Introduction
Recent money laundering cases have exposed financial integrity risks from cross-border payments and potential impact on financial stability to the integrated Nordic-Baltic financial sector, attracted international scrutiny of anti-money laundering and combating the financing of terrorism (AML/CFT) supervision throughout the region, and so accelerated the momentum for reform.
The purpose of the project is to conduct an analysis of cross-border money laundering (ML) threats and vulnerabilities in the Nordic-Baltic region - encompassing Denmark, Estonia, Finland, Iceland, Latvia, Lithuania, Norway, and Sweden (the Nordic-Baltic Constituency or NBC) - and issue a final report containing recommendations for mitigating the potential risks.
The AML/CFT concerned authorities including, the AML/CFT supervisors and Financial Intelligence Units (FIUs) in the Nordic Baltic region have mandated the IMF to conduct its analysis and produce this report since the authorities have an expressed wish to improve the cooperation with other authorities across borders, particularly when it comes to AML/CFT risk-based supervision.
This regional report analyses selected aspects of the Nordic-Baltic region’s AML/CFT regimes. It focuses on key money-laundering threats resulting from a novel financial flows analysis (based on cross-border payments data), vulnerabilities related to AML/CFT supervision of the banking sector and crypto asset service providers and the potential impact of financial integrity failures on financial stability.1 It also provides recommendations to strengthen the effectiveness of the AML/CFT frameworks in relation to those three areas while distinguishing what falls within the AML/CFT international standards and what is considered good practices.
The IMF team wishes to express its appreciation to the authorities for their input, assistance and collaboration extended to the mission team during the duration of the project and missions.
Background on Risk and Context
1. Various international banking scandals concerning AML/CFT breaches have taken place in the Nordic Baltic region, with far-reaching economic and reputational consequences. Similar to other global scandals, most of these took place at a time when AML/CFT standards and their application were still at a nascent stage, with some instances in 2005 although they would be discovered well into 2015 and beyond, including some taking place up to 2017. These scandals have also shown the importance of international cooperation and AML/CFT strong regulatory frameworks.
2. In the Nordic Baltic region, the Danske case stands out due to its extensive cross-borderactivities among countries in the region, affecting in turn other financial institutions. This Danish bank acquired in 2007 the Finland-based Sampo Bank, which also had an Estonian branch. At this branch, during 2007-2013, 44% of all deposits came from non-residents customers. These customers conducted around 7.5 million transactions with an aggregated flow of money added up to approximately 200 billion euros. The Estonian branch had its own IT platforms, and the procedural documentation was written in Estonian or Russian. Therefore, Danske Bank lacked adequate awareness into these activities and wrongly assumed that the branch was compliant with the AML/CFT requirements established by the applicable regulations in Estonia. Around 15,000 customers were involved in suspicious transactions, including politically exposed persons and their business associates or family members. As per the Danish FSA reports, in 2012, non-resident Russian portfolios made up to 35% of the profits of the Estonian branch while the overall percentage of Russian clients in the branch was 8%. A critical report sent by the Estonian FSA was discussed at Danske’s board but went ignored. The minutes of those meetings did not include any changes to the bank’s AML/CFT controls. The bank was forced to close the Estonian branch in 2019 and pled guilty to fraud in the U.S, forfeiting $2 billion along with an additional fine for EUR 470 million in Denmark.
3. The geographical closeness to other former Soviet countries and the Commonwealth of Independent States (CIS) also sets the tone and the specific subset of threats and vulnerabilities. Several banks of the region have been affected by activities centered around the so-called oligarchs. The fall of the Soviet Union and subsequent privatization of its assets gave rise to this class of high-net worth individuals. A subset of these customers has been involved in opaque business practices and the obfuscation of their source of wealth, and in well documented cases, they have been acting as strawmen on behalf of powerful political figures. Several Nordic-Baltic countries became significant recipients of these funds, sometimes ill-gotten either due to political connections or due to illicit business practices and lack of accountability. The tracing of funds and the source of wealth of these customers is challenging due to the lack of accurate or verifiable sources of information. Moreover, oligarchs have been involved in complex legal structures to further layer and separate themselves from these sources of income, including though the use of trusts, shelf companies compartmentalized societies, special purpose vehicles and offshore financial centers.
4. As part of its surveillance mandate, the IMF has engaged with all countries in the Nordic Baltic region, through Article IV Consultations and Financial Sector Assessment Programs, with several common recommendations across such countries. Among the key recommendations across the region these include ensuring accurate beneficial ownership information, enhanced risk-based supervision and a risk-based approach on its implementation, ensure adequate resources to the involved authorities, addressing ML/TF issues from non-resident and cross-border financial activities, finetuning the inspections of banks, consolidating the fintech sector for countries where it is mature, step up cross border supervision, including cooperation with international authorities, improving the capabilities of supervisors, in particular to fintech, and to strengthen regulatory frameworks for crypto asset service providers (CASPs).
5. Several of the AML/CFT- related banking scandals took place while many of the involved countries underwent or were preparing for the Financial Action Task Force (FATF) Fourth Round of Mutual Evaluations. The FATF overlapping targets for the fourth round of mutual evaluation have been focused on the effectiveness of the AML/CFT frameworks. Although all Nordic Baltic countries have improved their legal frameworks and enacted new legislation in line with the standards, and improved their cooperation capabilities, effective implementation remains a challenge, as it is observed in FATF’s assessments (to date) with respect to the risk-based supervision of such countries.
6. The Nordic-Baltic region has seen several cases of high-profile AML/CFT failings events2 over the last few years, potentially affecting the banking sector financial soundness. Those events involved banks with significant cross-border activity.3 Given the high degree of integration in the region, assessing their impact is key to better understand how financial integrity events can affect financial stability in the banking sector at a country and potentially regional levels.
7. Financial integrity issues could potentially present risks to financial stability in the short and medium term. Banks facing financial integrity (FI) issues could face short-term tensions related to wholesale funding (reputational impact and higher credit risk) and liquidity (due to outflows and a possible decline in counterbalancing capacity). In the medium term, banks with AML/CFT failures might experience higher funding costs and might reduce their exposures to countries where FI issues occurred. Such cutback on activity could result in a sharp reduction of financial services offered to residents, especially if the domestic banking sector is reliant on those cross-border banking groups. Such de-risking, along with a reduction in or more direct termination of correspondent bank relationship (for example, in response to a FI related scandal), could weigh on the financing activity of the banking sector and ultimately reduce economic activity (Erbenova et al, 2016).
Financial Integrity Analysis of Financial Flows in the Nordic-Baltic Region
A. Macro-Trends: Aggregate Financial Flows
Methodological note: The financial flows analysis presented in this report is based on the IMF staff’s analysis of cross-border payments data. The payments data analyzed in the report (except Section F) is composed of wire transfers between the customers of financial institutions, namely payments by households, non-financial corporates, and non-bank financial corporates. The origination and beneficiary countries are determined based on the registration country of a financial institution whose customer is the initiator or the final recipient of the payment order respectively.4 This analysis does not cover non-financial instruments to transfer value, such as trade mis-invoicing, cross-border cash transportation and crypto assets.5 While the payments data for 2013-2019 are included as contextual and background information, results of the data analytical approaches presented below are based on the data since January 2020. The analysis is presented on a nominal basis - factors such as inflation and growth in economic activity account for some of the changes in patterns of flows.6 Due to the aggregation and anonymization of the payments data7 and macro-level nature of economic and other indicators used in the analysis, the project’s findings are aimed at contributing to the understanding of ML risk from cross-border payments on the country and regional levels rather than identify illicit activity.
8. The Nordic-Baltic region’s cross-border financial flows have increased steadily since 2013. Average aggregate monthly flows initially decreased by 8% from 2013-2014 to 2015-2016, but subsequently increased by 23% from 2015-2016 to 2020-2022, resulting in an overall 13% increase in average monthly aggregate flows over the time from 2013 to date. Regional flows have remained notably stable and balanced, with inflows and outflows closely correlated.8
Regional Inflows, Outflows, and Net Flows, 2013-July 2022 (USD B)
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
9. Nordic-Baltic countries’ aggregate financial flows are highly material, including after adjustment to the gross domestic product (GDP) and the value of deposits. In general, the Nordic countries have more material flows, with Sweden, Denmark, and Finland having the most material flows both in nominal terms and benchmarked against GDP and value of deposits. Estonia has the fourth most material flows and the most of any country in the Baltic region, followed by Norway, Latvia, and Lithuania. Iceland has the least material flows in the region. Overall, these highly material flows for most of the countries in the Nordic-Baltic region indicate that a focus on cross-border financial flows is merited.
10. Six out of the eight Nordic-Baltic countries have seen an increase in aggregate flows since 20139. Denmark, Finland, Sweden, and Iceland have all seen steadily increasing flows during this period. Only Norway and Latvia have lower aggregate flows in July 2022 than in January of 2013, with Latvia experiencing the most significant drop in flows during this period and averaging around 20% of the aggregate flow’s levels of January 2013 since mid-2019. Estonia experienced a drop in aggregate flows from the elevated 2013-2014 levels but has seen increasing flows in recent years. Due to the recent growth of the fintech hub in Lithuania, the country’s banking sector has been facilitating more crossborder payments, with most transactions conducted by non-residents with origination and destination outside Lithuania, increasing the associated transnational ML risks facing the country.10 Most of the Nordic-Baltic countries have registered upward trend in the value of cross-border payments starting in 2020.
Nordic-Baltic Countries Aggregate Flows, 2013-July 2022
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
11. The region’s cross-border financial flows have a significant geographic spread. The region has material flows with seventy-one countries. This strong geographic spread is driven by the open, large, and advanced Nordic economies. The main payments counterparties of the Nordic-Baltic countries are from Europe (UK, Germany, Luxembourg, France, Belgium, Ireland, Netherlands, Switzerland, Spain as well as the U.S. and Hong Kong.
Nordic-Baltic Main Payments Counterparties, 2020-July 2022
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
12. The G7 and EU are the dominant counterparty country groupings. Most regions have increased their share of total flows with the Nordic-Baltic region since 2020, with the notable exception of the CIS,11 a country grouping with historically elevated ML risk to the Nordic-Baltic region, which experienced a 67% reduction in inflows from 2013 to 2022. Financial flows between the Nordic-Baltic countries and most regions have grown, with aggregate flows with G7 countries increasing by 28%, intraregional flows increasing by 38%, North America 54%, Asia 29%, Oceania 23%, and Africa 27%. Notably, two country groupings saw a very significant increase in flows since 2013, the EU with an 121% increase, and International Financial Centers (IFCs)12 seeing a 238% increase. For the EU and IFCs, most of this growth has occurred recently. EU’s relative share of total aggregate flows increased from 37% in 2017 -2018 to 58% in 2020-2022. Similarly, IFC’s relative share of total aggregate flows increased from 7% in 2018 -2019 to 15% in 2020-2022.
Brexit and Nordic-Baltic Financial Flows
The UK referendum to leave the EU appears to be a key driver of aggregate flows with some of the Nordic-Baltic region’s largest payments counterparties. While flows with the UK initially grew following the referendum vote in June 2016 and triggering of the formal process to leave the EU (Article 50) in March 2017, flows began to decline steadily as the country approached the January 2020 date of formal exit. At the same time, flows with three of the EU’s financial centers, Germany, Ireland, and Luxembourg grew during this period. This significant change in pattern of flows appears to be a result of changes in financial activity with entities relocating from the UK to other EU financial centers in anticipation of the January 2020 deadline. As a result, these changes in flows are possibly driven exogenously, reflecting the change in global cross-border financial flows instigated by Brexit, rather than by the Nordic-Baltic regional factors. Shifting of higher ML/TF risk transactions, associated with relocation of financial institutions and activity, as well as capacity and mitigating measures of countries with increasing flows with the region, require consideration and analysis from the national AML/CFT authorities.
Nordic-Baltic Inflows, Outflows, and Net Flows with UK, 2013-July 2022
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
Nordic-Baltic Inflows, Outflows, and Net Flows with CIS countries, 2013-July 202213
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
Aggregate Flows with Select Country Groupings, 2020-July 2022
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
13. Monitoring cross-border financial flows provides countries with a deeper understanding of their external ML threat environment and evolving cross-border related risks they are facing. National ML/TF Risk Assessments (NRAs) for Nordic-Baltic countries could be strenghtened further if they include an analysis of aggregate payments data to assess the materiality of cross-border payments and associated ML risks to the country and its financial sector. Material financial flows, as adjusted for the size of country’s economy and financial sector, require appropriate ML/TF risk mitigation measures, starting with deepening understanding of ML/TF risks inherent in the country’s financial flows. Countries in the region exposed to higher ML cross-border payments risks should consider a more regular update and analysis (e.g., annual) of cross-border payments indicators to monitor changing patterns of flows, particularly increasing exposures to potentially higher-risk countries. Analysis of trends in cross-border payments and their ML/TF risk implications could benefit a variety of AML/CFT-relevant agencies, such as FIUs, AML/CFT supervisors, and tax authorities. Leveraging advanced analytical methods, such as outlier detection algorithms and neural networks, for the analysis of transaction-level (or with some degree of aggregation) payments data, can provide a more detailed insight on the unusual and potentially suspicious patterns of flows, but, in contrast to higher-level monitoring of trends in financial flows described above, requires substantial investment in resources, including development of capacity.
Country-Level Recommendation14: Countries with the most material financial flows could increase their AML/CFT effectiveness by developing a national mechanism for comprehensive AML/CFT monitoring of cross-border payments.
B. Intraregional Flows
14. Nordic countries account for most of the regional cross-border financial flows and their share has been increasing over time. Three of the five Nordic countries have seen an increase in their share of intraregional flows. Sweden’s share of the region’s total aggregate flows increased slightly from 41 % in 2013 to 47% in 2021. Denmark increased from 18% in 2013 to 22% in 2021. Finland increased from 13% to 15% while Iceland remained unchanged at 0.2% of total aggregate Nordic-Baltic flows. The only Nordic country to see a decreasing share of flows was Norway which decreased from 19% in 2013 to 13% in 2021. Conversely, two out of the three Baltic countries in the region have seen a decrease in their share of Nordic-Baltic total aggregate flows, decreasing from 6% to 0.5% (Latvia), and 1.9% to 0.8% (Estonia) respectively. Lithuania has seen a slight increase in its share of Nordic-Baltic total aggregate flows, increasing from 0.7% in 2013 to 0.9% in 2021. Overall, the Baltic countries’ share of Nordic-Baltic total aggregate flows has decreased from 8.7% of total flows in 2013 and only 2.2% in 2021.
Nordic-Baltic Aggregate Flows by Share of Country, 2013-July 2022
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
15. Intraregional flows are strongly bifurcated, with Nordic countries accounting for nearly all the flows within the region. Countries in both subregions (Nordic countries and Baltic countries) tend to be more integrated with other countries in their subregions. Almost all the Nordic countries flows with the Nordic-Baltic region go to other Nordic Countries. Similarly, but less pronounced, most of Baltic countries flows go to other Baltic countries, as almost two thirds of Baltic countries’ intraregional flows go to other Baltic countries.
Chord Diagram of Intraregional Flows by Country, 2020-July 2022
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
Intraregional Aggregate Flows as a Share of Total Aggregate Flows, 2020-July 2022
Intraregional Aggregate Flows as a Share of Total Aggregate Flows, 2020-July 2022
| Country | Intraregional aggregate flows as a share of total aggregate flows (2020 - July 2022) |
| Norway | 31% |
| Finland | 27% |
| Denmark | 26% |
| Estonia | 25% |
| Iceland | 22% |
| Sweden | 22% |
| Lithuania | 18% |
| Latvia | 9% |
Intraregional Aggregate Flows as a Share of Total Aggregate Flows, 2020-July 2022
| Country | Intraregional aggregate flows as a share of total aggregate flows (2020 - July 2022) |
| Norway | 31% |
| Finland | 27% |
| Denmark | 26% |
| Estonia | 25% |
| Iceland | 22% |
| Sweden | 22% |
| Lithuania | 18% |
| Latvia | 9% |
16. Norway is the country in the region for which aggregate flows with other Nordic-Baltic countries accounts for the greatest share of total flows. Flows with Nordic-Baltic countries account for 31% of Norway’s total flows, followed by Finland (27%) and Denmark (26%). Estonia (25%), Iceland (22%), Sweden (22%), and Lithuania (18%) all have significant shares of flows with the Nordic-Baltic region, while Latvia has a notably smaller share, accounting for 9% of its total aggregate flows.
C. Regional Financial Flows with Higher-Risk Countries
17. The depth of geographic ML/TF risk analysis and understanding differs among the Nordic-Baltic countries. While the NRAs of the Baltic countries analyze foreign ML threats in detail and identify specific predicate offences and typologies, the majority of the NRAs in the region do not include an analysis of foreign ML threats. Similarly, only few NRAs of Nordic-Baltic countries analyze relevant statistics on cross-border payments, non-resident deposits, and on other indicators of non-resident activity, which could be also usefully combined with other data and contextual information to develop a comprehensive understanding of non-resident ML risks. Another potential area for strengthening the NRAs in the region is adding an analysis of ML vulnerabilities (e.g., of various sectors or of the jurisdiction overall) to non-resident and cross-border activity. Deepening and broadening understanding of foreign ML/TF risks appears particularly important for countries in the region with material levels of cross-border payments and non-resident activity.
18. For the identification of higher-risk countries, Nordic-Baltic country authorities utilize the FATF grey list, European Commission (EC) higher-risk third country list and non-cooperative tax jurisdictions lists. As required by the international standards on AML/CFT, country authorities are following the list of jurisdictions under the FATF increased monitoring. In addition, the EC produces a list of high risk third countries, which to a large extent overlap with the FATF list. The Nordic-Baltic region has minimal flows with FATF and EC higher-risk countries, representing 0.5% and 0.1% of all the region’s cross border financial flows respectively since 2013.15 The majority of the flows with these externally identified higher-risk countries are driven by flows with Turkey and United Arab Emirates, which represent more than two thirds of the flows with FATF grey list countries. As countries in the region maintain minimal flows with the countries in these higher risk jurisdiction lists, they could produce a more robust risk analysis if they develop their own understanding of their cross-border and non-resident activity risks, and add a focus on their own customized list of high-risk jurisdictions.
Aggregate Flows with FATF, EU High Risk Countries, and EU Non-Cooperative Jurisdictions for Tax Purposes since 2013
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
19. Leveraging broader analysis of ML/TF cross-border risk, the Nordic-Baltic countries should develop their own understanding of higher-risk countries reflecting country-specific ML/TF threats. Considering the recent increase in cross-border payments across the region and associated changes in the patterns of flows, national understanding of ML/TF geographic risk can be usefully updated. Further enhancement of ML/TF cross-border risk methodology would benefit from incorporating additional inputs, including the macro-economic external sector statistics (e.g., trade in services, portfolio, and direct investments) and scrutiny of economic rationale for the financial flows with potentially higher-risk countries. Another useful input is the information on the business model and cross-border links of Nordic-Baltic financial sector, with a focus on payment service providers. As all Nordic-Baltic countries have immaterial flows with countries on the external lists of higher-risk countries, namely the FATF grey list and European Commission third-party higher risk jurisdictions list, it could be beneficial to refocus the enhanced monitoring on jurisdictions with substantial flows that have the potential for material ML threat. The higher risk jurisdictions can be identified as part of an in-depth assessment of cross border ML/TF risks specific to the risk profile, context, and financial sector of Nordic-Baltic countries. Enhanced understanding of the country risk would allow application of targeted AML policies to mitigate crossborder ML/TF risk, for example application of countermeasures, such as the requirement of enhanced due diligence measures for customers from or related to higher-risk countries or enhanced reporting mechanisms of financial transactions with entities in higher-risk countries.16 Considering commonality of ML/TF cross-border threats to many countries in the Nordic-Baltic region, information sharing and regional cooperation in identification of potentially higher-risk countries, for example as part of the Nordic-Baltic AML/CFT Working Group, would be beneficial.
20. Incorporating elements of the economic fundamentals and outlier detection analyses contributes to a targeted and up-to-date understanding of countries with higher ML risks and related payment patterns. Monitoring of cross-border payments activity combined with the economic fundamentals and outlier detection analyses provides with an up-to-date understanding of cross-border ML risks, including of high-risk countries and potentially identifying areas of emerging cross-border ML threats. The up-to-date understanding is important as Nordic-Baltic countries tend to focus on the countries involved in the past breaches with drastically decreased levels of payments in recent years, for example the flows with the CIS countries. Figure 10 illustrates significantly decreased share of payments with the higher-risk countries as defined by the authorities of one Nordic-Baltic country, and a continuous focus of ML/TF risk mitigation measures on countries that no longer have past levels of materiality. Leveraging data analytics, such as economic fundamentals analysis and transaction-level outlier detection, provides a more granular understanding of the level of threat posed by a given direction and patterns of payments. A comprehensive understanding of geographic ML/TF risks requires domestic coordination, including as part of the NRAs and can provide important inputs to inform - among others- risk-based AML/CFT supervision and FIU tactical and strategic analyses. In addition, considering that the tax offences are among the main proceed-generating crimes and increasing flows between the Nordic-Baltic region and IFCs, the tax authorities can provide important information regarding vulnerabilities in tax frameworks or practices of other countries that can be abused for tax offences. The authorities could also distinguish higher ML risk countries for the purposes of monitoring financial flows and risk scoring of cross-border payments from the risk of provision of non-transparent corporate vehicles or harmful tax practices that do not involve financial flows but represent a customer risk factor.
Nordic-Baltic Country X: Share of Flows with Higher-Risk Countries in Overall Flows
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
Country-Level Recommendation: National understanding of ML/TF cross-border and non-resident risks could be enhanced further by incorporating additional sources of data (e.g., macro-economic variables such as trade and investments) and other information (e.g., business models of financial institutions and their foreign linkages) into the national/sectoral risk assessments.
D. Countries that Could Present Higher ML Risks
Economic Context of Cross-Border Payments17
21. Nordic-Baltic countries’ main cross-border economic linkages are with each other, G7 and European Economic Area (EEA) countries. The Nordic-Baltic countries are economically well integrated, as Nordic-Baltic countries are each other’s top trading and investment partners, with a higher degree of economic integration in the Baltic region. The G7 countries are top economic partners to the Nordic-Baltic countries: the US is the first economic partner for three Nordic countries, Germany (the first partner for two Baltic countries) as well as the UK and France are prominent economic partners. Some of the EEA countries, such as Netherlands, Poland (mostly for the Baltic countries) and Belgium are other important economic partners. Notably, financial centers of Luxembourg and Ireland are top-10 economic counterparties for most of the Nordic-Baltic countries, predominately due to the investment flows, but also services’ trade with the latter. Other IFCs, such as Switzerland, Hong Kong, Cayman Islands and Singapore are material investment partners.
22. The Nordic-Baltic countries vary in the geographic reach18 of their financial sectors and associated level and nature of cross-border financial flows. Some countries, notably Iceland, Latvia, and Estonia, have material financial flows with limited number of countries, which decreases the complexity of cross-border ML risks to which these countries are exposed. The largest economies in the Nordic region have material flows with the majority of the countries around the world. Such flows are expected given the countries’ developed financial sector, advanced open economies, and extensive cross-border economic linkages.
23. Such extended geographic reach exposes Nordic countries to additional complexity and different nature of cross-border ML/TF risks, indicating importance of these ML/TF risks for countries in the region, notably for Denmark, Sweden, Norway and to a lesser degree Finland. Mitigating crossborder ML/TF risks for countries with an extended geographic reach of financial sector requires enhanced understanding of risk and context of various countries and regions and the nature of different ML/TF threat arising from cross-border payments with them (e.g., integration, layering). Complex cross-border and non-resident ML/TF risks are challenging the AML/CFT systems and controls in the financial sectors of these countries as well as capacity of relevant AML/CFT agencies, primarily AML/CFT supervisors and the financial intelligence units.
24. Analysis of main macro-economic variables underlying Nordic-Baltic countries’ crossborder payments allows for a better understanding of the cross-border illicit financial flows risk. The IMF conducted an economic fundamentals analysis, in which staff compared the inflows to and outflows from each Nordic-Baltic country with underlying economic linkages with all jurisdictions in the world to identify countries where cross-border payments are not supported by the main macro-economic cross-border indicators.
Economic Fundamentals Analysis
The economic fundamentals analysis in this section uses the main macro-economic indicators of cross-border economic linkages: (i) trade in goods; (ii) trade in services; (iii) portfolio investments; (iv) direct investments.19 The purpose of the economic fundamentals analysis is to identify countries with value of cross-border payments significantly higher than the value of underlying economic activity between the countries as estimated using the four main cross-border economic indicators. For this objective, the financial flows are considered “sufficiently explained” if the ratio of economic fundamentals value to the payments value (inflows and outflows separately) is higher than the discretionary set threshold of 30 percent or if the overall ratio of economic linkages’ value to payments value is higher than 75 percent20. As a result, economic fundamentals can explain the financial flows only in one direction.
Specifically, the economic fundamentals analysis is based on the value of exports and imports of goods and services as well as portfolio and direct investment inflows and outflows.21 The countries with the broadest geographic reach of the financial sector also have the highest number of jurisdictions with financial flows insufficiently explained by the economic fundamentals, which further stresses the importance of understanding cross-border ML risks for these countries. Insufficiently explained financial flows do not indicate illicit activity, which could include legal transactions other than the trade in goods and services and portfolio and direct investment. For example, this covers interpersonal transfers, cross-border payment intermediation by a regional financial group using a subsidiary/branch, or other economic activity that is not captured by trade and investment statistics. Identification of insufficiently explained financial flows and outlier payments in this report is mainly intended to serve as a contribution to countries’ cross-border ML risk understanding and a starting point for further analysis and scrutiny.
25. The Nordic-Baltic countries differ in the degree their cross-border payments are explained by the selected macro-economic variables. Sweden, Norway, and Denmark have the highest number of countries with insufficiently explained financial flows in the Nordic-Baltic region.While for Sweden and Denmark the payments insufficiently explained by the fundamentals are predominantly on the outflows side, Norway also recorded a high number of inflows insufficiently explained by the economic fundamentals. Iceland and Latvia have a low share of and the lowest number of countries-payment counterparties with insufficiently explained financial flows, potentially indicating lower ML/TF risks facing these countries from cross-border payments.
Economic Fundamentals Results
Economic Fundamentals Results
| Country | Material flows (jurisdictions) | Insufficiently explained flows (jurisdictions) | Insufficiently explained flows (breakdown by directions) |
| Denmark | 148 | 44 | 15 (both directions); 22 (unexplained outflows); 7 (inflows) |
| Estonia | 91 | 43 | 20 (both); 15 (outflows); 8 (inflows) |
| Finland | 115 | 36 | 14 (both); 15 (outflows); 7 (inflows) |
| Iceland | 69 | 23 | 7 (both); 11 (outflows); 5 (inflows) |
| Latvia | 88 | 33 | 17 (both); 11 (outflows); 5 (inflows) |
| Lithuania | 100 | 40 | 11 (both); 25 (outflows); 4 (inflows) |
| Norway | 127 | 48 | 14 (both); 17 (outflows); 17 (inflows) |
| Sweden | 135 | 49 | 20 (both); 25 (outflows); 4 (inflows) |
Economic Fundamentals Results
| Country | Material flows (jurisdictions) | Insufficiently explained flows (jurisdictions) | Insufficiently explained flows (breakdown by directions) |
| Denmark | 148 | 44 | 15 (both directions); 22 (unexplained outflows); 7 (inflows) |
| Estonia | 91 | 43 | 20 (both); 15 (outflows); 8 (inflows) |
| Finland | 115 | 36 | 14 (both); 15 (outflows); 7 (inflows) |
| Iceland | 69 | 23 | 7 (both); 11 (outflows); 5 (inflows) |
| Latvia | 88 | 33 | 17 (both); 11 (outflows); 5 (inflows) |
| Lithuania | 100 | 40 | 11 (both); 25 (outflows); 4 (inflows) |
| Norway | 127 | 48 | 14 (both); 17 (outflows); 17 (inflows) |
| Sweden | 135 | 49 | 20 (both); 25 (outflows); 4 (inflows) |
Main Counterparties
26. Financial flows of several Nordic countries with majority of their main counterparties are not sufficiently explained by the economic fundamentals. The majority of Nordic-Baltic countries have financial flows with their top-10 counterparties by payments value well explained by the economic fundamentals. As one example, the value of economic linkages in Iceland is sufficiently high to explain Iceland’s inflows from and outflows to all of the top-10 payments counterparty-countries, indicating lower ML risks from Iceland’s cross-border payments activity with its main counterparties. Estonia’s and Lithuania’s flows with the majority and Latvia’s flows with half of their top-10 counterparties can be explained by the economic fundamentals. Payments with top-10 counterparties are less explained in Finland and Norway, while Sweden and Denmark have few countries and directions of payments with main counterparties explained by the economic fundamentals.
