Anti-Money Laundering, Counter Financing Terrorism and Cybersecurity in the Banking Industry

Frontmatter

Chapter 1. Money Laundering and Combating Finance Terrorism

Abstract

Money laundering has been a crime in the United States since 1986, making the country one of the first countries to criminalize money laundering conduct. Financial crime has been around since the invention of currency. Stricto sensu, the term “financial crime” refers to any kind of criminal conduct relating to money or to financial services or markets, including any offense involving: fraud or dishonesty, misconduct in, or misuse of information relating to, a financial market, handling the proceeds of crime, or the financing of terrorism.

Felix I. Lessambo

Chapter 2. The Cybersecurity Counteroffensive

Abstract

Cybersecurity is the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information. The increasing connectedness and the ongoing digitization of many aspects of life continued to offer cybercriminals new opportunities to exploit. Next-gen cybersecurity uses different approaches to increase detection of new and unprecedented threats, while also reducing the number of false positives.

Felix I. Lessambo

Chapter 3. AML/CFT, Cybersecurity and International Organization

Abstract

Major international organizations are actively engaged in the cybersecurity threats. The UN, for instance, has established a Group of Governmental Experts (GGE) to develop norms of responsible state behavior in cyberspace. Because a cyberattack can come from anywhere in the world, or many places at once, crisis response protocols must be articulated within regions and globally.

Felix I. Lessambo

Chapter 4. AML and Cybersecurity in Banking Industry: Challenges

Abstract

Cyberattacks impair the ability of the bank to service running creditors. The banking industry relies heavily on technology. The sheer amount of transactions in modern banking makes the functioning of the financial sector infeasible without automated networking, information processing, and telecommunication services. Banks must identify the risks by fulfilling their AML obligations and taking necessary precautions. Like any operational risk event, a cyberattack can trigger a liquidity run and lead to solvency issues.

Felix I. Lessambo

Chapter 5. AML/CFT and Cyber Security Laws in the United States

Abstract

In 1988, the United States passed the Anti-Drug Abuse Act, introducing new restrictions and legislative support to prevent money laundering, including the obligation to maintain full information about and the identification of persons who acquire bearer documents or transfer amounts greater than three thousand dollars. The overall framework has evolved over times. Certain cybersecurity laws are more specific to the banking industry, and several federal government agencies are involved in cybersecurity.

Felix I. Lessambo

Chapter 6. AML/CFT and Cybersecurity Laws in the European Union

Abstract

The fight against money laundering and terrorist financing is vital for financial stability and security in Europe. European legislators have taken various steps in recent years to strengthen the link between anti-money laundering/countering the financing of terrorism (AML/CFT) and prudential issues. The European General Data Protection Regulation (EU-GDPR) is a security framework by the European Union designed to protect its citizens from personal data compromise. GDPR is applicable to entities outside the EU if they are servicing EU Member States.

Felix I. Lessambo

Chapter 7. AML/CFT and Cybersecurity Laws in Germany

Abstract

AML regulations in Germany are set out in the Money Laundering Act or Geldwäschegesetz (GWG), which, inter alia, defines the crime of money laundering. Germany’s AML/CFT policy is shaped by the EU Anti-Money Laundering Directives, which reflect evolving financial crime methodologies and harmonize the regulatory environments in different EU Member States. Data processing operations are governed by the Federal Data Protection Act of June 30, 2017, as last amended by Article 12 of the Second Act to Adapt the Data Protection Law to Regulation (EU) 2016/679 and to Implement Directive (EU) 2016/680 of November 20, 2019. Under Section 25l of the Banking Act, banks are required to apply group-wide AML/CFT controls.

Felix I. Lessambo

Chapter 8. AML/CFT and Cybersecurity Laws in France

Abstract

France has a robust and sophisticated framework to fight money laundering and terrorist financing that is effective in many respects, notably in law enforcement, confiscation areas, and international cooperation but needs to do more in areas such as the supervision of professionals involved in the activities of legal persons and the real estate sector. Nonetheless, France needs to improve its anti-money laundering and counter financing of terrorism (AML/CFT) performance around designated non-financial businesses and professions (DNFBPs). Existing provisions adopted under the EU Data Protection Directive were still maintained in the amended French Data Protection Act. The French Prudential Supervision and Resolution Authority (ACPR) is responsible for AML/CFT supervision of banks, including institutions that are part of the large financial groups subject to prudential supervision of the European Central Bank (ECB).

