The EU’s Anti-Money Laundering and Countering Financing of Terrorism (AML/CFT) Proposals: What Will They Mean For Your Organisation?

In July 2021, the European Commission proposed a package of reforms to the EU’s anti-money laundering and countering the financing of terrorism (AML/CFT) rules.

The reforms propose the establishment of an EU Anti-Money Laundering Authority, a “single EU rulebook” for AML/CFT and full application of the EU AML/CFT rules to the crypto sector.

FinCrime Focus: Anti-Money Laundering will explore the Commission’s proposals and consider how they might affect financial institutions.

Transcription

Robert Bateman:

Hello, and welcome back to day two of FinCrime Global. I am your host for today, Robert Bateman, head of content here at GRC World Forums. Before we hand over to our next session, a quick reminder to use the chat function to interact with our panelists. And also you can explore perhaps in the breaks a library of resources on grcworldforums.com. There’s a lot of great free content available there for you to peruse at your leisure. So our next session is about the EU’s anti money laundering and countering financing of terrorism proposals and what they will mean for your organization. The moderator for this session is Dr. Mayya Konovalova. And I’ll hand over to her now. Mayya, over to you.

Mayya Konovalova:

Hi everyone. Welcome to the session. Thank you very much. It’s a pleasure to moderate this panel discussion as well. So as Rob pointed out, we will be talking about the latest proposal of EU anti-money laundering and counter finance and terrorism and what that would mean for your business. So our first speaker is Beata Wisnicka. She is one of the most prominent persons in the area of anti-money laundering and cryptocurrency risk management in Poland.

Mayya Konovalova:

She has been a speaker at many financial and banking conferences, and she also me managed approximately 300 million worth of cryptocurrency projects so far. So Beata creates anti-money laundering procedures, processes, and policies for cryptocurrency exchange, which is quite important for this proposal because cryptocurrency crimes are now also part of the predicate offense list.

Mayya Konovalova:

So her professional experience and cooperation with many institutions allowed her to thoroughly analyze and evaluate global anti-money laundry systems and she will talk about her insights about the caps that she thinks there are in anti-money laundering. So without further ado, Beata, over to you.

Beata Wisnicka:

Good afternoon, good evening everyone. Thank you so much for introducing me Mayya and for the opportunity to be here. So I’m also the owner of an online AML shop with documentation for all obligated institution. So I’m also working not only for banks, but also for accountant, lawyers, notaries in Poland and also I’m AML cryptocurrency trainer.

Beata Wisnicka:

So I would like to present you my observation after spending hours with all obligated institutions in Poland preparing AML processes for them. So today I will be talking about my experience with Polish clients. So as you know, the regulator indicate 25 obligated institutions, but most AML solutions, expert and training certificate are focused on the biggest ones like financial institution like banks. But what about smallest one and what about accountant, lawyers and notaries?

Beata Wisnicka:

So they have a problem with AML from beginning so we can imagine with the KYC questionnaire. The problems with the KYC include understanding if they have to ask to fill up KYC questionnaires from existing clients, or maybe only from new ones. They ask about PEPs questionnaire, politically exposed person and beneficial owners because most of the accountant and this type of the professionals who is obligated institution they don’t have solution and databases for automatically check PEPs and sanctions.

Beata Wisnicka:

So for AML, analysts from banks for a really big institution, this is unbelievable. But everything in those small AML obligated institution going by manually. So if you go deeper into an AML processes, we can see other problems that they have. They do not have software or any IT solution for managing AML. They do not know how to collect and analyze the result of investigations. They do not have any experience in AML in practice. So they do not have the budget for expensive existing AML software.

Beata Wisnicka:

So even when I spoke with the Polish FIU, they told me that for example, accountants or notaries, they are thinking if they know their clients for a few years, there are no AML risk related to them and they feel uncomfortable asking for any additional information. So what do they mostly do? They take the risk to be non compliant with AML regulations or doing only part of AML which is having AML documentation only like procedure or AML risk assessment.

