As of 2017, the global financial system has become exposed to stricter financial regulations through the European Union’s “4th Anti-Money Laundering Directive,” the Canadian Financial Action Task Force (FATF), and the U.S.’s finCEN and its “Customer Due Diligence (CDD) Requirements for Financial Institutions” rule. These were brought forward after a series of offshore document leaks over the past two years, it is apparent that close to 10 percent of the global GDP is actually “hidden” in offshore jurisdictions and tax havens.
The idea behind these regulations is to uncover ultimate beneficial ownership that will strengthen risk mitigation of financial crimes, and they are primarily aimed at financial institutions that are categorized as “obliged entities” in the EU and as “covered financial institutions” in the United States. Despite the fact that these institutions are required to follow the “Know Your Customer” (KYC) procedures, as well as “Due Diligence” (DD) and “Enhanced Due Diligence” (EDD) procedures, in order to analyze corporate structures and uncover the individuals behind these operations when accepting new clients and analyzing existing ones, high-profile individuals are still managing to circumvent the system for the purpose of tax evasion or disguising criminal sources of funds. As such, it appears that the regulatory systems do not yet have a solution to the issue.
One of the first challenges that any entity within the provision of financial services field experiences is the misinformation stemming from the user-generated content in subscription-only global online databases, being that certain names and references can be mixed up during the reporting process. Though such mistakes do occur from time to time, they are extremely rare overall, and subscription-only platforms have proven to be useful for screening and profiling individuals and companies, and are still considered excellent tools for conducting KYC checks globally. Moreover, the importance of human intelligence harvested through these user generated platforms has proven to be of high value, especially when looking at high-profile investigations such as the 1MDB scandal, which was conducted using HUMINT along with analysis of proprietary information and OSINT.
Nevertheless, even after overcoming the uncertainty of user-generated platforms by corroborating the information through open source intelligence, the circumvention of the system can also occur due to the complexity of corporate structures that financial institutions have to analyze and check. These procedures are complicated by entities using multiple offshore jurisdictions, different corporate names, as well as third parties such as shell companies, trusts, fronts, as well as different charities and foundations. Navigating the maze of a corporate structure appears to be made possible only through internal leaks, which are not a common occurrence. For instance, the analysis of President Trump’s tax returns and overall fortune was only possible after an internal leak, when interviews with former employees revealed a series of documents on his family’s business dealings. More notably, these investigation probes can last for several years, as evident from the example of the prominent businessman and philanthropist Sam Wyly, where results came after “a nearly decade-long SEC investigation targeting the entire Wyly’s family for fraud involving the same offshore trusts.”
The key challenge of the abovementioned regulations is the lack of resources and time on the disposal of the obliged entities and covered financial institutions, especially when compared to the capacities of government agencies such as The Internal Revenue Service (IRS) and The U.S. Securities and Exchange Commission (SEC). Apart from the uncertainty of the information accessed through user-generated content, the opacity of corporate databases such as Opencorporates.com and Icij.org is another obstruction to securing a transparent system and conducting effective DDs and EDDs. By being aware of and exploiting these weaknesses, businesses involved in criminal acts or terrorism support are known to continuously modify their corporate structures, as well as shift funds and assets through a number of offshore jurisdictions, thus causing the entire financial system to sooner or later fail at conducting an effective analysis.
However, all is not lost, being that the aforementioned regulations require obliged entities and covered financial institutions to conduct ongoing monitoring of any suspicious business dealings, or any individuals and entities that have appeared on international sanctions lists published by international organizations and government bodies such as the United Nations and the U.S.’s Treasury Department's Office of Foreign Asset Control (OFAC). The ongoing monitoring requirement is likely to become even more important in the future, given that the system essentially “casts a net” on the financial sector and continuously works on identifying the so-called amber and red flags as early warning signs of potentially rogue operations.