The EU regulatory framework governing banks' anti-money-laundering efforts is "ineffective" and needs "critical review," according to the European Banking Federation.

Compliance spending among European banks has now reached €100 billion annually, with 10% of banking staff dedicated to compliance tasks, and banks reporting millions of suspicious transactions and activities to national authorities annually, according to the EBF, an industry body that represents 3,500 European banks and 32 national banking associations.

Yet barely 1% of the cases are prosecuted and just 1% of the criminal proceeds are confiscated by authorities in the EU, it said.

In a report released March 10, timed just a few weeks before the European Commission is due to release its anti-money-laundering action plan, the EBF points to regulatory fragmentation and overlapping supervision as challenges that need to be addressed if banks are to effectively help combat money laundering in Europe.

"The existing rules are disproportionate, inflexible and provide neither obliged entities nor supervisors with the appropriate tools," said CEO Wim Mijs in introducing the report that comprises 20 policy recommendations.

Harmonization needed

Among the recommendations, the EBF calls on regulators to turn the EU anti-money-laundering directive into directly applicable regulation. Currently anti-money-laundering, or AML, legislation is defined as a directive, which provides for minimum harmonization of the legal framework, but this has led to "quite significant differences" in the implementation and interpretation of the framework across the EU member states, the report said.

Harmonization through regulation would reduce the scope for regulatory arbitrage that could be exploited by criminals, it said.

It would also ease the AML burden on European banks that operate cross-border, as they could develop more effective group-wide AML policies and processes. Currently, national financial intelligence units have diverging reporting requirements and formats, making it particularly burdensome for banks operating in multiple jurisdictions.

Better supervision

The EBF also urged convergence of supervision across the EU, saying that a lack of centralization, coordination and oversight of AML supervisory powers has obstructed cross-border cases.

One recommendation is to better integrate AML and CFT — combating the financing of terrorism — considerations into prudential supervision.

"In the wave of the money-laundering cases uncovered, it has become apparent that AML/CFT issues can quickly become major prudential issues affecting individual banks' viability and the stability of the banking sector as a whole," the EBF said.

The money-laundering scandal known as the "Global Laundromat" has impacted a large number of European banks, with lenders including Danske Bank A/S, Swedbank AB (publ), Deutsche Bank AG, HSBC Holdings PLC, Barclays PLC, Lloyds Banking Group PLC, ING Groep NV and Crédit Agricole SA caught up in it to varying degrees.

Fragmentation between prudential and AML supervision creates weak spots for criminals to abuse, according to market observers. Currently, prudential supervision of a group's branch is carried out in the group's home country, while AML supervision is done by the host country of each branch. For example, in the case of Danske Bank, a Danish bank embroiled in a €200 billion dirty money scandal in Estonia, AML supervision fell under the remit of Estonian authorities while prudential supervision fell under Danish authorities.

This is causing challenges due to lack of coordination between supervisors, according to Laure Brillaud, a senior policy analyst at Transparency International.

While the European Central Bank, the prudential supervisor of banks in the eurozone, has a duty to cooperate with anti-money-laundering supervisors, this cooperation "has been limited," the EBF report said.

Promoting new technology

New technologies have the potential to increase banks' profitability and mitigate money-laundering risks, and regulators need to support their wider application, the EBF said.

This includes shared know-your-customer, or KYC, utilities, a solution explored around the world in which banks collaborate on the collection and verification of customer data.

In the Nordics, for example, the six largest banks — Danske Bank, Swedbank, DNB ASA, Nordea Bank Abp, Skandinaviska Enskilda Banken AB and Svenska Handelsbanken AB (publ) — recently formed a joint venture company to develop a solution for handling KYC data.

However, banks face legal obstacles related to privacy and data protection when using shared KYC utilities, which regulators must remove or mitigate, according to the EBF. For example, the current EU data protection framework provides "limited mechanisms for sharing AML/CFT information outside the organization," the report said.

It said an EU framework should explicitly allow obliged entities to create joint KYC capacities in which the transaction data collected by banks is centralized.

Furthermore, it said regulators should provide "an inclusive and pragmatic guidance on how to interpret the [EU data protection rules] GDPR in an AML/CFT context."

It comes amid growing concern among banks around how to balance the often-conflicting AML requirements and GDPR — the EU's General Data Protection Regulation, which came into force across Europe in May 2018 and limits how organizations can use and reuse personal data.

Denmark's Money-Laundering Task Force, following a year's work by experts, lawyers and representatives from the largest banks in Denmark, recently found that balancing GDPR and AML is one of the "inherent dilemmas" that banks face in their role as gatekeepers against money laundering.