I. Introduction

The IMF has devoted increasing attention to anti-money laundering (AML) in the last four years, and since September 11, 2001, to countering terrorist finance (CFT). The IMF is focusing on these issues primarily because of concern to safeguard the integrity of the international financial system.

For its AML/CFT work, the IMF has endorsed the Financial Action Task Force (FATF) Recommendations as the applicable international standard. As part of its financial sector work, it also assesses members’ compliance with financial sector codes and standards, including the three supervisory core principles: for banking (Basel), securities (IOSCO), and insurance (IAIS). Financial integrity elements are an important part of these standards—reflected both in specific principles themselves and those general considerations that are known as the “preconditions” for effective implementation of the standards.²

Experience has shown that shortcomings in financial integrity elements frequently lie at the heart of financial institution failures.³ Recently, there has been a noteworthy change in the landscape for conducting irregular activities. A number of major companies have suffered well-publicized losses and failures due to fraud. Until recently, there was little connection between employee fraud and organized crime, but such links are becoming alarmingly more evident, even in the regulated financial sector. In response to this experience, investors, creditors, and governments are giving new importance to protecting the integrity of the financial system.

Laws and regulations to prevent abuse of the system by insiders and outsiders are not new; they have long been a part of modern financial systems. What is new is the extent to which integrity requirements are being codified, extended more widely, brought under regulatory oversight, and subjected to criminal sanctions for noncompliance.

This paper discusses the increasing emphasis that is being given to integrity elements in international financial standards and codes.⁴ The reference points include:

• The revised 2003 FATF Forty Recommendations on anti-money laundering;

• The Basel IOSCO and IAIS Core Principles, as well as the revised Basel Capital Accord or Basel II;

• The OECD Principles of Corporate Governance;

• Recent national legislation: the Sarbanes-Oxley Act in the United States, and the U.K. Financial Services and Markets Act (2000) and the Proceeds of Crime Act (2002).

AML objectives now go well beyond just combating drug dealers, terrorists, and organized criminals. As the standard has evolved, the AML preventive measures that financial institutions and professions are now expected to follow can be seen as a comprehensive regime for deterring abuse of the financial system by outside parties. To achieve full implementation of the regime, the AML standard also spells out numerous specific measures to be taken by supervisors, law enforcement, and the courts. In this respect, the AML standard addresses some of the measures needed to ensure that the preconditions expected by the Basel, IOSCO, and IAIS standards, such as a reasonably efficient court system, are actually in place.

Where the integrity elements of the AML standard comprise a comprehensive regime for preventing abuse of the financial system by outsiders, the evolving standards for supervision of financial institutions and those for corporate governance are increasingly calling for more specific and more demanding measures to deter abuse of financial firms and public companies by insiders. Taken together, the integrity elements embedded in various codes and standards provide the building blocks for a comprehensive framework to prevent abuse of financial systems.⁵

II. The Anti-Money Laundering Standard

In IMF work, the FATF 40 Recommendations on Anti-Money Laundering (as revised in 2003) and the Eight Special Recommendations on Terrorist Financing are recognized as the international standard for AML/CFT. It is this standard that the IMF and the World Bank follow in their operational work.

Key components of this AML/CFT standard are:

• Criminalization of money laundering and terrorist financing;

• Establishment of a regime of preventive measures to be adopted by financial institutions and others;

• Adoption of a regime for reporting suspicious transactions, including operation of a financial intelligence unit;

• Standards for prosecution and punishment of money laundering offenses and the freezing and confiscation of criminal proceeds; and

• International cooperation, including exchange of information among supervisors and law enforcement.

The first two elements of the revised FATF Recommendations—criminalization of money laundering and required preventive measures—underpin a comprehensive standard for preventing abuse of the financial sector by outsiders.

Money laundering is the process by which the proceeds of crime and the true ownership of those proceeds are concealed or made opaque so that the proceeds appear to come from a legitimate source.

When first introduced, the crime of money laundering was restricted to the laundering of the proceeds of drug dealing and racketeering. But over the past two decades, the scope of the money laundering crime has been steadily expanded. The proceeds of more and more crimes have been added to the list of predicate offenses that give rise to the crime of money laundering.