Felix I. Lessambo

Chapter 9. AML/CFT and Cybersecurity Laws in Italy

Abstract

Italy was one of the first countries to introduce money laundering as a criminal offense. The first legislation to combat the phenomenon of money laundering dates back to Decree-Law No. 143 of May 3, 1991, subsequently converted into Law No 197 of July 5, 1991. Circular No. 285 of December 17, 2013, provides both specific security measures able to ensure security of information regarding banks activities and the compliance with privacy law and notification to Bank of Italy and European Central Bank in case of data breaches in the Italian banking sector.

Felix I. Lessambo

Chapter 10. AML/CFT and Cybersecurity Laws in Spain

Abstract

Spanish AML/CTF legislation is the result of the transposition of EU legislation on the subject, in particular, of Directive 2005/60/EC of the European Parliament and Council, of October 26, 2005, and Commission Directive 2006/70/EC of August 1, 2006, laying down the implementing provisions of the former. In Spain, Royal Decree-Law 12/2018 of 7 September on network and information system security transposes the Spanish legal system this Directive, with the aim of ‘regulating the security of networks and information systems used for the provision of essential and digital services, while establishing an institutional framework for coordination between competent authorities and with the relevant cooperation bodies at Community level.’

Felix I. Lessambo

Chapter 11. AML/CFT and Cybersecurity Laws in Switzerland

Abstract

Switzerland has significant AML legislation in place, making banks and other financial intermediaries subject to strict Know Your Customer (KYC) reporting requirements. Under Swiss law, the crime of money laundering pursuant to art. 305bis SCC protects the criminal authorities’ right to forfeiture. There is no overarching cybersecurity legislation in Switzerland to date. Nonetheless, personal data must be protected against unauthorized processing through adequate technical and organizational measures under the general Federal Act on Data Protection (FADP) and the Federal Council issued detailed provisions on the minimum standards for data security in the Ordinance to the Federal Act on Data Protection.

Felix I. Lessambo

Chapter 12. AML/CFT and Cybersecurity Laws in China

Abstract

In accordance with the Anti-Money Laundering Law, the People’s Bank of China is responsible for supervising and reviewing financial institutions’ performance in their fulfillment of the anti-money laundering obligations, and for coordinating and promoting the anti-money laundering supervision and administration over non-financial institutions. On December 1, 2019, China introduced the “cybersecurity multi-level protection system 2.0” or “MLPS 2.0,” which includes three Chinese national standards (issued by the Chinese State Administration for Market Regulation and the Standardization Administration of China).

Felix I. Lessambo

Chapter 13. AML/CFT and Cybersecurity Laws in Japan

Abstract

Japan has established a domestic regulatory and oversight regime that imposes CDD (customer due diligence) and other necessary obligations on financial institutions and designated non-financial businesses and professions by the Act on Prevention of Transfer of Criminal Proceeds. The AML laws also apply to money laundering activities committed by Japanese nationals outside the jurisdiction’s borders. The FSA conducted cybersecurity assessments for regional banks and credit associations/unions selected based on risks.

Felix I. Lessambo

Chapter 14. AML/CFT and Cybersecurity Laws in India

Abstract

The Prevention of Money Laundering Act 2002 coupled with the rules issued under it and the rules and regulations formed by regulators such as the Reserve Bank of India (RBI) and the Securities and Exchange Board of India (SEBI) displays a broad framework for the anti-money laundering laws in India. Cybercrimes are covered by the Information Technology Act, 2000 and the Indian Penal Code, 1860. It is the Information Technology Act, 2000, which deals with issues related to cybercrimes and electronic commerce.

