Kroll explores why many central banks are investing in skills and data to tackle money laundering, but resourcing constraints are preventing stronger action, as Central Banking’s survey data reveals.
- Anti-money laundering (AML) teams are typically fairly small. Central banks with a dedicated team report a median size of 18 staff members.
- The focus remains on traditional financial institutions – 81% say they oversee banks, but only 19% oversee crypto firms and 14% fintech firms more broadly.
- Few financial firms seem to lose their licences because of AML breaches. Only 24% of respondents have rescinded at least one licence in the past three years.
- Cross-border financial flows are seen as the number one source of risk, with 76% of respondents warning this is a key concern.
- More than half of respondents say a lack of resources is hampering their AML efforts.
- On- and off-site inspections remain key tools for supervisors looking to address money laundering risks.
- Two-thirds of respondents report using data analytics for AML purposes. Of these, 71% say they use forms of automated data collection.
- There are many hurdles to better use of data. The wide range in the size and complexity of supervised entities is a concern (67% of respondents), followed by a lack of technical tools (62%).
- Collaboration, including data sharing, is common on a domestic level. But authorities are much less likely to collaborate and proactively share data with global counterparts.
The two years since the outbreak of Covid‑19 have been a boon for many criminals. The rise of digital finance – particularly crypto assets – has given them new ways to finance crime, including terrorism, and new channels through which to launder money. Authorities have been distracted, their attention and resources devoted to fighting the pandemic and its economic fallout. Meanwhile, in many countries, generous government support schemes have created even more fertile ground for fraud.
In an interview with Central Banking, Marcus Pleyer, president of the Financial Action Task Force (FATF), says online transactions have risen in the past year, and there has been a spate of ransomware attacks where money is laundered through crypto assets. IBM’s cyber security team reports that ransomware was the most common type of cyber attack in 2021, with a small group of criminal organisations carrying out the bulk of the attacks. Crypto research firm Chainalysis estimates that some $14 billion was sent to illicit crypto addresses in the past year, an all-time high in value terms, but a new low relative to the size of the ballooning crypto market.
Even so, Central Banking’s survey data shows traditional institutions such as banks remain a key focus for supervisors and, while international financial flows are the most widely reported risk, large cash payments are not far behind. As Pleyer notes, “cash is still king”. Supervisors may be facing new challenges, but the old ones have not gone away.
In the face of a proliferation of threats, what can central banks do? Though they often play a critical role in financial supervision, central banks are only one of many agencies in the fight against money laundering and terrorist financing. Central Banking’s survey data suggests many authorities co-ordinate surveillance and enforcement through the financial intelligence units. But law enforcement, government, financial regulators, financial firms and more need to be involved, with further co-operation often needed across borders. It is not a straightforward business to keep these disparate groups working in the same direction.
Technology, while providing criminals with new opportunities, may allow supervisors to gain an edge. Many central banks report using data analytics for anti-money laundering (AML)/countering the financing of terrorism (CFT) purposes, and some are turning to advanced analytical techniques. There is also a growing trend towards risk-based supervision, which means supervisors can devote the most resources to firms with the highest risks, and firms themselves can take a proportionate approach: for instance, setting lower thresholds of due diligence for the poorest members of society.
The survey highlights that, while there is a broad push among central banks to improve oversight, there is still a lot of work to do. A significant minority of respondents report not using data analysis to assess AML/CFT threats. Some have seen resourcing levels fall and many more report that resourcing is flat, a challenge that could become worse as governments look to repair their finances after the shocks of the Covid‑19 pandemic. Data quality issues and limits to cross-border co-operation add further hurdles.
Central banks will need to be innovative in the coming years to make targeted interventions and make the most of their limited resources. Technology demands specialist skills, which come at a price. Yet automation and artificial intelligence (AI) also hold the promise of cost savings and new insights, so investment now could pay dividends for years to come.