27. While the financial flows between the UK and Nordic-Baltic region have decreased in recent years, the UK remains the main counterparty with flows insufficiently explained by the economic fundamentals. Despite the general trend towards the decrease in payments with the UK since the Brexit, the UK remains first by payments value counterparty for majority of the Nordic-Baltic countries (and in top-10 for all). Notably, the payments with the UK are insufficiently explained by the economic fundamentals for all of the countries in the region (except Iceland). Estonia and Lithuania are the only countries with financial flows with the UK that have increased since the UK’s decision to leave the EU, started growing in mid-2020 due to the entry of payment service providers, while Norway’s and Denmark’s flows with the UK registered a mild increase in mid-2021, but remaining still significantly lower than the levels of several years ago. In contrast, payments with the US, which is in top-10 counterparties for most of the countries in the region, are well explained by the economic fundamentals in all Nordic-Baltic countries.
28. Following significant acceleration in recent years, Luxembourg and Ireland became main IFC counterparties of Nordic-Baltic with financial flows mostly insufficiently explained by the fundamentals. Most of countries in the Nordic-Baltic region rapidly increased payments with Luxembourg that are not explained by the economic fundamentals, which entered the five main counterparties for majority of the countries in the region. Ireland was another IFC that increased financial flows with all the countries in the region, entering the top-10 counterparties for most of the countries in the region, with a higher rate of the increase in the inflows from Ireland. These high inflows from Ireland are not explained by the fundamentals in Norway, Denmark, and Sweden, while the lower increase in outflows to Ireland is explained by substantial investment inflows and imports of services from Ireland. The acceleration in payments with Luxembourg and Ireland coincided with the decrease in payments with the UK, which may potentially be related to the UK leaving the EU and associated relocation of some financial institutions and activity, as well as associated ML/TF risks, to Luxembourg and Ireland.
29. The accelerating flows with Ireland and Luxembourg are part of the broader upward trend in Nordic-Baltic region’s share of flows with IFCs since 2017. Ireland and Luxembourg are two of the largest counterparties in the IFC country grouping, accounting for 48% and 14% of all flows with this country grouping respectively. The value and total share of aggregate flows with financial centers began to increase in 2017, increasing by 22% from the 2016 levels. This trend continued year on year, with average aggregate monthly flows with IFCs - with often higher ML risks- increasing in 2018 (22% increase compared to 2017), 2019 (38% increase), 2020 (46% increase), and 2021 (31% increase).
30. While both Ireland and Luxembourg have seen significant increases in the aggregate flows with the Nordic-Baltic region, the composition of these increased flows is different, with strong net inflows from Ireland and increasing net outflows to Luxembourg. Average monthly net inflows from Ireland have jumped by nearly two and a half times in 2019 following stable flows between 2013 and 2018. This trend of doubling of flows every year continued into 2020 and 2021 (21.2 bln. USD), moderating in the first six months of 2022. Conversely for Luxembourg, while there has been an increase in inflows and outflows, the rate of increase in outflows has been more significant, resulting in large net outflows. The increase in flows with both of these countries should be monitored closely given their position as financial centers, with a focus on the strong net inflows from Ireland and net outflows to Luxembourg.
Nordic-Baltic Inflows, Outflows, and Net Flows with Ireland, 2013-July 2022
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
Nordic-Baltic Inflows, Outflows, and Net Flows with Luxembourg, 2013-July 2022
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
Nordic-Baltic Inflows, Outflows, and Net Flows with Switzerland, 2013-July 2022
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
Inflows, Outflows, and Net Flows with International Financial Centers, 2013-July 2022 (USD B)
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
Aggregate Financial Flows with International Financial Centers as a Share to Total Regional Aggregate
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
Nordic-Baltic Flows with IFCs by Country
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
31. The financial flows with several other main counterparties of many Nordic-Baltic countries are not sufficiently explained by the economic fundamentals. Accelerating flows with Germany, France and Belgium are not sufficiently explained by the economic fundamentals in some Nordic countries and to a lesser extent Baltic countries. In addition, outflows to Switzerland from the three Baltic countries (at the end of their top-10 counterparties) as well as from Sweden and Denmark (top-20 counterparties) are not well explained by the same fundamentals.
Secondary Counterparts
32. After the top-10 payments counterparties of Nordic-Baltic countries, most of the jurisdictions with financial flows not sufficiently explained by the economic fundamentals are IFCs. In addition to accelerating payments with Luxembourg and Ireland, which became Nordic-Baltic’s main counterparties, as well as stable flows with Switzerland, the Nordic-Baltic countries also registered less material flows insufficiently explained by the economic fundamentals with a significant number of other IFCs. Among the IFCs with financial flows insufficiently explained by the fundamentals, Hong Kong, Singapore, and UAE are the most material, being in the top-25 counterparties for most of the Nordic-Baltic countries. In particular, the outflows from the Nordic-Baltic countries to these IFCs are insufficiently explained by the economic fundamentals, which for IFCs consist of investment flows and trade in services. Some of the other IFCs identified by the economic fundamentals analysis for multiple Nordic-Baltic countries, include Liechtenstein, Isle of Man, Jersey, Gibraltar, Mauritius, and, for a fewer countries, Bahrain, and Bahamas. Notably, all countries in the Nordic-Baltic region experienced a rapid increase in payments with IFCs in the last few years, a trend which was driven by Ireland and Luxembourg, as countries with the highest level of flows in this grouping, but the same increasing trend was observed across the majority of other IFCs as well.
33. Payments between several regional country groupings and the Nordic-Baltic countries were also identified as not explained by the economic fundamentals. All the Nordic-Baltic countries have flows insufficiently explained by the fundamentals with the Middle Eastern countries - Qatar, Jordan, Kuwait are the most often identified, followed by less material flows with Iraq and Yemen. Exposure to the CIS countries, an area of historic elevated risk to the Nordic-Baltic region, has decreased, including drastic decrease in payments with Russia and Belarus since the invasion of Ukraine. The Nordic countries have limited flows with the CIS countries: Norway has no significant unexplained flows with this regional country grouping, Denmark has low level insufficiently explained flows with Moldova and Turkmenistan, Finland has insufficiently explained inflows from Azerbaijan and Georgia, and Sweden with Georgia as well as less material flows with Armenia and Moldova. The Baltic countries have a higher number of CIS countries with flows insufficiently explained by the fundamentals, most often Kazakhstan, Georgia, Armenia, and Azerbaijan and, less materially, Moldova and Kyrgyzstan. Some countries face potential ML and bilateral sanction evasion risks since March 2022 from increasing flows with Georgia, Azerbaijan and Kazakhstan as sanctioned Russian entities may attempt to abuse the financial sectors of these countries for illicit activity. Another country grouping identified by the economic fundamentals analysis for all Nordic-Baltic countries (except Finland) includes Balkan countries - Albania, Montenegro and less material flows with North Macedonia, Bosnia-Herzegovina, and Kosovo. Majority of the Nordic-Baltic countries registered fewer material flows insufficiently explained by the fundamentals with sub-Saharan African countries (Kenya, Angola and Uganda being the most important), particularly significant for Finland, Denmark, and Sweden.
Identifying Unusual Cross-Border Flows Using Outlier Detection Methods
IMF staff developed an unsupervised machine learning algorithm22 to monitor global financial flows to detect unusual and potentially suspicious patterns of financial flows using transactional payments data and indicators of higher (weak AML/CFT regime, higher economic crimes, financial secrecy, and harmful tax practices) and lower (underlying trade and investments) ML risks (See Annex I for more information). The unsupervised outlier detection algorithm is aimed at identifying rare events that are statistically different from the rest of the observations. Merging and incorporating indicators of higher and lower ML/TF risk with the payments data and indicators of economic activity results in the identification of outlier activity potentially posing higher financial integrity risks. Analysis of contribution of various indicators used in the model’s output algorithm shows that the economic fundamentals variables (trade and investments, as above) have the largest impact on whether payments would be identified as outliers by the algorithm. The section below describes the results in the identification of global outlier payments for Nordic-Baltic region. While the machine learning algorithm is based on AML /CFT-specific risk factors, identified outlier activity does not indicate illicit financial flows23.
34. According to algorithm’s results, outlier financial flows in the Nordic-Baltic region have gradually decreased from elevated levels in 2013-2015 recording an increase since 2020. Payment outliers in Estonia have gradually decreased since the end-2013/early-2014, but reemerged since end-2020, although still at a low level of 2.3 percent of overall flows. Most of the outlier activity in Iceland’s financial flows occurred between 2016 and early 2019, with insignificant value of inflows outliers and with low level of 2.4 percent of overall flows since January 2020. Outliers in Norway decreased since mid-2019 but recorded a slight uptick since late 2021, but to a low level of 2.5 percent of overall flows. The flows outliers in Latvia have gradually decreased from the elevated levels in 2013-2015, and despite the slight uptick in late 2020 remain at a low level (3.6 percent of overall flows). Financial flows outliers in Sweden and Denmark have grown since early 2021, equaling to 7 and 8 percent of overall flows respectively, a particularly important increase as these two countries have the highest level of cross-border payments in the Nordic-Baltic region. The outliers in Finland have gradually decreased since the peak in early 2019 but reemerged since end-2021, amounting to 9 percent of overall flows. Financial flows outliers in Lithuania have grown rapidly since January 2020, at a faster rate than the increase in Lithuania’s cross-border payments, reaching an elevated level of 13.3 percent. The low level of flows outliers for countries such as Iceland, Latvia, Norway and Estonia suggests lower level of ML threat, while outlier activity in payments in Lithuania, Denmark, Finland, and Sweden is higher and accelerating and merits further scrutiny and monitoring.
Share of Outlier Payments in Overall Flows
Share of Outlier Payments in Overall Flows
| Share of outliers24 | |
| Lithuania | 13.3% |
| Finland | 9.0% |
| Denmark | 8.0% |
| Sweden | 7.0% |
| Latvia | 3.6% |
| Norway | 2.5% |
| Iceland | 2.4% |
| Estonia | 2.3% |
Share of Outlier Payments in Overall Flows
| Share of outliers24 | |
| Lithuania | 13.3% |
| Finland | 9.0% |
| Denmark | 8.0% |
| Sweden | 7.0% |
| Latvia | 3.6% |
| Norway | 2.5% |
| Iceland | 2.4% |
| Estonia | 2.3% |
35. Ireland has become the main source of inflows outliers to the Nordic-Baltic countries, followed by accelerating inflows from Germany and Belgium. Ireland replaced Netherlands as the main source of inflows outliers to the Nordic-Baltic region as inflows from Ireland accelerated since January 2020. In addition to Ireland, inflows outliers were also detected in inflows from multiple IFCs, most material being Liechtenstein, Guernsey, Monaco, and Gibraltar, replacing Cyprus, which was the main IFC - source of inflows outliers in earlier periods, also underscoring the importance of developing up-to-date understanding of geographical ML risks. Rapidly increasing inflows from Germany and Belgium to most of the Nordic-Baltic countries also included outlier activity. Other countries with inflows outliers to Nordic-Baltic included other European countries of Greece, Albania, and Montenegro as well as other countries, such as Uganda, Bangladesh, and Angola. Notably, the inflows-outliers since January 2020 do not include inflows from the CIS countries, a major source of inflows-outliers in earlier periods, including Moldova and Ukraine that were in the top-5 sources of inflows outliers in 2013-2019.
Inflows-Outliers from Nordic-Baltic Region, 2020-July 2022
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
36. The UK has remained the main destination by number of outflows outliers from the Nordic-Baltic countries, although with decreased value in line with the declining flows with the UK. The value of outflows outliers from the Nordic-Baltic countries to the UK, which was by far the most important destination for outflows outliers in 2013-2019, has decreased since January 2020, but the UK still remained the main destination for outflows outliers, as the outflows outliers to the UK were identified from all Nordic-Baltic countries. Accelerating outflows to Belgium comprised the highest value of outliers outflows from the Nordic-Baltic countries, particularly important in Sweden and Denmark. Two other important destinations for outflows outliers are the US (particularly for Denmark) and Germany (for Lithuania as well as other Baltic countries). Luxembourg has entered top-5 destinations by value of outflows outliers, as outlier activity was identified in accelerating outflows to Luxembourg in all Nordic-Baltic countries - being first largest destination by value outflows outliers from Iceland, second for Norway, and third for Lithuania. In addition, outlier activity was identified in outflows to other IFCs - Switzerland, Ireland, and Hong Kong. Other countries with identified outflows outliers include France, Netherlands, and Spain.
Outflows-Outliers from Nordic-Baltic Region, 2020-July 2022
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
37. Outlier detection algorithm findings reinforce the results of the economic fundamentals analysis, identifying patterns and directions of financial flows for further scrutiny. Notably, flows with the UK, main counterparty for majority of the Nordic-Baltic countries, were flagged by both economic fundamentals and outlier detection algorithm. Accelerating flows with Germany, France and Belgium were also identified by both analytical approaches. Importantly, rapidly growing payments with IFCs, specifically with Luxembourg, Ireland, Switzerland, and Hong Kong were identified by both analytical approaches. Flows with other IFCs, most material being Singapore, Malta, and UAE, while not having significant outlier patterns, are not sufficiently explained by the fundamentals and could merit further monitoring and scrutiny.
Country-Level Recommendation: Understanding of ML higher-risk countries and payment patterns could be deepened if it is based on country-specific risk factors and focus on the countries with the most material financial flows, in coordination with all agencies with AML/CFT-relevant mandate, including tax administration.
E. Correspondent Banking Flows
Methodological note: The correspondent bank flows analysis presented below analyzes Nordic-Baltic countries role as facilitators of correspondent banking transactions. Specifically, the analysis focuses on financial flows in which a country in the region acts as a correspondent banking location25 in the payment chain. This analysis does not cover the data on Nordic-Baltic countries as originators or beneficiaries of correspondent banking transactions. This correspondent banking flows analysis covers only correspondent’s facilitation of payments between customers of financial institutions. It does not incorporate the findings of the outlier detection analysis or analyze correspondent banking flows for potential unexplained financial flows.
38. There are significant and growing levels of correspondent banking transactions in the region. Both the value and volume of correspondent banking flows have increased, with some volatility, since 2013. By 2017-2018, the average monthly correspondent banking flows for the region increased by half from 2013 levels with further minor growth in August 2020-July 2022. Provision of correspondent banking services, for Nordic-Baltic countries where it is material, should be monitored as an increase in correspondent banking activity could represent a heightened ML risk.
Value and Volume of Regional Correspondent Banking Flows, 2013-July 2022
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
39. Denmark has the most significant correspondent banking activity in the region, with over half of all correspondent banking transactions in the region flowing through the country. Denmark (50%), Sweden (22%), Finland (17%), and Norway (9%) represent nearly all of the correspondent banking activity in the region, with the remaining four countries, (Lithuania, Latvia, Estonia, and Iceland) equaling less than 1% of flows combined. Denmark also has the most significant correspondent banking activity when benchmarked against economic indicators. No other country in the region is close to this level of materiality and the correspondent banking flows are heavily concentrated in the region.
Materiality of Correspondent Banking
Materiality of Correspondent Banking
| Country | Share of Nordic-Baltic correspondent banking flows |
| Denmark | 50% |
| Sweden | 22.5% |
| Finland | 17.7% |
| Norway | 9% |
| Lithuania | 0.4% |
| Estonia | 0.3% |
| Latvia | 0.1% |
| Iceland | 0.01% |
| Regional | 100% |
Materiality of Correspondent Banking
| Country | Share of Nordic-Baltic correspondent banking flows |
| Denmark | 50% |
| Sweden | 22.5% |
| Finland | 17.7% |
| Norway | 9% |
| Lithuania | 0.4% |
| Estonia | 0.3% |
| Latvia | 0.1% |
| Iceland | 0.01% |
| Regional | 100% |
40. Correspondent banking flows in the region are concentrated in a small number of originator and recipient countries. Since 2020, 10 countries have represented the originator of 85% of all correspondent banking flows and the recipient of 88% of all correspondent banking flows in the region. Denmark is the largest originator of correspondent banking flows, as the origin for 15% of all correspondent banking flows that flow through the region. Similarly on the recipient side Sweden represents the largest share at 20%. Norway and Finland both also feature within the top 10 countries, indicating that much of the correspondent banking activity is conducted by Nordic-Baltic banks for banks in other countries in the region. The UK is the second largest counterparty as both originator and recipient of correspondent banking flows, equaling 14% and 13% respectively. Given the UK’s place on several Nordic-Baltic countries self-developed lists of higher-risk countries the significance of the UK to Nordic-Baltic regions correspondent activity merits further monitoring. Two further countries that have been identified as potentially higher risk in the region, Luxembourg (originator of 6% and recipient of 6%) and Ireland (2% and 5%), also feature as significant originators and recipients of correspondent banking flows through the region and also merit further monitoring.
Largest Originators and Recipients of Correspondent Banking Flows through the Nordic-Baltic Region by share of Total, 2020 - July 2022
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
Country-Level Recommendation: Countries in the region with material provision of correspondent banking services should intensify scrutiny, risk assessments and monitoring of correspondent activities, including conducted for financial institutions in high-risk countries.
F. Flows Between Financial Institutions
Methodological Note: The analysis presented below focuses on payments between financial institutions. This analysis does not incorporate the findings of the outlier detection analysis or economic fundamentals analysis. Payments between financial institutions seem to represent a low ML/TF risk in the region, given the maturity of the country’s financial sector and controls in place. Given this, the analysis presented is only for informational purposes and not part of recommendations generated as part of this report. Therefore, the analysis below is included for informational purposes
41. The Nordic-Baltic region’s cross-border payments between financial institutions26 have been stable and balanced since mid-2017. As is the case with other similar economies, the region’s aggregate flows between financial institutions are considerably larger than retail payments.. Prior to mid-2017 inflows and in particular outflows were larger, driven by heightened flows between Nordic-Baltic and US financial institutions. Nordic-Baltic financial institutions’ monthly average outflows in 2015-July 2022 dropped by 82% from 2013-2014 levels.
Nordic-Baltic MT202 Inflows, Outflows, and Net Flows, 2013-July 2022
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
42. The US is the largest outflows counterparty (21% of all outflows) and fourth largest counterparty for inflows (11% of all inflows). Nordic-Baltic flows between financial institutions are heavily concentrated in a small number of countries. The US, Sweden, United Kingdom, and Finland represent the majority of the region’s flows between financial institutions, representing 62% of outflows and 54% of inflows.
MT202 Inflows, Outflows, and Net Flows with the United States, 2013-July 2022 (USD Tr)
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
Financial Institutions Outflows by Country, 2013-July 202227
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
Financial Institutions Inflows by Country, 2013-July 2022
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
Cross-Border Financial Integrity Risks and AML/CFT Supervision
Background and Context for Risk-Based Supervision
43. All Nordic-Baltic countries have finalized their FATF 4th or MONEYVAL 5th Round Mutual Evaluation Reports (MERs) between 2014 and 2022 with initially weak ratings on Recommendation 26, for the supervision of financial institutions. Among the chief concerns across the region, most MERs pointed at issues with supervision not following a sufficiently risk-based approach, along with the lack of resources and adequate powers to impose appropriate sanctions and remedial actions. In some cases, the MERs identified shortcomings related to the limited provisions for suspicious transaction reporting (STRs), or requirements to conduct enhanced due diligence. In some countries, tackling money laundering was not considered a supervisory priority, and authorities had incomplete knowledge of ML/TF risks. There were instances where no mechanisms were in place to adequately update the risk profiles of banks based on significant changes in management or ownership interests. Overall, most countries did not implement supervision following a risk-based approach, and the understanding of cross-border activity and ML/TF risks was limited. Moreover, legal persons and arrangements were also inadequately assessed. As a result, several countries entered the enhanced follow-up process or were placed on the list of countries with strategic AML/CFT deficiencies.
44. Nordic-Baltic countries have undergone comprehensive improvements at all levels in their legal frameworks (including AML/CFT related laws and regulations), between 2012 to date, although effectiveness is yet to be reviewed again. The overhaul of the frameworks has led to reratings on Recommendation 26 with the current ratings across the region being either “Largely Compliant” or “Compliant”. Based on the latest Mutual Evaluations, effectiveness was considered a significant challenge, for both supervisory authorities and financial institutions, for the relevant Immediate Outcomes 3 and 4, with “Low” or “Moderate” effectiveness levels across all countries.
45. Among the most common issues on previous NRAs, assessors noted methodological failures, lack of coordination between agencies, inadequate data, and statistics on which to base the findings, and inadequate understanding of ML/TF risks. This created issues when attempting to formulate country-wide AML/CFT policies and the prioritization of focus areas. The deficiencies in NRAs, as the basic building block for effective AML/CFT frameworks created a cascading effect that would subsequently affect the supervisory risk assessments and affect the banks on their application of preventive measures.
46. Assessors noted the improvements conducted by all Nordic Baltic countries regarding the new round of NRAs. All countries of the Nordic Baltic region have conducted methodological developments and expanded the stakeholders involved, with both public and private participants across all countries. Moreover, countries have adequately conducted outreach efforts to disseminate the findings of their respective understanding of risks.
47. Although facing different challenges and contextual factors, several high ML risk areas are identified across all Nordic-Baltic countries’ NRAs. In particular, fintech and crypto assets are mentioned as the highest ML risk in half of the NRAs of the region. Other sectors and areas that regularly appear as high ML risk sectors include money remittances, physical cross-border transfer of currencies and payments, lawyers, and other legal services providers (tax consultants and accountants), banks, legal business structures and arrangements (including trusts), payment and e-money institutions and gambling. These common risk areas can serve as a baseline for Nordic Baltic countries to further cooperate and coordinate joint supervisory actions.
Highest ML Risk Sectors Across NRAs and Number of Mentions
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
Technical Compliance with FATF Recommendation on Supervision of Financial Institutions (2014-2019) & Improvements in Technical Compliance in Follow-Up Assessment (2019-2022)
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
48. Various cases28 have uncovered key AML/CFT vulnerabilities. These vulnerabilities include domestic supervision, fit and proper testing of management and shareholders, the application of adequate preventive measures, understanding of complex legal vehicles, lack of surveillance on foreign branches, international sanctions breaches, the interconnectedness to offshore financial centers, and lack of coordination on joint surveillance actions. The consequences of these scandals are still felt, with settlements and ongoing legal cases, and with both public and private institutions facing reputational challenges and a need to regain public confidence.
49. Overall, AML/CFT supervisory functions have been enhanced but further work is required. Strengtening of the supervisory framework mostly focused on greater prioritisation, enhancements to supervisory ML/TF risk assessment tools, more effective AML/CFT supervision and additional resourcing. Fighting financial crimes is recognized as an overarching goal, reflected in increased focus for AML/CFT supervision in the supervisory bodies. This has led to the creation of full-fledged AML/CFT divisions to step-up risk-based supervision with specialized recruitment, standalone AML/CFT inspections as well as the development of advanced supervisory tools (including risk assessment models as discussed above and supervisory strategy and procedures). In several instances, the varying levels of ML/TF risks’ understanding between commercial banks and other institutions has been narrowed down. The strengthened statistical-gathering tools have allowed supervisors to provide better targeted feedback to banks so inform them on their respective risk assessments. In addition, the supervisory functions are also better equipped to conduct outreach and guidance on the implementation of measures and controls. Following analysis of country-specific materials related to supervisory ML/TF risk assessments and the risk-based supervision of banks and crypto asset service providers, discussions with country authorities, and drawing on international good practices, this section of the report covers selected issues and key recommendations related to supervisory ML/TF risk assessment, the risk-based supervision of banks and crypto asset service providers, and cooperation and information sharing.
A. Supervisory ML/TF Risk Assessment of Banks: Cross-Border ML/TF Risks
50. There has been clear investment in ML/TF risk assessment models across the region, several are still maturing, while others continue to have gaps. All countries have advanced in developing risk assessment models at the entity-level to guide risk based supervisory engagement. The models draw from and incorporate international and regional best practices in their design. In most countries, supervisors are well-versed with their risk models and assess and validate them on an ongoing basis to ensure that they remain fit for purpose. However, further work -notably, further refinements to methodologies and more detailed collection and integration of data) is required in order to ensure that robust ML/TF risk assessments underpin the supervisory approach for banks. Across the countries, this work ranges from the need for more investment and/or concentrated efforts to fine-tuning.
Overarching Formula for the Calculation of Residual Risk
51. All countries follow the standard approach to supervisory ML/TF risk assessment. This involves an assessment of inherent ML/TF risk the adequacy of the AML/CFT control environment. These two components are then combined to arrive at a residual risk score (e.g., low, medium, high). The inherent ML/TF risk factors generally fall into the headings of product/services; customer, geography, and delivery channel.
52. Inherent ML/TF risk is often not attributed sufficient weight in the calculation of the overall residual risk.. While consideration of the adequacy of the control environment is an important element of the ML/TF risk assessment, the inherent ML/TF risk should drive the risk assessment score. Equivalent or higher weightage to controls over inherent risks may lower entities with high inherent risks (but with more sophisticated internal control frameworks) to medium or low assessed residual risk levels, which in turn can impact the level of supervisory attention given to these entities. This is significant for the banking sector, which is commonly recognized as being exposed to high inherent risk levels but also often lead other types of supervised entities in quality of internal controls. Differences in quality of internal controls within the banking sector continues to be relevant to prioritize attention between entities of similar inherent risk exposures.
Supervisor Supervisory ML/TF Risk Assessment Model
Approaches in Residual Risk Determination Across the Region
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
53. At an entity level, the risk assessment ratings for banks that present comparable levels of risk, seem to vary significantly (without adequate explanation) across the region. While certain variations can be justified, based on elements specific to the country operations, the broad ML/TF risk rating of banks, that are considered to present a high inherent risk (from medium-low to high) indicates that further re-examination of supervisory ML/TF risk assessments may be warranted
54. There is a risk that an over-reliance on the adequacy of control considerations could result in misleading residual ML/TF risk conclusions. Despite results indicating that an adequate control environment is in place, the inherent risk of money laundering can never be completely or even largely mitigated by a positive review of AML/CFT controls by supervisors. These control assessments are often limited in scope and depth and give supervisors an indication of the overall level of compliance and effectiveness from which to base their assessment. Overall, if a comprehensive and adequate inherent ML/TF risk assessment is conducted, supervisors should consider this to be the basis for the assessment with the control environment as a secondary consideration upon which to reassign a rating, on a marginal (e.g. medium-risk to medium-high risk, or medium risk to medium + risk)basis.
Country-Level Recommendation: Where relevant, supervisors should consider assigning a higher weighting to inherent risk part the supervisory ML/TF risk assessment, with less focus on the adequacy of AML/CFT controls.
Good Practice: Sectoral Risk Ratings as a Baseline for Improved Consistency in Risk Ratings
In one instance, the risk model provisions for the sectoral risk assessment rating to form a de-facto baseline for the entity level risk scores. The entity level assessments may exceed the sectoral ratings but cannot go lower than the sectoral levels without sufficient justification. For instance, if the banking sector is assessed as high-risk, the final risk ratings of individual banks cannot go lower unless justified by any individual bank’s specific context. This allows greater consistency in risk scores across higher risk sectors and ensures that any deviations are noted and justified. However, the incorporation of such a de-facto baseline in the risk model should be accompanied by documented guidance on ‘exceptions’ to ensure adequate flexibility in the model to deviate from the sectoral ratings as needed to ensure accurate entity risk values.
Calculation of Inherent Risk
55. There are some variations in the range of risk factors included in inherent risk assessment across models. While the risk factors of product/services, customer, geography, and delivery channel risks are assessed in nearly all cases, some models consider additional risk factors, such as risk appetite, elements of internal controls, and more as part of the inherent risk assessment (Figure 28). The inclusion of these additional risk factors may in some instances distort the inherent risk assessment, either through overlap between inherent risk and control considerations, the assignment of weightage disproportionate with risk relevance, or an overly simplistic consideration of any risk factors.
Inherent Risk Assessment Model
Inherent Risk Factors Assessed Across the Region
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
The risk factors represented here are factors found across the various entity risk assessment models in the region, in proportion of their representation in risk model (i.e., product risk is considered in nearly all countries’ inherent risk calculation, while internal controls are only included in inherent risk assessments in two models). All the above represented factors are not present in each risk model.Granularity in Inherent ML/TF Risk Assessment Factors
56. Across all risk factors, risk indicators often lack the necessary specificity for appropriate risk sensitivity of the relevant models:
Product risk factors often do not include the full range of product/service offerings available in the financial sector or the scale of activity across product/service offerings.
