Like many of you I suspect, not a day goes by when I do not turn on my phone and I am faced with appalling images of terrorist atrocities or stories of UK nationals being arrested as part of the efforts of the national counter terrorist groups to protect us here on the UK mainland.
Whilst the physical acts of terrorism appear in the main to be focused in the Middle East, Africa and Asia, the threat of handling funds intended to support groups such as ISIL, Boko Haram and al-Shabab is a very real risk for all international payment handing firms domiciled anywhere in the world.
Terrorism, rather like crime, is now a transnational and organised affair, and the funds that are being raised through criminal activities such as kidnapping and extortion or through apparently legitimate charities or international trade-based activity, are being moved and laundered across the globe. Terrorist financing is therefore a risk that must be considered by all firms wherever they are domiciled so that this flow of finance and resourcing is disrupted and detected.
Notwithstanding the obvious rise in concern regarding the proliferation of international terrorism, I am struck by the fact that here in the UK neither the FCA, nor its predecessor the FSA, appear to have conducted a thematic review of the subject of terrorist financing. Yes, there has been a review of sanctions controls, but this is not the full story, and they like you and I, will be watching with growing unease how ISIL in particular is raising reportedly huge sums of money, and appears intent on laundering them to finance and sustain their longer term aspirations.
Reports have been provided recently by FATF and AUSTRAC of Australia and it is my very personal view that a review of this subject is both overdue and now inevitable.
So what are firms doing to manage this risk, and what must they be able to show to the regulator when the door is knocked?
What concerns me most as I deliver training on this subject to working AML and CFT professionals around the world is that most firm’s counter- terrorist financing systems and controls appear to be based almost entirely on sanction screening procedures, at a time when the UK and EU authorities appear more reluctant than ever to add the names of terrorists to the sanction lists.
In his recent independent report on UK sanction control procedures, Q.C. David Anderson highlights the reluctance of the authorities to list terrorists, even after conviction, and that the total number of unique designations of individuals and entities made by the UK government and EU authorities is 53. That’s right, 53, and total funds currently restrained amounts to less than £61,000. The fact of the matter is that firms cannot, and must not; rely on sanction screening measures alone to mitigate their risks.
So what should firms be doing to identify and mitigate this risk, and what will they show to the regulatory authorities when they come knocking to inspect these procedures as they surely will?
A quick guide to systems and controls that must be in place includes:
- An up to date terrorist financing and proliferation risk assessment that includes consideration of updates by national governments on risks and threats, and reports provided by FATF, AUSTRAC etc.
- Robust and up to date CDD must be in place for clients that includes an assessment of source of funding, names of suppliers and agents of legal persons in jurisdictions that are recognised as having terrorist issues
- Enhanced due diligence performed of high risk account holders such as charities and arms dealers etc. to monitor obvious sources of fund raising
- Clearly defined and regularly communicated staff reporting procedures for suspected terrorist financing and resourcing
- Ongoing jurisdiction risk assessments that include consideration of recent reports providing updates on terrorist financing, such as FATF reports on Terrorism in West Africa and Opium in Afghanistan, and the afore mentioned update published recently by AUSTRAC
- Effective sanction screening across payment and messaging systems that have been tested to ensure that ‘fuzzy logic’ measures are working as required
- Transaction monitoring that monitors the five recognised stages of terrorist financing
- Enhanced controls of trade finance operations, including dual-use goods, and correspondent banking to identify extended line of sight risks
- Red flag indicators must be provided to all staff to help to identify suspicious transactions and activity
- Staff training to embed a culture of awareness and confidence in investigating and reporting knowledge or suspicion. A few slides at the end of on-line AML training is no longer enough!
This is not intended to be an exhaustive list of ingredients, but must surely form the basis of a reasonable and risk based approach to the subject. If this effort, cost and investment is measured purely by the risks inferred by the number of terrorists that are listed on the sanction lists, then there is a strong fiscal argument to say that it is not proportionate.
However, the simple truth of the matter is that firms really are an integral part of the first line of defence against terrorism, and in spite of the lack of any reliable means of assessing the impact and disruption to terrorist funding that is caused by these efforts, the most effective stimulus to maintain and enhance the effectiveness of the fight to identify terrorist funding will most likely be provided by the pictures and faces of those suffering a new attack shown on our screens this evening.