Data and methodology
Central Banking conducted the AML/CFT survey in January and early February 2022 and received responses from 21 central banks. There were five responses from Africa, six from the Americas, three from Asia-Pacific (including the Middle East) and seven from Europe. Of these, 16 are classed as emerging and developing economies by the International Monetary Fund (IMF), and the other five are advanced economies. Respondents shared data on condition of anonymity.
The median 2020 GDP of respondents was around $38 billion, and median GDP per capita was $12,000, based on IMF figures. The smallest central bank had fewer than 200 staff and the largest more than 5,000, with a median of roughly 600, according to data from the Central Banking Directory. As a share of total staff, the proportion of staff devoted to AML/CFT functions ranged from 0–16%, with a median of 2%.
Respondents face significant differences in the scale of local oversight challenges. Some report overseeing as few as 23 institutions, but others are responsible for more than 3,000. The median number of institutions being overseen was 109.
Governance and staffing
The vast majority of respondents (80%) reported having a specific department devoted to AML/CFT. These central banks reported having a team size ranging from four people (on a full-time equivalent basis) to as many as 56, with a median value of 18.
The handful of central banks that do not have a specific AML function typically reported that they have some staff in the wider central bank devoted to AML, though this tends to be a smaller number than those with a dedicated function. AML staff numbers at these central banks ranged from 0–13, with a median of six.
A central bank in the Americas mentioned it had recently established an “AML outreach unit”, which is tasked with its external engagement. The unit works with industry, attends research conferences and produces publications to communicate supervisory and regulatory developments.
Another institution, based in Europe, said it established a standalone directorate devoted to AML/CFT and consumer protection in 2019. The directorate reports directly to the governor. Similarly, a central bank in Africa said it established a new AML section in 2019 and completed its recruitment process for the team in 2021. This central bank is implementing a risk-based supervision framework with technical assistance from the World Bank.
The high proportion of respondents with a dedicated AML department may reflect a degree of self-selection. Some central banks that declined to participate in the survey cited the lack of an AML department as their reason. Central Banking did not approach financial regulators or other AML authorities.
Scope of oversight
More traditional financial firms remain a key focus for most central bank supervisors. A total of 81% of respondents said they oversee retail and non-retail banks for AML risks, and 76% oversee payment systems (see figure 1).
Newer players such as crypto firms are still only subject to oversight in a handful of jurisdictions – 19% reported overseeing crypto asset service providers and only 14% oversee fintech firms more broadly.
Central banks that chose ‘other’ as an option reported supervising institutions, including informal money lenders, trust companies, remittance providers, housing finance and insurance intermediaries.
Only five respondents reported that they had rescinded a firm’s licence in the past three years (24% of the sample). These five central banks tended to be from wealthier jurisdictions (with an average GDP of $180 billion, versus $110 billion in the sample as a whole). They also tended to have more staff devoted to AML than the average (25 versus 18 in the whole sample).
Comfortably the number one risk factor was international financial flows, reported as a key concern by 76% of respondents. Corruption came in at number two (57%), followed by large cash payments (48%) (see figure 2).
Echoing figure 1, the data shows that central banks still view newer threats, such as crypto assets and fintech, as lesser concerns. Only 5% reported crypto and fintech as major risk factors in their jurisdictions.
This may be starting to change. The Financial Stability Board’s latest report into crypto assets noted crypto markets were on a path to becoming systemically important. But they are not there yet.
Supervision: tools and challenges
Despite the impact of Covid-19, the most commonly reported supervisory tool was on-site inspections of financial firms, in use at 86% of respondents. A further 81% reported off-site, desk-based reviews as a key tool. The latter has grown in importance since the advent of social distancing rules, but it remains to be seen whether the balance between on-site and off-site reviews has permanently shifted.
Central banks reported having conducted anything from just one supervisory inspection in the past year to as many as 463, with a median of 12 inspections (see figure 3).
