?

International need for action
The state wants to make financial intermediaries more accountable through regulation: They should take on a preventive role by checking the parties involved and the origin of new funds more comprehensively. This is no easy task, especially as new technologies and digital currencies play into the hands of criminals and cross-border money flows are becoming increasingly difficult to trace. "On the other hand, regulation seems reactive on the one hand, as it lags behind technological developments. On the other hand, some banks have deficits in their risk approaches and IT infrastructures," says the new study "Clarity on Financial Crime in Banking" by KPMG, which surveyed 50 Swiss banks on the challenges they face in the fight against organized crime and money laundering, as well as on the regulatory framework.

"As an international financial centre, Switzerland is exposed to major risks from financial crime. The danger is exacerbated by outdated transaction monitoring systems, inadequate identification efforts (KYC, short for "know your customers") and poor definition of risk appetite," explains Pascal Sprenger, Partner at KPMG Switzerland in the Financial Services practice.

The co-author of the study provides insights into sensitive compliance areas and explains why private banks, for example, are increasingly "struggling" to assert themselves on the international market. In an interview following the study, Pascal Sprenger points to existing megatrends: "Criminals actually value the Swiss banking centre for the same reasons as good bank clients. The Swiss financial centre has been established for decades and operates across borders, it is highly pro fessional".

As a result, more and more financial services are being offered and there are major changes in legal certainty. "Global regulations and nationalizations, such as the new Brexit negotiations, are crossing the compliance adjustments of Swiss financial institutions," explains the KPMG insider.

Problem of different risk classification
For some time now, there have been calls for greater transparency regarding the economic eligibility of financial intermediaries. In 2012, the Financial Action Task Force (FATF)

"Private banks are showing more and more difficulty in holding their own."

The revision of the 40+9 FATF Recommendations has pushed through the risk-based approach. However, such regulations on the identity of beneficial owners will make many things more complex. The requirements relating to "politically exposed persons" (PEPs) have been expanded and are also mandatory for domestic PEPs.

Since December 2013, for example, tax offences have had to be recorded as "predicate offences" to money laundering in order to implement the FATF recommendations revised in 2012. According to the bill, the main changes are as follows:

- Alternative to the cash ban

In future, if traders accept more than CHF 100,000 in cash, they will also be subject to money laundering due diligence obligations (otherwise the transaction must be carried out via financial intermediaries). A limit of 100,000 francs will also be introduced in the case of exchange rate increases (in contrast to lower cash limits in Sweden or Italy).

- Transparency of bearer shares

Anyone acquiring bearer shares in a company whose shares are not listed on the stock exchange must notify the company of the acquisition and identify themselves. The company must also keep a register of the holders.

It is also mandatory to identify the beneficial owners (owners of 25 percent or more) of operationally active legal entities. But how do current compliance officers such as Pascal Sprenger assess the banks' transaction monitoring systems? Sprenger: "Our study shows that only 12 percent of financial crimes are identified by the existing transaction monitoring systems. For 11 percent of the financial intermediaries, one of the biggest challenges in the last two years was dealing with too many false hits in the monitoring systems. So for the amount of work the systems cause, they are comparatively inefficient."

Switzerland is not a good place to launder money per se. "For example, you can't set up an AG in Switzerland as easily as you can in certain off-shore destinations," the expert continues, adding that there are "various levels, such as embezzlement or money scattering, that money launderers deliberately fake. Today, there are good technical systems per se for detecting illegal transactions, but they are of no use to anyone if they are not optimally calibrated to the risks of a bank".

Pascal Sprenger, Financial Services (Regulatory & Compliance) at KPMG: "To be able to set up compliance systems efficiently, a business model should never resemble a 'general store'. You need to clearly define what is and what is not a given.

More targeted engagement in prevention
The reasons why there are so many deficiencies and such a low detection rate in the area of financial crime vary, according to "Clarity on Financial Crime Banking", an 80-page study that also includes interviews with well-known compliance experts in the Swiss financial world. For example, experts such as Gemma Aiolfi, Head of Compliance at the Basel Institute on Governance, give their views.

Eighty-three per cent of the banks surveyed in the study have been affected by some form of financial crime in the last three years. Seven out of ten organized crime groups typically operate in more than three countries, Europol sources reveal. Compliance insiders know: Transaction monitoring is still only effective in individual areas. In addition to the fact that not all banks are equally well equipped against financial crime, KPMG also stresses that many more areas and services in the financial sector need to be monitored more stringently.

This includes not only supervisory controls via FINMA, but also inappropriate procedures in the HR area (e.g. restructuring measures and information and employee security).

Inappropriate or too one-sided investments in compliance, IT security and other identification processes tend to be counterproductive, according to KPMG.

Pascal Sprenger: "Commitment is central to all activities in the financial sector". Banks are investing in personnel, but also in more and more automated technologies. KPMG is convinced that investing more money "blindly" in this area would not bring much added value. Clear structures and processes are needed, as well as more regular internal and external reviews, to ensure effective compliance.