Customer risk indicators often lack disaggregation by relevant risk categories, for instance, number of domestic v. foreign politically exposed persons (PEPs), number of customers from high-risk jurisdictions, etc. Relatively few models measure the extent of exposure to high-risk industries (crypto assets, extractive industries, designated non-financial sectors, etc.).
Geographic risk factors in some risk models do not account for average values and volumes of transactions to various country categories.
Delivery channel related risks are covered marginally in several models and mainly measured in customer counts (e.g., number of customers onboarded remotely or through third parties).
Good Practice: Comprehensive Assessment of Risk Variables in Risk Scoring
A few country risk models include a multi-dimensional assessment of covered risk variables in risk scoring, measuring them in nominal values, as ratios of relevant aggregate values, and as percentage change in activity from the previous reporting period. Further, risk scores are attributed by percentile (of values throughout the sector) and threshold-based calculations (except in the case of nominal values). This can allow a comprehensive assessment of higher risk variables. In particular, the threshold approach, where the maximum score is attributed to values above a pre-determined threshold, is useful to reflect the supervisory risk appetite for certain higher risk indicators.
Illustration of Key Inherent Risk Factors included in Models from the Region
The indicators and weightings used in this figure are illustrative and not meant to be an exhaustive list of considerations nor prescriptions for optimal weightages for risk factors.
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
Country-Level Recommendation: Many countries should consider enhancing the granularity of risk indicators across inherent risk factors, with weightages attributed in proportion to their risk relevance.
Product Risk Consideration and Assessment
57. In most instances, the models would benefit from the reassessment of weightages accorded to the inherent risk factors, particularly in the case of product/services risk. When assessing inherent risk, the analysis of product, customer and geography are the risk factors that should drive the determination. As figure 31 highlights, most countries accord an equal (or lower) weightage to product risk as compared to other risk factors, most commonly 20-25% (Figure 31). Based on discussions with the authorities and the outcomes of the various risk assessment calculations, it seems that product risk, in particular, should be the key driver of an entity’s inherent risk assessment, with higher risk products (e.g., correspondent banking) significantly driving up an entity’s risk exposure when compared to lower risk products (e.g., mortgages). A bank’s attractiveness for money laundering is often driven by the products offered, while its customer base and geographic spread of operations influence the significance of the risk. At the same time, while delivery risk is a worthwhile consideration, the emphasis placed on this factor would not equate with that of the other risk factors. In addition, the significance of delivery risk is diminishing among the typical inherent risk factors with improvements in remote onboarding measures and in the wake of an genenal industry wide move towards the provision of online services coupled with increased investments in digital ID systems.
Product Risk Weightage in Inherent Risk Assessment (Anonymized)
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
58. Further, increased granularity in product risk indicators will also improve risk-sensitivity. In most instances, product risk ratings are based on a binary assessment of the types of products/services offered by the entity. Product risk indicators should measure volume of activity across the different product categories, to ensure that entities with extensive operations in higher risk products/services do not get an equivalent weightage as an entity with a much lower business in higher risk products.
Country-Level Recommendation: Inherent risk assessment in ML/TF risk assessment models should increase weightage attributed to product risk, as part of the methodology.
Incorporation of “ Nature, Scale and Complexity”considerations
59. While some models included consideration, almost all risk models lack a formalized and comprehensive assessment of variables relate d to the ‘nature, scale, and com plexity’ of an entity. Many mature supervisory models include the assessment of factors related to the nature, scale and complexity of the entities comprising their supervisory population as part of their inherent risk assessment. Indicators of this risk type include business structure, complexity in operations, industry and materiality, and key financial indicators (including assets, turnover, deposits, flows, etc.), among others. A few of the risk assessment models in the region incorporate several elements of this risk type, including, for instance, complexity of structure (measured through the number of domestic branches) or the size of the entity. However, these models lack a comprehensive analysis of this risk type within the model. The assessment of ‘nature, scale and complexity risks’ measured through indicators as included above would be a useful addition to the inherent risk assessment. Further, the assessment of this risk type could include input from regional counterparts through established supervisory colleges, to allow consistent understanding of ML risks emanating from an entity’s size and scale of operations and other relevant considerations.
Regional Recommendation: Countries may explore seeking input from regional counterparts through supervisory colleges in the assessment of a potential ‘nature, scale and complexity’ risk factor to develop a consistent understanding of ML risks related to the entity’s size, scale, and type of operations.
Internal Controls Assessment as Part of the ML/TF Risk Assessment Methodology
60. There is a wide degree of variance in list of control factors that are considered across the region. Internal controls assessment in the risk model involves expert judgement drawing from past supervisory engagements with the assessed entities. There is considerable divergence in the scope of the internal controls assessment in risk models across the region. A few countries include a comprehensive methodology for assessment of internal controls as part of entity risk assessment, with weightages assigned to various elements of the entity’s internal control frameworks and program as well as the effectiveness of key control measures. More commonly, countries ascribe a range of sources to inform the controls assessment (particularly the results of offsite and onsite inspections) but does not prescribe specific criteria or indicators to guide the assessment. While supervisory discretion is important in the qualitative assessment of controls (to avoid a checking the box exercise), the model should provide guidance on key elements to consider in an assessment of the entity’s controls framework as well as relative weightings for these elements to ensure systematic and consistent controls assessments.
Data Collection and Analysis
61. There were examples of good practices for the collection of data to inform the analysis of cross-border ML/TF threats in some countries. All countries undertake data collection through supervisory returns, which form the primary input for the risk model. However, the covered countries vary in the level of transactional data collected through supervisory returns, with some collecting disaggregated data across the various inherent risk factors. Good practices in data collection include, for instance, collection of input on cross-border payments, average and total values, disaggregated by geographic spread and customer type (high-risk customers/financial institutions and CASPs) as well as values of non-resident deposits disaggregated by geography and client type.
Cross-border Transactions Data Collected across the Region
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
62. In the main, the level data and information collected to inform the sectoral and entity level assessments of banks lacks granularity. While all countries seek information across the classical inherent risk factors, in many countries the scope and specificity of information collected is limited. Common gaps include, for instance, lack of information sought on scale of business across various product offerings (to increase understanding of inherent product risk), exposure to higher risk industries and geographic regions, as well as volume of business conducted through third parties. Further, the type of data collected is also often unidimensional with emphasis on transaction/customer counts rather than the values/volumes of activity. This can present an incomplete understanding of risks impacting the accuracy of the results from the risk model.
63. Efforts need to be stepped up to incorporate transaction level data into supervisory returns and the analysis of this information should be feed into supervisory risk assessments. In general, the countries are moving towards increasing the type of data collected through supervisory returns as reflected in the most recent iterations of the returns. However, there should be greater inclusion of risk relevant data (as noted above) across all key risk factors. Further, covered countries collect relatively scant data on internal control factors. While internal controls assessments in the risk models are informed by supervisory activity and other external sources, there should be greater collection of controls data during the return to ensure consistent and updated review of the control’s environment at the time of the risk assessment.
Country-Level Recommendation: Efforts should be made to enhance the granularity of information collected as part of supervisory returns for banks, in particular transaction-level data, to better inform the assessment and understanding of cross-border, non-resident ML/TF risk.
Use of Data Analytics to Refine ML/TF Risk Assessment
64. Across the region, countries may explore broaden their data analytics toolkit to effectively harness expanded inherent risk data collected. In some instances, risk models are excel-based, which may have comparatively limited functionalities and prove inadequate to efficiently process larger volumes of data. In other cases, countries have automated models but could largely benefit from greater use of machine learning, big data mining and other data analytic tools to free up supervisory capacity and improve effectiveness of analysis. In several instances, countries are revamping their data collection tools and strategy, either on a standalone basis for the AML/CFT supervisory division, or in coordination with other workstreams within the supervisory body. Aligned with these initiatives, countries should improve their data toolkit to ensure fully leverage their expanded data collection. As with other elements of their risk model, authorities should assess any analytical solutions applied on an ongoing basis to ensure that they remain fit for purpose.
Country-Level Recommendation: In step with the collection of more granular supervisory data to inform the ML/TF risk understanding, supervisors should move towards greater automation and explore the use of data analytics tools to streamline the process for the collection and ensure effective analysis of available data.
Use of Data Analytics in Entity Risk and Assessment
Advanced data analytics techniques including supervised/unsupervised machine learning, data mining, and network analysis can enhance assessment of entity and sectoral risk assessments by identifying risk trends across sectors and regulated entities29 Machine learning tools can be used to detect patterns in large volumes of data and has applications for anomaly/outlier detection. Network analysis can help ascertain links or relations in transactions. Data mining tools can improve efficiency of analysis of volumes of information (including unstructured data) to produce usable outputs.
Supervisors are actively exploring the use of data analytic tools to improve understanding of ML/TF risks across their supervisory population. Some instances below illustrate the use of these techniques in risk assessments:30
De Nederlandsche Bank (DNB) is developing advanced data analytic tools to aid the assessment of supervised entities’ bank’s inherent risks and controls framework. To aid in building entity risk profiles, the DNB has developed a network analysis tool to detect links in transfer of funds to high-risk jurisdictions. DNB is also developing a tool that uses text mining and supervised machine learning to analyze submissions in its assessment of entities’ internal controls framework. This tool is expected to improve efficiency in controls assessments by extracting usable data from bank’s often lengthy assessments of their controls’ framework.
FINTRAC 31has developed a heuristic model to gauge the effectiveness of entity’s controls framework and likelihood of non-compliance through an analysis of factors related to the institution’s profile, compliance history, reporting pattern, among others from extensive data sourced through supervisory returns and external sources.
B. AML/CFT Supervision of Banks and Enhancing Effectiveness of Preventive Measures
Resourcing and Minimum Engagement Models
65. Increased priority for the AML/CFT supervisory function has generally been correlated with resource augmentation; however, in a few instances, available resources remain insufficient in proportion to supervisory population. All supervisors have seen increase in resource allocation in the recent years for the AML/CFT risk based supervisory functions. However, the adequacy of current supervisory resources is variable across the region: in a few instances, staffing levels seem too low to ensure sufficient supervisory presence commensurate with the size of supervisory population. Limitations in resourcing can impact effectiveness of supervisory engagement, with the de-prioritization of resourceintensive functions (including onsite inspections, or development of entity risk assessment models).
66. The development of minimum supervisory engagement models would facilitate a more effective risk-based supervisory approach. Several supervisors in the region have developed ‘minimum engagement models’ to guide depth and frequency of supervisory engagement based on assessed levels of entity risk. The minimum engagement model is intended to set out a minimum or ‘floor’ for frequency of supervisory activity for each identified risk category - supervisors can and should exceed the levels prescribed in the model whenever necessary to respond to newly identified risks or to improve compliance outcomes. An example of a minimum engagement model is included in Figure 33 below. In general, the model sets out the frequency of onsite inspections, offsite assessments, and data collection for each assessed entity risk category categories, with frequency of supervisory activities increasing in step with a move up risk-levels. The minimum engagement model should be sufficiently detailed and appropriately calibrated to ensure adequate risk-sensitive supervisory ‘presence’ in the sector to drive positive AML/CFT compliance outcomes.
Example of a Minimum Engagement Model
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
Example of a minimum engagement model, FATF Risk-Based Supervision Guidance, 2021
67. There has been a significant increase in supervisory resources across almost all countries, however, an assessment of the adequacy of resourcing should be carried out (against a minimum engagement model). A regular assessment of supervisory resource adequacy will be key to’ ensure sufficient supervisory presence commensurate to risk levels. A minimum engagement model could be a critical measure of resource adequacy on an ongoing basis, responsive to changes in size and ML/TF risk levels of the supervisory population. As a rule of thumb, the AML/CFT supervisory division should have sufficient resources to systematically implement an appropriately calibrated minimum engagement model, with some flexibility to undertake responsive ad-hoc supervisory activities as needed.
Country-Level Recommendation: Countries should assess the adequacy of resources on an ongoing basis against changes in size and risk profiles of the supervisory population.
Supervisory Strategy
68. AML/CFT supervisory strategies are either underdeveloped or not in place, and there were no examples of entity-level strategies for the highest ML/TF risk banks. In general, supervisors have developed inspection manuals/procedures and formulate inspection plans on a regular basis to guide active supervisory engagement. However, an overarching supervisory strategy for the banking sector is commonly lacking, and if available, in most instances insufficiently detailed. A sectoral/entity supervisory strategy can help concretely link supervisory activity with identified ML/TF risks in the banking sector, and thus improve the effectiveness of risk-based supervision. Based on an understanding of sectoral ML/TF risks, the supervisory strategy should set out the specific activities that supervisors will carry out to mitigate the risks, including details of onsite activity (e.g., full-scope inspections/areas of thematic focus/deep dive reviews), desk-based reviews, and other key supervisory activities such as outreach, guidance, and collaboration (both domestic and participation in supervisory colleges). For instance, a rise in volume of cross-border payments activity could prompt further focus on thematic reviews on related topics (including transaction monitoring, application of CDD and enhanced due diligence (EDD) measures, and correspondent banking activity) that could then be incorporated into banking sector or entity-specific strategies, or feedback from the FIU that suspicious transaction reports lack necessary granularity regarding the analysis of suspicious activity could lead to the incorporation of an STR focus in the banking sectoral strategy (e.g. thematic inspections, preparation of guidance, coordinating an industry feedback session with the FIU and banks).
69. As a good practice, all countries should consider developing specific strategies for the highest risk banks as a complement to sectoral supervisory strategies, in collaboration with the relevant counterparts in the region. Supervisory colleges can provide a good forum for the relevant supervisors to develop a consistent strategy to engage with financial institutions with cross-border operations. A region-wide supervisory strategy for specific high-risk institutions will allow supervisors to exploit synergies in activities across the concerned jurisdictions and could conserve resources. For instance, all supervisors of branches of a financial group could follow-up on key deficiencies identified following a full scope/thematic inspection of any branch. This follow-up could take the form of a deep dive into controls functions where gaps were identified or, as appropriate, the supervisors requiring the concerned entities to include the identified functions in their internal audit. Supervisors should ensure that such tailored focus is consistent with their domestic legal requirements for onsite supervisory activity.
Regional Recommendation: Countries should consider further leverage the positive cooperation and information-sharing practices (noted below) through the establishment of cross-border AML/CFT supervisory strategies for the highest risk banks.
Supervisory Engagement and Use of Data Analytics
70. Countries are actively carrying out supervision through onsite and offsite activities of banks in the region. Supervisory activity includes full-scope and targeted onsite inspections as well as desk-based reviews. Across the region, there is an increasing trend in the number of onsite inspections carried out. This is partly facilitated by general shift towards targeted or thematic inspections from repeated full-scope inspections which allows more frequent supervisory engagement. Despite the increase in onsite activity, further work is needed in risk-based prioritization of the activity undertaken: in a few instances, medium/medium-low risk entities get near equal supervisory attention as high-risk entities in terms of onsite activity.
71. While countries have noted im provements in ban k’s com pliance with preventive measures, there was consensus that banks (across the region) need to take further steps to ensure that AML/CFT systems and controls are effective which points to a need to also step-up AML/CFT supervisory activities. While improvements have been noted in banks across the region, the level of adequacy of control frameworks varied significantly. As such, supervisory activities need to continue to evolve further and adapt.
72. In the main, supervisory activity is guided by detailed manuals or procedures that map out the su pervisory process and set out criteria to guide the assessment of entities’ controls framework and application of key control measures. Countries have made significant progress to establish risk-based supervisory frameworks. In most instances, country-level materials, included clear criteria and guidance to ensure thorough and consistent engagement.
73. In most instance, further efforts are needed to intensify supervisory oversight in order to ensure that implementation of preventive measures are effective. Most supervisors pointed to a need for banks to further improve their preventive frameworks with several noting transaction monitoring systems as a particular area of focus. In order to do so, countries should consider steps to further intensify supervisory activities and adapt offsite and onsite tasks to pinpoint the highest risk areas, more deliberate selection and use of thematic inspections (discussed later in this report) would be a positive step.
Country-Level Recommendation: Countries could also consider developing complementary additional best practice guidance - with gathered experience from past inspections and other qualitative input and insights in order to support and assist the supervisory team in their work making proper and aligned assessments.
Use of Data Analytics in Supervisory Activities
Advanced data analytics techniques can be used to support supervisory activities. In this sense it builds off its other advantages, such as detecting patterns in large volumes of data, identifying system-wide risks and exposure to networks.32 It allows supervisors to detect and examine outlier transactions in real time, using tools such as machine learning (both supervised and unsupervised) and natural language processing.33 Having such information available and analyzed can help supervisors to better tailor inspections to the actual risk profile of the regulated entity or entities being inspected. A regulated entity might have pronounced risks to a particular sector or geographic location, or higher exposure to some networks rather than others. The COVID-19 pandemic also accelerated the use of data analytics tools for offsite supervision.34
All these points of information can help regulators engage in deeper and more risk targeted conversations with regulated entities. Some examples of how different jurisdictions are utilizing data analytics for inspections are set out below:
Transaction monitoring and anomaly detection in Singapore and the Netherlands: The Monetary Authority of Singapore (MAS) uses analytical supervisory tools to enable targeting of unusual accounts and transactions for further scrutiny, removing the need to manually review transactional data, for example, review of trade allocations and prices.35 It has allowed supervisors to spend more time on deeper and more targeted dialogues with regulated entities.36 The MAS also uses a multi-factor logistic regression model for predicting misconduct risk in entities based on prior compliance, allowing targeted selection of supervisory activities.37 The Dutch Central Bank uses an isolation forest model to detect outlier transaction and clients for further scrutiny, which helps supervisors prioritize the entities with the most anomalous behavior and highest risk for enhanced analysis and supervision.38
Unstructured data sources in Thailand and Italy: Data analytics tools can assist analysis of more text heavy documents such as board and committee minutes, company filings and analyst reports.39 The Bank of Thailand (BoT) and Bank of Italy (BdI) are developing text analysis tools to support their supervisory roles.40 The tools are designed to allow supervisors to spend less time manually reviewing extensive board material but can also give key insights into how boards operate. For example, the tools developed can identify topics covered by boards and committees, whether the conversation was positive or negative, and how different groups of members (for example, executive or non-executive directors) or individuals interacted with the discussion. A key consideration for such tools is to maintain an appropriate balance between using the insights gained from the data analysis and applying human judgement and experience to the exercise.
Information classification in Guernsey: The Guernsey Financial Services Commission is using a natural language processing tool to flag documents which require material review.41 It is also intended to assist in categorizing electronic documents and identify patterns that may cause concern. It is anticipated that the tool will be particularly useful for offsite supervision of small firms.
Regional Recommendation: Countries may further explore use of data analytics to support supervisory engagement and share lessons learned through regional working groups.
Thematic AML/CFT Supervisory Inspections
74. Countries carry out thematic inspections across several key risk areas and controls. Thematic work includes correspondent banking, sanctions screening, risk assessment, transaction monitoring, internal controls systems, suspicious transaction reporting, internal audit, resources, customer due diligence and risk management processes for cash-in-store.
Topics Covered in Thematic Inspections
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
75. There are positive examples of thematic work being directed to high-risk areas and key AML/CFT controls and responding to emerging threats. Some countries focus on high-risk products (correspondent banking) and key AML/CFT controls (ML/TF risk assessment and transaction monitoring). There are also examples of work being directed response to emerging threats (sanctions screening).
76. In many countries, it is unclear how a particular theme is selected. The general move from repeated full-scope inspections to targeted and thematic inspections in the region is welcome and consistent with the maturing of supervisory frameworks. Figure 34 sets out thematic focuses of recent reviews across the region. In all cases, the choice of themes should be appropriately risk sensitive, prioritizing the highest risk areas/topics for coverage. A granular understanding of risks facing the sector will help in the identification of the most critical areas for detailed reviews.
77. A regional look-across of thematic inspections indicates some divergence in scope of thematic inspections. Predominantly, thematic inspections in the region have a focus on control functions such as risk assessment, transaction monitoring, or suspicious transactions reporting. More rarely, the scope of a thematic is significantly wide (e.g., assessment of internal controls frameworks) resembling full-scope inspections in breadth and resource-needs. Such broad thematic inspections may not realize the intended gains of risk-specificity and improved frequency in supervisory engagements. In a few instances, thematic inspections focus on specific higher-risk products (e.g., correspondent banking), where supervisors assess a range of preventive controls in relation to identified higher-risk products. This approach of centering thematic activity on particular products, customers, or higher-risk jurisdictions could be very beneficial in directly correlating supervisory activity with identified risks.
Country-Level Recommendation: Countries that have carried out comprehensive full-scope inspections should continue moving towards thematic inspections that are better targeted at the areas of highest ML/TF risk (based on data and analysis of relevant information).
Development of Geographic Risk Understanding to Better Target Supervisory Activities
78. As noted in the financial flow analysis above, in nearly all cases, countries rely on external lists of high-ris k juris dictions to inform the assessment of entities’ geogra phic ris k. Most supervisory risk models across the region measure geographic risk with reference to external list, most commonly, the FATF and EU Commission’s list of high-risk jurisdictions. While these lists are useful, sole reliance on such lists misses the country-specificity for a comprehensive supervisory risk assessment. In step with enhanced collection of cross-border transactions data to enhance the accuracy of both the sectoral and entity-level supervisory risk assessment of banks, all supervisors should consider developing tailored lists of higher-risk jurisdictions taking into account the respective country-specific factors. Key information on geographic risk could be obtained through more detailed supervisory returns.
Good Practice: Country-Specific List of High-Risk Jurisdictions
In one instance, the country authorities have developed a list of high-risk jurisdictions that informs both ML/TF risk assessment and risk-based supervisory engagement. The list draws from multiple sources, including external lists developed by the European commission and the FATF and the European Commission as well as a national level list and a list of offshore financial centers. The list is publicly available and currently includes nearly 70 countries. References to this list are integrated into the determination of geographic risk, with inclusion of indicators that assess payments to countries featuring in sub-categories of this list.
79. Countries may explore expanding thematic inspections to themes outside systems and controls, and products. In line with the development of a supervisory high-risk country assessment, this information could then drive the scope of a thematic inspection. For example, following analysis of information gathered as part of the supervisory risk assessment, supervisors could first identify a high-risk country with notable transaction levels (this could be particularly informative for countries that utilize financial flows analysis, akin to those described in this report). With the country as the main determining feature, the analysis could then be evaluated against product risk and customer. This could then inform the supervisory activities. For banks that were identified in this analysis, supervisors could then inspect the systems and controls that are in place, related to that country, for relevant topics such as, a sample of high-risk customer due diligence files (including PEPs), transaction monitoring typologies, and STRs.
C. AML/CFT Supervisory Cooperation and Information Sharing
AML/CFT Supervisory Colleges for Banks
80. In response to various AML/CFT-related banking scandals in Europe and the lack of cooperation between international AML/CFT supervisors, European authorities are taking steps to develop structures to facilitate information sharing and coordination. The formal framework for AML/CFT supervisory colleges has been a key initiative. The underlying objective is to provide member countries’ AML/CFT and prudential supervisors with a dedicated forum to share relevant information, while converging the work of FIU
81. s as well, along with the exploration of further synergies. The first AML/CFT colleges for banks were formally set up in 2020. These information-sharing meetings are also complemented by EBA’s European reporting System for material CFT/AML weaknesses, EuReCA, which servers as a central database for AML/CFT. EBA uses this information from EuReCA to inform its view of ML/TF risks affecting the EU financial sector and shares it with competent authorities as appropriate, to support them at all stages of the supervisory process and, in particular, should specific ML/TF risks or trends emerge.
82. While information can be successfully passed between supervisors on a bilateral/informal basis, the structured European Banking Authority (EBA) framework for AML/CFT supervisory colleges is a welcome move. The colleges include EU AML/CFT supervisors and while prudential supervisors, third country AML/CFT and/or prudential supervisors, and FIUs are observers. For an AML/CFT college to be required, under the EBA framework, the relevant institutions must operate on a cross-border basis in at least three EU Member States. In each AML/CFT college, the lead supervisor is the permanent member responsible for the AML/CFT supervision of the institution’s head office or parent entity and is also responsible for establishing and maintaining the college, including the meeting organization. The EBA, through its participation in selected AML/CFT colleges, adopts a monitoring role and shares relevant information as necessary, and provides technical assistance to supervisors providing best practices across other colleges and identifies EU-wide risks and trends based on the colleges’ discussions.
AML Colleges Participation and EBA Monitoring Approaches and Selection Criteria42
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
83. Due to the high level of connectivity among banks in the region, most Nordic Baltic countries are well connected and jointly involved across several AML/CFT and prudential colleges, in line with the EBA Guidlines.43 Most countries in the region show strong levels of involvement and participation. This degree of involvement is often tied to the level of activities by foreign banks on each country. Therefore, countries in the region with low numbers of foreign institutions, or where their domestic banks are usually limited to their domestic market, tend to have lower participation levels. In addition to ML/TF risks, participants often discuss other tangential issues, including reputational risk, and the assessment of the business model for banks, including profitability and sustainability.
84. As noted by the EBA, although the work of the colleges has been welcomed, further operationalization efforts are required, along with a shift to a more predictive and preventive nature, instead of a d escri ptive “after the fact” approach.44 The EBA keeps track of the colleges’ performance and publishes the results in specific reports. The competent authorities across the EU have shown commitment to implement the colleges framework, through the allocation of resources, and positive exchanges of information. Nevertheless, relevant pieces of information are still being produced on a request-only basis and not proactively, hampering preventive risk mitigation or the identification of emerging threats and vulnerabilities. Although the countries in the region consider them useful, the EU reviews request a shift from a purely descriptive reactive mode to a proactive mode. Countries should strive to use colleges for the early detection of threats, patterns, or suspicious transactions.
85. Implementation across Europe is still at nascent stage, with many colleges having held its first meeting only in 2021. There are challenges in the implementation of international legal cooperation, slowing down the participation of key stakeholders (e.g., non-EU countries and their information sharing frameworks).
86. The EBA recognized six actions to be followed by supervisors and college participants based on the identified best practices: finalizing structural elements of colleges including cooperation agreements and terms of participation; enhance discussions during these meetings; foster ongoing exchange within colleges; apply risk-based approach; identify areas for common approach or joint action; enhance supervisory convergence in AML/CFT colleges.
87. The commitment from the Nordic-Baltic countries to establish and participate in AML/CFT colleges is clear, and steps to enhance the effectiveness of these relationships are welcome. Countries are actively cooperating and sharing information within the EBA AML/CFT supervisory college model, however, bridging the gap between useful discussions and coordinated supervisory efforts will require more work. Supervisors may explore leveraging the colleges to develop cross-border supervisory strategies to engage with high-risk institutions (as noted above) and undertake coordinated onsite activity. This can allow targeted follow-up on significant gaps in the entities’ controls framework: While there are some instances of follow-up with other countries regarding deficiencies identified during supervisory engagements this could be further deepened and mainstreamed. For example, when a lead supervisor identifies a weakness in an AML/CFT preventive framework that could have broader ramifications across the group, these discussions should be brought to the attention of college members and countries should proactively follow-up with members of the group to understand the level of action that has been taken to determine whether this deficiency exists elsewhere. If, in line with the countries’ risk-based approach, it is decided that it is not a priority to look further into this aspect through offsite/onsite activities, host supervisors should challenge firms to include testing on this deficiency as part of their regular second and/or third line of defense activities.
Regional-Level Good Practice: Cross-Border Supervisory Collaboration
A supervisory college led by and comprising members of the region undertook coordinated supervision of a cross-border financial institution in 2021 to form a more comprehensive and detailed view of the entity. An onsite inspection was carried out simultaneously in all three countries in constant cooperation via the AML college. The joint team reviewed the AML/CFT systems and internal rules of this institution and its compliance with the local regulations of each country. This is an example of a good practice where collaboration goes beyond information-sharing and targets key cross-border risks through coordinated strategies and joint supervisory responses/initiatives.
Regional-Level Recommendation: Countries may explore further leveraging supervisory colleges to ensure coordinated supervisory efforts, for instance through the development of crossborder AML/CFT supervision strategies, joint inspections, and coordinated follow-up on deficiencies identified in onsite inspections by counterparts in entities in a group structure.