Many central banks commented that they used risk-based approaches to supervising money laundering/terrorist financing risks, as advocated by the FATF. One advanced economy central bank in the Asia-Pacific region said it employed risk-based supervision. This central bank said it had moved away from “fixed on-site inspection cycles” towards “more dynamic and timely” interventions. The respondent highlighted three key tools: use of data analytics to identify high-risk activities; supervisory interventions to “dynamically disrupt” high-risk activities; and targeted inspections to direct remediation at high-risk firms.
A second central bank in Asia-Pacific stressed the importance of its AML risk rating system, which allows supervisors to make systematic assessments of firms’ risk profiles. This feeds into the wider process of risk-based supervision. To further support these efforts, the institution carries out periodic sectoral risk assessments.
Risk-based supervision could help central banks meet other objectives as well. A central bank in the Americas commented that it had implemented a simplified due diligence approach to allow banks to set up accounts for vulnerable people in society, “including low-income and undocumented persons”.
Many respondents said they employed regular reviews of AML risks across their whole jurisdiction. Central banks reported their most recent review fell in years ranging from 2013–22. The most common response was 2019.
Central banks face an array of challenges when it comes to improving their AML supervision. Over half (57%) said limited resources was a major obstacle. The second most important was data gaps, reported by 48% of respondents, followed by data quality, at 29% (see figure 4).
Data: analytics and obstacles
Exactly two-thirds of respondents said they use data analytics to help them identify AML risks. Of these, the most commonly reported data tool was the use of automated data collection (in use at 71% of respondents that apply data analytics). The use of data in external public records was also common, at 64% of respondents. Much less used was AI or machine learning, in use at just one central bank. Big data or ‘alternative’ data was used by three (21%).
The figures show a significant minority of central banks in the sample (33%) do not use data analytics in their AML work, suggesting this could be an area of expansion in future years (see figure 5).
However, for data use to become more widespread and effective, central banks will have to overcome a range of obstacles. The most commonly reported problem was the sheer range of institutions on which data must be gathered, given their differing size and complexity – 67% of central banks said this was a problem. A further 62% said a lack of technical tools was holding them back, while 52% mentioned a lack of resources (see figure 6).
At the other end of the spectrum, AML definitions (19%), lengthy processes (24%) and data duplication or incompatibility (both 29%) were less commonly reported as challenges.
The broad trend appears to be towards either greater resourcing of AML functions, particularly in the staff and training categories, or constant levels of resourcing. One central bank reported that its staffing resource had fallen in 2021, and one other reported that its training resources had fallen (see figure 7).
Somewhat less seems to be invested in data platforms, hardware – for instance for data processing – and cloud platforms. Only 14 central banks commented on cloud resourcing, which may indicate that use of the cloud is still relatively limited, at least for AML purposes.
Given that central banks report a lack of resources as a key concern, more investment in AML may be needed. One central bank in Africa commented that recent reforms to the AML function had led to greater co-operation with local and overseas authorities, which had the additional advantage of allowing pooling of resources.
Collaboration and data sharing
The data suggests authorities have closer ties to domestic authorities than to their counterparts abroad, which could hamper efforts to improve information and data sharing. Since central banks report international financial flows are a key concern, strengthening global ties seems an important priority.
It is common to have a body tasked with co-ordinating AML/CFT authorities domestically. Only four central banks (19%) said they did not have such a body in their jurisdiction. Most of those that have a body mention that this is either the country’s financial intelligence unit or a council specifically formed to co-ordinate AML matters.
Similarly, most central banks report that they share data on suspicious activity domestically. Two-thirds say they share data on a proactive basis, and another 23% say they provide data on request. Only 10% say they do not share data at all domestically (see figure 8).
A central bank in the Americas reports it is undertaking a project to centralise know-your-customer data at a national level. Financial institutions and regulators will be able to access the data. The project is expected to enter production in July 2022.
All respondents say they are engaged with some form of international collaboration on AML. Regional groupings are the most common (76%), followed by bilateral co-operation (67%) and international bodies (48%).
However, many central banks (38%) do not share any data on suspicious transactions internationally. A further 43% said they share data on request, while only 19% of central banks share data proactively on an international level.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email email@example.com
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email firstname.lastname@example.org