Beata Wisnicka:

So this is in my opinion the biggest gap that everyone just focus on the biggest one companies, because I understand for the business proposed that this is really amazing to have this kind of client like banks for even training or for sell the IT solution for AML, for monitoring transaction. But what I can observe, they have really big problem, those smallest obligated institution to implement AML so they don’t do it.

Beata Wisnicka:

So of course, even European Union preparing for us another regulation, another documentation and idea for manage AML. But what I can observe, mostly obligated institution have right now a problem to implement what is on the stage right now. Even for training session, you can imagine that for smallest obligated institution, they don’t have a dedicated training session.

Beata Wisnicka:

We can often find professional training session for AML analysts or AML specialist expert, MLRO, but not for the smallest one. I would like to also mention something about cryptocurrency in this era in Poland. So there is increasing interest in this topic every day. I have questions about offering the training session on how to manage AML risk relating to the cryptocurrency and blockchain transaction.

Beata Wisnicka:

Of course, most banks in Poland starts from basic knowledge, but finally it’s happened. Because when I start talking about the cryptocurrency a few years ago in Poland, the financial institution feel uncomfortable with this topic and they’re just thinking that they don’t have in their databases any cryptocurrency clients. So this was really big problem, but right now it’s changed.

Beata Wisnicka:

So what happened that is more interesting in this topic, for sure regulation, but mostly scams. We have really big problems with scams related with, for example, cryptocurrency investment. So when I train experts from banks in Poland and they told me that really big numbers of their client, they are victims of the scams. So they don’t know even how to manage processes, which is the client conversation for proof transaction, card transaction or a wire transfer.

Beata Wisnicka:

So they don’t know how to manage conversation to just take care about the clients. So I was working a few years ago for MoneyGram. So I just realized how scammers work and we need a platform for reporting scams, of course, for European Union, it will be great. I think we have really great example for that kind of the platform in Australia. Australia have amazing educating platform and also for reporting scams for all citizens.

Beata Wisnicka:

So this is really helpful for all victims and to protect other people, because you can imagine that we have financial education, we’re working in this topic every single day, but mostly even our friends don’t know how not to be scammed. So I have a dream to build this kind of platform for Poland. But if we just have conversation here on that big event, maybe there is someone who can help us in the regulation side to just create and think about it.

Beata Wisnicka:

Of course, scammers, this is not only the victims but also money laundering directly with the scammers. So this is really a big problem. And if you can just see the statistic, the problem is growing very fast because of the COVID and when just everyone of us just close in the home and we’re just working online mostly. And so this is really big problem that everyone have open laptop, open internet so it’s very easy, just click on some suspicious links or something like that. So I think we have to educate people in this era and also think about how we can and help victims to report the scam. Thank you.

Mayya Konovalova:

Thank you so much, Beata. That was very thought provoking. So we have one question so far, and I suppose we could just maybe if you don’t mind answering that and then we’ll just move on and then at the end we’ll have questions to both you and Euan if that’s all right. Would you want to answer the question? So the question is, are these companies, I think it’s the companies that you’re working with, are these companies exporting outside the EU, are they getting support from export authorities?

Beata Wisnicka:

So… But what do you mean that companies exporting [crosstalk 00:13:34]?

Mayya Konovalova:

I’m not sure, you’ll have to [crosstalk 00:13:35].

Beata Wisnicka:

Not specifically that [crosstalk 00:13:39].

Mayya Konovalova:

Maybe we can ask [crosstalk 00:13:42].

Beata Wisnicka:

[crosstalk 00:13:43] one more time with the more details in this question, I appreciate. It’ll be better for me to understand what are you asking for.

Mayya Konovalova:

So someone who asked the question, if you could just rephrase it and then we’ll try to answer it at the end of the session. Thank you so much Beata, that was very exciting and thought provoking. So now I would like to introduce our next speaker. So our next speaker is Euan Grant. So he was a strategic intelligence analyst for transactional organized crime and the new EU member states, as well as ex Soviet states in the UK custom service.

