On June 12th 2013 the Cyprus Ministry of Finance made public some of the reports of the MoneyVal and Deloitte audits carried out as a condition of the EU/IMF bailout of Cyprus.
Unfortunately it turns out the full reports have not been made available publicly. (The Deloitte report is only the nine page Executive Summary).
The reports audit a sample of banks operating in Cyprus with regard to their anti-money-laundering understanding and procedures and the implementation of those procedures with regard to Customer Due Diligence.
The reports have been the subject of much controversy. Cypriot authorities initially declared that they gave the Cypriot banking system a clean bill of health with regard to money laundering.
Perhaps in response a summary report of the two reports’ findings was ‘made available’ by the troika of the EU/IMF/ECB.
Then in response to that the Central Bank of Cyprus put out on May 23rd a two-page press release that refuted the findings of the ‘summary report’.
Without access to the full Deloitte report it is difficult to make a full assessment of some of the claims of the Troika’s summary report.
However, I am of the opinion that that there is enough critical comment in the findings of both The MoneyVal and Deloitte reports to suggest, as the troika summary report did, that there are, ‘systemic deficiencies in the implementation of preventive measures by the audited institutions [with regard to Customer Due Diligence]’.
Here are some key quotes. (My emphasis).
The identification of unusual transactions and the reporting of suspicious activity to MOKAS appear to be lower than could be expected under the Cyprus Legal Framework, whether applying CBC typologies or as compared to practices in other jurisdictions p.6.
Activity that is rather common in Cyprus … would in many other jurisdictions be quite rare and thus such a customer profile at any given financial institution might be the focus of compliance attention as a high-risk outlier. This was not the case with respect to the sampled files.
The banks sampled ‘do not seem to have a suitable degree of accuracy in gathering and documenting relevant information from customers…[particularly in accounts] established for passive investments and apparent tax minimization purposes as distinct from operating entities.’
Controls for high-risk customers: ‘Those controls were generally not consistently/programmatically performed during the course of the business relationship…
Banks are, ‘overly reliant on third persons in providing such [ongoing CDD] information …in particular in multi-layered and less transparent ownership and control structures involving foreign jurisdictions, which are generally considered to be of higher money laundering risk.’
‘However, a range of shortcomings with the potential to undermine the effectiveness of CDD was identified in many of the banks interviewed. In one bank the assessors had particular concerns about the overall effectiveness of their CDD procedures. (A/3)
‘Given the significant role played by introducers in attracting international business to Cyprus, it was noted with concern that one of the categories of introducers (ASPs - Administrative Service Providers) although made subject to regulation is not yet supervised in practice for compliance with AML/CFT requirements and the supervision of the other categories of introducers (lawyers and accountants) needs to be strengthened further.’
‘The assessors are of the view that Cypriot banks’ reliance on introducers represents one of the largest areas of vulnerability for them.
The absence of a bank-wide risk assessment and lack of consultation with the banks’ compliance functions in the acceptance of high-risk customers, ‘in combination, constitute material deficiencies in light of the level of high risk international business being conducted in the banking sector.’
The management of alerts regarding high risk accounts is under-resourced. ‘As a consequence, insufficient consideration may be given to these alerts before being cleared.’
And at Point 24,
‘Indeed, on the basis of information provided, not many cases of ML/FT suspicion are identified through ongoing monitoring.’
And Point 26 where,
‘a large backlog of amendments to registration documents at the Company Registry and a lack of follow up of a significant number of unsubmitted annual returns and financial statements’ [is noted]. ‘This raises questions about the ability of banks to fully apply CDD measures with respect to legal persons registered in Cyprus.’
‘Overall, therefore, the assessors are concerned that the combination of a number of features associated with international banking business (e.g., introduced business plus complex structures plus use of nominees) may in higher-risk cases bring the cumulative level of inherent risk beyond a level that is capable of being effectively mitigated by the CDD measures currently being applied. ‘
[That is, the risks of Money Laundering are not being effectively countered by the CDD measures.]
Of course, it would be hard for any bank to be 100% compliant with AML procedures as this is a fast-moving field. What I find interesting in the case of Cyprus is that both reports note the special complexities and high-risk nature of that part of Cyprus’ banking system that deals with offshore funds.
This is characterised by complex ownership arrangements and the fact that the setting-up of many accounts is mediated by an ‘introducer’ or a chain of introducers thus often making it difficult to determine the ultimate owner/beneficiary of the account.
What the reports show is a) that parts of Cyprus’ banking system that deals with the offshore funds are characterised by great complexity that would be considered high-risk in many jurisdictions; b) that a high level of procedure, compliance and implementation is required to meet those risks and c) that there are deficiencies both at a systemic level (particularly with the identification of ultimate owners of complex company structures and the registration of the companies themselves) and with regard to the monitoring of individual suspicious cases.
I do not think it is entirely a coincidence that of the 45 bank accounts identified for forfeiture in the Liberty Reserve indictment documentation, which represents one of the biggest prosecutions of money laundering ever undertaken, 22 of those accounts were in banks in Cyprus (see my posts of 29th May and 3rd June 2013).
The CBC risposte to the troika summary report of the MoneyVal and Deloitte audits claims somewhat plaintively that no benchmarking of the Cyprus AML audit results was carried out and that they were 'a unique, focused and exceptional evaluation procedure not carried out in other countries'.
This is the case but what both reports draw attention to is the particular character of Cypurs's banking system with its massive flows of offshore funds, (of its top 100 depositors Deloitte reports that after Cyprus at 40 per cent 25% gave their place of residence as the British Virgin Islands - followed by Russia (10%), the Seychelles and Belize) the particular character of its 'introduced business' model of account creation and the massive use of complex company structures that has the result if not the explicit intention of obscuring from view ultimate beneficiaries.
The reports argue that such a system is in itself high-risk and requires the highest levels of anti-money laundering vigilance and risk analysis at both the level of individual accounts and across banks and sectors. On this they find that this level of vigilance, regulation, risk analysis, procedural accuity and day-to-day implementation and remedial action is lacking.
It might be generously argued that the contemporary Cypriot banking system has its origins in the trauma of partition and was conditioned by the context of Cyprus's shifting alliances and the spaces left open in the international banking system.
As a small island state it picked up what work it could and was willing to turn a blind eye to the niceties of UN embargos and international financial regulation. As such its banks and allied professions seem to have displayed a great and unanalysed 'hunger for risk.'
But, as David Gardner has argued, 'Cyprus grew rich on the misfortunes of its neighbours; its decision to do a certain kind of banking for a living was shaped by the disintegration of Lebanon, the former Yugoslavia and the Soviet Union'.
Entry into the EU, the Eurozone, crisis and the increasingly hard clamp-down on money-laundering and tax evasion across the globe have radically altered the operational context of Cypriot banking and the fortunes of its close-knit elite who profitted mightily from the glory years (to paraphrase Gardner).
Furthermore, the bailout/in has attracted increased attention to Cypriot banking compliance. This has been found to be wanting.
Undoubtedly huge strides have been made but it looks as if a cultural shift in the banking and allied sectors is now needed to assess and calibrate 'hunger for risk' at the level of institutions and professions.
Exactly what kind of banking system is left on which to assess and calibrate that hunger for risk into the future is, of course, a moot point.
For information on this and previous articles on Money Laundering see earlier blog entries.