Home / Crime / AML prevention lies in digital identities: the new form of money

AML prevention lies in digital identities: the new form of money

After yesterday’s post about KYC, PEPs and AML, someone said: “so what’s the point Chris?”

@FSClub not quite sure of the point you are making here. Money L bad. Hard to catch. Harder if not in official channels. It was ever thus?

— Julian Lee (@JulianDDLee) May 8, 2014


The point of yesterday’s blog was to point out the problems of catching and tracking financial crime.

Interestingly, this is not cybercrime where criminals are robbing the bank, but terrorism and drug runners who are robbing from the government.

Governments view banks as police for financial crime.

It’s an interesting nuance in our world of money.

Banks are commercial businesses but, for money laundering purposes, they are the police.

That is why governments fine banks so heavily when they’re not acting as effective police.

If banks do not effectively stop the use of accounts for criminal purposes, it is not the criminal held accountable but the bank.

That is how banks get a licence and can lose it, although I cannot think of any bank that has lost their licence due to money laundering weaknesses (StanChart sailed close in the USA).

So physical police protect our home, assets and person, with insurances to ensure that when they fail you are covered; banks protect our digital assets and ensure that society is not compromised by crime through the gains that criminals could make through money flows.

Yesterday’s blog highlighted the challenges of being the money police, heightened by the global network.

When Georgian criminal gangs use Chinese servers to harvest European consumer credit card numbers to buy goods from American websites, the physical police break down.

That’s why banks have to be at the heart of global crime, and why cover notes and sanctions tests are offered through the SWIFT network http://thefinanser.co.uk/fsclub/2008/07/mt202-cover-pay.html.

It is why we have PEP databases and KYC.

The question then is: do banks apply such rules effectively? and the answer is no.  

 Banks apply the rules as much as they feel they need to, within budget.

It was interesting that one of the regulators from the SEC was asked how much banks should spend on AML in a conference recently, and he answered: “that’s not how we look at this.”

How do you look at it? he was asked, and the response was: “we ask ‘could you have done more?’”

In other words, a bank will apply the minimal level of AML controls to meet the rules, but the regulator will ask if you did enough if the find a breach of those rules and, if not, will go after you.

That’s what happened with StanChart and HSBC.

I remember for example, that the head of compliance for HSBC told me that he had been aware of the exposures in Mexico well before they came to light.  He reported it and recommended that the bank change approach.  However, the Latin American management team were making good profits and ignored the advice.

So ti’s that balance between culture and rewards, risk and reputation, control and cost that all feed into the mix of having an effective financial crime unit.

But there are some things that are starting to change the game.

For example, we had a very interesting presentation from Joachim (Achim) von Haenisch of KYC-Exchange at the Financial Services Club two weeks ago.

Achim’s venture is to get clients to enter their KYC data into one central hub that then shares the KYC with all salient entities.

This means that you don’t need to enter KYC with every counterparty globally – sometimes you have banks that have to fill out KYC requests for every country of operations, in other words 100’s of KYC registrations – but just once and it’s shared on request, and updated through the cloud as anything changes.

That’s an elegant solution, and there are others (SWIFT is developing something similar to KYC Exchange).

But the core of all of this really is identity.

As Dave Birch puts it, Identity is the New Money.

It’s identity that is at the core of KYC and if you have effective digital identity management then the policing of financial crime should become much easier.

That’s where the solution lies.

Until banks and governments create workable digital identity schemes, the financial crime unit will therefore continue to suffer.

Go figure.

About Chris M Skinner

Chris M Skinner
Chris Skinner is best known as an independent commentator on the financial markets through his blog, the Finanser.com, as author of the bestselling book Digital Bank, and Chair of the European networking forum the Financial Services Club. He has been voted one of the most influential people in banking by The Financial Brand (as well as one of the best blogs), a FinTech Titan (Next Bank), one of the Fintech Leaders you need to follow (City AM, Deluxe and Jax Finance), as well as one of the Top 40 most influential people in financial technology by the Wall Street Journal’s Financial News. To learn more click here...

Check Also

regtech

RegTech: Brother in Arms with FinTech

During recent months, I’ve enjoyed a real ding-dong of conversations between Europeans, Asians, Americans and …

One comment

  1. There are a few KYC exchanges popping up – SWIFT are even launching their own. Which is a good idea in theory but what worries me is how infantile the cryptography is compared to what Bitcoin offers.
    I really believe the future is in a trustless network managing identity with reputation, credit, social value and other economies supporting decision making on a blockchain.
    When the cryptographers in the Information Security department tell me they could get around the KYC services that aren’t even live yet – it tells me banks aren’t thinking broad enough yet.
    http://www.ethereum.org have solved it conceptually, but are struggling to commercialise. I really don’t agree with the UK Government identity officer bloke who says the key is to give control to the consumer. You can’t ever enforce that.
    By law I already control my data, so long as it sit’s on “their” servers – be it government, corporate or otherwise – I don’t control it unless it can only be accessed with my private key and there is a really neat (think FIDO meets biometrics) way to access that data in an ambient way.
    If you know anyone building that sort of thing on a blockchain, I’d love to talk to them! 🙂

Click on a tab to select how you'd like to leave your comment

Leave a Reply

Your email address will not be published. Required fields are marked *