Anti-Money Laundering evasion using SWIFT message type spurs need for more monitoring
Compliance officers are increasingly concerned about the use of a certain SWIFT message-type between financial firms to circumvent the occasionally time-consuming due diligence work required to approve new institutional relationships. Known as "SWIFT MT999," this non-restricted, open-text message format, typically used by banks to broadcast non-transaction specific information, is mistakenly being permitted by some managers as an acceptable means of dealing with other institutions that have not yet been approved by their banks' compliance departments.
With international transactions and counterparties subject to the oversight of multiple jurisdictions and associated anti-money laundering and anti-terror financing (AML/ATF) laws and regulations, due-diligence checks can be time consuming.
A firm's AML compliance function must evaluate large numbers of partner firms, either initially or periodically, often under intense pressure from staff trying to execute transactions quickly.
Additionally, fast-paced AML/ATF regulatory changes create enormous challenges for compliance staff trying to maintain a large list of approved correspondents. They must integrate their list of approved institutions into a SWIFT Relationship Management Application (RMA) within the bank's payment center. Once the RMA is established, transactions with the approved firms can be routed on a straight-through processing basis, which is the fastest and most cost-effective method of correspondent bank messaging.
Managers, however, tend to become irritable when told they cannot begin a relationship with another institution until their firm's compliance department completes legally mandated due-diligence. Faced with such frustration, some managers and operations staff will occasionally find methods of circumventing these restrictions in order to meet customer demands or internal revenue goals.
If a bank's senior management fails to prioritize a strong compliance culture, then the staff may get the impression that the firm implicitly tolerates AML/ATF corner-cutting. The most difficult battles waged by compliance officers are often mutinies within the business lines they are trying to protect.
The cost of evading AML/ATF requirements can be enormous.
SWIFT background
The Society for Worldwide Interbank Financial Telecommunication (SWIFT) was established so financial institutions around the world could transmit information about financial transactions on a secure, reliable, and standardized platform. Before SWIFT, firms communicated via Morse code messages sent by telegraph.
The entry of SWIFT into global correspondent banking produced a more secure and faster communication mechanism between financial institutions. SWIFT messages include approximately 200 varieties. For example, the standard payment instruction from one entity to another is known as MT103. AML/ATF legislation in many countries makes specific reference to MT103 as the principal method of international payments.
SWIFT message formatting
Under the SWIFT messaging format, the letters MT stand for "message type". The first numerical digit represents the category of financial instrument or service to which the message relates. The second digit indicates the part of a transaction life cycle, while the third denotes the specific message.
Any SWIFT category can issue a free-format message to another SWIFT member by adding "99" as the last two digits. For example, a bank may use an MT799 message to broadcast an upcoming change to its mailing address, so that partner firms can direct document couriers to the proper location.
SWIFT MT999 messages are commonly used as free-format messages that contain information not associated with any of the usual SWIFT categories. Simply put, an MT999 is similar to a fax or email from a financial institution that can state anything, but by transmitting via MT999, the sender ensures that the message can be authenticated.
After major environmental disasters, some banks use MT999 messages to assure their respondent or correspondent banks that they continue to operate, or that their operations have been damaged, requiring that certain changes be made to transaction flows.
MT999s and AML evasion
Compliance professionals at major international banks have recently observed the use of SWIFT MT999 messages by staff to evade their own SWIFT relationship management system's restriction on certain correspondent banking relationships.
These individuals have begun forming agreements with non-approved banks to insert SWIFT instructions into the free-text MT999s, thereby avoiding rejection by the firm's RMA filter.
For example, correspondent banks advising letters of credit (SWIFT message MT705) from non-approved banks would write the MT705 text into an MT999 message for the advising bank to pass to the exporter. Since the message can be authenticated via SWIFT, the issuing bank and the advising bank have come to an understanding to use this shortcut until their respective AML compliance functions have approved the relationship. Once approved, the operations staff can stop using MT999s and begin transmitting or receiving the proper SWIFT messages.
Enforcement risk
Cash management and trade-finance operations are sectors of international banking whose dedicated staff have decades of experience. Many of these employees understand the intricacies of SWIFT and the limitations of RMA filters and AML compliance systems.
When such employees prioritize a customer's interests above those of the financial institution, they may opt for the MT999 workaround. Similarly, budget pressures may be so intense that even impatient line managers might avail themselves of the shortcut.
Subterfuge rarely receives a warm welcome from regulators, and banking supervisors will not be impressed to discover the use of MT999s to camouflage unapproved correspondent banking activity. Worse, the AML compliance function may find itself completely undermined by its business-line colleagues, creating mistrust and uncertainty in the workplace.
Improve monitoring
Prudent firms must direct their financial intelligence units to scrub incoming and outgoing MT999s for messages designed to evade the rules. Most often, the employees using this workaround do so with good intentions, usually to maintain customer relationships or win further business for the bank.
Intentions aside, such activity can be costly. Financial institutions that condone compliance corner-cutting among their staff can expect big regulatory surprises in the future. After all, if senior management is willing to let such a "minor transgression" slip, then it is reasonable to assume they might also turn a blind eye to more nefarious activity.