In the 2003 revision of their Recommendations, the FATF called on countries to apply the crime of money laundering to proceeds of all serious offenses. As an alternative, the FATF allows countries to adopt a list of predicate offenses, so long as the list covers a broad range of serious crimes. For a list approach, the FATF has enumerated twenty categories of offenses that countries should consider including as predicate offenses. It is instructive to note just how wide the scope of predicate offenses is that can now give rise to the money laundering offense. The FATF Recommendations include such traditional categories as drug trafficking, organized crime, racketeering, trafficking in human beings, trafficking in stolen goods, murder, robbery, and theft. But the updated 2003 Recommendations make it clear that a much wider range of financial crimes should be included among the categories of predicate offenses for money laundering. The indicative list now includes crimes such as fraud, corruption and bribery, insider trading, and market manipulation.

Broadening the money-laundering offense reflects a generalized law enforcement strategy of taking the money out of crime and a financial sector strategy of deterring abuse and strengthening the integrity of the financial system. These strategies have important implications for the role that the financial sector is expected to play. The anti-money laundering apparatus, which banks and other financial institutions are expected to have in place, is no longer targeted at just the proceeds of a narrow class of particularly notorious underlying crimes. Rather, financial institutions are expected to deter the use of the financial system for the laundering of the proceeds of all sorts of serious crime, whether street crime or white collar crime.

The preventive measures called for in the revised FATF recommendations cover:

• Customer due diligence;

• Record keeping;

• Training;

• Internal controls; and

• reporting procedures.

Under the 2003 revised FATF Forty Recommendations, AML preventive measures are expected to be implemented not just by the prudentially regulated financial sector—that is banks, insurance firms, and securities—but also by a range of nonfinancial business and professions. Casinos, money service providers, lawyers, accountants, dealers in high-valued goods, etc., are now also expected to apply preventive measures akin to those adopted by prudentially regulated firms

The preventive measures called for in the FATF Recommendations are, to a considerable extent, customer facing. That is, the firm is supposed to know who its client is, what his business is, and whether the business the customer seeks to conduct is or is not suspicious. The records required to be kept are of inquiries into customer transactions or activities. The training required is to ensure that staff are aware of money-laundering requirements, and that they understand how to monitor and report activities that may be suspicious. And the internal control procedures called for are those procedures necessary for management to be able to identify, monitor, and control money-laundering risk and to satisfy the formal requirements of laws and regulations.

Another feature of the AML/CFT standard is that competent authorities are expected to oversee compliance with legal and regulatory requirements. As AML/CFT considerations have been brought into IMF assessments of countries’ financial sectors, those assessments have had to look much more closely at the extent to which supervisors effectively monitor and enforce compliance with the measures that the FATF calls for to prevent abuse of the financial system. In addition, the FATF Recommendations emphasize the importance of key individuals being fit and proper. Consequently, in evaluating the regulatory practices of member countries, the IMF now gives greater attention to supervisor’s procedures for vetting the integrity of supervised parties and owners and controllers.

The bite of the AML regime lies in the criminal and regulatory sanctions that may be applied for engaging in transactions when knowing or having reasonable grounds for suspecting that the activity involves transferring, accepting, converting, or concealing the proceeds of crime or even assisting is such a transaction. The bite of the law is further reinforced by civil or criminal penalties for failing to report suspicious transactions to the proper authorities and by the reputational risks to financial institutions when they fail to comply with AML/CFT laws and regulations. Recently, several prestigious financial institutions faced significant regulatory penalties for not having implemented adequate AML/CFT measures, and markets are increasingly penalizing financial institutions through their share prices for failures in compliance with AML/CFT requirements.

Assessments of compliance with AML/CFT standards include judgments about how well the system is implemented. This goes beyond just evaluating supervisory practices. It includes evaluations of the functioning of the criminal justice system, including the courts, in enforcing AML/CFT laws and regulations. While IMF assessments of the criminal justice systems are narrowly limited to AML/CFT issues, this is an example of where standards assessments are beginning to examine some important institutional preconditions (a sound legal system, ethical and professional lawyers and judges, and a reasonably efficient court system whose decisions are enforceable) that are essential for successful implementation of the Basel, IOSCO, and IAIS core principles. This underlines the complementary nature of AML/CFT assessments and assessments of other financial sector standards.