Felix I. Lessambo

Chapter 15. AML/CFT and Cybersecurity Laws in South Korea

Abstract

South Korea has enacted anti-money laundering and combating the financing of terrorism laws and established a Financial Intelligence Unit. Money laundering is strictly regulated by the global standards. Recently, South Korea has approved new anti-money laundering measures for the digital currency sector. In conjunction with South Korea’s Personal Information Protection Act of 2011 or PIPA, the Communications Network Utilization and Information Protection Act serves to protect the personal data and privacy of citizens within South Korea.

Felix I. Lessambo

Chapter 16. AML/CFT and Cybersecurity Laws in Indonesia

Abstract

The principle anti-money laundering Indonesia legislation is OJK Regulation No. 12/POJK.01/2017 concerning the Implementation of the Anti-Money Laundering Program and Terrorism Funding Prevention in the Financial Service Sector. AML regulators in Indonesia. Cybersecurity in Indonesia is governed by EIT Law and GR 71/2019, but they provide no specific definitions or terms on cybersecurity itself. Under the FSA Law, the FSA is responsible for regulating and supervising banks and banking institutions, and bank solvency and prudential aspects.

Felix I. Lessambo

Chapter 17. AML/CFT and Cybersecurity Law in the UK

Abstract

The FCA oversees compliance with AML regulations in the UK and has the power to investigate money laundering and terrorism financing offenses in conjunction with other law enforcement agencies and authorities, such as the Crown Prosecution Service (CPS). All banks and financial institutions in the UK must register with the FCA. The Terrorism Act imposes counter financing of terrorism obligations on banks and financial institutions, which also include customer due diligence, transaction monitoring, and reporting obligations. There is no overarching comprehensive national cybersecurity law, although the European Union’s General Data Protection Regulation (GDPR), in which the UK was a member party, came pretty close.

Felix I. Lessambo

Chapter 18. AML/CFT and Cybersecurity Law in Canada

Abstract

Canada’s anti-money laundering and terrorist financing laws are primarily contained in two statutes: The Criminal Code and the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTA). Data protection and cybersecurity are governed by a complex legal and regulatory framework. Canadian Banks have sophisticated security systems in place to protect customers’ personal and financial information. Canadian Banks have sophisticated security systems in place to protect customers’ personal and financial information.

Felix I. Lessambo

Chapter 19. AML/CFT and Cybersecurity Law in Australia

Abstract

The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) is the main piece of Australian government legislation that regulates AUSTRAC’s functions.. Money laundering and terrorism are criminalized under Division 400 of the Commonwealth Criminal. The AML/CTF Act 2006 establishes a risk-based regulatory framework. Banks with a significant customer base but relative lower revenue numbers, such as several regional banks, have a high risk of a data breach.

Felix I. Lessambo

Chapter 20. AML/CFT and Cybersecurity Laws in Russia

Abstract

The Federal Financial Monitoring Service (FFMS) is the main AML/CTF supervisory authority that conducts financial intelligence investigations, collects data, and monitors transactions of controlled entities in accordance with the AML Law. Credit institutions and non-credit financial institutions are required to implement a wide range of measures aimed at preventing the use of the Russian financial system for illegal purposes. The Personal Data Law covers almost all aspects of data protection. The Bank of Russia regulates the activities of credit institutions and non-credit financial institutions in the field of AML/CFT/CFPWMD and monitors and oversees the compliance with statutory requirements by these entities.

Felix I. Lessambo

Chapter 21. AML/CFT and Cybersecurity Laws in Turkey

Abstract

The main legislation in Turkey regarding the prevention of money laundering is the Law on Prevention of Laundering Proceeds of Crime No. 5549 developed upon the recommendations of The Financial Action Task Force. The Financial Crimes Investigation Board (MASAK) is an intelligence agency that helps create an efficient economy and a crime-free society by combating laundering illicit proceeds and corruption effectively. The Turkish government passed its first internet-specific legislation in 2007. Banking Law No. 5411 aims to regulate the principles and procedures of ensuring confidence and stability in financial markets, the efficient functioning of the credit system, and the protection of the rights and interests of depositors.

