By Karl-Johan Karlsson, Financial Crime Compliance Officer, Handelsbanken.
Interview ahead of the 2nd Annual Fraud and Financial Crime Europe Summit, taking place 2-3 April in London
Can you please tell the Risk Insights readers a little bit about yourself, your experiences and what your current professional focus is?
I live in southern part of Sweden with my wife and three children. When I´m not working, I enjoy sailing, photography and spending time with my family.
My career in financial crime compliance began when I was working at a small-sized financial institution in connection with the implementation of the 3rd EU AML Directive in Sweden. Since then, I have been fortunate to work with financial crime compliance at two of the largest banks in the Nordics. My dedication to these issues extends beyond my professional career. In 2015, I was appointed co-chairman of the ACAMS Nordics Chapter, which aims to advance the professional knowledge, skills and experience of those dedicated to the prevention and detection financial crime in the Nordic region. In my current role as Financial Crime Compliance Officer at Handelsbanken, my primary areas of responsibility include training of staff, financial sanctions compliance as well as compliance concerning transaction monitoring and SARs.
What, for you, are the benefits of attending a conference like the Fraud and Financial Crime Europe Summit and what can attendees expect to learn from your session?
What I have found to be a distinguishing quality shared by those who are dedicated to financial crime prevention is the eagerness to continuously learn more about this multifaceted and ever-changing discipline. There is, however, a limit to how much you can learn on your own and most of us can, therefore, benefit from exchanging thoughts and ideas with other anti-financial crime professionals by attending conferences such as the Financial Crime Europe Summit.
Could you provide insights into increasing Intelligence and information sharing across private and public institutions for effective detection and prevention?
With increased pressure from regulators, financial institutions that do not have timely access to financial crime intelligence and information may be compelled or left with no other choice than to focus their efforts on regulatory compliance. This could impede the effectiveness in their anti-money laundering activities, including the quality of the suspicious activity reports (SARs) sent to Financial Intelligence Units (FIUs). It should be noted that while a steady increase in the number of SARs sent to the FIUs has been observed, their impact, in terms of disrupting financial crime, remains relatively low as evidenced by a recent report issued by the Royal United Services Institute for Defence and Security Studies.
However, a new approach to sharing information and intelligence regarding financial crime has begun to emerge through public and private sector partnerships. The importance of these partnerships has been recognised by the Financial Action Task Force (FATF) and the public authorities in several countries. In response to feedback from the private sector, the FATF issued consolidated standards on information sharing in 2016 and has since then continued to develop best practices on information sharing between the private and the public sector. While a number of countries have committed to bring law enforcement agencies and private sector actors together for the purpose of sharing intelligence and information on financial crime, such partnerships are unfortunately still notable by their absence in most countries. As recent research suggests that the absence of intelligence and information sharing initiatives between the private and public sector in those countries, at least to some extent, can be attributed to the lack of legislative clarity in respect of how and what information can be shared, regulatory guidance is in my view, key to encourage such partnerships.
What are the impacts of GDPR in intelligence and information sharing?
Since the introduction of the new data protection regime, it has become necessary for financial intuitions to deal with the tensions between their AML obligations and their obligations under the GDPR. Those tensions can, for example, give rise to various challenges when information need to be shared for AML purposes with group-companies located in third countries. Similar challenges may arise when AML-related activities that involve personal data are outsourced to third parties. To ensure AML- and GDPR compliance, it has become necessary for financial institutions to review areas where the requirements overlap. This provides a better understanding of the steps that need to be taken to limit the impact on the effectiveness of the AML activities, which are dependent on information to be shared. In my experience, financial institutions that facilitate active cooperation and collaboration between compliance teams working with GDPR- and AML compliance are better equipped to tackle these challenges.
When should financial institutions file SAR reports for suspicious activity and limit real risks?
In Sweden, a SAR should be submitted to the FIU when a firm that is subject to the Anti-Money Laundering Act suspects or has reasonable grounds to suspect that funds are related to money laundering or terrorist financing. While awaiting future case law, the pre-legislative work provides some direction as to the interpretation of “suspicion” and “reasonable grounds to suspect” and, thereby, when a SAR should be submitted.
Due to the need for comprehensive regulatory guidance, the private sector in Sweden has taken joint responsibility for the interpretation of the legal requirements by establishing the Swedish Anti-Money Laundering Institute (SIPT) in 2016. Since then, SIPT has begun to issue guidance on the interpretation on various parts of the AML Act.
However, for multinational financial institutions, the question is more complex. For example, the rules relating to the timeframe for SAR reporting varies between jurisdictions. In some jurisdictions, financial intuitions must adhere to defined time-frames while in other jurisdictions, a SAR should be submitted as soon as practically possible. In any event, submitting a SAR should not be subject to unnecessary delays. The FATF recommendations provide that countries should apply the crime of money laundering to all serious offences. However, what constitutes a predicate offence to money laundering does differ between jurisdictions which, consequently, affects the obligation to submit a SAR. Other local requirements that differ between jurisdictions and are related to SARs, include the actions financial institutions are obliged to take after a SAR has been submitted to the FIU. To manage the compliance risk, it is imperative for multinational financial institutions to gain a comprehensive understanding of the local legal requirements in all jurisdictions in which they are established and ensure that these requirements are reflected in local policies and procedures.
How do you see the impact of Fraud and Financial Crime evolving over the next 6-12 months?
In my view, financial institutions will try to reduce the costs associated with AML compliance by finding more efficient ways to fight financial crime. This may involve streamlining processes, de-risking, finding new ways to incorporate financial crime prevention into the daily business, investing in AI and automation of manual processes.