When the Financial Action Task Force (FATF) disclosed in June that Pakistan would remain on its list of jurisdictions under increased monitoring, critics of the decision responded with a question: is the intergovernmental watchdog’s criticism of Pakistan largely political?
Such an argument may seem, at least superficially, to be borne out by the facts. After all, critics noted, Pakistan completed 26 of the 27 steps required of it under a 2018 FATF action plan. After praising Pakistan’s efforts to date, FATF in June called on the nation to take six additional steps, including enhancing its international cooperation on financial-crime investigations, stepping up its prosecutions of money laundering, and ensuring that designated non-financial businesses and professions are properly supervised and penalized for noncompliance.
The imposition of additional requirements, critics argued, served as further proof that the Paris-based organization had been politicized against Islamabad.
“FATF is now clearly being used as a political tool against Pakistan,” one former Pakistani ambassador tweeted in June. “Pakistan is doing far better than even many 39 members countries. Shifting goalposts for Pakistan is simply shameless.”
Yet a closer review of the facts reveals that FATF’s decision is more nuanced and complex than critics would have it.
Getting off the ‘grey list’
For a clearer understanding of the decision, we must first look at how other nations fare on the “Jurisdictions Under Increased Monitoring” list, otherwise known as FATF’s “grey list.”
Botswana, for example, also agreed to strengthen its anti-money laundering (AML) and counterterrorism financing (CFT) regime in 2018, and by June of this year had “substantially completed its action plan,” according to FATF. Despite such progress, the watchdog organisation did not remove Botswana from the grey list, citing the need for an onsite assessment to verify that the implementation of the nation’s Anti-Money Laundering and Countering the Financing of Terrorism reforms “has begun and is being sustained, and that the necessary political commitment remains in place to sustain implementation in the future.”
Another example is Panama, which committed to a FATF action plan in June 2019. Although the Panamanian government fulfilled some of the obligations required of it under the plan, including stepping up its oversight of money remitters and increasing its usage of financial intelligence to launch money-laundering investigations, FATF not only kept the Central American country on the grey list but also advised it to take “urgent action” to comply with the remainder of its commitment.
Such examples make clear that progress alone doesn’t guarantee removal from the grey list.
FATF’s decision to keep Pakistan on the grey list could arguably be justified by the findings of its regional, sister organization, the Asia/Pacific Group on Money Laundering (APG), which in a 2019 mutual evaluation report cited significant shortcomings in the nation’s AML regime.
But FATF’s 2018 plan, by contrast, largely cited a wide range of prioritised CFT issues, focusing on Pakistan’s need to implement effective regulatory and prosecutorial measures to combat terrorist financing—the one technical commitment that Islamabad has yet to fulfil. Because FATF requires that jurisdictions address all or nearly all of their obligations under an action plan, the decision to keep Pakistan on the grey list is reasonable.
Pakistan also has other hurdles ahead, particularly when it comes to effectiveness.
Although Pakistan’s second follow-up report concluded that it was compliant with FATF Recommendations 14, 19, 20, 21 and 27, and largely compliant in recommendations R.1, 6, 7, 8, 12, 17, 22, 23, 24, 25, 30, 31, 32, 35 and 40, the intergovernmental organization also noted that Pakistani financial institutions performed identification and verification measures and ongoing due diligence duties with limited effectiveness.
The findings highlight FATF’s increasing emphasis on effective implementation over mere technical compliance and suggest that Pakistan’s financial institutions still have fundamental improvements to undertake.
Strengthening policies and procedures
For Pakistani banks, the path ahead is one that will require them to rethink how they assess their AML risks, conduct customer due diligence, monitor high-risk clients, and uncover suspicious activity. Supervisors must ensure that banks that fail to implement adequate procedures and internal controls to report suspicious activity and large currency transactions are sufficiently penalized for their compliance violations. Financial institutions must know that the ultimate penalty for serial noncompliance is one that they dare not face: suspension of their operations.
Banks must also ensure that they have fully assessed their compliance risks. Without appropriate analysis and inquiries, an assessment will not adequately support assigned risk ratings for services. Risk assessments must look to every corner of banking, including leasing, wire transfers, pouch activity, privately-owned automated teller machines, non-customer services such as cashing “on-us” checks, sales of monetary instruments, and merchant credit-card processing.