Felix I. Lessambo

Chapter 22. AML/CFT and Cybersecurity Laws in Brazil

Abstract

Brazil (GOB) has a comprehensive Anti-Money Laundering (AML) regulatory regime in place. In 1998, the GOB enacted Law 9.613 criminalizing money laundering related to drug trafficking. Brazil does not have a cybersecurity-specific regulator. Different regulatory agencies deal with cybersecurity regulations. These regulatory agencies include the Central Bank, the Securities and Exchange Commission, the National Telecommunications Agency, and the Brazilian Private Insurance Authority. Circular No 3,461 dated July 24, 2009 (‘Circular 3,461/09’), which concentrates the AML rules and procedures that must be adopted by financial institutions and other institutions authorized by the Central Bank.

Felix I. Lessambo

Chapter 23. AML/CFT and Cybersecurity Laws in Mexico

Abstract

The Mexican government has identified money laundering and other crimes and aimed to prevent their occurrences. Enforcement of money laundering crimes may occur at both the national or local levels. It has an institutional framework in place to investigate and prosecute terrorism financing, with an ad hoc unit, the Specialized Unit on Terrorism, Arms Stockpiling, and Trafficking (UEITA). Mexico’s National Cybersecurity Strategy sets forth a guide toward 2030 and aims to prepare the country for future activities in an increasingly complex digital world. The Strategy aims to place Mexico as a resilient nation in Cyberspace.

Felix I. Lessambo

Chapter 24. AML/CFT and Cybersecurity Laws in Argentina

Abstract

Argentina has successfully made significant progress in strengthening the anti-money laundering and counter-terrorist financing framework. In June 2007, the Argentine Congress passed legislation (Law No. 26,268) criminalizing terrorism and terrorist financing, and establishing terrorist financing as a predicate offense for money laundering. Though Cybersecurity is a relevant topic for executives within the financial sector; specifically banks, it is not yet regulated in Argentina. However, there are some regulations enacted by the National Central Bank and the National Securities Commission regarding data security obligations for financial institutions and publicly listed companies.

Felix I. Lessambo

Chapter 25. AML/CFT and Cybersecurity Laws in Saudi Arabia

Abstract

The legal AML framework in KSA is composed of Shari’ah law and the Anti-Money Laundering Statute (AMLS). Saudi Arabian AML regime started in 2003 when the Saudi Government passed an Anti-Money Laundering Statute 2003 and its Implementing Regulations in 2005. The Anti-Cybercrimes Law of 2017 (the “Cybersecurity Law”) is a general law that applies across the board and addresses data protection in the context cybercrimes. The SAMA Anti-Money Laundering and Terrorist Financing Guidelines require that all Banks within Saudi Arabia establish a dedicated Unit to combat money laundering and terrorist financing.

Felix I. Lessambo

Chapter 26. AML/CFT and Cybersecurity Laws in South Africa

Abstract

In April 2012, the government of SA established the anti-money laundering and counter financing of terrorism (AML/CFT) Division within the Prudential Authority ((PA) previously the Bank Supervision Department) to supervise and enforce compliance with the FIC Act. South Africa well-developed financial infrastructure makes it an attractive target for cyber criminals who use the internet for extortion, fraud, child pornography, human trafficking, and selling illicit goods. There are no specific laws or guidelines for cybersecurity governance of banks in South Africa.

Felix I. Lessambo

Chapter 27. AML/CFT Compliance and Audit

Abstract

The AML/CFT compliance function is central to banks or financial institutions’ AML/CFT efforts. The AML/CFT compliance officer should ensure that adequate policies and procedures are put in place, kept up to date and implemented effectively on an ongoing basis. Relevant information should be accessible by the banking group’s head office for the purpose of enforcing group AML/CFT policies and procedures. The bank’s group-wide policies and procedures should take into account issues and obligations related to local data protection and privacy laws and regulations.

Felix I. Lessambo

Chapter 28. International and Regional Cooperation

Abstract

The fight against money laundering, the financing of terrorism, and cybersecurity has become a priority among law enforcement units. Prudential and AML/CFT, cybersecurity supervisors are sharing relevant information with international counterparts, in a timely manner and as appropriate consistent with applicable legal and other requirements, regarding pending or imposed enforcement actions or sanctions on a bank or financial institution that are relevant and necessary for the supervisory function of the counterpart.

Felix I. Lessambo

Backmatter