Mayya Konovalova:

So Euan is somewhat skeptical about the term organized crime, because at this stage, in his opinion, the term itself has become too broad to have much meaning. So Euan has worked in the EU [inaudible 00:14:41] missions in Bosnia, in several ex Soviet states and importantly, he also worked on several occasions in Ukraine. So what he will be covering in his session is he will highlight recent US, UK and pan EU work on improving awareness of cross border economic crimes.

Mayya Konovalova:

He will discuss successes and challenges and obviously covering some of the case studies such as Deutsche Bank. And of course, Danske Bank. He’ll also highlight some failings in appreciating the impact of environmental crimes. Yes, I’m saying that’s lots of organizations are struggling with at the moment. So this whole idea of net zero environmental crime and anti-money laundering involving environmental crimes that just could be quite a lot to take in. So hopefully Euan will help us make sense of the implications. So Euan, please.

Euan Grant:

Right. Can you hear me?

Mayya Konovalova:

Yes.

Beata Wisnicka:

Yes.

Euan Grant:

Yes, you can. Sorry everyone for the crazy situation with my camera. Technology and me do not mix and particularly, they do not mix on this device so I’ve got a certain purchase decision to make very soon. I wonder just before starting in relation to the previous question, I wonder if the questioner may be thinking of the appearance of fake exports or exports to people who’ve no intention of paying using crypto.

Euan Grant:

This kind of crime is rife in old technology methods. It would be very interesting indeed to see if it is now appearing where payments are used in crypto, that would be wholly logical. It’d be interesting to find out and maybe thank you the questioner, if I’ve got that right of course.

Euan Grant:

I would thank this previous speakers this morning and over lunch time, they’ve made my task a lot easier highlighting how things tend to work within an organization and when they don’t, why they don’t, particularly like the point about the absolute vital nature of bringing IT, technical people in intimately, actively throughout with strategic and operational staff.

Euan Grant:

Now that isn’t easy. Of course, it’s almost impossible in some of the smaller companies Beata mentioned. So I think there’s a real issue of industry support across the board, particularly from SMEs. This really is difficult and it can cause huge problems. Relatively few technical people are perhaps comfortable with the intelligence cycle which creates the analyzed information that is used to create algorithms or human based risk profiling.

Euan Grant:

And that’s become much more important since the 24th of February. We are now in a completely new ball game, as the Americans would say. There were also several comments made about the EU sixth directive and the proposals for the anti-money laundering agency AMLA. I would strongly advise all organizations to start building up bigger, but more importantly, better links with their own national regulators and reporting agencies because, and this applies to the non EU member states like the UK, because the cooperation will have to become even great.

Euan Grant:

So that would’ve been the case without the Ukraine invasion, it’s certainly going to be the case more because that is going to change the parameters and the risk indicators. We’re going to see major moves away from the use of secrecy jurisdictions within the EU and within the old dependent territories of the United Kingdom. And there’s going to be moves to sovereign states, an obvious example is Dubai and the Maldives and the Seychelles, Mauritius.

Euan Grant:

Now they are sovereign states and that’s different and you can’t push around the UAE the way you can Cyprus. The anti-money laundering agency of the EU, it’s important to note this came up in the Q&A earlier that that will not replace the equivalent agencies, the FIUs in member states.

Euan Grant:

And AMLA has a target date to kick off of 2024. That must be considered rather ambitious, I think it’ll be later than that. But 2026 is actually the date, and again, that’s probably a bit ambitious that it is targeted to start taking on its own direct cases. So there is time to build up links with your own national regulators.

Euan Grant:

And if you are from a financial institution, or if you are an enabler professional body working with counterparts or financial institutions based in the EU or headquartered in the EU or have some presence there, build up through your national regulators and national law enforcement agencies, go with your colleagues in those countries to their regulators and start working together on how you can best implement the wider predicate offenses which have been brought in and as Beata and Mayya have pointed out that does now particularly include cryptocurrencies and also the heavier offenses increased criminal penalties and the corporate liability.