Combined, the elements of the AML standard have evolved into a fairly comprehensive integrity regime with respect to financial firms and related business and professions dealings with their clients. The firms themselves are supposed to be governed by ethical parties. These entities are expected to have systems and procedures in place that deter them from being misused by their customers for laundering the proceeds of any serious crime. AML/CFT assessments, and technical assistance, have now become an important component of the Fund and the Bank’s work to strengthen the integrity of financial systems and deter financial abuse. Where there are serious problems of crime and ethics in the financial system, more often then not, it is the AML/CFT assessment that will identify such problems.

III. Integrity Elements in other Standards

Experience has shown that shortcomings in integrity preconditions frequently underlie financial institution breakdowns. While the FATF Recommendations address several of these preconditions, others, such as a sound accounting systems, a body of professional accountants and auditors, financial transparency, and effective corporate governance are addressed elsewhere. Many of these additional integrity topics are now being introduced into other standards and codes. In a number of cases, national authorities are introducing new integrity requirements that go beyond internationally agreed standards or statements of best practice Some recent developments are worth noting. The new Basel Capital Accord (or Basel II), will require banks to align their capital more closely with three underlying risks: credit, market, and operational risk. Operational risk has been defined as “the risk of loss resulting from inadequate or failed internal processes, people, and systems or from external events.” Operational risk includes the risk of loss due to certain events, including internal and external fraud due to intentional misreporting of positions, employee theft, robbery, forgery, check kiting, money laundering, and system failures. These operational-risk requirements reinforce existing Basel Core Principles that call for banks to have policies that promote high ethical and professional standards.

While operational risk has always been a concern for bankers and mitigated by the bank’s internal control system and internal audit function, international standards are now requiring institutions to address operational risk as a distinct class of risk similar to their treatment of credit and market risk. In order to utilize two of the approaches in measuring risk, banks will be required to meet certain criteria such as: establishing an independent operational-risk unit responsible for design and implementation of internal controls, reporting results to management, documenting the bank’s risk-management system, and actively involving the board of directors and senior management. The responsibilities of supervisors will now be expanded to require banks to have an effective framework in place to identify, assess, monitor, and mitigate material operational risks as part of an overall approach to risk management. Supervisors will be required to conduct independent evaluations of banks’ operational-risk management frameworks. In this regard, internal controls and corporate governance will be part of the evaluation.

The operational-risk measures required under Basel II are, in essence, measures to protect and enforce the internal integrity of banking organizations. As Basel II is brought into the Basel Core principles, this means that assessments will need to incorporate integrity risk concepts, including more emphasis on internal controls and corporate governance, and technical assistance programs will need to help supervisors fulfill their roles.

The revised insurance IAIS Core Principles, issued almost a year ago, now include a general review of integrity elements previously captured as preconditions. In addition, a separate principle covering corporate governance is included that emphasizes the responsibilities of a company’s board and senior management. Internal controls, internal audit, risk management, and information disclosure are also assessed and, going forward, measures that insurers have established to safeguard against fraud will also be evaluated. As with Basel II, these IAIS measures are all measures to protect the internal integrity of the insurance company.

The securities IOSCO Core Principles review many of the same elements with a somewhat different emphasis. Corporate governance of issuers is evaluated with an emphasis placed on the rights and equitable treatment of shareholders. Information disclosure as well as the accounting framework and external auditing function of issuers are also reviewed. A general assessment of the internal control and compliance functions is included for market intermediaries. Both IOSCO and IAIS standards evaluate the independence of and legal protection afforded to the supervisors.

Recent corporate scandals—Enron, Arthur Anderson, World Com, Parmalat, etc.—illustrate the extent to which accounting fraud and other integrity weaknesses can result in massive financial and economic losses. Damage has not been limited to corporate shareholders and employees. Financial institutions have incurred major costs to settle law suits or regulatory charges arising from their involvement with scandal-ridden firms. Reputation damage to the franchise value of these financial firms has compounded the direct settlement costs.

