Can whistleblower rewards help improve AML?
Is it already too late when someone has blown the whistle? Or is whistleblowing the underestimated function that can drive a sound corporate compliance culture?
Thirty years of AML work and six AML directives on, problem seems as pertinent as ever. 18 of the 20 biggest banks in Europe have been fined for offences relating to money laundering since the financial crisis.
Bribery and corruption is frequently revealed through whistleblowing. A new report from SNS Money Laundering and Whistleblowers, suggests that this would also apply to AML and proposes a European reward program in order to increase the amount of high-quality information on unknown regulatory infringements and to strengthen the protection of individuals choosing to report.
Meanwhile, blowing the whistle remains a significant risk for the brave individuals who do chose to report, in terms of retaliation, personal threats and unemployment, as witnessed in multiple well-known cases.
The EU Whistleblowing Directive requires private and public sector employers with 250 employees or more to implement a whistleblowing system by 17 December 2021. The directive will apply also to organisations with 50 or more employees by December 2023. The protection of whistleblowers is strengthened in the forthcoming new law in Sweden mirroring the EU Directive, assuring whistleblowers compensation in the event of retaliation.
Certain banks, says the report, have been aware of inadequate AML controls and the onboarding of high-risk customers at several levels within the organization, often for prolonged periods, even lasting several years. Supervisory agencies were also to some extent aware of AML deficiencies within these banks. At the same time, the report concludes that current AML supervision is not sufficiently effective, wherefore new enforcement and supervisory methods may be warranted.
“ Whistleblowing is one very important part of a sound integrity compliance management system. Top management of an organisation should encourage raising concerns in good faith, or on the basis of a reasonable belief in confidence, without fear of reprisal. It should however be the last, and guaranteed anonymous and safe, resort for raising concerns, when all else fails, where an employee or an associated individual cannot trust that the concern will otherwise be properly addressed. But, it is equally important to ensure that there is a functioning process to evaluate and address the issue at hand. This includes what functions that will access incoming information, how it will be evaluated, when the CEO and board should be informed, and how the concern is used to take measures and manage the root cause. Key aspects include ensuring the independent and competent evaluation of the concern. Having a makeshift, unsafe process is worse than not having a whistleblowing channel at all. Rather, it can be counterproductive. Further, lack of trust in management and the real willingness to deal with integrity and compliance issues in a proper way may result in blowing the whistle to media, at which point, the damage will be greater still.“
Louise Brown, anti-corruption expert at FCG, and former member of the ISO37001 working group.