Cross-Border AML/CFT Working Groups
88. The environment for information sharing appears proactive, where information can be shared in an efficient and flexible manner. In addition to the entity specific fora’s for information exchange, there are two main initiatives that enhance collaboration between supervisors and other entities on a cross-national, more general AML/CFT basis. These initiatives include the Nordic-Baltic Stability Group and the Nordic Baltic AML/CFT Working Group
Regional-Level Good Practice: Cross-Border Working Groups on AML/CFT
The Nordic-Baltic Stability Group plays an important role in facilitating coordination in the region. The Group was formed in 2018 by the Ministries of Finance and central banks of the region with the objective of facilitating cooperation and coordination between the participating countries in order to promote financial stability in the region, with a focus on the functioning of the financial system and on counteracting the rise and potential spread or escalation of a financial crisis. The topics of coverage include international reviews and evaluations, cooperation, and information exchange, AML/CFT colleges, public-private partnership models, risk-based approach, risk scoring models, risk assessments of different sectors and the so-called FinCEN Files. At each meeting there is also a standing agenda point where relevant cases, inspections and the status of each country’s supervisory activities are being discussed. The key topics in 2020 were financial stability outlook, the COVID19 impact and an overview of financial sector specific policy measures in the region. At the final meeting for 2020, the NBSWG established a two-year work plan based on common priorities and focus areas.
The Nordic Baltic AML/CFT Working Group is another forum that successfully facilitates cooperation. In line with the calls for better international cooperation in the region, the AML/CFT supervisors of the Nordic Baltic countries also formed the Nordic Baltic AML/CFT Working Group with a view to strengthen the cooperation between the financial supervisory authorities in the Nordic-Baltic countries and to enhance the cross-border information sharing regarding ML and FT. The mandate was adopted in August 2019 by the Director Generals of the Nordic and Baltic Financial Supervisory Authorities. The working group supplements the work in the supervisory colleges and other international engagements. The group allows the exchange of information, knowledge and experiences gained on AML/CFT and coordinates supervision in the region, noting the increase of international activities, the need for stronger cross-country efforts and the continuous development of regulations and supervision of financial products.
Since its inception, the Working Group has followed a specific workplan, that has included risk assessment and methodology analysis, and the documentation of supervisory actions. These activities included a sector-based risk assessment to identify common ML/TF risks in the Nordic-Baltic region, sectors that are identified as high-risk, trends and patterns on emerging risks and a risk classification of institutions by ML/TF risks. On methodological initiatives, the working group has exchanged experiences regarding supervisory methodologies on transactions monitoring systems, crypto assets/crypto currencies, E-money institutions and agents of foreign payment institutions, onsite inspections and criteria for measuring severity, institutions’ risk assessment, ongoing supervision and fintech companies. The group also conducts on-going discussions on the possibility for coordinated supervisory activities, such as, for example, parallel/joint inspections. Nevertheless, as pointed out by the EBA, further work should be conducted on preventive and proactive analysis and early warning activities.
89. Domestic Cooperation between AML/CFT supervisors, prudential supervisors and FIUs on domestic cooperation, most countries show strong frameworks that allow for the exchange of extensive information between AML and prudential supervisors, and between other agencies (including FIUS). In several instances, both the AML and the prudential supervision functions are performed by the same authority, leading to strong cooperation efforts and a high frequency of interactions. On cooperation between the public and private sector, some Nordic Baltic countries also show strong initiatives in most instances, through the extensive use of public-private partnerships (PPPs). Through these fora, the representatives of banks and supervisors discuss together points on preventive measures, thematic risks, supervision, improvements to AML/CFT controls and procedures, and the quality of STR filings. Countries are encouraged to further strengthen this area for an effective and holistic joint work on tackling ML/TF.
Country-Level Good Practice: Public-Private Cooperation Mechanisms
Several countries in the region have established mechanisms for dialogue between supervisors, law enforcement, and reporting entities. In one instance, the FIU has established and manages a PPP forum that allows information sharing and coordination through establishment of task forces, methodological materials, and exchange of good practices. For instance, the forum has produced material on indicators of corruption that are found in this country for public procurement, foreign bribery, and suspicious transactions involving political exposed persons or other officials. In discussions related to the quality of suspicious transactions reporting, several banks were invited to share how their STRs are prepared. With the currently ongoing Russian invasion of Ukraine and the newest sanctions, the forum is providing tailored cooperation in sanction-related matters. Notably, the entities and authorities involved can exchange information because it is considered information provided to the FIU itself.
90. Several of the international banking scandals concerning AML/CFT breaches pointed to the need for more effective mechanisms for information-sharing among impacted banks. At national and regional levels, there is a need to balance the proactive sharing of information related to customer information (including beneficial ownership), among banks, that may be relevant for the prevention of ML/TF with data protection requirements.45 While this “private-private” information sharing is an important mechanism to exchange details, generally, on ML/TF risks/typologies, countries are exploring the boundaries of what can be shared, for example customer-level data (see Box 5). However, it must first be ensured (through banks implementing effective AML/CFT preventive frameworks that are subject to active supervision) that the information banks are collecting is accurate and the analysis reliable, as sharing inaccurate information would be counter-productive.
Private-Private Information Sharing
Public-private and private-private data-sharing mechanisms can help enhance understanding of ML/TF risks as well as enhance efficiency and may reduce cost of compliance. Cross-border information sharing mechanisms for financial institutions (and their branches) to allow the sharing of data on customers involved in cross-border transactions can aid institutions in implementing more robust monitoring mechanisms. A recent stock-take by the FATF notes that data pooling and collaborative analytics can promote efficient and dynamic identification of ML/TF activities and minimize exploitation of information gaps by illicit actors, while underscoring that such mechanisms should respect national and international data protection and privacy frameworks.46
National and regional information-sharing initiatives are gaining momentum to address the silo-ing of customer data within financial institutions. For instance, the Tribank Pilot in the United Kingdom collected pseudonymized transactional data from the three participant financial institutions, which was analyzed centrally to identify suspicious patterns to create an effective cross-border transaction monitoring framework. In another initiative, the MAS is building a digital platform in partnership with six major commercial banks47 to allow effective information exchange between financial sector participants to enhance ML/TF/PF risks of historical/proposed customer activity. The ‘Collaborative Sharing of ML/TF Information & Cases’ (COSMIC) Platform, would allow financial sector participants to request and exchange customer-specific risk information and place customer alerts when customer behavior crosses an established threshold of red flag activity.
In the Nordic Baltic region, a proof of concept developed by the Bank of International Settlements48 has illustrated the benefits of use of payments data in collaborative analysis to detect suspicious flows and patterns. This proof of concept, ‘Project Aurora’, explores the feasibility of analyzing payments data using machine learning models to detect suspicious flows. The project generated a synthetic dataset comprising a minimum set of data fields common to payment ecosystems, representing real world domestic and cross-border payments transactions. The project then tested simulated monitoring scenarios at the individual FI, national and cross-border levels respectively, using machine learning and network analysis to compare the performance of these scenarios in detecting suspicious patterns. The performance of centralized, de-centralized and hybrid collaborative analysis approaches were also compared.
91. The incorporation of AML/CFT supervisory concerns/considerations in prudential assessments of banks has deepened in recent years. Bank for International Settlements (BIS) considers that AML/CFT supervision in the banking sector aims to ensure compliance by banks with requirements for countering ML and/or FT and to assess banks’ ML/FT risks and processes and internal control systems set up in order to mitigate those risks and to undertake supervisory actions on the basis of such assessments. As AML/CFT supervisors have specialized expertise and knowledge of AML/CFT-related issues, the assessment of banks’ ML/FT risk should be carried out by AML/CFT supervisors in the context of their ongoing AML/CFT supervision and considered in prudential supervision. AML/CFT supervisors should conversely consider in their assessment the knowledge and insights of the prudential supervisors, in particular on the overall risk management, internal controls and governance of the supervised entities.
Cooperation Between Prudential and AML/CFT Supervisors
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
92. It is important for AML/CFT supervisors to continue to have strong channels of communication with prudential supervisors. The BIS guidelines point at deficiencies that can have bidirectional consequences in either AML/CFT or prudential supervision. As an example, an improperly vetted member of the board could introduce weaknesses in the AML/CFT framework of a bank. Conversely, AML/CFT cases may affect the bank’s reputation and its ability to fulfill prudential needs and capital adequacy requirements. Supervisors are expected to adopt practices from applicable FATF Recommendations and the Committee’s principles and guidelines. These include the roles and powers of supervisors (including their powers to impose sanctions) and information exchange, to appropriately consider ML/FT risks.
93. Information exchange between both functions is key, with the establishment of official channels to facilitate and structure ongoing dialogue, at both jurisdictional and international levels. This ongoing dialogue may include but it is not limited to authorization procedures, licensing, application, fit and proper tests, ongoing supervision, assessment of the governance, risk management and internal control systems, profitability drivers, operational risks, AML requirements and risk assessment, AML history, and enforcement actions. The BIS points as examples of these channels the bilateral and multilateral exchanges, with or without memorandum of understanding, between prudential colleges and their AML/CFT counterparts.
Country-Level Recommendation: Countries should continue to ensure strong channels of communication between prudential and AML/CFT supervisors to facilitate regular and structured information exchange, and AML/CFT supervisors should take steps to deepen the understanding of the nexus between AML/CFT weaknesses and financial stability (including through initiating discussions on this topic with prudential supervisors).
Recent EU Developments on a Single AML/CFT Supervisor
94. The EU Anti-Money Laundering Authority (AMLA) represents a positive development for better coordination on risk-based AML/CFT supervision, at EU level, but it remains premature to comment on the effectiveness of this initiative and bilateral country efforts will need to continue. As noted at Box 6 below, one of the benefits of the AMLA will be the ability to tackle cross-border AML/CFT supervision of the highest risk-banks in a consistent and coordinated manner. However, with direct supervision expected to commence in 2026, countries will need to continue to establish solutions to address gaps in cross-border supervision until then and for those firms that do not meet the threshold of “high risk” by the definition of the AMLA countries, these efforts will have to continue thereafter.
The EU Anti-Money Laundering Authority (AMLA)
As part of the Euro pean C ommission’s pro p osal, a new EU-level authority, the AMLA will be established to counter ML/TF. The upcoming AMLA will additionally shape the supervisory landscape, and countries will need to prepare for a connection to this institution, expected to start direct supervision in 2026. It is intended to be part of a system integrating the authority itself and the national authorities in charge of AML/CFT supervision. The AMLA will also support the EU’s FIUs establishing a cooperation mechanism among them.
In the Proposal for the AMLA regulation, the European Parliament and the Council of the European Union mention the lack of sufficiently effective arrangements to handle AML/CFT incidents involving cross-border aspects. They consider it therefore necessary to put an integrated AML/CF supervisory system at a European Union level. Countries should start preparing to have closer collaboration links with centralized EU institutions, including legal frameworks, for a streamlined integration with the broader European actors.
The EU Council of Ministers agreed to allow the AMLA to directly supervise certain types of credit and financial institutions, including CASPs, if they are considered risky. The decision also entrusts the AMLA to supervise up to 40 of the riskiest groups and entities - after the first selection process of those entities - and to ensure complete coverage of the European’s internal market under its supervision. For non-selected obliged entities, AML/CFT supervision would remain primarily at national level, with national supervisors retaining full responsibility and accountability for direct supervision. AMLA will not be a FIU itself but will enhance the exchange of information acting as a coordination hub between national FIUs, along with developing standardized STR templates.
D. Crypto Assets and Crypto Asset Service Providers
Trends in level of CA activity and ML/TF risks
95. Inherent features of crypto assets can make them susceptible to criminal misuse. Features such as heightened anonymity and limited traceability49, coupled with the low-cost global reach make crypto assets vulnerable to abuse by illicit actors. Options for limited intermediation, regulatory arbitrage and the possibility of widespread peer-to-peer transactions also weaken the traditional AML/CFT controls. The FATF in 2021 noted a mainstreaming of criminal activity using crypto assets.1
96. The CASP population is concentrated in two countries in the region. The CASP sector is generally nascent in the region (fewer than 10 registered CASPs in 4 out of the 8 countries). Two countries have sizeable CASP populations as of April 2023 (Figure 37) -one a notable outlier with around 300 registered CASPs. Countries with a small CASP population, some mild increasing trends in size and volume of activity. The region also sees concentration in the sector, where relatively a small number of CASPs account for the majority of the market share.
CASP Populations in the Region (Anonymized)
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
97. Early trends of regulatory arbitrage are clear in the region. In the two countries with large CASP populations, strengthening of market entry controls has led to the decline in the size of the sector. Based on the data provided by countries, the tightening of market entry controls in one jurisdiction has been correlated with an ‘inflow’ (in terms of increased registrations) of CASPs to another country in the region with weaker market entry controls. Further, in several countries, CASPs have been de-risked by the banking sector, with many CASPs (particularly in the countries with larger sectors) primarily serviced by payment service providers.
Policy and Regulatory Frameworks: International and Regional Developments
National frameworks on crypto asset (CA) and CASPs are and will continue to be shaped by international and regional standards and guided by international policy formulations:
The IMF’s Board Pa per on the Elements of Effective Policies for Crypto Assets (2023) sets out nine core elements of an effective policy framework to mitigate the risks (including ML/TF) of crypto assets and harness the benefits of the underpinning technologies. The framework covers macro-financial considerations, legal, regulatory, and supervisory considerations, as well as elements for international coordination. The framework includes, inter alia, the need for establishment of market entry controls, implementation of international standards into domestic regulation and enhancing international collaboration to improve effectiveness of regulation and enforcement of regulations. The paper states that where global standards exist, they should be implemented, and explicitly refers to the FATF standards and to the FATF guidance on a risk-based approach to CAs and CASPs.
The FATF Standards were revised in 2018 to specifically address ML/TF risks associated with crypto assets and crypto asset service providers. Under the revised standards, countries are required to assess ML/TF risks associated with CAs and take necessary steps to mitigate the risks (through application of AML/CFT preventive controls by CASPs and their risk-based supervision (or in the alternative, a ban of crypto asset activity), as well as investigations, prosecutions of illicit activity using crypto assets and confiscation of CA as proceeds/instrumentalities of crime.
The AMLA, as part its role as a single EU AML/CFT supervisor, will assume direct supervision of selected (based on an ML/TF risk assessment) crypto-asset service providers. Although the AMLA will not be operational until 2026, a single supervisor for crypto asset service providers will strengthen cross-border supervision and harmonize country approaches, in particular, it will go towards addressing concerns related to regulatory arbitrage, increase available resources and deepen expertise.
The EU’s Markets in Cry pto-Assets Regulations, adopted in May 2023 aims to set out harmonized legal frameworks for crypto-assets to ensure investor protection and market integrity. Market in CryptoAssets (MiCA) covering crypto-asset service providers (who are not covered by existing EU law), as well as issuers of asset-referenced tokens, and electronic money tokens. The MiCA Regulations include provisions on issuance and trading of crypto assets, authorization of covered service providers, and requirements for governance and risk management, among others. MiCA is expected to come into effect after an 18-month transitional period.
98. All countries have a good appreciation of the ML/TF risks associated with the crypto asset sector. Across the countries, recent National Risk Assessments include a discussion of ML risks associated with CASPs, which are informed by EU and FATF assessments. In the main, the sector is considered medium-high - high-risk, due to anonymity, low traceability, and easy cross-border reach of crypto assets as well as immature regulatory frameworks for crypto asset service providers. For countries with a small CASP population, the small size of the sector is considered a risk-limiting factor.
99. All countries have amended their domestic legal frameworks to regulate CASPs. Recent amendments set out definitions for crypto assets and crypto asset services providers. CASPs are designated as reporting entities and required to comply with AML/CFT preventive controls. However, in some instances, the legal frameworks are not fully aligned with FATF recommendations on crypto assets.
Remaining Gaps in the Legal Frameworks for Crypto assets (in certain countries)
Definition of CASPs: In a few instances, the definition of CASPs is not fully aligned with the FATF standards. Under the FATF definition, CASPs are legal or natural persons, undertaking (as a business), (i) exchange between VAs and fiat currencies, or between one or more forms of VA; (ii) the transfer of VAs; (iii) safekeeping or administration of VAs or instruments enabling their control; (iv) or participation in and provision of financial services related to an issuer’s offer and/or sale of a VA. In some cases, countries’ domestic legal frameworks do not incorporate all five of the FATF identified activities. In such cases, covered activities are most commonly limited to CA exchange and administration/safekeeping services. While countries consider these activities to be most prevalent among domestic CASPs, the limited scope of the definition of CASPs weaken the overall strength of market entry controls by allowing some categories of CASPs to operate outside the scope of the regulatory frameworks.
Lowering of the occasional transactions’ threshold: Per the FATF recommendations, all AML/CFT preventive measures should apply to regulated CASPs as reporting entities. However, in recognition of the heightened risk associated with CA activity, the occasional transactions threshold in customer due diligence is lowered in the case of CA activity to 1000 EUR/USD (from 15,000 EUR/USD). While countries’ legal frameworks generally require CASPs to comply with all preventive measures, in a few instances, legal frameworks do not incorporate the FATF prescribed lowered thresholds for occasional transactions in VA.
Incorporation of the travel rule50: Similarly, recognizing the specific nature of CA transactions, the wire transfer rule as per FATF Recommendation. 16 has been modified into the ‘travel rule’ which requires CASPs obtain, hold, and submit information about the originators and beneficiaries of crypto asset transfers. The ‘travel rule’ stipulates that the ordering CASP should submit the required originator and beneficiary information immediately and securely to the beneficiary CASP. The beneficiary CASP is required to hold originator as well as accurate beneficiary information and make it available to the appropriate authorities upon request. In most instances, countries have not incorporated the travel rule for CA transfers, awaiting EU regulation on the subject. Since the availability of originator and beneficiary information during CA transfers is an essential AML/CFT preventive control measure and necessary to monitor for suspicious transactions and conduct sanctions screening, countries should consider speeding up the regulatory update and implementation of the travel rule.
Market Entry Controls
100. Countries overwhelmingly opt for registration regimes for CASPs. Seven out of the eight covered countries have registration regimes, with one country opting for a licensing framework for CASPs. Within registration regimes, there is considerable variation in levels on market entry controls. On one end, a few countries have light-touch registration frameworks comprising mainly a notification obligation without options for assessment or rejection of registration applications. Others have more extensive registration requirements, with detailed assessment by the regulators of registration applications, covering, among others, the adequacy of AML/CFT controls. However, countries are increasingly moving towards more elaborate frameworks for market entry, with fit and proper testing now included even in most light-touch registration frameworks. These trends are welcome and, in general, countries should aim to have registration frameworks of sufficient strength to avoid inflows of non-compliant CASPs as counterparts strengthen entry controls.
101. Many countries expressed a view that regional regulations can aid a move towards greater harmonization in market entry. The MiCA regulations include specific provisions on market entry controls for covered crypto-asset service providers, requiring all entities that seek to provide covered services to seek authorization in their home jurisdiction. The application for authorization requires detailed information including the description of the entities’ internal controls policies and procedures to mitigate ML/TF risks. The authorization process also envisages fit and proper testing for management and beneficial owners of CASPs. The Regulations also require competent authorities to withdraw authorizations of entities that do not have effective systems and procedures to detect and mitigate risks of money laundering in line with relevant EU Directives.2 Harmonized authorization mechanisms once implemented can significantly reduce regulatory arbitrage and inflows of non-compliant CASPs.
102. All countries should continue efforts to detect and sanction unauthorized CASP activity. Given the borderless and transient nature of CASP activity, unregistered CASPs can easily undermine the market entry regime in the absence of proactive measures to identify and sanction unauthorized CASP activity. In all countries, regulators are taking steps to identify unauthorized CASPs, usually in collaboration with other competent authorities (e.g., law enforcement agencies). Regulators are increasingly using a wider range of tools to identify illicit CASP activity, using open-source information and information from other reporting entities to identify illicit actors as well as blockchain analysis tools.
Country-Level Good Practices: Toolkit for Identification of Illicit CASP Activity
Several countries in the region proactively take steps to identify CASP activity, through a range of tools as set out below:
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
Country-Level Recommendation: Countries should align their legal framework on crypto assets with the FATF standards and should take steps to proactively identify unauthorized CASPs using a broad toolkit including open-source searches, whistleblowing mechanisms and information with other competent authorities, blockchain analytics tools as well as information exchange with foreign supervisors.
Incorporating VA-Specific Considerations into the Risk Assessment Model
103. The application of the supervisory entity risk assessment model to the CASP sector is nascent in the region. In most instances, countries have not begun systematic entity level risk assessments for the CASP sector. However, countries with more elaborate registration regimes gain an insight into the risks associated with each CASP during the registration process. This has, in one instance, formed the basis for a temporary risk classification to guide preliminary supervisory activity, pending the development of a formal risk assessment model for the sector. For the countries that have commenced CASP risk assessments, most use their standard risk assessment model for the financial sector without CASP-specific tailoring, with only one country having developed a separate risk assessment model for the CASP sector.
104. Countries should incorporate CASP specific variables and tailor weightages to effectively capture risk relevant characteristics of the CASP sector. Sectoral/entity-level risk assessments are necessary for the risk-based prioritization of supervisory activity and therefore key to systematic supervisory engagement. As in the case of the banking sector (as discussed above), entity risk assessments for CASPs should consider the classical inherent risk factors as well as AML/CFT controls framework. In inherent risk assessment, classic risk factors such as product, customer and geographic risks will continue to be key determinants of risk levels. However, the risk model should include indicators specific to the CASP sector: for instance, indicators on types of CASP services provided and volume of activity in each service offered would be key determinants of risk, given the wide variance in the ML risks associated with different types of CASP activity (e.g., fiat-CA or CA-CA exchanges v. custodial wallets). Further, some delivery channel related risk indicators may be less relevant to differences in risk-levels between CASPs: for instance, since virtual onboarding is a common characteristic across CASP business models, the risk-sensitivity of indicators related to volume of activity from remotely onboarded customers may be blunted. Countries could consider lesser weightage to delivery channel related risks due to reduced sensitivity.
Country-Level Recommendation: Countries should tailor sectoral and entity risk assessment models to include CASP specific indicators with weightages determined in line with their risk-relevance.
105. Countries should also prioritize the collection of granular, risk-relevant information from the CASP sector through regular returns. Data collection is also relatively underdeveloped for the CASP sector: some countries have not yet commenced regular data collection for the sector while others collect little or no CASP specific information. However, in a very welcome move, many countries are revising their returns to seek CASP specific information and aim to formalize data collection in the sector in the near term. Questions on the scale of operations across the classical inherent risk factors (product, customer, geography, delivery channel) as well on the entities’ AML/CFT control frameworks will be relevant for CASPs. In addition, the returns should also collect risk-relevant information specific to VA/CASPs, including input on the range of CASP services offered, types of virtual currencies used in the CASPs’ transactions, any anonymity enhancing services provided, among others. Figure 39 highlights good practices in the region on data collection, setting out key input sought from the sector in recent iterations of supervisory returns.
Country-Level Good Practice: Types of Data Collected on Crypto asset Activity
Some countries in the region have prepared seek tailored input related to the CASP sector in the supervisory returns (either as tailored returns for the sector, or specific questions on CASP activity). Data inputs include general information on scale of activity for the CASP sector as well as input related to CASP specific characteristics. The figure illustrates some examples of types of information sought under both categories.
Information on Scale of Activity and on CASP Specific Characteristics
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
Country-Level Recommendation: Countries should seek granular sector specific information in supervisory returns, collecting information related to the scale of activity in the CASP sector as well as VA/CASP specific characteristics.
Next Steps in Establishing an Effective Supervisory Model
106. In the main, countries have taken steps towards active supervision in the sector but need further capacity enhancements (particularly through the development of sector-specific risk tools). Supervisory engagement in the CASP sector has increased in 2021 - 2022, however, supervision is not fully risk-based in the absence of systematic entity-level risk assessments. While the small size of the sector (in most countries) can limit resourcing needs, in the main, capacity investments have not been commensurate with the countries’ assessment of ML/TF risks associated with crypto asset activity. The authorities should ensure active supervisory engagement in the sector in line with assessed risk levels. As discussed above, subjecting CASPs to a minimum engagement model can help ensure risk-sensitive engagement while assessing resource adequacy on an ongoing basis. This is key especially for the countries with sizeable CASP sectors.
Countries-Level Recommendation: Countries should ensure resourcing and capacity investments are in line with the growth and risk levels assessed in the sector. Subjecting CASPs to the minimum engagement model can allow the ongoing assessment of resource adequacy.
107. Countries should consider the formulation of specific supervisory strategies for the sector. A tailored strategy can help match the nature of supervisory activity to the specific risks in the sector and guide supervisors in choosing the appropriate supervisory activities for types of identified risks. For instance, if specific risks are identified related to limited customer identification of non-resident client base, or related to provision of nested services, the strategy could include focus on horizontal thematic inspections on topics such as customer due diligence/enhanced due diligence measures applied for nonresident customers and mitigation measures in relation to nested accounts etc.
108. Supervisors should invest in specialized skills and tools to appropriately supervise the CASP sector. CASP supervision may require upskilling by supervisors as well as investment in specialized tools, including blockchain analytic tools. Countries should also engage suitable external consultants particularly for onsite inspections of CASPs to assess and challenge adequacy of solutions undertaken by CASPs.
Country-Level Recommendation: Countries should consider developing sector-specific supervisory strategies (in line with the the size of the sector and commensurate to the assessed level of ML/TF risks) and assess the need for upskilling and specialized tools to efficiently engage with the sector.
Cooperation and Information Sharing
109. Acute data gaps hamper risk assessment and active supervision in the CASP sector. CASP supervisors operate with markedly insufficient data on the scale of CASP activity in their jurisdiction, which affects their understanding of potential risks of misuse of crypto assets by illicit actors. While granular data collection through supervisory returns could address some of the gaps, cross-border reach of CASP services as well as relative ease to operate without authorization (when compared to other financial institutions) impacts the comprehensiveness of returns data collected. Close collaboration and information sharing with foreign supervisors could be in addressing some persistent data gaps. For instance, information from foreign counterparts on the application/regulatory history of any CASP can aid home supervisors in assessing CASP authorization applications and can be valuable information to aid detection of unauthorized CASP activity.
110. Regional cooperation and information exchange can enhance domestic risk assessment and risk based supervisory engagement. Countries should move from a domestic, fragmented approach to data collection to a collaborative, cross-border approach to data sharing to inform risk assessments. However, countries indicate preliminary hurdles to supervisory information exchange, including lack of information on CASP authorizations by foreign counterparts. Countries should actively leverage regional platforms to build networks for information sharing on CASP activity. For instance, a regional network allowing supervisors to exchange information on CASP authorizations and rejections as well as to share data on CA activity could address persisting data gaps across the region and allow more effective regional cooperation.
Regional-Level Recommendation: Countries could leverage regional platforms to share sectorspecific information, including through the development of a centralized network to exchange information about CASP authorizations, scale of activity, and supervision.
AML/CFT Failings and Financial Stability
111. The impact of High-profile AML/CFT Failings Events on Financial Stability51 of the Banking Sector requires further examination. This section of the report is focused on financial stability and complements the other pillars on financial flows analysis and risk-based supervision. The work on the first pillar of the report has helped identify: (i) threats through the analysis of financial flows; and (ii) and the second pillar highlighted vulnerabilities through a review of AML/CFT risk-based supervision. The financial stability work seeks to provide a framework for authorities to assess to what extent those threats and vulnerabilities can impact the financial stability of their individual banks, and more wholistically of their banking sector.
The Impact of Financial Integrity on Financial Stability
112. While the impact of penalties and misconduct on individual ban ks’ performance has been the main focus of literature, studies on the im pact on ban ks’ liqui dity an d fund ing are scarce (see annex for literature survey). Empirical studies find that misconduct and financial penalties have a negative impact on bank performance. From a macroprudential perspective, European Systemic Risk Board (ESRB) (2015) estimates that misconduct can create uncertainty about banks’ business models and their solvency and lead to a reduction in the provision of financial services. Koster and Pelster (2017; 2018) find that misconduct and financial penalties have a negative impact on individual banks (lower profitability and valuation, higher funding costs and default risk). A few other case studies show that FI issues also lead to an increase in funding costs (DNB (2018)) and a deterioration in liquidity for banks with offshore activity (IMF (2019)).
113. While the authorities recognize the benefit of exploring this work, there were limited examples of where countries had carried out analysis to quantify the impact of FI issues on financial stability. As part of IMF surveillance activities,52 the ML/TF risks in the Nordic-Baltic region and the nexus between FI and financial stability have been raised, and they have also been captured in the materials noted in the literature review. However, those risks have not been quantified at regional or country levels. Therefore, further work is required to deepen this analysis and better understand the impact of FI issues on financial stability.
