AML / CFT: when the media get it wrong

The article says that banks ask for more information than is (in the opinion of the un-named journalist who wrote the piece) necessary: "The banks claim this is necessary to comply with the Financial Services Act, which demands they 'know their customer', and money laundering laws."

Well, first, The Financial Services Act was passed in 1986 and was part of what the British Government of the time called "the big bang" in financial services regulation and yes, it did impose a requirement that financial institutions (not just banks) undertake "know your customer" processes. But those processes had nothing to do with money laundering: they were a consumer protection measure, since copied all over the world, to ensure that customers were given "best advice." In a number of cases it failed, in particular in the insurance industry, where a "mis-selling" scandal caused grave concern as to the viability of many smaller companies, some of which went out of business.

The KYC requirements in relation to money laundering (now more often termed "due diligence") is part of the risk management processes imposed not under an Act but under Regulations.

The genesis of the UK's counter-money laundering processes is not in UK law at all, but in European Directives. Under those Directives, member states must put in place measures that meet the terms of the Directive. That they often do not or do not do so in the specified time is outside the scope of this article.

In the UK, the Money Laundering Directives (there have been three since 1991) are implemented not in an Act but in The Money Laundering Regulations. The current version is dated 2007. The Regulations specify the broad steps that a business which is subject to the Regulations must take to protect itself and society against money laundering.

Amongst those steps are to gather sufficient information about customers to be able to positively identify that customer and also to manage the risk of money laundering. That is done by a process of monitoring transactions and, if one or more transactions are suspected of being related to the proceeds of criminal conduct in the UK or (almost) anywhere else, then an internal process kicks in.

In that internal process, a nominated officer (the "Money Laundering Reporting Officer" (MLRO) in UK terms although that term is gradually being replaced by "Money Laundering Risk Officer" as recommended by The Anti Money Laundering Network - parent company of the publisher of BankingInsuranceSecurities.Com) must examine all the available information and decide if there is suspicion. If so, he (personally as well as the bank, etc. for which he works) must file a "suspicious transaction report" with the Serious and Organised Crime Agency (SOCA).

Failure to file a suspicious transaction report is a criminal offence.

In order to decide whether to make a report, the MLRO must assess the risk that the transaction is related to proceeds of crime. In order to do so, he needs background financial information about the customer's financial position. Therefore they ask for that information.

The article in the Daily Mail says "Lloyds TSB, Santander and ICICI want to know your occupation and how much you earn. Halifax asks for your occupation, why you are saving and how you are funding the account."

Yes. That's how they create a financial profile against which a customer's transactions are cross-referenced in order to identify potentially suspicious transactions.

If regulated businesses do not obtain sufficient information to enable them to assess risk, they are failing in their obligations as defined by their regulator (in the case of banks, insurance companies and securities businesses, this is The Financial Services Authority (FSA). Unfortunately, when the Daily Mail asked the FSA about the practice of obtaining additional information, the spokesman said "'Firms are required by law to identify their new customers, but it is up to them to decide how much information is appropriate above a minimum level."

Aside from the irritating use of the word "firm" when very few of the industry players are firms (which, by definition, are unincorporated) - most are limited companies - the spokesman also failed to explain that "identification" means much more than confirming name and address. Indeed, he seemed to consider that this was the most important part. That is not, anyone in the industry will confirm, the view of the FSA when it is in regulator mode.

The specific case that sparked off the Daily Mail's report was a woman, Mary Smoldon, who had a problem opening an account. And for sure, on the facts as set out in the newspaper, she should not have had a problem. It transpired that, because she is prudent with her money and lives within her means, the credit reference agency that the Post Office online savings bank used was not able to confirm her status.

What went wrong next was due to poor processes and poor training, not due to bad law or regulation. When the credit reference agency could not give a positive response, instead of seeking to resolve the problem, the Post Office allegedly told her that she did not meet the identity check and therefore the account could not be opened.

The article complains that many people lose out on returns on savings because of the difficulty in opening a new account: the idea, apparently, is to open a new account when a bank launches a new savings product with a high introductory rate. But many of those accounts are opened by internet or post and therefore fall into the category of "non face-to-face business."

That is deemed "high-risk business" by all regulators worldwide. The simple reason is that, with no face to face meeting, there are obvious difficulties in being certain that the person who is applying to open the account is who he / she says he is. And for this reason, the threshold on rejecting applications is always lower than in accounts opened at a branch. And, as the write correctly points out, people are reluctant to send original official documents in the mail or to pay legal fees for certified copies.

The original article about Mrs Smolden asks "why do they want to check my credit when all I want to do is save?"

But it's not actually a credit check: companies such as Experian have a vast database of individuals and their financial information. Mrs Smolden appears to fly below the radar in part because she owns her property free of mortgage. As she has lived in the same house for more than eight years, it really does appear as if there was some form of administrative error which the Post Office then failed to take steps to identify and rectify.

But as to why they want to make sure she is who she says she is, the reason is simple.

It's to avoid a large fine for the bank and possible jail for its senior officers. While that latter result is unlikely, it is nevertheless a technical possibility.

And that's what the Daily Mail should have considered as well as why, if customers are opening new accounts each year, they are not used to the processes which have been in place since early 1994.