June 2021 marked the deadline for implementation by EU member states of the Sixth Anti Money Laundering Directive, more colloquially known as AMLD6. 

This series of directives was triggered by what is now known as the “Baltic Scandal” which engulfed a number of major Nordic banks most notably Danske and Swedbank with others being drawn to the investigation quagmire as wider illicit transaction chains centred on Estonia have continued to be exposed several years later.

Because individual member states still have legislative control over their own banking systems, this series of EU AML directives have ended up as a patchwork quilt of national restrictions which has then become further complicated by the UK’s completion of its Brexit transition at the start of this year.

By chance 2021 is also close to the 2500th anniversary of the famous battle of Thermopylae around 480 BC which created the legend of the 300 Spartans and it also marks the 80th anniversary of its lesser-known repetition in the second world war where a small force of ANZAC troops held up the German invasion of Greece at the same site in April 1941.

Both the ancient and modern battles of Thermopylae have become textbook implementations of “head them off at the pass” where a small defence force is able to restrict the advance of much larger aggressors by carefully selecting terrain that constrained the tactics and movements of the enemy force and limited the size of any face to face engagement.

In 1941, the ANZAC forces were defeated by force of arms, notably tanks and a shortage of ammunition, but in the original ancient battle both sides were similarly armed which meant that organisation and tactics became the dominant factors that led to its legendary status.

The 300 Spartans were eventually defeated at Thermopylae by being outflanked by the Persians who were shown a mountain path around the pass and were able to cut off the defender’s supply lines.

Why is this analogy important to addressing the challenges of money laundering both in the EU and wider financial ecosystem?   

At the moment the financial services industry is expanding the range of mechanisms by which businesses can conduct transactions, most notably cryptocurrencies, a broadening of the number of servicing platforms and layered capabilities (aka fintechs) not forgetting most recently the arrival of the somewhat mystical “Non-Fungible Token” that attempts to make digital assets commercially unique and hence valuable.

Many of these initiatives are politically-driven, focusing on perceived consumer (i.e. voter) choice, which while being well intentioned fails to learn from the key lesson of Thermopylae by increasing the breadth of the battlefront and enabling flanking manoeuvres by creating a more complex web of potential transaction chains without any new reporting techniques or improved intelligence about the participants. 

The rise of open source technologies most notably encryption and peer-to-peer messaging has also levelled the playing field between criminals and law enforcement agencies making it much harder to intercept and decrypt communications between “bad actors” planning how to launder their ill-gotten gains. The recent penetration of the Encrochat platform by French and Dutch authorities revealed a network of more than 50,000 participants.

This need for improved intelligence was meant to be addressed by the earlier AMLD5 directive and supposed to have been implemented by January 10, 2020, but many EU states have still failed to establish public registers to identify the true owners of business established in their countries. In the UK, Companies House published its five-year strategy and started a consultation to address its current perceived failings on May 14, 2021. When it announced this process it was noted that the use of Companies House data in criminal money laundering investigations has grown exponentially over the past five years to more than 9000 instances in the past year.

Even in its current state banks are failing to use the UK Companies House data effectively – at least one major UK high street bank has been conducting a broad SME account KYC/AML review process with threats of account closure triggered by AMLD5 requirements, but some of the data it has queried with its customers is more than two years out of date compared to their latest statutory filings.

Moving forward from the problems of establishing the true beneficial owners of a business, banks and other financial services providers then have significant problems enabling the authorisation levels of account mandate holders to perform certain activities. Another UK high street bank has withdrawn some of its in-branch SME services because it could not “establish the mandate that is held and whether it is simple or complex”. Put more simply – it knows who is doing something but not whether they are supposed to!

As I have noted in previous articles these failings do little to improve the public perceptions of trust and competency by both financial services firms and regulators so perhaps it is time for some structural change rather than hoping for improvements by increasing layers of legislation.

In the UK it would be perfectly possible for Companies House to act as a central utility for managing SME customers/beneficial owner’s data and corporate actions across all the banks, including much of the initial on-boarding process as well as ongoing maintenance. I am sure most of the high street banks no longer want to manage this in-house given the costs they currently incur and this model could easily be extended to other nations. By having a central utility it would also standardise much of the reference data across banks and fintech diaspora enabling better suspicious transaction tracing. 

Clearly the creation of another quango or pseudo nationalised utility also carries many risks, however in the UK there is now much more appetite for this approach driven partly by Covid and also by the inarguable failures of railway and current utility supplier franchise models, it is certainly worth further investigation at this stage.

In Mel Brook’s 1974 spoof cowboy film “Blazing Saddles” the villain Hedley Lamarr uttered the famous line “Head them off at the pass? I hate that cliché” after its widespread use in many Hollywood Westerns.  In truth it is probably more relevant today as a tactic than it has ever been.

Rupert Brown is CTO at Evidology Systems