114. The hereby approach provides further empirical results to calibrate the short-term impact on valuation, credit risk and liquidity for affected banks and other banks through contagion effects. Data on past FI events in the Nordic Baltic was used to estimate the impact on affected banks and potential contagion effects. The impact was estimated by comparing changes in financial variables (equity prices, credit default swaps (CDS) spreads or deposits) around past FI events. Since the observed changes can be due to other factors not related to FI in the region, each financial market variable was measured against an EU benchmark to control for shocks affecting the EU banking sector as a whole.53
115. The overarching objective of the approach is to provide authorities with a pilot stress testing and risks analysis framework that further integrates FI issues in risk analysis. Given potential transmission channels between FI and financial stability, stress tests and risk analyses in the banking sector could include components related to FI issues. The following sections outline how such stress test scenario involving FI considerations could be calibrated.54
Country-Level Recommendation: Countries should take steps to explore the impact of financial integrity on financial stability. This analysis should be supported by AML/CFT supervisors, prudential supervisors, and financial stability experts within the respective agencies.
Calibrating the Short-Term Funding and Liquidity Impact of FI Events on Affected Banks, and Other Banks Through Contagion in the Nordic-Baltic Region
116. AML/CFT failures are associated with a large drop in equity price for the affected bank, and to a lesser extent other banks from the same country and banks from the region with similar cross-border exposures. Figure 40 shows that affected banks experience a large decline in stock prices around the event, with an average decline of 11 percent, a third quartile decline of 18 percent and up to 23 percent. Other banks from the same country also experience a decline in price along with banks from the region with similar cross-border exposures. Large regional banks would be associated with the largest contagion effects.
117. Similarly, credit risk increases around FI events for the affected banks and for other banks in the same country or banks from the region with similar cross border exposures. Figure 41 indicates that credit risk — measured by CDS spreads — increased by around 15 basis points for the affected bank and to a lesser extent for banks in the same country or with similar exposures in the region.
Sharp Decline in Stock Prices
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
Increase in Credit Risk
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
Increase in CDS Spreads Around a FI Event
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
Change in Equity Prices Conditional on One Bank Facing a Large Drop in Stock Prices
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
118. Liquidity, as measured by deposit flows, tends to deteriorate around FI events for the affecte d bank while other domestic ban ks’ liquidity could benefit from positive substitution effects in the short-term. Figure 42 shows changes in deposits between the month before and the month after an FI event55. Affected banks faced a decline in deposits, with the largest withdrawals from Other Financial Corporations56, credit institutions and to a lesser extent to non-financial corporates, in line with assumptions used for liquidity stress testing in Financial Sector Assessment Program FSAPs (Figure 43). In contrast, other domestic banks non-directly affected tend to see an increase in deposits around the event from same categories of depositors, suggesting that depositors moved out of the affected banks towards other domestic banks. Box 9 below outlines how those results have been obtained during a pilot exercise.
Change in Deposits
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
Deposit Run-off Rates
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
119. At the regional level, preliminary results tend to indicate possible contagion effects on the liquidity side. FI events affecting cross-border regional banks with headquarters in another country could be associated with deposits outflows for other banks in the region having similar cross-border exposure to the region where the FI event originated, indicating possible contagion effects. Figure 44 indicates that banks in the region similar to the one facing a FI event might also experience a decline in deposits.
120. Overall, actual deposits run-off rates for Other Financial Corporations experienced by banks were higher than assumptions used for liquidity stress testing in FSAPs. While the actual run-off rates were lower than those used in FSAPs for most depositors, outflows for Other Financial Corporations which were substantially higher (Figure 45), reflecting the volatile nature of those depositors. Such results can imply that banks relying on deposits for a large portion of their funding might be at higher risk of liquidity issues if AML/CFT failures were to occur, as withdrawals tend to be very large around such events.
Integrating financial integrity issues in risk analysis and stress testing
121. A stress scenario could be calibrated on the Nordic-Baltic experience and applied to several banks. Figure 46 shows a possible calibration of the shock. For the affected bank, its equity price would decline by 18 percent, its CDS spreads increase by 15 basis points and the bank would face deposit outflows of 7 percent (which corresponds to the estimate in Figure 43).57 Other banks in the country would also face shocks, with a 6 percent stock price decline, an increase in CDS spreads by 5 basis points and deposit outflows for 4 percent.58
Country-Level Recommendation: Based on the calibration exercise set out in this report, the authorities should explore further work to calibrate stress test scenarios featuring FI issues and apply them where relevant to banks more vulnerable to FI issues, relying among other factors on financial flow analysis (to better understand the threat) and the conclusions of the supervisory ML/TF risk assessment (to capture banks that are most vulnerable).
Shocks in the Stress Scenario
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
122. The outcome of the stress test could help assess the vulnerability of banks to FI events and its impact on cross-border banking relationship. The results would estimate the impact of FI issues on different banks in the region. In addition, the contagion analysis would complement the work, by estimating spillover effects to other banks. By combining effects on the affected bank and other banks in the region, the stress test would emphasize the interconnectedness and cross-border linkages between banks in the region.
123. The analysis was based on a sample of events, which could be extended based on countries more detailed information and data. There are very few empirical studies on the impact of FI issues on individual banks and even less on financial stability as a whole stability. Therefore, the preliminary results would benefit from further exploration (at the country level) in order to deepen the analysis. Looking forward, collecting information on additional FI cases could help improve the robustness of the estimation.
A Pilot Exercise for Calibrating the Impact on Liquidity, measured with Deposit Flows
Assessing the impact of ML in liquidity is key, as FI issues in the Nordic-Baltic region have triggered very large deposit outflows on some (small) banks in the region. While work on the calibration of the impact of ML events on stock prices and credit risk (measured by CDSs spreads) has been done using commercial data, supervisory information is needed to measure how the liquidity of banks has changed around such events.
Supervisory data includes information on liquidity, funding, and non-resident deposits. Most of the work was focused on the ‘maturity ladder’ template (labelled C66 in EBA CO REP templates), which provides detailed information on a monthly basis about potential outflows by contractual maturity (overnight, 1 to 2 days etc.), inflows by contractual maturity and counterbalancing capacity (assets that could be mobilized to cover outflows).
The impact of FI events was estimated by comparing deposit levels one month before and after the event. Following an event study approach, data related to the specific month during which a FI event were excluded, and the impact was assessed by comparing deposit information before and after the month when the event occurred. Four FI events occurring in 2018-2019 were chosen.
Supervisory data show that some decline in liquidity — measured by deposits — can be observed around FI events. When a FI event directly affects one bank, the impact on the liquidity is visible. When FI events are related to banks outside of the country participating in the Pilot, there could still be some liquidity effects on domestic banks with cross-border exposures to the countries where the ML cases occurred, while other domestic banks did not experience any decline in deposits. First, the sample of events is very limited. There is only one event to measure the impact of FI events on the affected bank, which reduces the robustness of the result. This drawback could be addressed if similar analyses were to be performed in countries in the region where banks were ‘target’ of FI events. While there are more events related to banks outside the country, the sample remains very limited, and some events are overlapping over the estimation window making the identification of the impact of ML events difficult. In addition, changes in liquidity might be driven by other factors than ML events which are not controlled for.
The work could be extended across several perspectives. First, other dimensions of liquidity could be explored, including changes in inflows and counterbalancing capacity around ML events. Second, the analysis could be applied to other countries and banks to increase the robustness of the estimates. The actual liquidity impact needs to be put into context, which might mitigate concerns about the liquidity of the bank. Such extension would be particularly useful for countries where there has been ML cases recently and for countries where small to medium-size banks had been directly targeted (as the liquidity effect on smaller banks is likely to be larger). Finally, other reporting information could be used to cover other aspects of liquidity (inflows and counterbalancing capacity assess other risks) and assess the composition of funding and associated costs.
Annex I. Using Payments Data and Machine Learning for Financial Integrity Surveillance Data and Variables used for the Isolation Forest Model
Formulating money laundering as outlier payments activity, the IMF staff developed an unsupervised 1 machine learning approach based on Isolation Forest algorithm.2 The unsupervised outlier detection algorithms are aimed at identifying rare events that are statistically different from the rest of the observations, providing an efficient tool to analyze “big data” on cross-border payments to detect outlier activity that poses higher financial integrity risk. One of the advantages of unsupervised machine learning is its ability to adapt to new data with evolving patterns without the need for manual adjustments, which is particularly useful for working with large and dynamic datasets, such as global payments system.
Targeting the outlier detection algorithm on financial integrity risks requires incorporation of ML-related risk factors. Application of anomaly detection algorithm directly on the global payments system results in identification of small number of large value transactions between the largest economies and financial centers as outliers. Monitoring global financial flows with an objective to detect unusual and potentially suspicious patterns of financial flows requires incorporation of indicators of higher and lower ML risks as outlined below.
Results of the outlier detection algorithm can contribute to countries’ cross-border ML risk understanding and provide a starting point for further analysis and scrutiny. Aggregated information on the countries and payments activity identified by the outlier detection algorithm can contribute to detailed understanding of cross-border payments risks, identifying specific areas for further strengthening of geographic ML risk understanding, introduction of policy countermeasures as well as closer monitoring of certain types of institutions, payments and customers, if required to mitigate the ML risk. The outlier detection approaches can be also employed by the authorities leveraging more granular payments data, including on individual transactions with customer data, which can be an important tool to trigger tactical analysis.
Unsupervised learning-based anomaly detection methods may generate false positives. Moreover, identification of outliers presented in this section is based on the payments data with some degree of aggregation, which is different from the usual application of outlier algorithms to payments data3 and not suited for detection of money laundering. As a result, while the machine learning algorithm is based on AML -specific risk factors, identified outlier activity does not indicate illicit financial flows.4 These techniques (and the results of analysis) should be used as an input to risk assessments and operational analyses in conjunction with other methods, including expert knowledge and judgement.
Algorithm
Application of the Isolation Forest algorithm includes the following steps:
Random partitioning: The algorithm randomly selects a feature and a split value within the range of that feature’s values. This creates a partition that divides the data points into two subsets. For example, the algorithm randomly selects a feature - e.g. transaction amount, and selects a split value (e.g., USD 1,000) within the range of transaction amounts.
Recursive partitioning: The algorithm continues to split the data into two subsets based on the selected split values. It continues recursively, randomly selecting features and split values, until each subset contains a single transaction.
Building an isolation tree: The recursive partitioning creates for each transaction in the dataset an isolation tree with a path length equal to the number of steps required to isolate the transaction.
Scoring anomalies: All transactions are scored based on their average path length across all isolation trees. If a transaction has a shorter average path length compared to randomly generated normal transactions, it is considered more likely to be an anomaly. A threshold anomaly score was set so that 0.01 percent of all transactions constitute an anomaly.
Data
1) Payments data: The project uses data on payments between the customers of financial institutions5. The payments data is aggregated on the level of a financial institution and anonymized by replacing the name of the financial institution with the corresponding country name. Payments data includes the countries of financial institutions that originated and received the payments, as well as countries of correspondent financial institutions that facilitated the payment. The data includes the currency, number and value of transactions that passed through each of these payment corridors (originator-correspondents-beneficiary).
2) Compliance with AML Standards: The level of compliance with international AML Standards is based on the results of assessments by the Financial Action Task Force (international AML/CFT standard-setter) and respective regional bodies. The index of compliance with the AML/CFT Standards is based on the assessment’s ratings of effectiveness of a given country’s AML/CFT regime. Where not available (mostly earlier periods) the index is based on the technical compliance of a given country’s legislation with the AML/CFT Standards. The AML compliance index is a time series, which takes into account new and follow-up assessments.
3) Portfolio and direct investments. Investment data from the Coordinated Portfolio and Direct Investment surveys.
4) Foreign trade. IMF’s Direction of Trade data for trade in goods - we use the export data, which appears to be more accurate than the imports dataalso analyze mirror trade statistics to detect potential discrepancies in valuation of foreign trade by the counterparties. WTO and OECD data on trade in services.
5) Trade in Services. The OECD-WTO Balanced Trade in Services Database
6) Corruption. Control of corruption indicator from the Worldwide Governance Indicators.
7) Financial Secrecy and Tax Haven Indexes. Financial Secrecy Score and Tax Haven Score from the Tax justice network.
Methodological Approach
1. We use only cross-border payments, dropping the payments that originate and are received in the same country.
2. The (i) value of transactions and (ii) the average transaction sent through a given payment corridor are normalized using z-scores and the means and standard deviations for the outflows from the ordering country, as not to bias the results towards the advanced economies and established financial centers that have higher value of transactions and the average transactions.
3. We also normalize the (i) value of transactions and (ii) the average transaction of a given payment corridor using z-scores and means and standard deviations for the flows via a particular payment corridor (unique payment chain of originator-correspondents-beneficiary, in other words a unique set of banks involved in the transaction). This variable is designedt o detect appearance of the new payment corridors or payment corridors that are processing unusually high overall values or have high average transaction value, which may potentially indicate abuse of a financial institution.
4. The AML Compliance data is incorporated into the model by using interaction of the AML index with the variables (i) value of transactions normalized by ordering country and by payment corridor and (ii) average transaction normalized by ordering country and by payment corridor. We use the AML index for the ordering country to indicate the higher risk of outflows from a country with lower effectiveness of the AML/CFT regime. We multiply the normalized value of transactions and the average transaction by the AML index of the ordering country, which ranges from 0 to 1 (0 being the lowest level of compliance with the AML/CFT Standards), so the value of transactions and the average transaction are weighted proportionate to the degree of weakness of the AML compliance, thus increasing the likelihood of a payment corridor being an outlier.6
Economic activity, such as trade and portfolio/direct investment, provides the economic rationale for the financial flows, representing lower risk of money laundering. We introduce a ratio of the value of transactions between the two given countries and the portfolio/direct investment between these two countries.
5. The lower the amount value of investments between the two countries, the higher this ratio, thus increasing the likelihood of being an outlier.
6. Portfolio and direct investment have semiannual and annual frequency respectively, so for this ratio we sum up all of the flows between the two countries over 6 or 12 months correspondingly, which is then added to all payments between the two countries over the respective periods.
7. Similarly, we introduce a ratio of the value of transactions between the two given countries and the foreign trade in goods and services (both imports and exports) between these two countries. The lower the amount of trade between the two countries, the higher this ratio, thus increasing the likelihood of being an outlier.
8. Flows to/from countries with high financial secrecy or harmful tax practices represent higher risk and we introduce variables that are the result of multiplication of the financial secrecy and tax haven indexes and (i) value of transactions normalized by ordering country and by payment corridor as well as (ii) average transaction normalized by ordering country and by payment corridor. The higher are the indexes for financial secrecy and tax haven, the higher is the weighting of the corresponding payments, thus increasing the likelihood of being an outlier.
9. Outflows from countries with higher perceived corruption represent higher risk and we incorporate corruption perception variable by multiplying the control of corruption indicator by the (i) value of transactions normalized by ordering country and by payment corridor and (ii) average transaction normalized by ordering country and by payment corridor. The higher are the corruption perceptions, the higher is the product of this multiplication, thus increasing the likelihood of being an outlier.
10. Trade and investment data have longer lag in availability as compared to the payments data and in order to run the model once the payments data is available we extrapolate the trade and investment data. We use the average of previous periods, adjusted for the projected GDP growth, and for the seasonality of the trade data, which is monthly.
11. A measure of macro-criticality of the outflows adds a focus on outflows big enough to have a potential to destabilize external or domestic stability of the ordering country. We add a ratio of the value of transactions (nominal values, not normalized) to the GDP of ordering country.
12. Based on the algorithm’s results, the variables with the highest contribution to the output (based on the Shapley values analysis), are the (i) foreign direct investment, (ii) foreign portfolio investment and (iii) the foreign trade. In other words, whether the high financial flows between the two countries correspond to the high trade or portfolio or direct investment flows is the most important determinant of whether the payments would be identified as outliers.
Annex II: A Methodological Approach for Assessing the Impact of Financial Integrity Events on Financial Stability of the Banking Sector: A Case study in the Nordic-Baltic Region
A. Literature Survey
1. The empirical literature on financial integrity issues focuses mainly on the impact of misconduct costs on banks soundness, while there are very few studies analyzing financial stability aspects, including contagion.
B. Misconduct Costs and Financial Stability
2. Misconduct costs can have a negative impact in the medium term. ESRB (2015) reviews the impact of bank misconduct from a macroprudential perspective. While financial and other penalties serve as a correction mechanism to support market discipline, they may entail systemic risk. Misconduct and related penalties are tail events and can as such create uncertainty about the business model, solvency and profitability of banks. Misconduct can lead to a withdrawal from financial markets and activity by a bank (either forced or voluntary) which could impair the functioning of market and the provision of financial services to the end user. The ESRB also finds that the equity prices of banks with litigation issues tend to underperform other banks in the medium term.
Financial penalties and individual bank performance
3. Financial penalties reduce bank profitability. Koster and Pelster (2017) find that financial penalties have a negative impact on pre-tax profitability. A one standard deviation increase in financial penalties leads to a decrease of pre-tax profitability by 0.14 percent. In contrast, penalties have no impact on after-tax profitability, as financial penalties are generally tax deductible. However, the authors find that penalties have a negative impact on after-tax profitability of European banks, because penalties are mostly related to criminal law cases (like ML/FT) and hence not tax deductible.
4. Regulatory actions have a negative impact on valuations, mainly due to reputational costs. Armour et al. (2017) use UK data to estimate the impact of regulatory sanctions on penalized firms. Using an event-study approach, they show that reputational losses (proxied by abnormal returns) are nearly nine times the size of the fines. ECB (2019b) shows that misconduct costs can have a negative impact on valuations through direct (adverse reputational effects) and indirect effects (heightened provisioning needs, higher compliance costs and lower profit expectations). A standard deviation increase in misconduct costs is associated with a 0.2 standard derivation drop in equity returns.
5. Financial penalties are associated with higher bank risk. Koster and Pelster (2018) find that financial penalties can have an impact on the systemic risk of banks. Penalties tend to be associated with higher systemic risk for individual banks as their default risk increases. In contrast, penalties have no significant impact on the contribution of banks to systemic risk (measured by CoVaR). This implies that penalties do not represent a shock that would have significant contagion effect to the entire banking system. Altunbaş et al. (2020) analyze the links between enforcements against money laundering by US regulators and bank risk (default risk, systematic risk and systemic risk using the marginal expected shortfall measure1) based on a sample of 960 listed banks. They find that ML-related enforcements are associated with higher bank risk and this effect is amplified by the presence of powerful CEOs and reduced by large and independent executive boards.
Financial integrity issues, funding and liquidity
6. Financial integrity issues can lead to an increase in funding costs and a deterioration in liquidity. DNB (2018) focuses on the market reaction around the Danske Bank money laundering case and finds that funding costs increased by around 50 basis points for the bank compared to its peers end-2018. IMF (2019) performs a liquidity stress test on Latvia’s banking sector. In the stress scenario, deposit run-off rates are calibrated based on the experience of banks servicing foreign clients, which saw weekly outflows of 5.5 percent (consistent with a run-off rate of 28 percent over a 30-day period). In addition, valuation haircuts are applied to liquid assets based on the interest rate shock observed during the ABLV episode (haircut of around 5 percent on government bonds and 13 percent on other marketable securities). Those shocks are then applied to the Latvia’s banking system (7 banks servicing foreign clients and 4 banks servicing domestic clients, all on a solo basis). The results indicate that all banks would exceed statutory liquidity ratios, but banks remain vulnerable to large outflow shocks due to limited alternative sources.
7. The literature survey and recent cases of financial integrity issues point to a significant short-term impact of F I on ban k’s performance. Disclosures or news flow around failings related to ML/TF tend to be associated with a negative shock to equity prices, a rise in funding costs and credit risk, and possibly liquidity issues through (wholesale) deposit outflows, a decline in the counterbalancing capacity of banks (which might include challenges in disposing of assets2) and a reduction in wholesale funding (and a corresponding increase in refinancing risk).3
C. Conceptual Framework
Short-term impact
8. Short-term stress affecting one bank could potentially be transmitted to other banks through direct and indirect effects. FI issues related to one bank can have an impact on other banks via direct exposures. For example, other banks holding shares in a bank affected by FI issues could face substantial mark-to-market losses due to the decline in stock prices. Indirect effects via market confidence could also propagate shocks, especially if other banks have similar exposures and/or comparable business models. Other banks might experience qualitatively similar shocks, as market participants and clients could expect that those banks could also be facing similar issues. In some cases, high profile money laundering cases can increase market-based funding costs for all banks, even the ones with no direct connections to the case at hand.
9. Figure 45 summarizes the main short-term transmission channels identified. In the short term, the impact on the affected bank can crystallize through higher credit risk resulting in higher funding costs (including in foreign currencies), lower liquidity (due to outflows and a possible decline in counterbalancing capacity), higher refinancing risk (due to outflows and a reduction in wholesale funding) and a lower equity price (possibly raising the cost of equity). Other banks with similar exposures to the affected bank, or banks domiciled in the country where the ML/TF failings occurred, might also suffer negative impacts.
Short-term Transmission Channels
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
Medium-term impact
10. Medium-term effects could also materialize for affected banks. Higher funding costs, cost of equity and regulatory requirements (through Pillar 2 for example,4 see EBA; 2020) could reduce the profitability of affected banks.
11. Medium-term effects could also occur at the sectoral or country level via correspondent banks and de-risking. ML risk crystallizing in one bank may lead to correspondent banks ending relationships with other local banks, up to the point where it becomes impossible to provide payment and settlement services in certain currencies. A reduction in correspondent bank relationship could weigh on the financing activity of the banking sector and ultimately reduce the economic activity of domestic entities (Erbenova et al, 2016). A reduction in correspondent banking relationships has been observed in some EU countries such as Cyprus or Malta (IMF, 2020a). In the region, some countries such as Denmark (50 percent) and to a less extent Sweden and Finland (22 percent and 18 percent respectively) account for the bulk of correspondent flows (IMF, 2022). In addition, in countries where foreign banks play an important role, FI issues could lead to de-risking and an exit from the domestic market for foreign banks, resulting in less competition and higher funding costs, and a reduction on the provision of financial services to residents.
12. Medium to long-term effects could occur on the affected banks, as well as a reduction in correspondent bank relationships weighing on funding conditions for the real economy (2). As compliance costs increase, affected banks might also face higher capital requirements through Pillar 2 (SREP), which could weigh on medium-term profitability. At the banking sector level, foreign banks might sever ties with the domestic banking system due to ML/TF concerns, making the provision of banking services more difficult and expensive for domestic entities. De-risking by the affected bank could also result in less competition in the banking sector and higher funding costs for the real economy.
Medium-term Transmission Channels
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
D. A Financial Integrity Scenario for Stress Testing and Risk Analysis: Estimation Approach and Calibration
Approach and identification of vulnerable banks
13. Scenario analysis focusing on financial integrity issues can help assess risks for vulnerable banks and support risk-based supervision. Using the transmission channels outlined previously, a scenario can be calibrated and then run on a sample of banks to assess the impact of financial integrity issues on the banking sector and estimate the resilience of individual entities. The sample of banks could include banks identified as vulnerable based on financial flow analysis and/or riskbased supervision, as well as other banks.
14. The scenario would simulate a financial integrity issue affecting initially one bank in the region. A narrative would be created, whereby a bank would face some significant financial integrity issue. As a result, the bank would face an increase in risks through the transmission channels described previously (equity, liquidity and funding). The calibration of the shock would be done using past events, augmented by expert judgement and inputs from Authorities.
15. The scenario would also feature some impact on other banks in the region. While the larger impact would be on the affected bank, other banks in the region could also face some shocks, based on the calibration and past experiences.
16. The scenario would be applied to vulnerable banks as part of a liquidity stress test. Based on the scenario, an estimate of the impact on the liquidity of the different banks could be performed. The assessment would assume haircuts on assets that could be mobilized by banks, as well as some outflows and reduction of wholesale funding on the liability side. An implied cash flow analysis could be performed as was done for Latvia (IMF, 2019) using existing liquidity stress test approaches (Jobst et al, 2017).
17. The identification of vulnerable banks would rely on the financial flow analysis and the vulnerability assessment. Financial flows analysis can help identify vulnerabilities related to FI risks through the outlier detection procedure (including exposure to high-risk countries and financial centers). While financial flow analysis is done at country-level, it can support the identification of high-risk countries. Individual banks’ exposures can then be mobilized to identify the banks more vulnerable. In addition, findings related to the risk-based approach to supervision can help identify banks which might be more vulnerable to FI issues (e.g., through the inherent risk assessment factors, AML/CFT internal controls). The existing analyses can already help identify a series of bank characteristics that are associated with FI issues (e.g., large share of non-resident deposits, exposure to high-risk countries, product risks, contribution of individual business units to profitability etc.).
18. Expertise from authorities could also support the identification of vulnerable banks. Existing assessment performed by authorities in the region along with other sources (such as the EBA EuReCA database, see EBA, 2022a). Banks already subject to additional requirements under Pillar 2 for financial integrity issues could also be integrated in the sample.
19. Figure 47 illustrates how the identification of vulnerable banks could be achieved. By combining the threat and vulnerabilities’ assessment with expertise from Authorities, a list of banks could be established. The list of banks could be expanded based upon the authorities’ willingness to apply the framework to banks that would not have been identified in the previous stages.
Identification Flow Chart
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
Data
20. Information on past events related to financial integrity issues is used to estimate the impact of FI issues on banks. A dataset of past FI events in the region was used to identify stress episodes. For each event, the list would feature the exact date of the event (i.e., release of news related to FI issues), the directly affected bank(s) along with additional relevant information (e.g., information on the FI issues stemming from a branch in another country). Table 5 shows the list of events.
Recent Financial Integrity Issues5
Recent Financial Integrity Issues5
| Event date | Affected bank(s) | Summary |
| 13 February 2018 | ABLV Bank (Latvia) | FinCEN proposed to ban ABLV from having a correspondence account in the US due to ML concerns. The bank entered liquidation on 24 February after being assessed as failing or likely to fail by the ECB (EP, 2018; ECB, 2019a). In July 2022, the criminal case against ABLV Bank and its employees for alleged money laundering was submitted to the Court, which has started adjudication of the case. |
| 4 July 2018 | Danske Bank (Denmark, Estonia) | Danish newspaper Berlingske reports that as much as DKr 53bn of money may have flowed through the Estonian branch of Danske. |
| 19 September 2018 | Danske Bank (Denmark) | Danske Bank presents an independent investigation related to ML in Estonia and its CEO resigns. |
| 20 February 2019 | Swedbank (Sweden) | A Swedish television program reports that the bank was involved in suspicious transfers with Danske Bank’s branch in Estonia. |
| 4 March 2019 | Nordea (Finland) | A Finnish broadcaster reports that the bank may have handled EUR 700mn in suspicious transactions. |
| 27 March 2019 | Swedbank (Sweden) | Police raid Swedbank headquarters over ML; the Chief Executive is dismissed. |
Recent Financial Integrity Issues5
| Event date | Affected bank(s) | Summary |
| 13 February 2018 | ABLV Bank (Latvia) | FinCEN proposed to ban ABLV from having a correspondence account in the US due to ML concerns. The bank entered liquidation on 24 February after being assessed as failing or likely to fail by the ECB (EP, 2018; ECB, 2019a). In July 2022, the criminal case against ABLV Bank and its employees for alleged money laundering was submitted to the Court, which has started adjudication of the case. |
| 4 July 2018 | Danske Bank (Denmark, Estonia) | Danish newspaper Berlingske reports that as much as DKr 53bn of money may have flowed through the Estonian branch of Danske. |
| 19 September 2018 | Danske Bank (Denmark) | Danske Bank presents an independent investigation related to ML in Estonia and its CEO resigns. |
| 20 February 2019 | Swedbank (Sweden) | A Swedish television program reports that the bank was involved in suspicious transfers with Danske Bank’s branch in Estonia. |
| 4 March 2019 | Nordea (Finland) | A Finnish broadcaster reports that the bank may have handled EUR 700mn in suspicious transactions. |
| 27 March 2019 | Swedbank (Sweden) | Police raid Swedbank headquarters over ML; the Chief Executive is dismissed. |
21. Market and supervisory data on individual banks was used. Market data includes stock prices for the largest banks in the region along with CDS spreads.6 Supervisory data were used for some banks based on information made available onsite by one participating country in the region.
Estimation
22. An event study approach is used to estimate the impact of FI issues on affected banks and other banks in the region. The impact of FI issues is assessed by comparing changes in prices (shares and CDS spreads) before and after a FI event. Since the observed changes can be due to other factors not related to FI issues in the region, each indicator is measured against an EU benchmark to control for shocks affecting the EU banking sector as a whole. Box 9 provides an illustration for the case of Swedbank in 2019.