Euan Grant:

Because that’s probably the liability for your company to receive severe fines from AMLA, that will probably be the first approach. We’re not going to get many actual criminal cases involving jail sentences, we’re likely to get fines. Now, there is a big, big word of caution, and that’s got a lot to do with why I’m emphasizing building up your national procedures.

Euan Grant:

If you’re doing your level best, you’re unlikely to fall foul of AMLA because you’re working closely with your own regulators and they will be doing the bulk of the work. The harsh reality is that because it’s a multinational agency, and because it will have people from different working cultures working through a wide range of agents as a complex command chain, EU wide enforcement or regulatory agencies don’t have it easy.

Euan Grant:

It’s not always easy for them, and it’s not always easy working with them. Please look at the very difficult introduction problems, inevitable ones, and by no means all of their fault from the European public prosecutor’s office. That’s in effect, running behind schedule for implementation, that was always likely. It’s not always a pretty picture, but please, if you get your national systems right, then you get the systems right in the national countries, the EU you work in, or have links with.

Euan Grant:

That is where I would push your attention together with the need to end, as Richard Parlour I think mentioned earlier, the need to end silos in silos. I think all large organizations, it’s easy I’m talking about the large organization, they’re going to have to help out SMEs. It’s very, very difficult.

Euan Grant:

They really should have been sitting down after the 24th of February and asking what’s different now, what’s going to change, that’s before in the UK, the new economic crime act before it, because it’s totally different. And if the IT technical people, the people responsible for the software, the searching software were not in those meetings, then you’ve got a problem. It’s not going to work.

Euan Grant:

I would refer and to close quite quickly, I would refer to a number of incidents which have shown how financial awareness and identification of specific movements should have been picked up earlier. The movement of money and the movement of ownership of Russian oligarch assets in the EU countries, particularly Cyprus and Malta are particularly well known, Switzerland and the UK and the UK dependent territories were starting before 24th of February. They were seeing the writing on the wall. People should have been picking up transfers and reporting these transfers.

Mayya Konovalova:

Oh, Euan has just disappeared. Okay, hopefully he can rejoin now. But in the interest of time, I have a few questions to Beata. Yeah, if you would like to answer the questions. Hopefully, Euan can join us shortly. Right so thank you Beata. How do help victims of scam in Poland? Is there any organization except from banks?

Beata Wisnicka:

Thank you so much for this question. So we don’t have in Poland organization. For sure, you can find so many materials on the internet how not to be scammed but most of the victims looking for this material after they are scammed. So this is very important for us to educate them before the scam is going.

Beata Wisnicka:

So, first of all, I have my channel on YouTube and I educate and promote this channel, how not to be scammed so this is the first one. I think most of the people know me because of the events, presentation in the AML cryptocurrency compliance area. So you can imagine that even professionals, they are scammed. So most of these people just contact me directly and asking what they have to do. So banks, this is only for payment and this step of this process. But I think mostly we have to focus on educate people and just start talking about how scammer works. So yes, I think this is like education, this is the most important thing.

Mayya Konovalova:

Okay. So it’s the prevention is better than the cure.

Beata Wisnicka:

Exactly, exactly.

Mayya Konovalova:

Educate before the otherwise. Okay, thank you. I have a few more questions for you. So if you are to take the next one.

Beata Wisnicka:

Yes.

Mayya Konovalova:

So when creating a scammers register, how do you think to tackle fake IDs? Because a high percentage of scammers are using fake IDs.

Beata Wisnicka:

Yes, this is really big problem. So I think what we can do, as I mentioned, education, this is the first one and the second to see what happened in our country, which type of the professional age, sex is using for which type of the scams. So this is what the Australian do it and I think it’s really helpful.

Beata Wisnicka:

So if you can see some statistic as scammers, so you can see that mostly woman in 16, something like around years they are victim of the romance scam. So we protect this group awareness, and this is very important information for government what happened in the country. So even we don’t know the scammers and we have problem to identify them, we can protect people.

Beata Wisnicka:

And if the people will be good to educate and strong feeling with how not to be scammed, I think this is really, really a good job to do. So I think this is most important things. Because even for institution, we can see so many transaction, fake customer profile, especially with MoneyGram or Western Union. So this is what happened and even those big companies can’t manage it.

