There is growing evidence that organised criminal groups are exploiting documentary trade finance as a means of moving illicit cash. The prevalence of paper documents and manual processes creates opportunities for forgery, and restrictions on information sharing means money launderers can take advantage of knowledge gaps between banks. John Basquill reports.
The exploitation of international trade as a means of shifting illicit funds across borders is a moving target. Historically, warnings over trade-based money laundering (TBML) have largely focused on open account transactions, where banks have limited oversight of the underlying goods being moved.
Today, governments and regulators are increasingly wary of the risks posed by documentary trade finance. The US Government Accountability Office (GAO), a non-partisan watchdog that conducts audits of government activity, warns in a detailed report published in late 2021 that better access to trade documentation does not, in and of itself, guarantee that risks are lower.
“Trade finance products like letters of credit are more susceptible to documentary fraud because they require a large number of documents relative to other areas of banking,” it says, citing evidence provided by the Office of the Comptroller of the Currency, a federal financial services regulator.
“Banks process payments based on information stated in the documents rather than based on physical evidence of the goods being traded, and the more documentation they have to review, the greater the likelihood that fraudulent documentation can evade detection.”
In some cases, fraudulent documentation has little to do with money laundering, serving instead as a means of duping banks into providing additional short-term liquidity. But the GAO says it has been informed by numerous banks, officials and subject matter experts that document forgery is a prominent part of wider TBML schemes.
For example, criminals are known to obscure goods or part numbers to make it more difficult for banks to cross-check pricing data, or to misrepresent the quantity or value of goods being shipped on invoices used to raise finance. As banks are not typically in a position to inspect the shipments themselves, their crime-fighting efforts rely on spotting discrepancies in that documentation.
Another complication is the relatively high number of parties involved in a trade finance transaction. Regulatory requirements often differ depending on whether an institution is acting as the issuing bank, confirming bank or receiving bank, the GAO says.
“In addition, trade finance documents can originate with multiple parties in addition to the buyer and seller, including shipping companies, freight forwarders, warehouses, port authorities, terminal operators, and insurance companies — all of which are vulnerable to exploitation, have varying levels of oversight, and may wittingly or unwittingly become involved in illicit trade schemes,” it says.
The scale of the problem is significant. Data remains scarce, but non-profit organisation Global Financial Integrity has suggested that transnational crime is worth as much as US$2.2tn each year, much of which is facilitated by TBML.
Money laundering is, by definition, a by-product of other illicit activities. The GAO says transnational organised criminal groups – which are increasingly acting in a professionalised way – use schemes for trafficking narcotics and other restricted or illegal goods, as well as to evade sanctions, dodge taxes and even fund terrorism.
The GAO says the extensive volume of international trade-along with the growth of e-commerce and relaxed oversight of free-trade zones-create “key vulnerabilities” to both the US financial and trade systems.
Patterns on paper
Efforts to digitalise trade documentation are accelerating, but paper remains prevalent. The Digital Container Shipping Association, an influential industry group whose members include MSC, Maersk and Hapag-Lloyd, estimated in 2020 that the proportion of bills of lading for containerised trade that are electronic was just 0.1%.
The value of lost trade due to a lack of digitalisation has been estimated by the Commonwealth Secretariat to run into the trillions of dollars in member nations alone.
As a result, the financing of that trade remains “a very manual, resource-intensive business area”, the GAO says, “which exposes banks to fraud because the documents can be manipulated”.
Anti-money laundering expert Marc-Alain Galeazzi, a New York-based partner at law firm Morrison & Foerster, says the prevalence of manual processes creates several challenges for compliance staff at financial institutions.
“The way a bank’s transaction monitoring programme often works is to detect deviations from the past pattern of a client’s activity. But if you have a person reviewing transactions, and every document is very different, it is harder to figure out where the relevant information is and where the patterns are,” he tells GTR.
Documents are not necessarily standardised, with different companies across different markets likely to take contrasting approaches to layouts and information included. At the same time, each bank has its own policies and procedures for handling those documents.
“That makes it difficult for somebody to review these transactions and understand whether everything is consistent with what they would expect,” Galeazzi says.
Another difficulty stems from the sheer volume of documents that accompany a trade finance transaction.
Money laundering consists of three stages: placement, layering and integration. Placement refers to the introduction of illicit funds into the financial system, layering involves obscuring the movement of those funds by co-mingling them with other transactions, and integration is the point at which the now-seemingly legitimate funds are withdrawn.
“The documentary part of trade-based money laundering is ideal for layering, as you can add layers and layers and make it difficult for someone to follow the flow of funds from the originator to the ultimate beneficiary,” Galeazzi says.