Estimating the impact of FI issues, the example of Swedbank in February 2019
On 20 February 2019, A Swedish television program reported that Swedbank was involved in suspicious transfers related to Danske Bank in Estonia.
To assess the impact on the affected bank (Swedbank) as well as other banks in the region (Nordea, Danske, SEB, Jyske) we rebase the price of each stock (Stocki,t) as 100=19/02/2019, corresponding to the day before the report. The relative price of each bank Stocky is then calculated as the ratio of each bank rebased price divided by the rebased equity index of euro area banks:
The corresponding values can be interpreted as the impact of the event on each bank, after controlling for European bank factors (captured by the euro area bank index). Figure 4 shows the results: after three days (T+3), the price of the affected bank was 18 percent lower than the benchmark and around 5 percent lower for the other banks (with the exception of Jyske).
Figure 5 shows a similar analysis focusing on credit risk, using 5Y CDS spreads relative to an EU CDS bank index. Spreads on the affected bank were around 12 bps higher than the benchmark, and around 6 bps for the other banks in the region (for which CDS data are available).
Overall, this example provides an estimate of the impact of FI issues on the affected bank (18 percent drop in equity prices, 12 bps increase in CDS) and other banks in the region (5 percent drop in equity prices, 5 bps increase in CDSs).
Relative Equity Performance around the Swedbank Event
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
Relative CDS Performance Around the Swedbank Event
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
23. Assessing the impact of ML in liquidity is key, as FI issues in the Nordic-Baltic region could trigger large deposit outflows, as seen in the case of one small bank in 2018.7 While work on the calibration of the impact of ML events on stock prices and credit risk (measured by CDSs spreads) has been done using commercial data, supervisory information is needed to measure how the liquidity of banks has changed around such events.
24. Supervisory data include information on liquidity, funding and non-resident deposits. Most of the work was focused on the ‘maturity ladder’ template (labelled C6 6 in EBA CO REP templates), which provides detailed information on a monthly basis about potential outflows by contractual maturity (overnight, 1 to 2 days etc.), inflows by contractual maturity and counterbalancing capacity (assets that could be mobilized to cover outflows).
25. The impact of FI events was estimated by comparing deposit levels one month before and after the event. Following an event study approach, data related to the specific month during which a FI event were excluded, and the impact was assessed by comparing deposit information before and after the month when the event occurred. Four FI events occurring in 2018-2019 were chosen.
26. Supervisory data show that some decline in liquidity — measured by deposits — can be observed around FI events. When a FI event directly affects one bank, the impact on the liquidity is visible. When FI events are related to banks outside of the country participating in the Pilot, there could still be some liquidity effects on domestic banks with cross-border exposures to the countries where the ML cases occurred, while other domestic banks did not experience any decline in deposits.
27. The analysis is subject to a number of limitations. First, the sample of events is very limited. There is only one event to measure the direct impact of FI events on the liquidity of the affected bank, which reduces the robustness of the result. This drawback could be addressed if similar analyses were to be performed in countries in the region where banks were ‘target’ of FI events. While there are more events related to affected banks outside the country, and where the contagion effect on domestic banks can be measured, the sample remains very limited, and some events are overlapping over the estimation window making the identification of the impact of ML events difficult. In addition, changes in liquidity might be driven by other factors than ML events which are not controlled for.
28. The work could be extended across several perspectives. First, other dimensions of liquidity could be explored, including changes in inflows and counterbalancing capacity around ML events. Second, the analysis could be applied to other countries and banks to increase the robustness of the estimates. The actual liquidity impact needs to be put into context, which might mitigate concerns about the liquidity of the bank. Such extension would be particularly useful for countries where there has been ML cases recently and for countries where small to medium-size banks had been directly targeted (as the liquidity effect on smaller banks is likely to be larger). Finally, other reporting information could be used to cover other aspects of liquidity (inflows and counterbalancing capacity assess other risks) and assess the composition of funding and associated costs.s
Contagion analysis
29. When a bank faces FI issues, other banks might also be impacted. Some Authorities have indicated that in past cases, funding costs of the affected banks and other banks increased. Those contagion effects might be related to uncertainty around other banks that could face similar issues8.
30. Contagion effects can be estimated by assuming that each vulnerable bank faces a FI issue. Statistical methods can be used to estimate the expected impact on other banks conditional on the affected bank facing a FI issue, modelled by a large shock to equity prices or CDS spreads (Bouveret and Yu, 2021; IMF (2020b). This study models the distribution of weekly returns using a Student distribution and use a Student copula to model the dependence between each bank (Box 10).
Assessing Contagion through Conditional Analysis
We used data on weekly equity returns for seven banks in the region over 2015-2022: Swedbank, SEB, Nordea, DNB, Danske Bank and Jyske. The distribution of weekly returns for each bank is modelled by a Student distribution (with their degrees of freedom v ranging between 3 and 6). The dependence between the returns of each bank is modelled using a Student copula, which implies that there is more dependence between the performance of banks when performance is very high or very low (tail dependence).
For each bank, we estimate the ‘returns in distress’ as the expected returns that this bank would face conditional on one other bank being in distress (defined as equity returns below the lowest 5 percent of their distribution). The expected returns are given by:
Where RA denotes the returns of bank A, a is the threshold (5 percent in our example), and h is the joint density of the returns of banks A and B (see Bouveret and Yu (2021) for details).
Using numerical methods we estimate for each bank the expected returns conditional one each of the other bank being (sequentially) in distress.
31. AML/CFT failings resulting in a large drop in the stock price of the affected bank would be associated with large drop in prices for other regional banks. The dependence analysis shows that conditional on one bank facing a large negative shock to equity prices following a ML event, other banks would also experience decline in stock prices (Table 6). Large regional banks such as Swedbank, SEB and Svenska would be associated with the largest contagion effects (with declines higher than 8 percent on average) as shown by the last column in the table which indicates the average change in stock prices for other banks. Danske bank and Nordea would appear as the most vulnerable banks in terms of contagion effects (measured by the last row) as they would suffer an average a drop in equity prices higher than 9 percent if the other banks in the region would face large shocks to equity prices.
Expected Weekly Change in Equity Prices Conditional on Banks (in rows) Facing a ML Event
Expected Weekly Change in Equity Prices Conditional on Banks (in rows) Facing a ML Event
 |
Expected Weekly Change in Equity Prices Conditional on Banks (in rows) Facing a ML Event
|
32. AML/CFT failings resulting in an increase in CDS spreads of the affected bank would also be associated with increases in CDS spreads for other regional banks. The dependence analysis shows that conditional on one bank facing a shock to CDS spreads following a ML event, other banks would also experience a tightening of funding conditions (Table 8). Nordea would be the bank with the highest level of spillovers (37.5 basis point increase in CDS spreads for other banks) and Swedbank the one with the lowest spillovers. Swedbank would be the most vulnerable bank as ML events affecting other banks would be associated with an average increase in CDS spreads for Swedbank of around 38 basis points.
Expected Weekly Change in 5Y CDS Spreads Conditional on Banks (in rows) Facing a ML Event
Expected Weekly Change in 5Y CDS Spreads Conditional on Banks (in rows) Facing a ML Event
 |
Expected Weekly Change in 5Y CDS Spreads Conditional on Banks (in rows) Facing a ML Event
|
33. On the liquidity side, preliminary results tend to indicate possible contagion effects. FI events with transnational dimension affecting banks with headquarters in another country could be associated with deposits outflows for other banks in the region having exposure to the same region where the FI event originated, indicating possible contagion effects. Figure 6 indicates that banks in the region similar to the one facing a FI event might also experience a decline in deposits.
Change in Deposits
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
Stress test scenario
A stress scenario could be calibrated on the Nordic-Baltic experience. Figure 7 shows a possible calibration of the shock9. For the affected bank, its equity price would decline by 18 percent, its CDS spreads increase by 15 basis points and the bank would face deposit outflows of 7 percent. Other banks in the country would also face shocks, with a 6 percent stock price decline, an increase in CDS spreads by 5 basis points and deposit outflows for 4 percent.10
Shocks in the Stress Scenario
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
34. The scenario could then be applied at individual bank level but also at the sector or regional level. The stress test could be applied to each bank individually, as common in liquidity stress tests, to assess its resilience to financial integrity issues. The scenario could also be used from a systemwide perspective. In that setting, the scenario would be applied simultaneously to a range of banks, with specific shocks to the affected bank (primary bank) and different shocks to other banks (secondary banks) reflecting contagion effects.
E. Limits and Possible Extensions
35. The analysis was based on a small sample of events, which should be extended. There are very few empirical studies on the impact of FI issues on individual banks and even less on financial stability as a whole. Therefore, the preliminary results are subject to uncertainty due to the lack of empirical benchmark and the very small sample size of FI events. Looking forward, collecting information on additional FI cases could help improve the robustness of the estimation.
36. Further use of supervisory data could help assess the impact of AML/CFT failings on the different dimensions of liquidity, as well as its impact on funding costs. The analysis presented focused only on change on deposits around FI events. It could be enriched by integrating other components of liquidity (inflows and counterbalancing capacity) and reproducing similar work in other countries. Other supervisory datasets could also provide valuable information on changes in funding costs and funding composition around M events.
37. Information on past and ongoing supervisory actions could help improve the analysis. Banks exposed to significant FI issues could be subject to additional capital requirements under Pillar 2 (EBA, 2020). The calibration used by supervisory authorities to estimate the add-on could also be used to assess the impact of FI issues on banks.11
Annex III: Denmark - Executive Summary
A. Background
1. Money laundering (ML) cases in the Nordic-Baltic region exposed financial stability and integrity risks to the integrated Nordic-Baltic banking sector, including Denmark. These cases attracted international scrutiny on the effectiveness of anti-money laundering and combating the financing of terrorism (AML/CFT) supervisory regimes throughout the region. today, international collaboration is a necessity in combatting money laundering (ML) and terrorist financing (TF) risk and thereby severe crime. A large specific case has highlighted this necessity of international collaboration among supervisory entities and the need for effective AML/CFT systems and controls to mitigate the risks. Denmark has undergone several initiatives to improve its legal frameworks and AML/CFT systems and controls.
B. Financial Flows Analysis
2. Denmark’s aggregate cross-border financial flows have grown steadily together with the regional financial flows since 2013, accelerating since late 2020. The majority of Denmark’s crossborder financial flows are with G7 and EU countries, in line with the cross-country economic linkages, with the U.K., Sweden, Germany, and Luxembourg as the main payment counterparties. The composition of Denmark’s flows has changed, as the share of the EU countries has grown significantly, while the share of the Commonwealth of Independent States countries, mostly driven by flows with Russia, has decreased strongly since the peak in 2013-2014 to insignificant amounts in recent years. Denmark’s cross-border activity is material to the country, as it has the second highest ratio of cross-border payments’ value to GDP and the value of deposits in the Nordic-Baltic region. This is expected for a small and open economy with a large pension funds sector investing abroad and a significant issuance and sale of bonds to institutional investors abroad. The authorities should consider1 developing a national mechanism for comprehensive monitoring of macro-trends in cross-border financial flows, including correspondent payments, to identify and assess ML/TF risks.
3. Denmark’s cross-border financial flows have a significant geographic spread, but the flows with the majority of countries-counterparties are sufficiently explained by the economic fundamentals. Denmark has material financial flows with 148 jurisdictions-such extended geographical reach of Denmark’s financial sector increases ML threats facing the country. However, the staff’s analysis of cross-border payments data2 indicates a strong link between the value of cross-border payments and underlying economic activity for the majority of counterparty countries. Among the main counterparts, payments with the U.K., which remained Denmark’s main payments counterparty despite the decrease in flows since late 2018, as well as accelerating payments with Germany and Luxembourg, are insufficiently explained by the economic fundamentals. In addition, financial integrity screening of financial flows using machine learning identified increasing outlier activity in Denmark since early 2021. The authorities’ national understanding of ML cross-border and non-resident risk would benefit from incorporating additional sources of data (e.g., on foreign trade and investments) and other information (e.g., business models of payment service providers) into the national/sectoral risk assessments.
4. For the identification of higher-risk countries, Danish authorities rely primarily on the Financial Action Task Force ( FATF) grey list, Euro pean Commission’s (EC) higher-risk third country list, and non-cooperative tax jurisdictions. Denmark has low levels of cross-border payments with FATF and EC higher-risk countries and non-cooperative tax jurisdictions. In contrast, payments with the International Financial Centers (IFCs)3 that are not on the abovementioned external lists, have increased fivefold since 2017, and IFCs account for a third of jurisdictions with payments insufficiently explained by the economic fundamentals, including Luxembourg, Ireland, Switzerland, Hong Kong, United Arab Emirates, Malta, Mauritius, Bahrain, Gibraltar, Isle of Man. In addition, rapidly growing flows with IFCs, importantly with Luxembourg, Ireland, and Switzerland, were flagged by the outlier detection algorithm. Other countries with flows insufficiently explained by the fundamentals include Montenegro, Bosnia-Herzegovina, Kenya, Angola, Uganda, and Kuwait. In developing understanding of higher-risk jurisdictions, the authorities should add a focus on jurisdictions with substantial flows that have the potential for material ML threat based on Denmark-specific risk factors in coordination with all relevant agencies with AML/CFT-relevant mandates, including tax administration. Considering the increase in the volume and the total value of correspondent payments facilitated by Danish banks, provision of correspondent services in non-core currencies, using a high number of payment corridors, and the growing share of higher-risk countries, the authorities should collect data to monitor provision of correspondent banking services and assess ML/TF risks arising from correspondent banking.
Denmark’s Flows with Financial Centers as a Share of Overall Flows, 2013-July 2022
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
C. ML/TF Risk Assessment
5. The Danish Financial Supervisory Authority (DFSA) has a detailed risk assessment model, but inherent risk factors should be assessed through a broader range of risk-relevant indicators, and the weightings from financial sector products should be considered against any relevant Denmark-specific factors. While the risk-scoring approach is detailed, the DFSA should assess it on an ongoing basis. The model should increase focus on product risk in the calculation of inherent risk, and Financial Supervisory Authority should therefore consider higher weighting for product risk to improve the risk-sensitivity, and therefore, the potential accuracy of the risk model. Additionally, the volume of activity for each product offering should be incorporated to ensure a more accurate determination of product risk. While the DFSA uses some external sources of information, as noted above, the DFSA should also develop a more comprehensive list of higher-risk countries tailored to Denmark to use as part of the supervisory ML/TF risk assessment. Supervisory returns collect information related to key risk factors, although the granularity of the data collected could be enhanced through the collection of volumes and values of transactions. To address the challenges associated with the increased use of data, advanced data analytic tools, including network analysis, data mining, and machine learning tools could also further enhance the ML/TF risk assessment. Notably, the authorities are planning advancements in data analytics to enhance the risk model. Planned upgrades include the development of tailored software solutions, the application of advanced analytics, including by using clustering methods
D. AML/CFT Supervision
6. The Authorities have increased resources assigned to AML/CFT supervision, have a documented risk assessment framework, and are in the process of finalizing a minimum supervisory engagement model. The DFSA refines key supervisory practices and the underlying materials on an ongoing basis. The authorities should move swiftly to finalize updates to the AML/CFT supervisory strategy, for example, the documented minimum engagement model. It should also be ensured that there is an adequate supervisory presence in the highest risk banks with specific topics and activities under review driven by the ML/TF risk assessment, in line with a risk-based approach. The current supervisory manual does not describe risk and controls in a manner corresponding with the risk assessment model. The methodology for Customer Due Diligence test sampling would benefit from a more detailed approach. While the manual addresses some important aspects with regard to the assessment of transaction monitoring, it fails to provide adequate guidance to support a supervisory assessment and does not include adequate detail on how to interrogate the adequacy of the design of a transaction monitoring system. We note that the supervisory manual is currently undergoing revisions.
E. Virtual Assets & Virtual Asset Service Providers (VASPS)
7. Denmark has a small VASP sector, and a good appreciation of the ML/TF risks and data returns would benefit from more specific and targeted information, and market entry controls appear to lack the necessary depth. The AML/CFT Act, as amended in 2021, covers all categories of VASPs as provided in the FATF definition. However, the Act, as related to VASPs does not apply to Greenland and Faroe Islands. The DFSA conducts proper testing for applicants, management, and beneficial owners during the registration process. However, there is a minimal assessment of the applicant’s compliance with the AML/CFT Act and the proposed preventive controls framework. The authorities have not commenced entity-level risk scoring of registered VASPs and intend to subject the sector to the DFSA’s risk model. The DFSA should develop an entity risk assessment model for the VASP sector and increase the level of data that is collected. Tailored questions and subjecting VASPs to a detailed minimum engagement model would also help ensure risk gradated supervisory engagement in the sector.
Annex IV: Estonia - Executive Summary
A. Background
1. Money laundering cases in the Nordic-Baltic region have exposed financial stability and integrity risks to the integrated Nordic-Baltic banking sector, including Estonia. These cases attracted international scrutiny on the effectiveness of anti-money laundering and combating the financing of terrorism (AML/CFT) supervisory regimes throughout the region. On several occasions, the Estonian supervisory authorities identified such activities and raised their concerns to the involved entities. The cases serve as a reminder of the high inherent money laundering and Terrorist Financing (ML/TF) risks associated with cross-border banking activities and the need for effective AML/CFT systems and controls to mitigate the ML/TF risks associated with non-resident activities. Estonia has undergone significant legislative changes to further align with Financial Action Task Force (FATF) standards, and there has been investment in AML/CFT systems and controls. The authorities also note an improvement in the bank’s AML/CFT frameworks, and ongoing effective AML/CFT supervision remains critical.
B. Financial Flows Analysis
2. Estonia’s aggregate cross-border financial flows have decreased significantly from their high at the end of 2013 but have begun to grow again since 2020. As a result of the authorities’ reaction to the historical misuse of the Estonian branch of Danske Bank aimed at restricting non-resident business, the value of cross-border payments dropped by three-fourths between the 2013 peak and the 2017 monthly average. Aggregate cross-border financial flows have begun to grow again in recent years, doubling in the two years since January 2020. The composition of Estonia’s aggregate flows has changed significantly, as shares of G7 and EU countries have increased in line with the cross-country economic linkages (the UK, Germany, and Lithuania being the main payments counterparties), but the shares of the Commonwealth of Independent States (CIS) countries and International Financial Centers (IFCs) 1 have decreased. Estonia’s cross-border activity is material to the country as the ratio of payments flows to GDP is above the Nordic-Baltic region average.
3. The flows with the majority of Estonia’s main counterparties are ex plaine d by economic fundamentals. Estonia has immaterial financial flows with majority of the countries, and the staff’s analysis of cross-border payment data2 indicates a strong link between the value of cross-border payments and underlying economic activity. The financial flows with most of Estonia’s top-10 payments counterparties are explained by the economic fundamentals, except flows with the U.K3., inflows from Lithuania4, and outflows to Switzerland, all on an upward trend in recent years and are not sufficiently explained by the fundamentals. IFCs account for a third of all jurisdictions with flows insufficiently explained by the fundamentals, including Switzerland, Hong Kong, Liechtenstein, Singapore, Malta, United Arabs Emirates, Isle of Man, Gibraltar, Mauritius, and Monaco. In addition, financial integrity screening of financial flows using machine learning identified a low, although increasing in 2020, level of outlier activity in Estonia. The direction of inflows-outliers has changed, with no outliers from the CIS countries, while the U.K. has become the main destination for the outflows-outliers. The machine learning findings reinforce the results of the economic fundamentals analysis; for example, accelerating flows with the U.K. and Lithuania, as well as flows with Switzerland, Hong Kong, and Liechtenstein, were flagged by both economic fundamentals analysis and outlier detection algorithm. While growing outflows to Ireland and Luxembourg could be explained by the economic fundamentals, they included outlier patterns of payments. The national understanding of ML/TF cross-border and non-resident risk would benefit from incorporating additional sources of data (e.g., on foreign trade and investments) and other information (e.g., business models and client base of payment service providers) into the national/sectoral risk assessments.
4. The authorities operate an extensive list of higher-risk countries consisting of around half of all jurisdictions in the world. The Estonian authorities follow the list of jurisdictions under the FATF increased monitoring and the European Commission’s (EC) list of high-risk third countries. In addition to the FATF and EC lists, the Estonian Financial Supervision Authority (EFSA) and the Estonian Financial Intelligence Unit have developed an extensive list of higher-risk countries that consists of 110 jurisdictions. Considering that Estonia has immaterial flows with most of the countries on its list of higher-risk countries, it could be beneficial to focus on jurisdictions with substantial flows that have the potential for material ML threat. Incorporating elements of the economic fundamentals and outlier detection analyses would provide a country-specific and up-to-date understanding of higher-risk countries and payment patterns.
Estonia’s Flows with Higher-Risk Countries as a Share of Overall Flows, 2013-July 2022
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
C. ML/TF Risk Assessment
5. The EFSA follows a standard approach to ML/TF risk assessment, with comprehensive data that seems to cover most key AML/CFT topics, with the inherent risk assessment being focused on product risk, although the weightings would benefit from further consideration. The authorities have a detailed approach to collecting AML/CFT relevant supervisory data (including information related to non-resident ML/TF risks). The authorities regularly review the suitability of the ML/TF risk model weightings and recently updated the model to assign an equal weighting to both inherent risk, and control environment. While the adequacy of the control environment is an important consideration, the move towards less emphasis on inherent risk, (in the design of the model) could be reconsidered. The control environment could serve to impact the level of supervisory oversight on a marginal basis but should not equate to the emphasis that is placed on inherent ML/TF risk that banks are exposed to. Further consideration of the focus of the assessment would be beneficial. In addition, the risk model includes some overlapping elements based on geographic risk, an issue that could be better captured by assigning a higher weighting to this type of risk to ensure an adequate risk representation.
D. AML/CFT Supervision
6. The EFSA inspection coverage appears adequate, further fine-tuning of the engagement model and specifying the strategy for those banks deemed at the highest ML/TF risk could be beneficial. The approach covers targeted, thematic and full-scope on-site and off-site inspections or adhoc inspections. However, authorities could consider outlining the ML/TF risks in the banking sector (including at the individual bank level) and directly linking this to the supervisory strategy in a more detailed manner. These strategies would ensure that supervisory activities are adequately tailored to the specific ML/TF risks that the highest-risk banks face. In addition, there is a lack of a coordinated strategy on how to supervise key cross-border ML/TF risks and their mitigation. Colleges, along with the Nordic-Baltic working groups appear helpful for information-sharing purposes, but further efforts could be beneficial to implement coordinated supervisory strategies for cross-border banks. More comprehensive mechanisms could be implemented to ensure consistent supervisory assessments and ML/TF risk assessments of the banking sector, including peer reviews of findings and reports of supervisory activities from other supervisors.
E. Virtual Assets (VAs) & Virtual Asset Service Providers (VASPs)
7. Estonia is exposed to ML/TF risks related to its (relatively) large VA/VASP sector; recent reform has resulted in developing AML/CFT mitigating measures. More precisely, the authorities strengthened market entry controls, and the FIU has a good understanding of risks, although there are data gaps affecting the comprehensiveness of the ML/TF risk assessment. The strengthening of market entry controls has corresponded with a decline in the VASP population, with some early indication of regulatory arbitrage in the region (impacting countries outside Estonia). The legal framework has been aligned with FATF standards, although some deficiencies remain regarding the travel rule.5 The authorities should continue efforts to ensure comprehensiveness of the legal framework and are recommended to develop supervisory strategies and further expand its minimum engagement model to include frequency of offsite examinations for higher-risk entities.
Annex V: Finland - Executive Summary
A. Background
1. Finlan d ’s extensive ban king sector and high interconnectivity in the region ex p ose it to cross-border money laundering (ML) risks, as illustrated by its exposure to banking scandals in the region. Finland has a large banking sector (191 credit institutions), with a concentration around two entities (due to their size). Finland is the headquarters of one of the biggest banking groups in the region that have been involved in well-known money laundering cases, including the Laundromat scandal.
B. Financial Flows Analysis
2. Finland’s cross-border financial flows have increased together with the regional financial flows steadily since 2013.
Most of Finland’s cross-border payments are with G7 and EU countries, with the U.K., Sweden, Germany, and the Netherlands as the main payment counterparties. This pattern of payments is in line with the main cross-border economic linkages of Finland’s small and open economy The share of the EU countries has been increasing, while payments with the Commonwealth of Independent States countries, historically a region of elevated ML threat to the Nordic-Baltic countries, are minimal. Finland’s crossborder activity is material to the country, as its ratio of cross-border payments’ value to GDP and the value of deposits is above the Nordic-Baltic regional average. The authorities should consider1 developing a national mechanism for comprehensive monitoring of macro-trends in cross-border financial flows, including correspondent payments, to identify and assess ML/TF risks.
3. Finlan d ’s cross-border financial flows have extensive geographic spread, but the flows with the majority of countries-counterparties are sufficiently explained by the economic fundamentals. Finland has material financial flows with 115 jurisdictions-such extended geographical reach of the Finnish financial sector increases ML threats facing the country. However, the staff’s analysis of cross-border payments data2 indicates a strong link between the value of cross-border payments and underlying economic activity for the majority of counterparty countries. Among the main counterparts, decreasing payments with the U.K., as well as accelerating payments with Germany and Luxembourg, are insufficiently explained by the economic fundamentals.
In addition, financial integrity screening of financial flows using machine learning identified elevated outlier activity in Finland since the end-2021, with the U.K. and Ireland being the main destination for outflows-outliers from and the main source of inflows-outliers to Finland, respectively. The authorities’ national understanding of ML cross-border and non-resident risk would benefit from incorporating additional sources of data (e.g., on foreign trade and investments) and other information (e.g., business models of payment service providers) into the national/sectoral risk assessments.
4. For the identification of higher-risk countries, Finnish authorities rely primarily on the Financial Action Task Force ( FATF) grey list, the Euro pean C ommission’s (EC) higher-risk third country list, and a number of higher-risk countries identified domestically. Finland has minimal payments with FATF and EC higher-risk countries and decreasing payments with countries identified as higher risk by the National Risk Assessment. In contrast, payments with the International Financial Centers (IFCs) 3 have more than quadrupled since 2017, and IFCs account for a third of jurisdictions with payments insufficiently explained by the economic fundamentals, including Luxembourg, Hong Kong, Singapore, United Arab Emirates, Mauritius, Liechtenstein, Isle of Man, Curacao. In addition, rapidly growing flows with IFCs, importantly with Luxembourg and Ireland, were flagged by the outlier detection machine learning algorithm. Other countries with flows insufficiently explained by the economic fundamentals include Kuwait, Saudi Arabia, Iraq, Azerbaijan, Georgia, Congo, Mali, and Mozambique. The authorities should add a focus on jurisdictions with substantial flows that have the potential for material ML threat based on Finland-specific risk factors. This should be completed in coordination with all AML/CFT-relevant agencies, including tax administration.
Finland ’s Flows with Financial Centers as a Share of Overall Flows, 2013-July 2022
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
C. ML/TF Risk Assessment
5. Finland has a detailed model for supervisory ML/terrorist financing (TF) risk assessment but could benefit from further review of what feeds into the ML/TF risk factors. All classical inherent risk factors (products, customer, geography, and delivery channel), as well as key internal controls, are considered in calculation of the risk-score. In addition to the risk-score, the significance of the size of the business is separately considered in determining the depth of engagement. To fully align with a riskbased approach, the significance of size should be factored into inherent risk calculation instead of as a standalone assessment. The model could also benefit from more granular data input, including transaction-level information.
D. AML/CFT Supervision
6. The authorities carry out a combination of offsite and onsite supervision of banks, and work is underway to enhance the effectiveness of these activities, which may also necessitate an increase in resources. While an inspection plan is formed on an annual basis, a documented supervisory strategy for the banking sector would enhance the effectiveness of the risk-based supervision of banks. An updated assessment of the adequacy of the current level of resources should be carried out once the minimum engagement model has been reviewed and updated. While the annual number of onsite inspections has increased since 2019, in line with the development of a supervisory strategy, the AML Division may need to consider stepping up the level of onsite activities.
