One key to fighting money laundering is understanding its process and the vulnerabilities in each stage of it. The first stage is Placement. Placement entails depositing illicit funds into financial institutions.
Several vulnerabilities lie in this stage. So, we look at it to see what questions money launderers must answer in this stage to overcome their vulnerabilities, and how detection teams skilled in Know Your Customer (KYC)/Customer Due Diligence (CDD) practices seek to exploit them.
How can we deposit large amounts of money?
During placement, money launderers have a sum of money of such magnitude that depositing it as a lump sum would trigger mandatory reporting requirements and draw the attention of authorities. So, money launderers break that sum into multiple deposits to avoid exceeding mandatory reporting thresholds. The more money they need to place, the more deposits they need to make.
This raises another problem for them. Making multiple deposits that lie just under reporting thresholds in a single account within a few days will raise red flags. Dozens of accounts opened in a single bank under a single name will also raise the bank’s suspicions and lead to detection. So, money launderers use multiple banks and multiple names to keep deposits small enough to look natural. The more deposits they need to make, the more complex their depositing scheme must become.
Response: KYC/CDD teams screen applicants
To exploit this vulnerability, Anti–Money Laundering (AML) regulations require financial institutions to have KYC/CDD teams check identities of all prospective customers before the bank can do business with them. If any depositor name is tied to money laundering or other criminal activity, the application may be rejected and the information turned over to authorities.
How can we get past initial screening?
Money launderers know that most of them will appear on criminal watch lists. That reduces the number of legitimate identities they have available for opening accounts. They can enlist people who have, at least at that moment, no personal connection to money laundering or other criminal activity and attempt to hide the actual account owner’s identity behind these account owners in name only.
Response: KYC/CDD teams dig deeper
Here, too, AML practices target this vulnerability. The KYC/CDD team doesn’t stop when an applicant name doesn’t appear on money laundering watch lists. They go further to check whether applicants have ties to anyone on the watch lists.
In addition, the KYC/CDD team will investigate whether the applicant will be the actual account owner, or merely a third-party representative. If the latter is the case, the team must investigate both the representative and the owner.
How can we get names that won’t show up on watch lists?
With names of money launderers and their associates likely to turn up in KYC/CDD team investigations, money launderers need legitimate names to get past KYC/CDD scrutiny. With most names that are available to them suspect, they turn to stolen or fake identities in their attempt to place deposits.
Response: KYC/CDD teams verify identities
Financial institutions target this vulnerability, as well. AML requirements lead KYC/CDD teams to make intensive investigations to confirm that identities of depositors on the applications are not stolen or faked.
These investigations dig deep into the documents presented at application to look for any sign of the applicant being fake or not the person he or she claims to be. In most cases, KYC/CDD teams verify identities and new customers successfully open an account. But the time and effort put into these investigations are worth it.
Recognizing the ongoing struggle
With the intensive investigations conducted on prospective depositors, and the stringent safeguards that trigger alerts of suspicious deposits, many money laundering deposits are prevented. But not all are.
When you look at the questions that money launderers need to answer in order to succeed and the responses KYC/CDD teams have to those schemes, it might seem like KYC/CDD teams have all the answers, that no money laundering attempt could possibly succeed. Unfortunately, despite the best efforts of KYC/CDD teams, most money laundering attempts succeed and thus enter the financial system.
With the vast amount of illicit funds they generate, criminal organizations can easily write off losses from detected deposits as a simple cost of doing business. Money launderers experiment constantly with new schemes and techniques to avoid detection. Techniques that fail are abandoned or tweaked to eliminate the element that triggered detection. Techniques that succeed are adopted and used extensively, until KYC/CDD teams enact new safeguards to defeat those techniques.
Placement attempts may not all be detected, but efforts do bear fruit. And for each detected attempt and each investigation escalated to law enforcement authorities, the burden that money laundering places on financial institutions – and society – are that much less.
For over 30 years, Marin Ivezic has been protecting financial services and critical infrastructure against financial crime, cyber, and regulatory risks. He previously held multiple interim CRO, CISO and technology leadership roles in Global 2000 companies. Since 2013 he has been advising institutions and regulators around the world on safe, secure and compliant adoption of crypto assets and other decentralized technologies.