07 Jun 2019
The news this week that the Bailiwick of Jersey has recovered more than $267 million linked to former Nigerian President Sani Abacha puts a spotlight on the banking sector’s vulnerability to money laundering. The funds, which were purportedly derived from corruption, had first been laundered through the US banking system by General Abacha’s son Mohammed before being transferred to accounts in Jersey.
The ultimate recovery of the funds, which were identified in 2014, had been delayed by court challenges, but the initial laundering occurred much earlier, before Sani Abacha’s death in 1998.
While the asset recovery team is to be commended for successfully seizing the funds, questions remain about the anti-money laundering (AML) controls of the banks that processed the payments in Nigeria, the United States and Jersey. In all likelihood, the Nigerian bank faced pressure and intimidation from General Abacha and his family, but the same cannot be said of the receiving banks, which should have had sufficient processes in place to prevent the layering of illicit funds.
Such processes involve a host of AML measures, including customer due diligence, enhanced due diligence, recordkeeping, account monitoring and suspicious activity reporting, all of which can help flag illicit funds before a lengthy asset recovery process becomes necessary. While details of the banks’ compliance efforts remain unknown, what institutions should do when handling such high-risk clients is clear. What follows is guidance on how a bank could’ve prevented Mohammed Abacha’s money laundering.
A bank’s first contact with a potential client is often its most important. Effective account opening policies and procedures are fundamental risk-controls for customer relationships. To mitigate AML risks, banks must obtain proper identification records from accountholders, including from beneficial owners, and ascertain the sources of their wealth as well as what their typical and expected transactional activity will be.
In the case of Mohammed Abacha, a US bank should have obtained the following information before opening an account:
- Legal name and any other previously used name, such as a maiden name.
- A full, permanent address that does not cite a post office box number.
- Telephone numbers, fax numbers and email addresses
- Date and place of birth
- Occupation, including the name of an employer and details of any public position held
- An official personal identification number or other unique identifier contained in an unexpired official document, such as a passport, an identification card, a residence permit, Social Security records or a driver’s licence that includes a photograph of Mohammed Abacha
- A full description of any trade activity Mohammed Abacha might be involved in and whether relevant international transactions will be routine.
- A full description of any business operations, including anticipated volume of currency and total sales, and a list of major customers and third-party suppliers
- The type of account he’s seeking and the nature of the banking relationship
- A signature
Once this information is in hand, the bank must verify the data through at least one of the following methods:
- Confirming the full name and date of birth of Mohammed Abacha from an official document, such as a birth certificate, passport, identity card or Social Security records
- Asking Mohammed Abacha if he currently has, or has ever had, a connection to a foreign or domestic state, including ties to military or judicial branches. The same questions should be extended to family members that might have similar connections. If the responses are not clear and conclusive, banks should consider additional customer due diligence steps before moving forward. Such measures could range from asking Mohammed Abacha for more information to conducting Internet research to running relevant names against a public database.
- Confirming the permanent address of Mohammed Abacha through a utility bill, tax assessment, bank statement or from a public authority.
- Contacting Mohammed Abacha by telephone, letter or email to verify contact information. Should the information be invalid, further investigation is necessary.
Looking closer at a high-risk client
At this point, standard due diligence procedures should have revealed that Mohammed Abacha is no ordinary customer, but rather the son of General Sani Abacha. Accordingly, the bank relationship manager who is primarily responsible for Mohammed should categorise him as a politically exposed person, or PEP.
The sources of his wealth, the nature of his business and the extent to which his business history presents an increased risk of money laundering and terrorist financing now loom larger for the institution, and must be considered by the relationship manager.
This means that Mohammed’s account should be subject to the bank’s highest level of scrutiny, including senior management approval of the relationship prior to account opening, heightened transactional monitoring and annual reviews of account activity that involve the upper echelons of the bank’s executive team.