In an era of multi-billion dollar regulatory actions, such willful blindness could come at a staggering cost.
With international transactions and counterparties subject to the oversight of multiple jurisdictions and associated anti-money laundering and anti-terror financing (AML/ATF) laws and regulations, due-diligence checks can be time consuming.
A firm's AML compliance function must evaluate large numbers of partner firms, either initially or periodically, often under intense pressure from staff trying to execute transactions quickly.
Additionally, fast-paced AML/ATF regulatory changes create enormous challenges for compliance staff trying to maintain a large list of approved correspondents. They must integrate their list of approved institutions into a SWIFT Relationship Management Application (RMA) within the bank's payment center. Once the RMA is established, transactions with the approved firms can be routed on a straight-through processing basis, which is the fastest and most cost-effective method of correspondent bank messaging.
Managers, however, tend to become irritable when told they cannot begin a relationship with another institution until their firm's compliance department completes legally mandated due-diligence. Faced with such frustration, some managers and operations staff will occasionally find methods of circumventing these restrictions in order to meet customer demands or internal revenue goals.
If a bank's senior management fails to prioritize a strong compliance culture, then the staff may get the impression that the firm implicitly tolerates AML/ATF corner-cutting. The most difficult battles waged by compliance officers are often mutinies within the business lines they are trying to protect.
The cost of evading AML/ATF requirements can be enormous.
SWIFT background
The Society for Worldwide Interbank Financial Telecommunication (SWIFT) was established so financial institutions around the world could transmit information about financial transactions on a secure, reliable, and standardized platform. Before SWIFT, firms communicated via Morse code messages sent by telegraph.
The entry of SWIFT into global correspondent banking produced a more secure and faster communication mechanism between financial institutions. SWIFT messages include approximately 200 varieties. For example, the standard payment instruction from one entity to another is known as MT103. AML/ATF legislation in many countries makes specific reference to MT103 as the principal method of international payments.
SWIFT message formatting
Under the SWIFT messaging format, the letters MT stand for "message type". The first numerical digit represents the category of financial instrument or service to which the message relates. The second digit indicates the part of a transaction life cycle, while the third denotes the specific message.
Any SWIFT category can issue a free-format message to another SWIFT member by adding "99" as the last two digits. For example, a bank may use an MT799 message to broadcast an upcoming change to its mailing address, so that partner firms can direct document couriers to the proper location.
SWIFT MT999 messages are commonly used as free-format messages that contain information not associated with any of the usual SWIFT categories. Simply put, an MT999 is similar to a fax or email from a financial institution that can state anything, but by transmitting via MT999, the sender ensures that the message can be authenticated.
After major environmental disasters, some banks use MT999 messages to assure their respondent or correspondent banks that they continue to operate, or that their operations have been damaged, requiring that certain changes be made to transaction flows.
MT999s and AML evasion
Compliance professionals at major international banks have recently observed the use of SWIFT MT999 messages by staff to evade their own SWIFT relationship management system's restriction on certain correspondent banking relationships.
These individuals have begun forming agreements with non-approved banks to insert SWIFT instructions into the free-text MT999s, thereby avoiding rejection by the firm's RMA filter.
For example, correspondent banks advising letters of credit (SWIFT message MT705) from non-approved banks would write the MT705 text into an MT999 message for the advising bank to pass to the exporter. Since the message can be authenticated via SWIFT, the issuing bank and the advising bank have come to an understanding to use this shortcut until their respective AML compliance functions have approved the relationship. Once approved, the operations staff can stop using MT999s and begin transmitting or receiving the proper SWIFT messages.
Enforcement risk
Cash management and trade-finance operations are sectors of international banking whose dedicated staff have decades of experience. Many of these employees understand the intricacies of SWIFT and the limitations of RMA filters and AML compliance systems.
When such employees prioritize a customer's interests above those of the financial institution, they may opt for the MT999 workaround. Similarly, budget pressures may be so intense that even impatient line managers might avail themselves of the shortcut.
Subterfuge rarely receives a warm welcome from regulators, and banking supervisors will not be impressed to discover the use of MT999s to camouflage unapproved correspondent banking activity. Worse, the AML compliance function may find itself completely undermined by its business-line colleagues, creating mistrust and uncertainty in the workplace.
Improve monitoring
Prudent firms must direct their financial intelligence units to scrub incoming and outgoing MT999s for messages designed to evade the rules. Most often, the employees using this workaround do so with good intentions, usually to maintain customer relationships or win further business for the bank.
Intentions aside, such activity can be costly. Financial institutions that condone compliance corner-cutting among their staff can expect big regulatory surprises in the future. After all, if senior management is willing to let such a "minor transgression" slip, then it is reasonable to assume they might also turn a blind eye to more nefarious activity.
In an era of multi-billion dollar regulatory actions, such willful blindness could come at a staggering cost.
The views expressed here are the author's own. Kim R. Manchester is the founder and Managing Director of ManchesterCF, a Toronto-based firm that provides financial crime risk management training programs and advisory services to financial institutions and public-sector agencies around the globe.