Beata Wisnicka:

So I’m not feel like we can do it the best to identify ID which is fraud and stolen. But I think we can just talking about how they work and where, in which channel you can expect scams like on the Instagram, on a WhatsApp even, Tinder application and other data application, Facebook, LinkedIn, everywhere. They’re just looking for the way to just start conversation with you.

Beata Wisnicka:

So we have to be focused and not be trust to other and for foreign people. And for sure, if something looks really good, if not be true. So if you have some proposition of the really great investment, you have to think why this offer just goes to you and it’s true.

Mayya Konovalova:

Thank you so much, Beata. Yeah. So I think that’s amazing that you’re working on those scam profiles, so you can sort of have at list of profiles and then you sort of can pick up who that might be. So that’s quite interesting. And I suppose educational movies and documentaries are also helpful in that scammer scandal.

Mayya Konovalova:

So the next question Beata is from a training perspective, any thoughts on how the government can help with raising awareness on financial crime, as well as provide best practices? So what is the role of the government in it all? Like the governments need to play a role in it, are they enabling certain things that can protect people?

Beata Wisnicka:

In Poland, every banks on the main website, or even in our account profile in the app or whatever, we can see information about the scammers and new scenarios. So banks really help their clients, but I can see what the government. So government mostly focus on the cyber attack and mostly working on the system software. And of course, this is really good way, but I think we have to prevent this like Mayya mentioned.

Beata Wisnicka:

So this is very important if we doing in the same way, protect other people like is right now on a stage in Poland, we don’t have new result and better result. So I think that education in every single cities in Poland just goes to the street and just educate other. This is really good idea. I just think this is something that we have to do because right now scammers are really strong and they are really, really good on the new scenario.

Beata Wisnicka:

So we have a problem with educate people and victims, but the other hand, this problems goes to banks with the fake transaction and fake ID. So it’s not only about stolen money from people, but this is also in the whole process. This is also for banks really big problem.

Mayya Konovalova:

Okay. Thank you so much. The next question, let me know if you want to have a little break because all the questions are for you in the meantime. So the next question, with respect to NGOs and NPOs, what is the likelihood of increased scrutiny?

Beata Wisnicka:

This is maybe more for Euan, what he said, but maybe I just try explain with my perspective. I think every single situation with increased security depends on your clients and your risk profile and what exactly mean for your company. So obligated institution had to be complying with all the regulations. So we have to doing the same like banks do.

Beata Wisnicka:

So if we are talking about EDD, if I understand properly this question, so we have to do the same. So ask more about your client and expect more information about your client. It doesn’t mean that this is NGOs or this is banks, but you have to do the same job and the same work. So if you just think about increased secure should be like this. You have to be focused on your business, about your clients and type of your clients. So I think this is it, yeah.

Mayya Konovalova:

Yeah. So there will be no leeway if you’re a non-governmental organization, not for profit so everyone will be in the same position.

Beata Wisnicka:

Yes, we have to analyze regulation. I think we have really similar regulation for a European Union, expect small points. But mostly my clients, for example, accountant, they think that they have the same profile like other accountant office. But in deeply analyzed profile of your companies, you can see another things while you are obligated institution because we have to all the time goes to the strictly your business and analyze your risk, your clients, why you are obligated institution because here and on the stage, we can see some differences.

Beata Wisnicka:

So because of my clients has, for example, only Polish individual like accountant for accountant service, but on the other hand, we have accountant service that they work global and they have clients from all over the world. So we have to all the time just thinking what exactly is your company and what is the profile of your companies? Maybe it’ll be the same EDD like the banks have, but maybe with some differences so it depends.

Mayya Konovalova:

Okay, thank you very much. Right, the next question is concerning particularly insurance industry. So the question says, aside from regulatory fines, do you foresee the insurance industry imposing more stringent guidelines or requirements in an effort to mitigate such risks, whether directly or indirectly third party?