E. Virtual Assets & Virtual Asset Service Providers (VASPs)
7. While Finlan d’s VASP sector is small, aligning the domestic legal framework with the FATF recommendations and greater tailoring of risk tools for the sector is key for effective supervision. Finland has a small VASP sector comprising 11 registered VASPs. While the legal framework sets out a detailed assessment for VASP registration, limitations in coverage (gaps in the definition of VASPs and absence of registration requirements for VASPs which are incorporated in Finland but provide and market services exclusively outside of Finland) can affect the strength of market entry controls. The lack of provision for the ‘travel rule’ for virtual asset transfers also presents a lacuna in the domestic legal framework. VASPs are subject to the Finnish Financial Supervisory Authority’s risk tools, including entity and sectoral risk assessment models and supervisory returns, which would benefit from further tailoring for the VASP sector to allow risk-based coverage. The authorities should ensure active supervision in the sector commensurate with assessed risk levels, with appropriate upskilling as needed, and proactively identify and sanction unauthorized VASPs.
Annex VI: Iceland - Executive Summary
A. Background
1. Money laundering cases in the Nordic-Baltic region have exposed financial stability and integrity risks to the integrated Nordic-Baltic banking sector, however, the impact on Iceland has been less pronounced. These cases attracted international scrutiny on the effectiveness of anti-money laundering/combating the financing of terrorism (AML/CFT) supervisory regimes throughout the region. Iceland’s banking sector is comparatively small and domestically focused, and low levels of nonresident deposits and cross-border activity. Given this context, Iceland experienced less spillover effects from regional ML cases. However, the cases serve as a reminder of the high inherent money laundering/terrorist financing (ML/TF) risk associated with cross-border payments and the need for effective AML/CFT systems and controls to mitigate the ML/TF risks associated with non-resident activities.
B. Financial Flows Analysis
2. The limite d geogra phical reach of I celan d ’s payments activity, which is also well ex plaine d by the economic fundamentals reduce the inherent ML risk exposure. Based on the staff’s analysis of payments data1, among the Nordic-Baltic region, Iceland has the lowest levels of aggregate crossborder financial flows, most limited geographical reach of financial flows, and the least material flows when benchmarked against GDP and the value of deposits in the country. Iceland’s cross-border financial flows have remained stable since 2013, with a slight reduction during the period of Financial Action Task Force’s (FATF) increased monitoring (‘grey-listing’). Iceland’s flows are predominately with the EU, G7, and Nordic-Baltic counterparty countries in line with Iceland’s main cross-border economic linkages. To further enhance the national understanding of ML/TF cross-border and non-resident risks, authorities could consider leveraging detailed payments data collection and incorporating additional sources of data (e.g., economic indicators, tax vulnerabilities abroad) into the national and sectoral risk assessments.
3. Iceland has minimal flows with higher risk countries (as identified by authorities), low levels of outlier cross-border payments and financial flows insufficiently explained by the economic fundamentals. Authorities rely on the list of jurisdictions under the FATF increased monitoring and the European Union’s list of high-risk third countries. The countries on these lists accounted for a minimal share of Iceland’s aggregate flows since 2020. Iceland also has the lowest number of countries with flows insufficiently explained by the economic fundamentals of any country in the region and the highest average value of economic linkages with its counterparty-countries, indicating a strong link between the cross-border payments’ value and underlying economic activity and lower ML risks. In addition, Iceland had insignificant outlier payments activity as identified by AML screening of cross-border payments using machine learning methods. Iceland also has the least material correspondent banking activity in the region, indicating lower ML risk from provision of correspondent banking services. While the overall ML risk of cross-border and non-resident activity is low, the country could benefit from developing a higher-risk country list based on financial flows analysis and country-specific risk factors in coordination with all relevant AML/CFT agencies.
4. I celand’s financial flows with I nternational Financial Centers (IFCs)2 have accelerated in recent years. Notably, the financial flows with Ireland and Luxembourg have increased as the two countries have become Iceland’s top-10 payments counterparties. However, the level of flows with these two IFCs could be explained by the economic fundamentals, primarily investment flows. In contrast, less material flows with five IFCs are insufficiently explained by the economic fundamentals.
C. ML/TF Risk Assessment
5. The understanding and assessment of ML/TF risks in the banking sector has improved, further refinements to the supervisory risk assessment tools and increased data collection will enhance the accuracy of the authorities’ focus for risk-based supervision of banks. Leveraging the development of a national higher risk country list (noted above), supervisors should incorporate a more comprehensive analysis and list of high-risk jurisdictions as part of supervisory activities. The sectoral risk assessment for banks would benefit from greater granularity in determination of risk variables and emphasis on product risks in the calculation of inherent risks. The risk assessment model, for entity-level assessments, could be further developed to ensure a clearer delineation between inherent risk and AML/CFT systems and controls. While positive steps have been taken to better incorporate data into the supervisory ML/TF risk assessment, further data (including transaction-level and financial flows analysis) could be captured as part of AML/CFT supervisory returns and opportunities to invest in the data analysis toolkit should be explored.
D. AML/CFT Supervision
6. Significant efforts have been made to enhance the AML/CFT risk-based supervision of banks, however, ban k’s AM L/C FT systems and controls are still maturing. The authorities have conducted thorough full-scope inspections of all banks, since the FATF Mutual Evaluation in 2018 and, going forward, a greater focus on thematic inspections is a welcome step. In some instances, the pace of completion of inspections has been slow. In order to drive meaningful change in the levels of AML/CFT compliance and the effectiveness of AML/CFT controls in banks (in particular, enterprise ML/TF risk assessment, customer due diligence and suspicious transaction reporting), an enhanced supervisory presence and more targeted efforts would be beneficial, along with an increased pace in the completion of inspections.
E. Virtual Assets & Virtual Asset Service Providers (VAs & VASPs)
Iceland has established a registration regime for VASPs established in or operating in the country, and efforts should continue to detect unlicensed activities. Applicants as VASPs are required to provide detailed information on their proposed activity and place of business, and proposed AML/CFT preventive controls, as well as information on board and management, shareholders, and beneficial owner. Given the borderless and transient nature of VAs, unlicensed activities may go undetected unless active monitoring is conducted. While the CBI is actively monitoring VA activities, an expanded toolkit to identify unauthorized VASPs (particularly foreign unauthorized VASPs serving Icelandic residents)3 would strengthen these detection efforts.
Annex VII: Latvia - Executive Summary
A. Background
1. Latvia’s aggregate financial flows are one of the smallest in the region on an absolute and relative basis and indicating lower money laundering threats from cross-border payments. While the geographical proximity to the Commonwealth of Independent States (CIS) countries was an important factor contributing to higher money laundering risks in early 2010s, the associated cross border and nonresident activity have decreased considerably as a consequence of anti-money laundering/combating the financing of terrorism (AML/CFT) reform in 2018. Despite the nascency of the virtual asset (VA) sector in Latvia, VA activities is a source of emerging cross-border money laundering and terrorist financing (ML/TF) risk.
B. Financial Flows Analysis
2. The value of Latvia’s cross-border payments, and the associated ML risks, have contracted sharply following the financial sector reforms in 2018. The composition of Latvia’s aggregate flows has changed significantly since 2017, most notably as a result of sharp reductions in flows with CIS and International Financial Centers (IFCs)1. Average aggregate monthly flows with CIS and IFCs have dropped by around 90 percent from 2013 to 2022. These significant reductions in flows with potentially higher-risk country groupings have reduced the overall ML risk from Latvia’s cross-border and nonresident activity. The European Union and Nordic-Baltic countries, notably Lithuania, Germany, and Estonia, have been Latvia’s largest payments counterparties. This fundamental shift in cross-border payment to countries with generally lower levels of exposure to criminal proceeds has lowered the ML risks facing Latvia.
Latvia Inflows, Outflows, and Net Flows, 2013-July 2022
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
3. Following the reduction in cross-border financial flows between 2013-20 1 8, Latvia’s flows are mostly explained by the economic fundamentals and immaterial with the rest of the countries. Latvia has immaterial payments with a majority of countries-such limited geographical reach also contributes to the decreasing ML risks. Based on the staff’s analysis of cross-border payments data2, among the main counterparties, payments with Estonia, Sweden, Finland, Poland, and Russia (almost halted since the invasion of Ukraine) could be explained by the economic fundamentals. However, the inflows from Lithuania, which became Latvia’s main payments counterparty3, as well as outflows to Germany and the United Kingdom are not sufficiently explained by the economic fundamentals with a high level of identified outlier activity. National understanding of ML/TF risk is based on the 2020 national risk assessment, which analyses in detail cross-border and non-resident risks facing the country, represents good practices for coverage of cross-border ML/TF risks. The cross-border ML/TF risk analysis could further benefit from incorporating analysis of the economic linkages that underly crossborder financial flows and of the cross-border aspects of business models of financial institutions and their client base.
4. The authorities developed a methodology to assess country risk on the financial sectoral level, taking into account a variety of external sources of information using multiple ML/TF-relevant criteria. Latvia has immaterial flows with higher-risk countries on the Financial Action Task Force (FATF) and the European Commission lists of higher ML/TF risk countries as well as with low tax jurisdictions as identified by Latvia’s Cabinet of Ministers. However, flows with some IFCs, such as Switzerland, Hong Kong, Singapore, and the UAE, are not sufficiently explained by the economic fundamentals, while some IFCs have an outlier pattern of payments (Luxembourg) or an accelerating trend (Ireland). Latvia’s payments are increasing and are insufficiently explained by the fundamentals with several CIS (Kazakhstan, Azerbaijan) and Balkan countries (Albania, Montenegro). The Financial and Capital Market Commission (FCMC) developed a methodology to assess country risk on the level of the financial sector, which can be enhanced to focus on the countries with the most material flows with Latvia and to consider Latvia-specific ML/TF cross-border threats building on the analysis of underlying economic linkages.
C. ML/TF Risk Assessment
5. The authorities follow the standard approach to supervisory ML/TF risk assessment and consider all relevant ML/TF inherent risk4 factors and AML/CFT internal controls.5 The authorities have a detailed approach to the assessment of ML/TF risk. However, the further improvements are recommended in the methodology. The weightings assigned to inherent risk versus control environment would benefit from further consideration, and product risk should be attributed to more focus. The authorities aim to focus their analysis (supported by data gathered from supervised banks) on the risk that the customer or its beneficial owner could be linked to a country or territory whose economic, social, legal, or political circumstances may indicate high ML/TF/proliferation financing risks. While country risk, in so far as it relates to customers, is an important consideration, the authorities should extend assessment scope to include analysis of import/export related flow.
D. AML/CFT Supervision
6. In recent years, the FCMC has enhanced its supervisory approach to determine the depth of engagement by entity risk levels and to implement a minimum engagement model and appears adequately resourced to deliver on the level of activities set out model.6 AML/CFT supervisory activities for banks include full and targeted onsite inspections, off-site targeted inspections, and deskbased reviews. The customer due diligence sample testing methodology would benefit from further enhancement and refinement (for example, the methodology does not include specific details for the review of existing customers for supervisors to assess the quality of ongoing customer due diligence measures, i.e., the focus is on newly onboarded customers).
E. VAS & Virtual Asset Service Providers (VASPs)
7. VASPs must register with the State Revenue Service, but no market entry controls are in place. Any person/entities undertaking VASPs services are required to register with the State Revenue Service (SRS) as an obliged entity under the AML/CFT Law and provide information on their money laundering reporting officer and nine VASPs are currently registered with the SRS. The legal framework does not adequately provision for the adaptation of the wire transfer rule to virtual assets, the so-called ‘travel rule.’ In a welcome step, the authorities are in the process of setting up a licensing regime for VASPs and the legal framework is expected to enter into force in 2024. Further efforts to develop the VASP supervisory regime and a tailored minimum engagement model would also strengthen the framework.
Annex VIII: Lithuania - Executive Summary
A. Background
1. While banks appeared to have a good understanding of money laundering (ML) risks, the sector was hit by several international ML scandals.1 As at the end of 2022, Lithuania has 6 banks, 7 specialized banks, and 6 foreign bank branches. Of these foreign branches, 3 are Estonian, 1 from Denmark, 1 from Finland, and 1 from Latvia. As such, the Lithuanian banking landscape is limited in size and concentrated, with two entities controlling most of the assets heavily focused on its domestic customer base,2 but non-resident deposits are increasing. While Lithuania’s improvements in the overall AML/CFT framework have been noted by MONEYVAL and other international observers, the banking sector still faces challenges (discussed further below) which need to be addressed through close cooperation and coordination by all competent institutions.
B. Financial Flows Analysis
2. Lithuania’s cross-border financial flows have increased since 2020. While Lithuania’s cross border financial flows have grown significantly in recent years, they remain less material than the flows for many other countries in the region, with the country among the lowest flows to GDP ratios in the Nordic-Baltic region.3 In line with the economic crosscountry linkages, EU and G7 countries are Lithuania’s largest payments counterparties, with Germany, Poland, the UK, and the US in particular large counterparties in both directions. The country’s increased crossborder and non-resident activity, facilitated by Fintech payment and electronic money institutions, merits closer scrutiny from ML/terrorist financing (TF) risk perspective. Authorities should expand the National Risk Assessment to cover the analysis of ML/TF risks from nonresident activity and cross-border payments and reflect the evolution of the financial sector, particularly the financial integrity risks inherent in the business models of payment service providers.
Lithuania’s Inflows, Outflows, and Net Flows, 2013-July 2022
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
3. Lithuania has material financial flows with a high number of countries, but the flows with majority of the countries are explained by the economic fundamentals. Based on the staff’s analysis of cross-border payments data,4 Lithuania has material financial flows with 100 jurisdictions, with flows with majority of Lithuania’s top payment counterparties being explained by the economic fundamentals. Notably, accelerating flows in both directions with the U.K.,5 Lithuania’s main payments counterparty, as well as outflows to Switzerland, are insufficiently explained by the fundamentals. In addition, financial integrity screening of financial flows using machine learning identified a high level of outlier activity in Lithuania’s rapidly increasing financial flows since 2020, including the main destinations for outflows outliers from Lithuania - the U.K., Luxembourg, and Germany, followed by Switzerland and Ireland. Given the evolution of Lithuania’s financial sector and growth in cross-border and non-resident activity, authorities should consider developing a national mechanism for comprehensive monitoring of trends in cross-border financial flows and assessing associated ML/TF risks.
4. For the identification of higher-risk countries, Lithuanian authorities rely primarily on the Financial Action Task Force (FATF) grey list, the European Commission (EC) higher-risk third country list, and the Ministry of Finance’s list of target territories. Lithuania has low level of financial flows with FATF and EC higher-risk countries and minimal flows with target territories. In contrast, international financial centers6 are the largest grouping of jurisdictions with increasing financial flows with Lithuania, insufficiently explained by the fundamentals, including Switzerland, Hong Kong, Singapore, United Arabs Emirates, Gibraltar, Isle of Man, Liechtenstein, and Jersey. While flows with CIS countries, historically a region of elevated ML threat to Lithuania, have substantially decreased since the invasion of Ukraine, due to a sharp contraction of flows with Russia and Belarus, Lithuania has increased payments, insufficiently explained by the fundamentals, with several Commonwealth of Independent States countries -Georgia, Azerbaijan, Moldova, Kyrgyzstan, Armenia. Authorities should develop and operationalize an understanding of ML/TF higher-risk countries based on Lithuania-specific risk factors in coordination with all relevant anti-money laundering and combating the financing of terrorism (AML/CFT) agencies. In particular, it could be beneficial to refocus the enhanced monitoring on jurisdictions with substantial flows that have the potential for material ML threat.
C. ML/TF Risk Assessment
5. Although the understanding and assessment of ML/TF risks in the banking sector have improved, further refinements to the supervisory risk assessment tools and increased data collection will enhance the accuracy of the authorities’ focus on risk-based supervision of banks. While improvements have been made to the supervisory ML/TF risk assessment, formalizing recent changes to the model should be prioritized. The model should increase focus on product risk in calculating inherent risk. The Bank of Lithuania (BoL) risk assessment methodology assesses elements of key inherent risk7 factors and AML/CFT internal controls. Customer risk could benefit from consideration of an expanded list of indicators, including exposure to specific categories of clients that pose high ML/TF risk, in step with increased weightage. BoL should expand the range of risk indicators considered in assessing product risk, leveraging the development of a national higher-risk country list (noted above). Supervisors should incorporate a more comprehensive analysis and list of high-risk jurisdictions as part of supervisory activities. There is a broad range of residual ratings assigned to banks (high, medium-high, medium-low, and low). The authorities should explore whether this broad range remains accurate or points to the need for further methodological refinements.
D. AML/CFT Supervision
6. The BoL has enhanced its AML/CFT supervision framework and implements a detailed minimum engagement model to guide risk-based supervisory engagement that would benefit from an ongoing review to ensure its appropriateness. AML/CFT supervisory activities for banks include full and targeted onsite inspections, full and off-site targeted inspections, and desk-based reviews. The level of AML/CFT inspections of banks would benefit from further consideration to ensure there is adequate onsite presence. In addition, a more strategic move away from full-scope AML/CFT inspections may be useful, as resources may not permit a full-scope AML/CFT inspection. The authorities should consider reducing the period between inspections but allowing greater flexibility in the “type” of inspection that must be carried out.
E. Virtual Assets & Virtual Asset Service Providers (VASPs)
7. Lithuania’s sizeable an d ra pi d ly growing virtual asset sector p oses significant ML/TF risks, amendments to the AML/CFT Law in 2019 and 2022 have set out a detailed legal framework for VASPs, but a few gaps remain. While the latest amendments have increased requirements for VASPs seeking registration, in practice, there is no market entry control in place prior to the commencement of the activity. The law does not provide for screening of VASP applications to assess compliance with the registration requirements or provide the designated authority an option to reject applications based on this assessment. Efforts to ensure effective risk-based supervision of VASPs should continue.
Annex IX: Norway - Executive Summary
A. Background
1. Norway has a large number of banks when compared to regional peers, with 106 domestic banks and 35 foreign branches and the exposure to non-resident deposits is also among the highest in the region. Norway has undertaken a systemic reform following FATF’s mutual evaluation process and have noted improvements in banks’ compliance with anti-money laundering/combating the financing of terrorism (AML/CFT) requirements and the implementation of effective systems and controls. However, banks’ preventive frameworks are still maturing, and further efforts are required in several areas, notably AML/CFT business risk assessment and transaction monitoring which are particularly important given the cross-border risks faced.
B. Financial Flows Analysis
2. N orway’s cross-border financial flows have remained fairly stable since 2016, with accelerating trend since mid-2021. Based on the staff’s analysis of cross-border payments data1, value of Norway’s aggregate cross-border financial flows is close to Nordic-Baltic median when benchmarked against GDP and the value of deposits in the country, with both inflows to and outflows from Norway growing since mid-2021. Majority of Norway’s financial flows are with G7 and EU counterparties, in line with the main cross-border economic linkages, while flows with Commonwealth of Independent States are at a low level. Norway has material financial flows with 127 jurisdictions and while this materiality is to be expected given Norway’s position with an open economy and financial sector, as well as extensive cross -border economic linkages, such extended geographical reach of Norway’s financial sector increases the ML risks it is facing. Norway would benefit from further enhancing national understanding of money laundering/terrorist financing (ML/TF) cross-border and non-resident threats, by incorporating additional sources of data (e.g., economic variables such as trade and investments) and other information (e.g., business models of financial institutions and their foreign linkages, tax vulnerabilities abroad) into the national/sectoral risk assessments.
3. Norway’s cross-border flows with majority of jurisdictions are explained by the economic fundamentals and have low levels of outlier payments activity. Among the main payment’s counterparties, the financial flows with the U.S., France and Netherlands are explained by the economic fundamentals. Notably, flows in both directions with the U.K, which remains Norway’s main payments counterparty, are not sufficiently explained by the fundamentals. Overall, most of the countries with financial flows not sufficiently explained by the economic fundamentals are International Financial Centers (IFCs),2 Middle East and, less materially, Balkan countries. Financial flows outliers in Norway are on one of the lowest levels in the Nordic-Baltic region, but recorded a slight uptick since late 2021, with the U.K. being the main destination for the outlier outflows, followed by Luxembourg, while Germany was the main source of inflows outliers. The authorities rely on external sources of information on higher-risk countries (Financial Action Task Force (FATF) and the European Commission); however, Norway has minimal financial flows with jurisdictions under the FATF increased monitoring and on the EU’s list of high-risk third countries. Norway would benefit from developing a deeper understanding of ML/TF higher-risk countries based on country-specific risk factors with a focus on the countries with the most material financial flows, in coordination with all relevant agencies with AML/CFT mandate.
4. Norway’s financial flows with IFCs have grown rapidly in recent years. The share of financial flows with IFCs has increased fourfold since 2018, predominately driven by a significant increase in flows with Luxembourg and Ireland, which became Norway’s main counterparties with payments marked by outlier activity and insufficiently explained by the economic fundamentals. IFCs are the country grouping with the highest number of jurisdictions with financial flows not sufficiently explained by the economic fundamentals and identified outlier activity, with outflows to Switzerland, Hong Kong, UAE, and Mauritius, as well as inflows from Jersey, Guernsey, and Monaco identified by both analytical approaches. Norway should consider closer cooperation and information sharing between the Tax Administration and the Financial Supervisory Authority of Norway (NFSA) and financial intelligence unit (FIU) to leverage further detailed payments data collection by the Currency Registry for the purposes of enhancing cross-border ML risk understanding, AML supervision and development of financial intelligence.
Aggregate Flows with Financial Centers as a Percentage of Total Aggregate Flows
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
C. ML/TF Risk Assessment
5. Norway has significantly invested in the formulation of supervisory ML/TF risk assessment tools and should continue to refine these tools to ensure their effectiveness and to adequately reflect evolving ML/TF risks. Norway has developed sector specific entity risk assessment models to guide the depth of supervisory engagement within each supervised sector. The risk model for the banking sector could benefit from further refinement, particularly through clear delineation between inherent risk and controls assessment, further deliberation on weightages for all classical inherent risk factors, and greater specificity in internal controls assessment. The banking sector’s risk assessment is based on detailed data collection across key classical risk factors (particularly customer risk inputs) which could be further enhanced, in the margins, to capture a wider range of risk indicators (including greater detail on product and delivery channel).
D. AML/CFT Supervision
6. While supervisors have a strong understanding of the ML/TF risks and demonstrate a good level of AML/CFT expertise, active supervisory engagement in the banking sector is constrained by a potential lack of resources, signaling the need for the formulation of a minimum engagement model. While the NFSA identifies AML/CFT supervision as an institutional priority, resource limitations may be causing an unintended de-prioritization of resource-intensive supervisory activity, such as onsite inspections. An appropriately calibrated minimum engagement model could assist the authorities to determine the required level of resources in order to carry out effective supervision, in line with a risk-based approach. In a welcome move, the NFSA has developed detailed modules to guide supervisory activity and engages a broad skill set (including IT expertise) in the assessment of banks’ controls systems. The move towards thematic/targeted inspections (from full-scope inspection) is also consistent with supervisory good practices, and the NFSA should ensure that the choice of themes is risksensitive.
E. Virtual Assets & Virtual Asset Service Providers (VASPs)
7. The limited size of the registered VASP sector allows for sufficient supervisory focus; however, aligning the domestic legal framework with the FATF recommendations and formulation of sector-specific risk tools will be key for future risk-based engagement. Norway’s small VASP sector comprises 9 registered VASPs with 3 accounting for 98% of the market share in customers. The registration framework allows for detailed assessment at the time of registration, but the gaps in the definition of VASPs (i.e., only service provides offering exchange and custodial services are obliged entities in Norway’s domestic legal framework) could affect the strength of entry controls. While the NFSA conducts risk assessments as part of the supervisory engagement, the formulation of a specific risk model for the sector will ensure a consistent understanding of risk. Notably, the NFSA has formulated tailored returns of the VASP sector which can help bridge data gaps in the sector and will be a key input for a risk model. Subjecting VASPs to an overall minimum engagement model will also help ensure risksensitive supervisory focus and help with the overall prioritization of NFSA resources across supervised sectors.
Annex X: Sweden - Executive Summary
A. Background
1. Sweden has a comparatively extensive banking sector compared to other countries in the Nordic-Baltic region and has exposure to non-resident deposits. The country has been affected by several international banking scandals.1 As of the end of 2021, there were 88 domestic banks and 33 branches of foreign origin2. The foreign subsidiaries of some Swedish banks were affected by allegations of suspicious money laundering activities, leading to an increased supervisory crackdown. As a consequence, fines were imposed on Swedish banks in 2020, due to deficiencies in their work to combat money laundering in the foreign subsidiaries.
B. Financial Flows Analysis
2. Sweden’s cross-border financial flows have increased steadily since 2013. Most of Sweden’s cross-border payments are with the EU and G7 countries, with the U.K., Denmark, Norway, Germany, and the U.S. as the main payment counterparties. The share of the EU countries has been increasing, while payments with the Commonwealth of Independent States countries, historically a region of elevated money laundering (ML) threat to the Nordic-Baltic countries, are minimal. Sweden’s crossborder activity is highly material to the country, as its ratio of cross-border payments’ value to GDP, and the value of deposits is the highest in the Nordic-Baltic region. The authorities should consider developing a national mechanism for comprehensive monitoring of macro-trends in cross-border financial flows, including correspondent payments, to identify and assess money laundering and terrorism financing risks.
3. Swe den’s cross-border financial flows have a wide geographic spread, but the flows with the majority of countries-counterparties could be explained by the economic fundamentals. Sweden’s banks have extended geographical reach and material financial flows with 135 jurisdictions, which increases the ML threats facing the country. However, the staff’s analysis of cross-border payments data3 indicates a strong link between the value of cross-border payments and underlying economic activity for the majority of counterparty countries. Payments with the U.K., which have been decreasing since mid-2018, along with the accelerating payments with Germany and Luxembourg, are insufficiently explained by the economic fundamentals among the main counterparties. In addition, financial integrity screening of financial flows using machine learning identified increasing outlier activity in Sweden since early 2021, with Belgium being the main destination for outflows-outliers from Sweden and Ireland being the main source of inflows-outliers to Sweden. The authorities should further enhance the national understanding of ML cross-border and non-resident risk by incorporating additional sources of data (e.g., on foreign trade and investments) and other information (e.g., business models of payment service providers) into the national/sectoral ML/terrorist financing (TF) risk assessments.
4. Swedish authorities identify higher-risk countries across different types of ML risks, taking into account the Financial Action Task Force (FATF) grey list and the European Commission’s (EC) -higher risk third country list. Sweden has minimal payments with FATF and EC higher-risk countries and developed its own understanding of higher-risk countries and the types of crossborder ML risks they pose. In particular, the share of the International Financial Centers (IFCs) 4 in Sweden’s payments has doubled since 2017, and IFCs account for almost a third of jurisdictions with payments insufficiently explained by the economic fundamentals, including Luxembourg, Ireland, Switzerland, Hong Kong, Singapore, United Arab Emirates, Liechtenstein, Isle of Man, and Gibraltar. In addition, rapidly growing flows with IFCs, importantly with Luxembourg and Ireland, as well as with the U.K. were flagged by both outlier detection algorithms and economic fundamentals analysis. Other non-IFC countries with flows insufficiently explained by the economic fundamentals include Thailand, Romania, Mexico, Kenya, Uganda, Georgia, Qatar, Oman, and Iraq.
Sweden’s Flows with Financial Centers as a Share of Overall Flows, 2013-July 2022
Citation: IMF Staff Country Reports 2023, 320; 10.5089/9798400252389.002.A001
C. ML/TF Risk Assessment
5. The authorities appear to follow the standard approach for the supervisory ML/TF risk assessment and consider all relevant ML/TF inherent risk5 factors and anti-money laundering and countering financial terrorism (AML/CFT) internal controls.6 While the information on the levels of cross-border transactions is sought, granular detail on the countries involved is not gathered as part of the questionnaire. Therefore, consideration should be given to expanding the scope of banks’ periodic reporting to inform the ML/TF risk assessment and understanding. In a welcome step, Finansinspektionen has initiated a dialogue with Sveriges Riksbank to enhance ML/TF risk understanding through the collection of more granular data and information from banks. Although the number of correspondent banking relationships has decreased significantly in later years, the value of correspondent banking transactions through Sweden has increased steadily since 2013-2014, and supervisors should consider assessing the ML/TF risks associated with correspondent banking on a tiered risk categorization basis (i.e., ranging from low ML/TF risk relationships to high). This could be largely driven by the bank’s internal assessment that would then require challenge and assessment through ongoing supervisory activities.