There must also be procedures in place to validate customer-risk profiles, explain significant changes in transactional behaviour, and establish parameters on variances from expected transactions. A pervasive failure to implement adequate procedures to identify high-risk customers can be a contributing factor of an institution’s inability to adequately monitor, identify, and report suspicious activity. As such, the risk-rating process must be regularly reassessed to ensure that all high-risk customers are identified.
Banks must also decide whether the use of manual processes for suspicious activity monitoring is inadequate given their customer base, geographic risk and business lines, as well as the volume, scope, and types of transactions they manage. Should they decide to make use of automated systems to monitor for suspicious activity, their monitoring programs must adequately capture the range of services they provide, including lending, trade financing, pouch activities, and check deposits. Monitoring for suspicious activity must be based on customers’ risk profiles, or the type and/or volume of transactions.
What’s more, replacing an old monitoring system in favour of a new one requires appropriate system validation and parameters testing to ensure that the new system will adequately identify suspicious activity. Procedures established for the new system must be risk-based and tailored to an institution’s customer base, geographic risk, or business lines.
Mitigating cross-border risks
When it comes to maintaining correspondent accounts for foreign institutions, banks must establish a due diligence program that includes appropriate, specific, risk-based, and, where necessary, enhanced policies, procedures, and controls that are reasonably designed to enable the detection of suspected money laundering. Due diligence programs must include policies, procedures, and processes to assess the risks posed by the bank’s foreign financial institution customers. Under the risk-based approach, compliance professionals are expected to scrutinize the riskiest correspondent accounts more closely.
Remote deposit capture (RDC) technology introduces additional risks beyond traditional deposit-delivery systems because it enables a bank’s customers to scan a check or monetary instrument and then send the scanned or digitalized image to financial institution without the need for face-to-face transactions. This raises several challenges, including but not limited to: (i) the difficulty of determining who is using RDC and which jurisdiction they are in; (ii) development of internal controls to ensure transaction data and check images are not altered; and (iii) implementation of monitoring by qualified personnel for potentially fraudulent, sequentially numbered or altered money orders or traveler’s checks.
To mitigate such risks, banks must adopt policies, procedures and controls that account for RDC technology. They must also perform periodic reviews and generate risk management reports on the AML monitoring issues associated with the implementation and ongoing operation of RDC systems and services. In particular, banks must recognize and respond to the growing use of RDC by foreign correspondent financial institutions and foreign money services businesses. Should such a deposit originate from a high-risk country or client, enhanced due diligence controls should be applied.
Pakistani banks must also monitor and report pouch and cash letter activity for receipt of large-denomination, sequentially numbered monetary instruments and commercial checks from foreign correspondent customer accounts. Likewise, they must implement adequate procedures and controls to ensure that bulk deposits received from foreign correspondent customers are monitored for suspicious activity. Should a bank employee identify anomalies in the volume or mix of bulk cash deposits, these must be brought to the attention of the bank’s Compliance or AML Investigative Services groups.
Resourcing and reviews
To ensure compliance effectiveness—one 0f FATF’s priorities in recent years—financial institutions will need to ensure that their AML programs are running as they should, with all the resources that they require.
This means implementing an independent audit program that can fully evaluate money-laundering risks and detect compliance shortcomings in a timely fashion. The scope of an independent audit needs to account for the full range of an institution’s exposure to illicit finance as well as its ability to meet its AML obligations.
But compliance isn’t a matter of AML controls alone. Effective compliance with FATF’s standards cannot be achieved without the resources to retain an adequate staff of trained professionals to review suspicious activity alerts and other red flags. Compliance professionals must have the know-how to initiate and complete investigations as well as report relevant suspicions to the authorities.
For Pakistani banks, FATF’s grey list may be an undesirable encumbrance they never hoped to encounter, but the hurdles it imposes need not last forever. With the right human and technological resources, banks can play a critical role in getting the designation lifted.
About the author: Ehi Eric Esoimeme is the Managing Partner of E-Four and AAF and a KYC360 contributor.. His published works include Balancing Anti-Money Laundering/Counter-Terrorist Financing Requirements and Financial Inclusion: The Case of Telecommunications Companies and The Risk-Based Approach to Combating Money Laundering and Terrorist Financing and Deterring and Detecting Money Laundering and Terrorist Financing: A Comparative Analysis of Anti–Money Laundering and Counterterrorism Financing Strategies. For more information on Ehi’s books, visit here.
This article is expressing personal opinions and is meant for information purposes only. The article does not intend to replace professional or legal advice. It is recommended that readers seek independent professional or legal advice, or speak to authorised persons/organisations.