As a byproduct of corporate scandals, the integrity requirements for public companies are becoming substantially more demanding. While the recent Sarbanes-Oxley Act in the United States is still controversial and is not viewed as the internationally accepted standard, some of the concepts in Sarbanes-Oxley are internationally codified, such as in the OECD Principles of Corporate Governance. Sarbanes-Oxley addresses several of the integrity and ethical issues that have been identified as the preconditions for effective financial supervision. On the accounting side, the Act created a new Public Company Accounting Oversight Board to oversee auditors in order to ensure the preparation of informative, fair, and independent audits of financial statements. The OECD principles also support the tightening of audit oversight through an independent entity. In addition, under Sarbanes-Oxley, auditors will be required to report to an independent audit committee not to management. This concept is also embodied in OECD principles. On the corporate governance side, Sarbanes-Oxley holds chief executives and chief financial officers directly responsible for the accuracy of financial statements and protects whistleblowers who report fraud. Whistleblower provisions can be viewed as the internal corporate analog of the external suspicious transaction reporting requirement of AML/CFT regimes. Sarbanes-Oxley also focuses on the importance of internal controls and imposes new requirements for effective internal controls over financial reporting and for deterring and detecting fraud and suspected fraud. In this regard, the law requires management to assess the effectiveness of internal controls over financial reporting. Auditors will also be required to attest to management’s evaluation. As with the AML requirements, Sarbanes-Oxley requirements are subject to significantly increased penalties, including criminal sanctions.

For public companies, implementing the requirements of Sarbanes-Oxley is causing firms to change their procedures and systems in a number of directions. Structured anti-fraud procedures have been introduced. Fraud risk assessment is now conducted on a systematic and ongoing basis, and internal controls are linked to fraud risk. Auditors’ responsibilities for detecting fraud have increased as well. Training, monitoring, and auditing for fraud risk, which previously were rarely performed, are now becoming mandatory. Boards and Audit committees are now actively overseeing these functions.

Recent U.K. legislation is taking the process to an advanced stage. The U.K. Proceeds of Crime Act (2002) has gone beyond the FATF Recommendations and has defined the money-laundering offense to include the laundering of proceeds of all crimes. This extension, while still controversial, takes the money-laundering law enforcement strategy to its logical limit. The U.K. Financial Services and Markets Act (2000) also deepened the involvement of financial supervisors in integrity considerations by making prevention of financial crime one of the four statutory objectives of the Financial Services Authority.

IV. Conclusion

In response to evidence of the threat that financial abuse can pose for financial institutions, international standards are increasingly addressing the integrity underpinnings of the international financial system. AML/CFT standards call for effective measures to deter abuse of financial institutions by outside criminals, whether street crime, white collar crime, or terrorists. Clear legal obligations and effective enforcement of those obligations is stressed. Corporate governance and financial sector standards increasingly call for public companies and financial institutions to have systems and procedures to deter abuse by insiders. This includes sound accounting and oversight of auditing practices, as well as ethical officers. Institutions are expected to have strong internal control regimes with top-level oversight of compliance. Supervisory standards increasingly call for control over operational risk to deter fraudulent activities as well as to limit financial losses. A common theme in all this is that integrity requirements are being codified, extended more widely, brought under regulatory oversight, and subjected to criminal sanctions for noncompliance. Consolidation of the integrity elements that are already embedded in various codes and standards could provide a unified integrity framework for protecting the financial system from abuse by either insiders or outsiders. Markets have taken note of these developments, and financial institutions face significant reputational risks and financial losses from noncompliance.

Integrity elements are important components of the various financial standards the IMF uses in its operational work. Integrity issues already figure in its financial sector surveillance, assessment, and technical assistance work. The standards required are demanding, and firms and national regulators are still struggling to implement them. The expansion of the standards into new areas will pose particular challenges in many developing countries with limited institutional capacities and resources. Political commitment will be needed to prioritize attention to these matters among the many competing demands. However, given the growing recognition that integrity is a key pillar to building sound financial systems, increased attention to such matters can be expected. Many countries will need significant technical assistance to implement the integrity framework of their financial system.