A Russian client is seldom just a Russian client
“Probably the largest ever money-laundering scandal in history”. That is how the Guardian described revelations that Denmark's largest bank may have been used to launder nearly GBP 200 billion.
Despite being located in Tallinn, a quaint city with a population of less than half a million, its Estonian branch was bringing in as much as a tenth of the entire group's revenue from thousands of suspect non-resident accounts. Some were allegedly linked to Vladimir Putin’s family; others were used by Azerbaijani authorities to lobby European officials with opaque payments. After the whistle was blown by an employee, an independent investigation found "major deficiencies" in Danske Bank’s AML framework. By the end of September 2018, its CEO Thomas Borgen resigned.
The saga joins a depressingly familiar roll-call of recent money laundering incidents involving the former Soviet Union, including the so-called Russian and Azerbaijani Laundromats. Yet despite the different players involved, they have two key characteristics in common.
The first is sophistication. Twenty years ago, a hostile takeover meant a few dozen off-duty spetsnaz operatives moonlighting for a competitor would rappel down an office building and change the locks. Money launderers casually traipsed across the Belarus-Poland border in trucks stuffed with contraband and dollar bills. Such antics make great television. Yet just as the media and lawmakers have begun to wake up to the most overt forms of money laundering, the sorts of shenanigans sexily portrayed in the hit series McMafia are fast becoming obsolete.
We now face a subtle hybrid of the legal, the semi-legal and only rarely the outright criminal. For example, in the case of the RussianLaundromat, corrupt judges in Moldova provided official legal imprimatur for money to be laundered via a series of defaulted debts between bogus – but legitimately-registered – shell companies. Though the underlying transactions were fraudulent, none of the documents were forged. Such operations threaten to fly under the radar of conventional Know Your Customer (KYC) and customer due diligence (CDD) checks.
The second trait these scandals have in common is the use of Western corporate structures, privacy laws and “light-touch” regulations to evade anti-money laundering (AML) controls. Many of the companies used to move billions of dollars to the West as part of the RussianLaundromat were registered in the UK. In the case of Danske Bank, the favoured vehicles of the alleged money launderers were English and Scottish Limited Liability Partnerships, which are effectively anonymous. Furthermore, although a model of transparency and ease of use, Companies House, the British corporate registry, does not independently corroborate self-reported shareholder information. By using Western corporate structures, money launderers are less likely to trigger the trip wires set by compliance departments, whose risk-based approach generally targets high-risk jurisdictions and politically-exposed persons (PEPs).
How can banks and businesses protect themselves against this new generation of threats? Firstly, a tick-box approach is no longer an option. Understanding a subject’s relationships is key. A major money laundering tool has always been the use of proxies and frontmen. But whereas these once tended to be children or spouses, today they are increasingly otherwise obscure figures drawn from the formative times in the lives of oligarchs and officials: high school, university, first jobs. Last March, the anticorruption campaigner Alexey Navalny published an investigation alleging that prime minister Dmitry Medvedev used a network of charity and nonprofit organizations to collect millions in fake donations from oligarchs and state banks and buy mansions and luxury goods. The people in charge of these charities were low profile professionals with no political exposure or red flags. What they all had in common was having been Medvedev’s school-friends.
Finally, a Russian client is seldom just a Russia client, and may not technically be one at all. His or her preferred corporate vehicles, connections and properties almost always span the whole former USSR, including the pro-Western Baltic states; as well as international financial centres like London and offshores from Cyprus to the BVI. The bottom line: to understand the true risk, it’s time to step away from the narrow compliance rule book and start digging deeper.