Despite the risk of exposure to illicit activity, there is much banks can do to mitigate the risk of regulatory enforcement action. Morrison & Foerster’s Galeazzi points out that authorities expect banks to take a risk-based approach to anti-money laundering, rather than viewing compliance as a “tick-box exercise”.
In effect, that means assessing the risk posed by customers – including by reviewing the sectors, products and geographies they are involved in – and acting accordingly, for instance by having adequate numbers of skilled staff and dedicating resources to checking potential discrepancies.
“You must have people checking transactions and asking for documents; even if you are the reimbursing bank you should ask for copies of the documents for the underlying transaction. You have to understand what’s going on,” he says.
“Once you have risk-assessed and taken on a customer, you still have ongoing customer due diligence requirements, on a risk basis. You will have to separate between normal and enhanced due diligence depending on whether that customer is high-risk – for instance if they are dealing with higher-risk customer types or geographies.”
That involves assessing a customer’s sources of income or wealth, and what kind of business partners they have, and investigating anything that does not look right. “Regulators will expect you to realise what your risk is and act accordingly,” Galeazzi says.
Banks are often wary of dedicating significant resources to compliance efforts in relatively low-margin areas of business, such as trade finance. Some believe it is more cost-effective to exit a higher-risk market entirely; several European lenders scaled back or mothballed their trade and commodity finance operations in 2020 after a string of fraud scandals.
However, developments in artificial intelligence (AI) technology could enable lenders to automate processes that have historically required manual intervention, even where paper documents are still in use. As Galeazzi says, AI “will be extremely important in detecting deviations from expected transactions, for instance activity that does not really match a customer’s profile”.
AI is playing a rapidly growing role in banks’ compliance efforts. Marc Smith, founder and director of trade finance-focused technology firm Conpend, says AI can be used to interpret information presented as part of a transaction and compare it with external data sources to verify whether that information is likely correct.
“For instance, if it’s related to shipping, you can check the details of the vessel,” he tells GTR. “You can examine the port of loading and the port of discharge, and whether the vessel was actually there at that point in time.
“You can also look at whether it’s feasible to have travelled that distance in that timeframe. AI works really well in identifying gaps, because it can access and reference huge amounts of data on what is normal, then raise a red flag if something falls outside that.”
One significant benefit of AI is that it can accumulate and apply knowledge from every previous transaction and apply it to the next one, adds Torben Sauer, Conpend’s managing director. “The system learns like a human would do, but has access to significantly more knowledge because it incorporates data from every single transaction,” he tells GTR.
Exploiting the gaps
Even with full digitalisation and a sophisticated AI-driven compliance programme, banks still face another problem. As money laundering techniques become more complex, and the layering process involves a greater number of different banks, companies and documents, it becomes more difficult for a single entity to spot unusual patterns of activity.
Data sharing has been touted as a potential solution to that issue. “There is a growing market awareness that to address this, banks need to be able to exchange data with each other much more, and with a much higher level of detail, than they do now,” Conpend’s Smith says.
“You might be able to hoodwink one bank, but if there are several banks involved that have access to the relevant data, that becomes exponentially harder to do. I believe that’s the only way to prevent this kind of behaviour.”
Data sharing has long proven a significant challenge in terms of customer privacy, with banks subject to strict regulatory controls on protecting sensitive information.
But in Singapore, efforts are underway to construct a digital platform aimed at tackling financial crime by allowing banks to alert each other to potential risks, with an initial focus on the illicit use of trade finance.
The platform, known as Cosmic, is being developed by the Monetary Authority of Singapore (MAS) alongside six major commercial banks: Citi, DBS, HSBC, Standard Chartered, OCBC and UOB.
The intention is for Cosmic to allow – or in some cases, require – banks to send warnings or share information about potentially suspicious customers or transactions. It will also be deployed to tackle financial crime carried out via shell companies, including sanctions evasion and proliferation financing, the regulator says.
Chee Kin Lam, managing director and head of legal, compliance and secretariat at DBS Bank, has described the siloed nature of banks’ operations as a “universal problem”.
“Banks typically act within the sphere of information that that bank has access to, and typically that bank analyses and exits customers, or takes decisions, based [only] on that information,” he said at the Baft annual meeting in May this year.
“What criminals are doing is they’re exploiting that difference between what one bank knows and another bank knows.”
Cosmic, Chee Kin explained, allows banks to flag concerns or request information from their peers, and if evidence of significant risk emerges the system is able to notify the relevant authorities.
The project stems from earlier attempts to build a know-your-customer utility, which would have placed operational processes from participant banks into a central transactional database. Those efforts fell flat due to concerns over cybersecurity risk, as well as mounting costs and concerns over harmonisation.
MAS plans for Cosmic to go live in the first half of 2023, with an initial two-year transition phase before mandatory information sharing is introduced. When contacted by GTR, the regulator said it would issue further updates in October.