D. AML/CFT Supervision
6. The authorities carry out a mix of full-scope and targeted supervisory activities and should continue efforts to strengthen the AML/CFT risk-based supervision of banks. While the authorities are carrying out both onsite and offsite supervision of banks each year, several planned activities have been delayed, and the adequacy of resourcing should be considered in line with a minimum engagement model. Supervisory activities can involve a deep dive into the general ML/TF risk assessment, policies and procedures, risk classification of customers, customer due diligence and transaction monitoring, or more targeted attention focusing on the bank’s ML/TF risk assessment or customer due diligence. To ensure that supervisory activities target the highest risk and most relevant topics the selection of specific supervisory activities (e.g., onsite versus offsite), depth (full scope or thematic) or the thematic areas that are covered (e.g., transaction monitoring, CDD) should be carefully considered before each inspection, well documented, and reviewed after its’ conclusion.
E. Virtual Assets & Virtual Asset Service Providers (VASPs)
7. Although the risk of misuse of virtual assets for AML/CFT purposes is still limited, efforts should continue to strengthen the AML/CFT legal framework to properly regulate and supervise virtual assets service providers. Sweden has a detailed registration regime and a small VASP sector comprising of 10 registered VASPs. Sweden’s AML/CFT regime covers all categories of VASPs (as defined in the FATF standards). The framework is not fully aligned with the FATF standards in lowering the occasional transactions threshold for VASPs and the current legal framework does not provide for the adaptation of the wire transfer rule to virtual asset transfers, i.e., the travel rule. The revised EU regulation is however due to enter into force shortly. In line with the collection of more granular, ML/TF risk-relevant information on banks, this work should also encompass VASPs. Efforts to effectively supervise VASPs should continue.
References
Altunbaş, Y, Thornton, J, Uymaz, Y., (2022), “Money laundering and bank risk: Evidence from U.S. banks”. International Journal of Finance & Economics; Vol. 26, pp. 4879-4894. https://doi.org/10.1002/ijfe.2044
Armour, J., Mayer, C. and A. Polo, (2017), “Regulatory Sanctions and Reputational Damage in Financial Markets”, Journal of Financial and Quantitative Analysis, Vol. 52(4), pp. 1429-1448. doi:10.1017/S0022109017000461
Bouveret, A. and J, Yu, (2021), “Risks and Vulnerabilities in the U.S. Bond Mutual Fund Industry”, IMF Working Paper No. 21/109.
Danish Financial Services Authority (DFSA), (2018), “Danske Bank’s follow-up to the Estonia case”, Press release, October.
Danmarks NationalBank (DNB), (2018), Financial Stability Analysis, 2nd half 2018.
Erbenova, M., Y., Liu, N. Kyriakos-Saad, A. Lopez-Mejia, G. Gasha, E. Mathias, M. Norat, F. Fernando and Y. Almeida, (2016), “The Withdrawal of Correspondent Banking Relationships: A Case for Policy Action”, IMF Staff Discussion Note SDN/16/06, June.
European Banking Authority, (2020), “Opinion of the European Banking Authority on how to take into account ML/TF risks in the Supervisory Review and Evaluation Process”, November.
European Banking Authority, (2022a), “EBA launches today ’EuReCA’, the EU’s central database for anti-money laundering and counter-terrorism financing”, Press release, January
European Banking Authority, (2022b), “Q2 Risk Dashboard”, October.
European Banking Federation (2023), “Data on national banking sector”.
European Central Bank, (2019a), “‘Failing or Likely to Fail’ Assessment of ABLV Bank, AS”.
European Central Bank, (2019b), “Implications of bank misconduct costs for bank equity returns and valuations”, Financial Stability Review, November.
European Parliament, (2018), “Money laundering - Recent cases from a EU banking supervisory perspective”, In-depth analysis, April.
European Systemic Risk Board, (2015), “Report on misconduct risk in the banking sector”, June.
Farelius, D, Ingves, S. and M. Jonsson, (2020), “Financial integration in the Nordic-Baltic region vis-a-vis the EU: A Swedish perspective”, SUE RF Policy Note No. 189, August.
International Monetary Fund, (2018), “Euro Area Policies: Financial Sector Assessment Program-Technical Note-Stress Testing the Banking Sector”, IMF Country Report No. 2018/228, July 2018
International Monetary Fund, (2020a), “Malta —2020 Article IV Consultation”, Country Report No. 2020/98.
International Monetary Fund, (2020b), “United States: Financial Sector Assessment Program-Technical Note-Risk Analysis and Stress Testing the Financial Sector”, Country Report No. 2020/247.
International Monetary Fund, (2022), “Nordic-Baltic Project Financial Flow Analysis and AML/CFT Supervision”, Presentation 13 October.
Jobst, A., Lian Ong L. and C Schmieder, (2017), “Macroprudential Liquidity Stress Testing in FSAPs for Systemically Important Financial Systems”, IMF Working Paper No. 17/102.
Köster, H, and M. Pelster, (2017), “Financial penalties and bank performance”, Journal of Banking and Finance, Vol. 79, pp. 57-73. https://doi.org/10.1016/j.jbankfin.2017.02.009.
Köster, H, and M. Pelster, (2018), “Financial penalties and banks’ systemic risk”, Journal of Risk Finance, Vol. 19(2), pp. 154--173. https://doi.org/10.1108/JRF-04-2017-0069.
Rind, A. A., Sarang, A. A. A., Kumar, A., & Shahbaz, M. (2022). “Does financial fraud affect implied cost of equity?”International Journal of Finance & Economics, 1-17. https://doi.org/10.1002/ijfe.2639
The report was prepared under the oversight and guidance of Mr. Chady El Khoury (Deputy Division Chief, IMF Legal Department). The authors would like to thank the European Department, Mr. Mindaugas Leika and Mr. Ivo Krznar (the Monetary and Capital Markets Department) for their comments and advice throughout the project. The authors would also like to acknowledge Ms. Halla Alsulami, Mr. Luke Rowe, and Mr. Omar Haddad, externs at the IMF Legal Department, for their research assistance with this report, and Grant Riekenberg, for his support in the completion of this project.
Referred hereafter as financial integrity (FI) events Referred hereafter as financial integrity (FI) events.
The six largest cross-border Nordic banks account for 40 to 75 percent of lending in the region (Farelius et al., 2020). Relatedly, foreign branches and subsidiaries account for the majority of banking sector assets in Estonia, Latvia and Lithuania (EBF, 2023).
The provision of correspondent banking services, where a bank, in accordance with a contract or other agreement, makes payments on behalf of or used for depositing of funds of another financial institutions, is not included in the calculation of payments by customers of financial institutions and is analyzed separately (Section E).
The payments data analyzed also does not capture fully credit and debit card payments and the settlement arrangements for some money transfer services might differ from the origination and destination country of a payment.
When benchmarked against regional GDP, the volatility in year-on-year flows is reduced, indicating aggregate flows at a regional level are at least in part driven by changes in GDP.
The payments data is aggregated on a monthly basis on a bank payments corridor level, including the value and volume of payments. Importantly, the customer and purpose of the payment information was not available for this analysis.
R squared for regional inflows and outflows of 0.94.
Denmark, Finland, Sweden, Iceland, Estonia, Lithuania.
The data for Lithuania used in this report does not capture fully payments via Bank of Lithuania’s payment system CENTROlink. For more information on ML/TF aspects and materiality of CENTROlink operations please see “Reinforcing Money Laundering Risk Mitigation in Lithuania”.
Includes founding states of the Commonwealth of Independent States and former member states.
As defined in the past lists of Offshore Financial Centers as part of IMF’s Assessment Programs: Past IMF Staff Assessments on Offshore Financial Centers Sorted by Jurisdiction. The list does not include large international fullservice centers with advanced settlement and payments systems that support large domestic economies, with deep and liquid markets, and where legal and regulatory frameworks are adequate to safeguard the integrity of principalagent relationships and supervisory functions.
Includes founding states of the Commonwealth of Independent States and former member states.
For recommendations throughout the report: "should” is used on items that the IMF views as particularly important to ensure effectiveness and are items that will translate into other workstreams. For example, those with macro-critical importance.“Should consider” is used where the authorities should take away the recommendation and complete some level of analysis to determine whether/how to implement it..“May explore” and “could” are used to recommend items that would benefit authorities’ efforts but the authorities may elect to not explore.
The analysis presented in this section and in Figure 10 draws on the FATF Grey list and EC higher-risk country lists as of January 2023. As a result, changes in the countries on the list will mean the exact shares presented in the analysis are not fully reflective of the past periods. Review of previous countries on the list indicates there was not former list members that would have significantly increased these lists share of regional flows, other than Iceland’s inclusion on the FATF grey list in 2019-2020.
Possible countermeasures are also listed in paragraph 20 of the FATF Interpretive Note to Recommendation 10, which in addition includes: (c) Refusing the establishment of subsidiaries or branches or representative offices of financial institutions from the country concerned. (d) Prohibiting financial institutions from establishing branches or representative offices in the country concerned, or otherwise taking into account the fact that the relevant branch or representative office would be in a country that does not have adequate AML/CFT systems. (e) Limiting business relationships or financial transactions with the identified country or persons in that country. (f) Prohibiting financial institutions from relying on third parties located in the country concerned to conduct elements of the customer due diligence process. (g) Requiring financial institutions to review and amend, or if necessary, terminate, correspondent relationships with financial institutions in the country concerned. (h) Requiring increased supervisory examination and/or external audit requirements for branches and subsidiaries of financial institutions based in the country concerned. (i) Requiring increased external audit requirements for financial groups with respect to any of their branches and subsidiaries located in the country concerned.
The economic fundamentals analysis in this section uses the payments data between January 2020 and July 2022, trade for goods statistics for 2020 and 2021 and macro-economic indicators since January 2020.
Geographic reach is defined in this report as the number of jurisdictions with overall payments of 0.1 percent of given country’s annual GDP or USD 100 million (whichever is lower) during January 2020-July 2022 (material financial flows).
Sources of data for the macro-economic indicators: Direction of Trade Statistics, Corrdinated Portfolio Investment Survey, Coordinated Direct Investment Survey, OECD-WTO Balanced Trade in Services Database.
The threshold is set at 30 percent to capture cases in which the cross-border flows are significantly higher than underlying economic fundamentals.
However, the investment flows may not necessarily be reflected in actual movement of funds across border, as investments value may change due to the exchange rate movements, asset valuation reappraisal, balance sheet operations, etc.
We use an unsupervised model for anomaly detection based on the Isolation Forest (Fei Tony Liu, Kai Ming Ting, and Zhi-Hua Zhou, 2008).
Variety of exogenous shocks can result in outlier activity - for example, sudden changes in the pattern of payments due to the shift in the settlement arrangements of a bank.
Share of outliers in overall payments (by value) during January 2020 - July 2022.
This analysis includes only cross-border provision of correspondent banking services for payments purposes, which may differ from the authorities’ definitions of correspondent banking, including provision of correspondent services to domestic non-bank financial institutions.
Payments between financial institutions, which in SWIFT are Message Type 202, represent a low ML/TF risk in the region, given the maturity of the country’s financial sector and controls in place. Given this, the MT202 analysis presented is only for informational purposes and not part of recommendations generated as part of this report.
In the Figures presented ‘Free Format’ inflows and outflows occur when an originator or beneficiary do not have the relevant BIC-8 SWIFT code to be correctly attributed to a country. These Free Format codings occur mainly for smaller domestic financial institutions.
Cases have included unusual transactions with politically exposed persons, inadequate transaction monitoring systems, lack of harmonized compliance-related documents across foreign branches, de-centralized IT platforms, accounts for shell companies and sanction violations.
Risk-based Supervision guidance, FATF, March 2021, paragraph 104.
Financial Stability Institute Insights on policy implementation No 18, Suptech applications for anti-money laundering, Bank for International Settlements, (2019), https://www.bis.org/fsi/publ/insights18.pdf.
FINT RAC is one of 13 federal departments and agencies that play a key role in Canada’s AML/CFT regime. The Centre’s mandate is to ensure the compliance of businesses subject to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act and associated Regulations, and to generate actionable financial intelligence for police, law enforcement and national security agencies to assist in the investigation of money laundering and terrorist activity financing offences or threats to the security of Canada. The Centre acts at arm’s length and is independent from the police services, law enforcement agencies and other entities to which it is authorized to disclose financial intelligence.
Financial Stability Institute Insights on policy implementation No 18, Suptech applications for anti-money laundering, Bank for International Settlements, August 2019, p. 9 (link).
Bringing artificial intelligence to banking supervision, European Central Bank: Banking Supervision, 2023, https://www.bankingsupervision.europa.eu/press/publications/newsletter/2019/html/ssm.nl191113 4.en.html.
Financial Stability Institute Insights on policy implementation No 37, Suptech tools for prudential supervision and their use during the pandemic, Bank for International Settlements, December 2021, p. 11 (link).
The Use of Supervisory and Regulatory Technology by Authorities and Regulated Institutes: Market developments and financial stability implications, Financial Stability Board, October 9, 2020, p. 53.
Risk-based Supervision guidance, FATF, March 2021, paragraph 204-205.
The Use of Supervisory and Regulatory Technology by Authorities and Regulated Institutes: Market developments and financial stability implications, Financial Stability Board, October 9, 2020, p. 52.
Anti-money laundering and counter-terrorist financing measures, the Netherlands: Mutual Evaluation Report, FATF, p. 155.
Financial Stability Institute Insights on policy implementation No 37, Suptech tools for prudential supervision and their use during the pandemic, Bank for International Settlements, December 2021, p. 11 (link).
Financial Stability Institute Insights on policy implementation No 37, Suptech tools for prudential supervision and their use during the pandemic, Bank for International Settlements, December 2021, p. 18 (link).
Financial Stability Institute Insights on policy implementation No 37, Suptech tools for prudential supervision and their use during the pandemic, Bank for International Settlements, December 2021, p. 19 (link).
Source: Adapted from : https://www.eba.europa.eu/sites/default/documents/files/document library/News%20and%20Press/Communication%20materials/Factsheets/1025034/Factsheet%20on%20AML%20Colleges.pdf and https://www.eba.europa.eu/sites/default/documents/files/document library/News%20and%20Press/Communication%20materials/Factsheets/1025033/Factsheet%20on%20AMLCFT%20Methodology%20.pdf Source: Adapted from : https://www.eba.europa.eu/sites/default/documents/files/document library/News%20and%20Press/Communication%20materials/Factsheets/1025034/Factsheet%20on%20AML%20Colleqes.pdf and https://www.eba.europa.eu/sites/default/documents/files/document library/News%20and%20Press/Communication%20materials/Factsheets/1025033/Factsheet%20on%20AMLCFT%20Methodology%20.pdf
The EBA Guidelines on cooperation and information exchange between prudential supervisors, AML/CFT supervisors and financial intelligence units.
Based on the timeframe for the project, the analysis was conducted prior to the publication of the EBA fourth Opinion on money laundering and terrorist financing risks across the EU.
The scope of this project did not involve an analysis of past and existing data protection requirements.
FATF, Stocktake on Data Pooling, Collaborative Analytics and Data Protection (2021).
DBS, OCBC, UOB, Standard Chartered Bank, Citibank, and HSBC.
This proof of concept was developed by the BIS Innovation Hub, Nordic Center in partnership with Lucinity, an Icelandic AI company.
The level of traceability varies with type of crypto-assets, with CA relying on open distributer ledger technology allowing greater traceability, while others (including anonymity enhanced cryptocurrency) could have design features to reduce traceability. Further, technological solutions (including mixers, tumblers etc.) also exist to hinder traceability.
The recast Transfer of Funds Regulation (TFR) extends the travel rule to CASPs. The TFR requires that transfers of crypto-assets be accompanied by specified originator and beneficiary information. These requirements apply regardless of the amount of transfer and are applicable to both domestic or international transactions. The regulations also include provisions related to transfers from self-hosted addresses. The revised TFR will come into effect after the 18 month transition period. (REGULATION (EU) 2023/1113 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on information accompanying transfers of funds and certain crypto-assets and amending Directive).
High profile AML/CFT banking failings events refers in this report to the set of events such as: 2018 ABLV Bank, 2018 Danske Bank, 2019 Swedbank, 2019 Nordea. Those events involved high AML/CFT failings and led to exposing stability and integrity risks to the highly integrated NB financial sector and attracted international scrutiny throughout the region.
For example, the Iceland 2019 Art IV Consultation Staff Report.
This work remains exploratory, and preliminary results are therefore subject to uncertainty due to the lack of empirical benchmark and the very small sample size of FI events.
The annex provides additional information on the methodology used.
Bank liquidity could also be impacted on the asset side, if FI issues negatively affect the bank counterbalancing capacity though a fall in value (as in IMF (2019)) or, in an extreme case, if foreign banks counterparties stop interacting with the bank in some currencies, making the bank unable to mobilise its holdings of liquid assets in foreign currency to meet deposit withdrawals. In the case of ABLV, a significant amount of its counterbalancing capacity was in USD bonds. However, after the publication by FinCEN of the draft measure to ban the bank from having a correspondence account in the US, ABLV was unable to find counterparties to sell its USD bonds to, making it unable to use its counterbalancing capacity to meet deposit outflows.
In this section, OFCs refer to Other Financial Corporations as defined by FIN REP as “all financial corporations and quasi-corporations other than credit institutions such as investment firms, investment funds, insurance companies, pension funds, collective investment undertakings, and clearing houses as well as remaining financial intermediaries and financial auxiliaries" (Annex V, Part 1, Paragraph 6, Article 35).
Based on the pilot, deposit outflows were estimated at 7 percent based on information reported by large crossborder banks. Actual outflows could be higher: ABLV bank experienced deposit outflows of 23 percent in three days in February 2018. The calibration of deposits outflows for banks with similar exposures was obtained by applying outflow rates by types of deposits to the deposit structure of cross-border regional banks in the country.
This calibration is illustrative as the results of the contagion analysis could also be used. In that case, shocks to other banks would likely by higher than in the example above.
Supervised machine learning approaches, which require labeled data (i.e. marking certain payments as ML), was deemed impractical due to high cost, aggregation of payments data, and absence of sufficient number of reliable sources identifying illicit payments.
Fei Tony Liu, Kai Ming Ting, and Zhi-Hua Zhou, 2008.
For example as used by commercial banks for transaction monitoring and fraud detection.
Variety of exogenous shocks can result in outlier activity - for example, sudden changes in the pattern of payments due to the shift in the settlement arrangements of a bank.
The category of customers of financial institutions includes households, non-financial corporates, and non-bank financial corporates. Data on payments by financial institutions also includes payments of some non-bank financial institutions that have own BIC numbers.
The threshold for the outlier payments is set at the 0.0001 percent of all payment corridors.
The Marginal Expected Shortfall measures the expected equity loss when the market is in distress (worst 5% returns).
In some cases, foreign banks counterparties might stop interacting with the bank in some currencies, making the bank unable to mobilise its holdings of liquid assets in foreign currency to meet deposit withdrawals. In the case of ABLV, a significant amount of its counterbalancing capacity was in USD bonds. However, after the publication by FinCEN of the draft measure to ban the bank from having a correspondence account in the US, ABLV was unable to find counterparties to sell its USD bonds to, making it unable to use its counterbalancing capacity to meet deposit outflows.
There are also other additional costs for the affected bank related to compliance costs but also a reallocation of (executive) resources towards compliance issues, with less attention to the business strategy of the firm. Those costs are very hard to measure.
For example, Danske Bank had been subject to a Pillar 2 add-on of DKK 10 billion (DFSA, 2018).
Authorities have provided information on other financial integrity events further in the past which were not directly included in the analysis as they occurred before 2016.
For equity prices, the sample of banks include Danske Bank, Jyske (both for Denmark), Nordea for Finland, Swedbank, SEB and Handlesbanken for Sweden and DNB for Norway. For CDS spreads, the sample includes only Danske Bank, Nordea, Swedbank, SEB and DNB since data are not available for the other banks. The group of banks with similar exposures is comprised of Danske Bank, Nordea, SEB and Swedbank.
For example, ABLV saw 23% deposit outflows over three days in February 2018.
The contagion effects might vary over time. Past events indicate that when a FI issue arises in isolation, the effect on other banks then when FI events are clustered. For example, the Danske Bank event in 2018 affected mainly the bank but not other banks. In contrast, the Swedbank case in 2019 seemed to have had a higher impact on other banks in the region (especially the largest banks).
This calibration is illustrative as the results of the contagion analysis could also be used. In that case, shocks to other banks would likely by higher than in the example above.
The calibration of total deposit outflows for banks with similar exposures was done by applying the actual outflow rates by deposit types to the deposit structure of cross-border banks in the country.
For example, one Authority indicated that when there are concerns about financial integrity issues related to one business unit, the add-on would be based on the loss of income if that unit were to be excluded from the consolidation of income at group-level.
Authorities’ considerations to develop the national mechanism can be supported by a feasibility analysis.
For methodologic details on the financial flows analysis, definitions, and analytical approaches (i.e., economic fundamentals analysis and outlier detection unsupervised machine learning algorithm) please see Nordic-Baltic Regional AML/CFT Report. Due to the aggregation and anonymization of the payments data and macro-level nature of economic and other indicators used in the analysis, the project’s findings are aimed at contributing to the understanding of ML risk from cross-border payments rather than identify illicit activity.
As defined in the past lists of Offshore Financial Centers as part of IMF’s Assessment Programs: Past IMF Staff Assessments on Offshore Financial Centers (OFCs) Sorted by Jurisdiction.
As defined in the past lists of Offshore Financial Centers as part of IMF’s Assessment Programs: Past IMF Staff Assessments on Offshore Financial Centers (OFCs) Sorted by Jurisdiction.
For methodologic details on the financial flows analysis, definitions, and analytical approaches (i.e., economic fundamentals analysis and outlier detection unsupervised machine learning algorithm) please see Nordic-Baltic Regional AML/CFT Report. Due to the aggregation and anonymization of the payments data and macro-level nature of economic and other indicators used in the analysis, the project’s findings are aimed at contributing to the understanding of ML risk from cross-border payments rather than identify illicit activity.
The authorities indicated that the increase in flows with the U.K. is driven by the activity of payment service providers banking in Estonia with a new business model that includes facilitation of payments that may reflect economic and other activity outside of Estonia.
The authorities indicated that the increase in flows with Lithuania is driven by the Lithuanian payment service providers’ activity in Estonia and provision of services to Estonian payment service providers.
These deficiencies include the lack of a requirement for originator VASPs to obtain and hold beneficiary name and a lack of provisions to make the originator and beneficiary information available to law enforcement.
Authorities’ considerations to develop the national mechanism can be supported by a feasibility analysis.
For methodologic details on the financial flows analysis, definitions, and analytical approaches (i.e., economic fundamentals analysis and outlier detection unsupervised machine learning algorithm) please see Nordic-Baltic Regional AML/CFT Report. Due to the aggregation and anonymization of the payments data and macro-level nature of economic and other indicators used in the analysis, the project’s findings are aimed at contributing to the understanding of ML risk from cross-border payments rather than identify illicit activity.
As defined in the past lists of Offshore Financial Centers as part of IMF’s Assessment Programs: Past IMF Staff Assessments on Offshore Financial Centers (OFCs) Sorted by Jurisdiction.
For methodologic details on the financial flows analysis, definitions, and analytical approaches (i.e., economic fundamentals analysis and outlier detection unsupervised machine learning algorithm) please see Nordic-Baltic Regional AML/CFT Report. Due to the aggregation and anonymization of the payments data and macro-level nature of economic and other indicators used in the analysis, the project’s findings are aimed at contributing to the understanding of ML risk from cross-border payments rather than identify illicit activity.
As defined in the past lists of Offshore Financial Centers as part of IMF’s Assessment Programs: Past IMF Staff Assessments on Offshore Financial Centers (OFCs) Sorted by Jurisdiction.
Including increased cooperation with other domestic competent authorities, blockchain analysis tools, creation of whistleblowing mechanisms for other reporting entities and the general public along with information-sharing and collaboration with other licensing/registration authorities.
As defined in the past lists of Offshore Financial Centers as part of IMF’s Assessment Programs: Past IMF Staff Assessments on Offshore Financial Centers (OFCs) Sorted by Jurisdiction.
For methodologic details on the financial flows analysis, definitions, and analytical approaches (i.e., economic fundamentals analysis and outlier detection unsupervised machine learning algorithm) please see Nordic-Baltic Regional AML/CFT Report. Due to the aggregation and anonymization of the payments data and macro-level nature of economic and other indicators used in the analysis, the project’s findings are aimed at contributing to the understanding of ML risk from cross-border payments rather than identify illicit activity.
The Latvian authorities noted that flows with Lithuania are driven by high number of Latvian customers banking in Lithuania and transacting with Latvian financial sector.
FATF Risk Based Supervision Guidance, 2021. Inherent risk refers to the ML/FT risks present in an entity or sector before mitigating measures are applied. Inherent risk is often assessed based on entities’ customer base, products, delivery channels and services offered and the jurisdictions within which it or its customers do business.
Internal controls: as defined in the FATF Standards under R. 18 and INR.18, refer to the implementation of programmes against ML and TF which should include: the development of internal policies, procedures, and controls, including appropriate compliance management arrangements, and adequate screening procedures to ensure high standards when hiring employees; an ongoing employee training programme; and an independent audit function to test the system.
The institutional arrangement for the sectoral supervision of financial institutions is currently in a transitional stage. The October 2021 Amendment to the AML/CFT Law has shifted AML/CFT supervision of financial institutions from the FCMC to the Bank of Latvia.
While not directly involving domestic Lithuania banks, Lithuania was impacted by the scandals (e.g. through branch networks).
The payments data analyzed does not capture fully payments via Bank of Lithuania’s CENT R Olink. For more information on ML aspects and materiality of CENT R Olink operations please see “Reinforcing Money Laundering Risk Mitigation in Lithuania”.
For methodologic details on the financial flows analysis, definitions, and analytical approaches (i.e., economic fundamentals analysis and outlier detection unsupervised machine learning algorithm) please see Nordic-Baltic Regional AML/CFT Report. Due to the aggregation and anonymization of the payments data and macro-level nature of economic and other indicators used in the analysis, the project’s findings are aimed at contributing to the understanding of ML risk from cross-border payments rather than identify illicit activity.
The authorities noted UK-linked ownership structure of Fintech payment service providers operating in Lithuania as a factor in accelerating flows between the UK and Lithuania.
As defined in the past lists of Offshore Financial Centers as part of IMF’s Assessment Programs: Past IMF Staff Assessments on Offshore Financial Centers (OFCs) Sorted by Jurisdiction
FATF Risk Based Supervision Guidance, 2021. Inherent risk refers to the ML/FT risks present in an entity or sector before mitigating measures are applied. Inherent risk is often assessed based on entities’ customer base, products, delivery channels and services offered and the jurisdictions within which it or its customers do business.
For methodologic details on the financial flows analysis, definitions, and analytical approaches (i.e., economic fundamentals analysis and outlier detection unsupervised machine learning algorithm) please see Nordic-Baltic Regional AML/CFT Report. Due to the aggregation and anonymization of the payments data and macro-level nature of economic and other indicators used in the analysis, the project’s findings are aimed at contributing to the understanding of ML risk from cross-border payments rather than identify illicit activity.
As defined in the past lists of Offshore Financial Centers as part of IMF’s Assessment Programs: Past IMF Staff Assessments on Offshore Financial Centers (OFCs) Sorted by Jurisdiction
Various international banking scandals concerning AML/CFT breaches have taken place in the Nordic Baltic region, with some instances in 2005 although they would be discovered well into 2015 and beyond, including some taking place up to 2017.
https://www.swedishbankers.se/en-us/reports/statistics-publications/bank-statistics/ (non-resident deposits include deposits in foreign branches of Swedish entities).
For methodologic details on the financial flows analysis, definitions, and analytical approaches (i.e., economic fundamentals analysis and outlier detection unsupervised machine learning algorithm) please see Nordic-Baltic Regional AML/CFT Report. Due to the aggregation and anonymization of the payments data and macro-level nature of economic and other indicators used in the analysis, the project’s findings are aimed at contributing to the understanding of ML risk from cross-border payments rather than identify illicit activity.
As defined in the past lists of Offshore Financial Centers as part of IMF’s Assessment Programs: Past IMF Staff Assessments on Offshore Financial Centers (OFCs) Sorted by Jurisdiction.
FATF Risk Based Supervision Guidance, 2021. Inherent risk refers to the ML/FT risks present in an entity or sector before mitigating measures are applied. Inherent risk is often assessed based on entities’ customer base, products, delivery channels and services offered and the jurisdictions within which it or its customers do business.
Internal controls: as defined in the FATF Standards under R. 18 and INR.18, refer to the implementation of programmes against ML and TF which should include: the development of internal policies, procedures, and controls, including appropriate compliance management arrangements, and adequate screening procedures to ensure high standards when hiring employees; an ongoing employee training programme; and an independent audit function to test the system.