Throughout the compliance process, proper recordkeeping is fundamental to AML risk mitigation. The bank’s records of Mohammed’s legal name, permanent address, telephone number, nature of business and expected income are the initial yardstick by which staff will measure whether his transactional activity is legitimate or suspicious. These records, therefore, should be reviewed and updated periodically
Now that Mohammed Abacha has been classified as a high-risk customer, his bank accounts should be subject to enhanced monitoring procedures.
An effective monitoring system should be able to detect deviations from the anticipated transactions outlined during the customer’s onboarding. One example would be an accountholder who receives $237 million from a correspondent bank when his stated salary income is $30,000. In such a case, the bank has clear reason to flag the deposit and enhance its due diligence by obtaining the following:
- An explanation of the purpose of the transaction
- Information on the source of the funds—for example, that the money is from an inheritance, divorce settlement or property sale. The bank must consider whether additional evidence backing up the customer’s claim is needed, such as a copy of the will or a copy of the deed of assignment and receipt
- References from other banks
- Information on where a relevant business is domiciled
- The proximity of the customer’s residence, place of employment or place of business in relation to the bank
- An explanation of changes in account activity
The bank must take into account the possibility that performing enhanced due diligence (EDD) could tip Mohammed off to the fact that his financial activity is under heightened scrutiny. If the institution determines that it would, it may choose not to pursue the process and should file a suspicious transaction report (STR). Banks must ensure that their employees are aware of, and sensitive to, these issues when conducting EDD.
Once the source of wealth and funds are established, the bank will need to analyse the information for “red flags” indicating illicit activity. If any criminal activity is suspected, it’s incumbent on the bank to file an STR—in the case of the American bank that first accepted the funds, with the Financial Crimes Enforcement Network, or FinCEN.
Should the bank be unable to satisfy its customer due diligence obligations, it must terminate its business relationship and consider whether the circumstances merit filing an STR.
Preventing money laundering
With a strong due diligence process that identifies the accountholder and his next of kin or legal beneficiary before a customer relationship is established, a bank can reduce the risks associated with money laundering to the barest minimum. A carefully balanced approach has to be taken, because if identification processes are too lean, monitoring may make a limited contribution to risk mitigation, and manual or electronic scanning of transactions may be unable to flag suspicious transactions effectively.
The failure of an institution to adequately identify a PEP during customer onboarding could mean that corrupt political figures evade detection by EDD and enhanced ongoing monitoring procedures. Effective AML controls, by contrast, will detect instances when high-dollar deposits aren’t commensurate with the reported income of a PEP client such as Mohammed Abacha.
It’s also vital that financial institutions take every opportunity to update information on customers in order to maintain effective monitoring. Attention should also be given to ensuring that documentation is reviewed on a regular basis and is automatically updated when events such as change of address or change of signatories occurs. A flagged transaction does not automatically establish suspicious activity, but should effectuate prompt enquiry and consideration of the circumstance. Hence, there is need for good know-your-customer (KYC) and know-your-customer’s-business (KYCB) knowledge and records.
Whereas the primary responsibility for identifying suspicious transactions lies with the staff processing or checking payments, banks, as an additional safeguard, should deploy appropriate software or technology to generate reports for suspicious transactions that are scrutinized by the compliance officer or money laundering reporting officer.
With such steps, the next $267 million in illicit funds could be returned sooner than the last.
About the author: Ehi Eric Esoimeme is the Deputy Editor-in-Chief of DSC Publications Ltd and a KYC360 contributor. His published works include Balancing Anti-Money Laundering/Counter-Terrorist Financing Requirements and Financial Inclusion: The Case of Telecommunications Companies and The Risk-Based Approach to Combating Money Laundering and Terrorist Financing and Deterring and Detecting Money Laundering and Terrorist Financing: A Comparative Analysis of Anti–Money Laundering and Counterterrorism Financing Strategies. For more information on Ehi’s books, visit here.
This article is expressing personal opinions and is meant for information purposes only. The article does not intend to replace professional or legal advice. It is recommended that readers seek independent professional or legal advice, or speak to authorised persons/organisations.
Advance your CPD minutes for this content, by signing up and using the CPD WalletFREE CPD Wallet