Do Anti-Money Laundering (AML) requirements solve the Common Reporting Standard’s “fake residency” concerns for automatic exchange of banking information?
Short answer: we wish…
Here’s a longer answer:
In response to our recent blog about the use of fake residencies to avoid the OECD’s Common Reporting Standard on automatic exchange of banking information – where we proposed extra questions by the bank, whenever someone declares to be resident in a tax haven offering residency or citizenship in exchange for money – we were questioned a about whether the bank’s own AML requirements would make these extra questions become unnecessary.
It is true that the CRS constantly states that banks should use information obtained pursuant to AML to check for consistency with the information declared by account holders. However, if the CRS were that confident about the AML processes in banks, why even bother to ask for an extra self-certification (where the account holder declares their residence) whenever a new account is opened or when some old accounts have conflicting information? Why not simply say: for all accounts, old or new, just trust whatever information was obtained pursuant to AML? Otherwise why would the OECD say it is putting “citizenship-for-sale schemes” in its sights when referring to schemes that avoid the CRS?
While we cannot know what’s in the OECD’s mind (after all, we weren’t invited to design the CRS, however much we tried to make it accessible for developing countries and loophole-free), we have our guesses. AML provisions try to ensure, among other, that the origin of the funds is legal – the residency of the account holder is part, but certainly not the main focus of AML.
As for how trustworthy banks’ AML processes are, here are a few examples about “effective” measures by major banks, relating to the core issue of preventing money laundering:
[In 2013] HSBC was accused of failing to monitor more than $670 billion in wire transfers and more than $9.4 billion in purchases of U.S. currency from HSBC Mexico, allowing for money laundering, prosecutors said. The bank also violated U.S. economic sanctions against Iran, Libya, Sudan, Burma and Cuba, according to a criminal information filed in the case.
You’d think that HSBC might have learned their lesson and now they’re “super” compliant:
[In 2017] The Financial Conduct Authority (FCA) commissioned a skilled person review – a so-called “166 report” […] The investigation was launched after the monitor installed by US authorities to oversee improvements in HSBC’s financial crime measures flagged worries about its progress.
Banamex USA, a subsidiary of the US banking conglomerate Citigroup, accepted responsibility for “criminal violations by willfully failing to maintain an effective anti-money laundering (AML) compliance program … and willfully failing to file Suspicious Activity Reports,” according to a May 22 press release from the US Department of Justice.
Between 2010 and 2014, at least $20.8 billion was laundered out of Russia, funneled into banks in Moldova and Latvia, and spread from there into 96 countries across the world… a lot—an awful lot—of international banks ended up as hosts for the money, despite their anti-money-laundering controls… This cash then ended up in accounts at 732 banks, including giants like HSBC, Bank of China, Credit Suisse, Deutsche Bank, Citibank, and Royal Bank of Scotland.
This doesn’t just involve major banks – just look at Andorra’s Banca Privada d’Andorra:
In 2015, the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) said BPA had helped organized crime groups from Venezuela to China launder billions of dollars.
And sadly, this isn’t just a problem of banks either. The CRS requires many other financial institutions to identify account holders and their residencies, including investment entities, insurance companies and some trusts – all of these likely have even less stringent AML requirements overall, than banks. So, do we feel any more confident because financial institutions collect residencies pursuant to AML requirement? Not really.
Now let’s look at how countries are doing in terms of their compliance with FATF Recommendations on AML, especially regarding old Recommendation 5/new Recommendation 10 about customer due diligence (basically, the information financial institutions must obtain from their clients, which is supposedly relevant to identify fake residencies, even though this is not their main focus):
The OECD’s Common Reporting Standard (CRS) for automatic exchange of banking information leaves the door wide open for fraud. The OECD has recently made available a form to report potential avoidance schemes of the CRS. While this form is a first useful step – we’ve been sharing with them the loopholes and risks we’ve identified, and a suggestion on how to assess countries compliance with the CRS. However, we haven’t seen anything get fixed yet…
While the lack of access to automatic banking information by developing countries is our major concern with the CRS (all as a consequence of the OECD’s arbitrary conditions, such as the need for reciprocity or to be chosen in return through the ‘dating system’), for those countries that will manage to exchange information with each other, other risks prevail. Most notably, the need to (effectively) determine the residency of each account holder.
It’s said that if you’re not at the table, you’re on the menu. Well, the OECD has just made available the list of activated relationships to automatically exchange country-by-country reports between countries. They use big figures like 700 relationships, but don’t get fooled by those numbers – simply look at the image below to see who really has access to CbCR.
Oh, by the way, there’s nothing wrong with your eye-sight. Developing countries are just not there…
Source: Rasmus Christensen (https://twitter.com/phdskat/status/860093952992608256?s=09), by kind permission
The problem is that instead of requiring a fully multilateral approach, the OECD has allowed bilateral relationships to the automatic exchange of CbCR. This makes it harder for more jurisdictions to exchange CbCR, and more costly to arrange – and in practice results in the exclusion of nearly all lower-income countries:
Some jurisdictions also continue to work towards agreeing bilateral competent authority agreements for the automatic exchange of CbC Reports with specific partners under Double Tax Conventions or Tax Information Exchange Agreements
Now, think of a major country that doesn’t appear on the image and is definitely choosing the bilateral approach when it comes to non-OECD countries. Hint 1: its very many multinationals (MNEs) have aggressively pursued profit shifting, so that the misalignment of their global profits away from the locations of their real economic activity has gone from just 5% in the 1990s to more than 25% now. Hint 2: this country won’t be joining the CRS (the global framework for automatic exchange of banking information) either.
By Alex Cobham
Last week I took up the kind invitation of the government of Cayman to speak at their conference on ‘Tax Transparency in the Global Financial Services Ecosystem’, and to meet with staff from the monetary authority, statistics office and corporate registry; and with a range of industry representatives including those from the compliance association and Cayman Finance. Above is a video of my presentation; and here a few reflections on the divergences between reputation, rhetoric and reality; and on where things now stand.
The OECD’s Global Forum conducted a (confidential) first-stage evaluation of the laws of countries that want to participate in the system to assess whether they are ready to do so. Now, the Global Forum is working on a terms of reference to assess countries once automatic exchanges are in place, to make sure they comply with the international standard called the Common Reporting Standard (CRS).