Money Laundering Costs the Average British Household £255 Per Year, So Why Aren’t Financial Institutions & Regulators Doing More About It?

Editor’s note: The author of this article, Gabriella Bussien, is CEO of Trapets, a provider of financial crime prevention software.

A new report on financial crime around the world has found that the UK is the second-worst country for anti-money laundering (AML) events per capita, behind the U.S. In Britain, three-quarters of these events are directly related to money laundering, and one in four are compliance failures, far higher than the global average.

Why is the UK so behind when it comes to compliance, despite having several regulatory bodies monitoring the activity of financial institutions? Is it a lack of understanding, enforcement or consequences?

In my experience working with financial institutions (FIs) not only in the UK but across Europe, certain characteristics and behaviors stand out among British institutions. It often seems like there’s little sense of urgency around the gravity of financial crime, and that FIs are doing the bare minimum — if that. In fact, the Financial Conduct Authority (FCA) recently issued a stern warning directly to CEOs for not even hitting the basics of AML.

Digitalization in the UK is way behind other countries 

Having an effective framework against money laundering means having vast amounts of enriched customer data, being able to verify their identity accurately and being able to track activities in real time and react quickly. 

However, the lack of digitalization among UK financial firms creates many internal roadblocks to detecting and stopping financial crime. One glaring example is the lack of a widespread digital ID system. Unlike Sweden’s digital ID system, India’s Aadhaar or Italy’s SPID, UK citizens don’t have a personal, secure digital identifier that can be broadly used to access both governmental and private services, including banking. The existing One Login for Government would be a great program to adopt more broadly, but for now, there aren’t clear indications that the scope of the service will make a dent in banking.

A study from last year found that there are 160,000+ British payment card details online, most of which come bundled with personal information like home addresses and National Insurance numbers. This is a lot harder to do in, for example, Sweden, because 90% of people use a secure BankID, meaning their data can’t easily be reappropriated by criminals. 

The UK’s lack of digitalization is also evident in its reliance on manual processes. Shockingly, many large institutions I come into contact with still use Excel spreadsheets to do transaction monitoring (e.g. credit unions, foreign exchange brokers). They download the day’s transactions into an Excel sheet and manually check for suspicious activity. There’s no algorithm looking for odd patterns, no instant alert system, any issues are flagged a day late, and ultimately they’re wasting copious amounts of time just searching for a needle in a haystack. 

Many banks are also manually pulling Know Your Customer (KYC) data from different external sources, an ineffective strategy that means it’s hard to know what’s going on with the customer base. Real-time transaction monitoring is ideal, but it is not widely adopted. That all means UK financial institutions aren’t able to reach the holistic visibility they need to truly be compliant.

Finally, UK banks that do offer digital accounts need to catch up their verification systems to cope with associated risks. Some UK FIs won’t ask new users for digital identity verification (the visual check with a selfie) — you can simply fill in the online form and send in the required documents, and you’re set.

FIs aren’t dedicating enough effort and resources internally

It should surprise you that only one in five British financial service companies consistently check their new customers against sanctions or Politically Exposed Persons (PEP) lists. This is one of the easiest AML checks for any FI — all the info you need is readily available, and it can even be automated. Yet this is part of a wider tendency by UK FIs: not taking the threat of AML seriously enough.

Based on conversations I’ve had with FIs, individual firms aren’t putting enough effort into building a sturdy financial crime governance framework. The head of compliance knows what they need to do internally, but getting buy-in from the executive team is hard.

Execs have to state that they abide by regulations, but that often doesn’t filter down to the teams that are actually doing the work in the form of a sufficient budget, training, resources or oversight. The FCA’s recent “Dear CEO” letter emphasized those same concerns, pointing out that in some cases AML policies were ambiguous, or that business-wide risk assessments simply didn’t exist.

Perhaps the lack of urgency from FIs has to do with the idea that they can get away with it due to the lack of severe fines from the government. UK firms are also significantly friction-averse: They want to onboard customers quickly and manage them painlessly. They worry that if they bolster KYC checks and start asking their customers for more input, they’ll leave for competitors. But some friction is a necessary byproduct of good due diligence.

Aggravating local conditions

Local conditions over the past few years have strained some of the UK’s financial crime vulnerabilities. The cost-of-living crisis has created a financial crime wave. During the pandemic lockdown, many people were at home on furlough and had expendable income. But as that subsided, energy bills, fuel costs and inflation rose, leaving many people cash-strapped, and small-scale fraud increased significantly. 

Fraud is currently one of the largest risks for FIs in the UK. We’ve seen push payment fraud offering people fake loans and insurance policies. Some of the fraud is facilitated by synthetic IDs, which is a growing threat now that AI can generate deepfakes to help set up fraudulent accounts. At the same time, we’re seeing money mules get recruited on social media to launder criminal gains through their accounts in exchange for cash.

Yet because of the nature of this fraud, much of it will go under the radar. It often involves small volumes, so perpetrators can keep below the threshold that would trigger a warning within a bank.

What steps does the UK need to take

The greatest actions need to be taken by FIs themselves. Most UK firms can integrate stricter risk assessments and KYC processes, digitalize portions of their AML activities and take steps toward greater collaborative action across the private sector.

At the moment, there is very little ongoing due diligence after a customer is onboarded. FIs need to carry out periodic reviews of their customers to identify new risks, but not only that; they must keep their risk assessment models and profiles evolving, as the context is always changing.

For example, if a particular industry becomes more vulnerable to money laundering — say, British hairdressing salons start being used more by gangs to launder criminal proceeds — then a bank’s internal risk assessment needs to reflect that. That way, if a new or existing customer tries to get a loan to open a hairdressers, the risk level will be higher than usual and greater actions will be taken to verify that everything’s above board. This isn’t happening anywhere near enough at the moment.

Banks also need to respond better to their internal risk appetite. The recent FCA warning specified that often, security controls were not keeping up with business growth. When changes happen internally, such as a bank expanding into new regions or launching new products, the FI has to update its risk framework to integrate the new associated vulnerabilities. Risk frameworks change according to the product in question, the region of activity and so much more. There is no one size fits all.

The UK’s financial sector should also come together to improve alignment across banks and set a common AML standard for all banks to abide by. If everyone agrees on common basic criteria, ideally private firms wouldn’t have to worry as much that those doing AML the right way get penalized by losing their competitive edge. This and many more initiatives can come out of the private sector itself.

But the blame for the UK’s poor AML record does not fall solely on the shoulders of private companies. Right now, the fines being issued by UK regulators are not that steep and not that frequent. The FCA and other regulatory bodies need to show they’ve got teeth and give out heftier fines for dysfunctional behavior. Everyone takes notice when, for example, a company like Apple gets slapped with a nearly €2B fine. I also think a single, unified regulatory system would help reduce fragmentation of enforcement actions across multiple bodies.

These measures might sound far-fetched considering the serious lengths UK FIs have to go to to get a gold star on compliance. It starts at the top, with stakeholders recognizing that money laundering will only get worse the more it’s brushed aside and that their weakness has a negative impact on the UK’s entire financial system. Money laundering costs every British household an estimated £255 a year. We can start bringing that down today.