Whether it’s via real estate deals, ‘fixed’ gambling, poor record keeping at a Bureaux de Change, double or inflated invoicing in a company or transferring money to an unknown party regularly for a commission, money laundering is as serious an issue in South Africa as it is in the rest of the world.
To understand the global magnitude of money laundering it is important to consider the results of a study conducted by the United Nations Office on Drugs and Crime (UNODC) to determine the size of illegal funds generated by organised crime and to investigate how much of this is laundered. According to the UNODC, criminals laundered about 2.7% of global GDP (or US$ 1.6 trillion) in 2009 alone.
In South Africa specifically, corruption on a grand scale and the lack of transparency make money laundering in its various forms a profitable business and this is only exacerbated by the ease with which foreign criminals can enter the country.
South Africa has taken great strides to set up a variety of different legislations and acts to tackle money launderings’ growing threat to business and the government. This includes establishing the Financial Intelligence Centre in February 2002 under the FIC Act No. 38 of 2001, to help combat the threat posed by money laundering and to identify the proceeds of certain unlawful activities.
However, the challenge is the ability to accurately and quickly identify when money laundering is occurring, who is responsible, and what methods they are using to get their ‘dirty money’ into the banking and business systems without being identified.
Unlike fraud, which is basically stealing money that belongs to someone else, money laundering is the process of legitimising illegally gained funds via ostensibly legal methods. And while money laundering is rightfully associated with crime syndicates, terrorism and drug trafficking, it is often innocent companies and people that are caught in a web of complexity as unwitting accomplices in these transactions.
“The problem with money laundering activities in organisations is that the individual transactions in the process are generally perfectly ordinary and legal, making identifying the crime difficult, costly and time consuming,” says Hedley Hurwitz, MD of Magix Security. “Successful anti-money-laundering (AML) solutions must therefore focus on the context and behaviour surrounding these activities instead of individual transactions”
To identify the context for money laundering, Hurwitz says organisations need to look beyond the “what” of transactions, to the “how” and under what conditions they are conducted. This can only be achieved if user and system activities are monitored in real-time; slicing and dicing ‘valid’ transactions ‘after the fact’ to look for anomalies is likely to identify only a small percentage of the misdemeanours.
For example, an insider in a financial organisation’s IT department amends a customer’s mobile phone number on the database to reflect a launderer’s mobile number. This lasts just long enough for the launderer to transfer ill-gained profits into the account, approve the addition of a beneficiary, and release the funds before the number is changed back to the original. The transaction of itself is not suspicious and won’t appear on any exception reports unless the customer queries it, although he will not have suffered any material loss. It is only if all activity related to this account is recorded, and related back to the transaction, will there be any chance of prevention and detection.
“AML is an area that does not belong to IT, except in so far as to supply the infrastructure and access to information,” says Hurwitz. “Due to the high confidentiality requirements of the data under scrutiny, only the risk and compliance staff should have access to the data, and then only to the data they need.
“Moreover, one source of data is not enough. Investigators need to access internal information combined with external data from law enforcement agencies and the Internet to round out their knowledge of money laundering syndicates and methodologies.”
The start of any effective AML strategy is a high-level risk assessment of a company. Once done, the organisation needs to implement a proactive AML strategy of identifying potential money laundering activities in as close to real time as possible.
The way to accomplish this is by creating alerts that flag a series of activities as suspicious based on their context and behaviour. For example, if a clerk continually provides refunds greater than an average amount, it could indicate that there is a problem.
“AML is part of corporations’ regulatory compliance requirements, but it is possible to only put on a veneer of compliance and still get a stamp of approval,” states Hurwitz. “This is very short sighted, however, as proactive AML not only saves the company from the embarrassment of being implicated in a scandal, it serves to reduce losses, cuts the time spent on problem resolution, and minimises the unrecoverable cost of facilitating AML practices.”