Beata Wisnicka:

This is all the time really a hard question what exactly markets do with the AML regulation. Because as I told you, the accountant, notary, lawyers, virtual office and more obligated institution we have in Poland, but most of this institution doing nothing with AML.

Beata Wisnicka:

So I think one stage is of course regulation and what we can see on the paper. But when you just start speak with those obligated institution and see what they have exactly in the AML processes, you can see nothing. So this is talking about the… maybe we have to think about how we should help them because all the time we just focus and we would like to go behind the biggest one like banks, but banks have totally different AML processes and big budget, for sure.

Beata Wisnicka:

So I think we have a lot to do in also insurance industry, but everything is depend how we can manage AML use for them. Because right now we have the same regulation for banks, also for accountant, but in different types of their businesses. So it’s the same from my perspective in insurance industry.

Mayya Konovalova:

Okay. Thank you so much, Beata. So we are only five minutes left. We could take one or two more questions if that’s all right. If that’s all right Beata, yeah? Okay. So we have some good ones here. So the first one is in particular about cryptocurrency. And the question is, have you got any thoughts on markets in cryptocurrency, crypto assets [inaudible 00:40:52] draft and its progress as a regulatory tool?

Beata Wisnicka:

Cryptocurrency all the time this is mystery and really hot topic. So it’s really hard to find way to link fiat currency and fiat world with the cryptocurrency. Even if you create another register like already we have right now, also in Poland for sure, but this is not help and this is not something that we can better manage risk related with the cryptocurrency.

Beata Wisnicka:

So I think the best solution, it will be some software which banks and companies who are working for the Fiat currency just can see also blockchain and blocking transaction in the same system. And right now we have a problem that cryptocurrency is not official bond in Poland. This is legal currency, and you can have a business related with the cryptocurrency.

Beata Wisnicka:

But when you just want to open account in Poland and you’re told in a KYC questionnaire that your money goes from the cryptocurrency, I think it will be really big problem to open account. So I think right now we have so many idea and project how we should better regulate the cryptocurrency, but we can see that this is all the time unnecessary. And this is only for clean companies who want to be on the clean side and just want to show that they are linked with the cryptocurrency, but all the time we think about create regulation about the dark side.

Beata Wisnicka:

So the dark side all the time is like in a good position because they’re just not using this registration or whatever. So yes, this is for crypto assets and I think we can observe so many new regulation but the question is how we can prevent cryptocurrency dark side with those regulation if this market is anonymous.

Mayya Konovalova:

Thank you so much Beata. And so we’ll take one final question because we are running out of time. And it actually relates to the pre one. So the question is how are the digital vaults being monitored?

Beata Wisnicka:

Okay, those… Okay, so one second please. So we have solo softwares for analyzed blockchain transaction, and we can do it for sure if you have the wallet address or transaction number and few more information, you can do it because the blockchain is open source. But if we are talking about banks and the cryptocurrency, this is the problematic and this is the gap because analytics have to be informed about the wallet address or any other information that they can put on the blockchain interior model or Bitcoin and find more information about their clients.

Beata Wisnicka:

So even in Poland for government, they’re just doing some analyst on the scammers or fraud relating with the cryptocurrency manually. So you can imagine this is really hard to doing analyst on the blockchain transaction manually on a paper. Because you can create so many transaction in a few seconds because the blockchain give you this opportunity. So yes, we have only for cryptocurrency this type of software, and you can do it, no problem.

Mayya Konovalova:

Thank you so much, Beata. We unfortunately ran out of time. So it was a great session. Thank you so much for all your insights. Thank you for sharing your advice and your YouTube channel. I’m sure everyone will want to check it out. Thank you for doing the great work and thank you everyone for joining us today.

Beata Wisnicka:

Thank you so much.

Robert Bateman:

Thanks so much to Mayya and Beata there for a very interesting session. You covered a lot of ground there and lots of audience questions which you addressed very diligently. So thanks again for that. In 14 minutes, we’ll be back with our final session of the day, the state of crypto regulations in 2022 and beyond focusing on the USA and Europe. Now, crypto has been coming up a lot today.