Dennis Cox on The Handbook of Anti-Money Laundering

Way back in 2015 I interviewed Dennis Cox about his book (new at the time), The Handbook of Anti-Money Laundering. CEO of Risk Reward Limited, a specialist risk consultancy, training and recruitment firm and is a well known international expert in financial services risk management.He has held senior management positions at top banking and accountancy firms, including HSBC and Prudential and he has authored several publications, including An Introduction to Money Laundering Deterrence and Frontiers of Risk Management.

Published: 3 February 2015

Jacob Bettany: Perhaps you could begin by telling us a little bit about your background and how you became interested in this particular topic.

Dennis Cox: I’m a chartered accountant with a mathematics degree and I got involved in the banking industry with one of the big accountancy firms in the late 1970s early 1980s. I had an interest in forensic work and that leads quite closely into money laundering deterrence. When I joined the banking industry itself, initially with Midland Bank and later on with HSBC and Prudential, financial crime was very much one of those key risks that any financial institution has to try to avoid. Trying to mitigate that risk to the maximum extent possible clearly becomes quite a major issue, and it was a major concern for us working within the risk and audit areas so I clearly had an interest.

JB: You’ve previously written about Risk Management from the more mathematical side, is that right?

DC: Yes, I’ve written a book with Wiley Finance on The Mathematics of Banking and Finance, with the intention of trying to get people to understand the limitations of the mathematical techniques as this was one of the problems of the financial crisis – but I also did a book with Wiley Finance and the CISI An Introduction to Money Laundering which has been out now for a few years and is a good introductory book with quite a relaxed non-technical style of writing. This book is slightly more technical, though I’ve tried as far as I can to maintain a relaxed style so it is actually readable.

JB: Why did you feel this latest anti-money laundering handbook was necessary, and what distinguishes it from other titles in the subject literature?

DC: It’s the level of depth and the style of approach which I think differentiates this book. It takes up to date rules and regulations from the various regulators including the Financial Actions Task Force, the Wolfsberg Group and the EU and puts them into a single context, which I don’t think anyone’s really tried to do before. It then looks across to the individual countries and details the things that are different in the way they have implemented the rules and regulations – because even with all this standardised recommendations including the recent papers for example from the Bank for International Settlements – there are differences between countries in the way they’ve done it. Clearly the Introduction to book, another Wiley Finance text, is very good for the person who just wants to get an overview for generalists, but the Handbook is a very in-depth work for people already working in that industry.

JB: So the book is targeted at financial practitioners?

DC: Yes, people that are either Money Laundering Reporting Officers or advising those officers or heads of law or compliance; people that really need to know a reasonable amount about the issues and rules. This is not a book for someone who just has a passing interest in financial crime, it’s for someone who is really trying to deter it. Perhaps you are a director in retail banking or wealth management and you’re wondering how to apply these rules somewhere like the Cayman Islands for example, then that will actually be included here and you’ll be able to think about the key issues, think about the nature of the controls for people who are at that level of seniority. The Business Analysts who are designing products and trying to think through approaches and controls will also be interested in this text. Also, as a tool it’s affordable and it’s designed to be a flexible with online text available in individual sections so you can access them only as you need.

It’s the level of depth and the style of approach which I think differentiates this book. It takes up to date rules and regulations from the various regulators including the Financial Actions Task Force, the Wolfsberg Group and the EU and puts them into a single context, which I don’t think anyone’s really tried to do before.

JB: How did you choose which countries to cover?

DC: Those selected are the major financial centres, countries which banks are most likely to be dealing with. It’s also the ones which produce the best information. In Europe you don’t get massive differences between countries as you do in other areas that don’t have the same commonality. I’ve included the major African financial centres which are also some of the ones which have the most interesting rules and regulations or the ones that other countries would look towards as a source of information. We can’t cover every single country in the United Nations – the book would be enormous and it’s pretty large as it is! It was even harder to try to finish it because the challenge is to try to

be as up-to-date as we possibly can at the point of publication so there’s a mixture of things that come into choosing but we cover the most important major financial centres.

Trying to find examples where there have been prosecutions in countries which we could discuss – that means completed prosecutions not open ones where there is still potential court action – was quite difficult. There aren’t as many public cases available once you look towards the developing world as compared to countries like the UK or the USA. It was a challenge finding completed public cases that we were able to refer to without any risk. Some cases had not been well publicised so we were looking at newspaper reports and regulatory reports.

JB: How did you tackle the ever-changing regulation when writing?

DC: Slowly and carefully I think is the answer! It was certainly a challenge when suddenly a major change would come through just before publication. Actually there was a change between the first and second edits which was quite significant and required us to redraft whole sections. The Financial Action Task Force replaced their recommendations unexpectedly for example and that caused obviously change to come through that then rippled through the rest of the book. So the change of regulation is a key issue and trying to keep ahead of it and keep it as fresh as you possibly can, with the number of regulations we are dealing with in a single text, was a pretty daunting challenge.

JB: How much innovation, shall we say, is there to keep up with in financial crime?

DC: Well, financial crime itself is clearly a growth industry. Any techniques used by money launderers tend to stay one step ahead of the regulators. I would draw a distinction between professional and amateur money laundering. Regulations in countries are very good at picking up amateur money laundering but the connected transactions trail of a professional money launderer is much harder for the organised agencies to try to find their way through. Does the approach of the money launderer change? They are always seeking to exploit a weakness within the banking sector in an identification process or a payment service and will go to the area where they think they can most easily disguise the source of funds. At the end of the day they want the funds to be in a legitimate market. As you can see from the cases covered in this book, it tends to be errors or greed that results in the money launderer being found out. The difficulty for the financial institution is particularly where you have illegitimate and legitimate funds mixed into the same account so that when they start to ask their enquiries they find about the legitimate but they can’t then differentiate between the legitimate and the illegitimate. Those kind of areas are very difficult to financial institutions and it’s always about really trying to understand your clients. Areas where the client is not understood so well and there is more distance become the kind of areas which money launderers can start to exploit and target. The regulation and the rules and the guidance are all trying to reduce as much as possible the amount of risk but it can never eliminate it, that’s just not plausible. As long as there’s crime there are going to be money launderers.

JB: Could you give us a brief overview of the topics that the book covers?

I try and encourage firms to go beyond the rules of the country and always say the rules of the country are there to make sure you are not committing criminal activity but that may not be sufficient to fully protect the firm from reputational risk. When you end up with a headline on the newspaper it doesn’t tend to say “oh and by the way, they complied with the laws of the country”.

DC: The first section covers the process of money laundering and the layering process from the initial funds coming in from the drug trafficker or thief or extortion specialist, and then coming in towards the actual process which will be layered to try and disguise the initial source of the funds and then placed back in the market. The book then talks about regulation, whether that comes from the Financial Action Task Force, or the EU or the UN and then the change and the depth of the UK regulator with the Joint Money Laundering Steering Group having produced some of the most detailed rules in the world. Even for countries which are not having to comply with UK regulations the information is quite important and we highlight the key parts of it in about 20-odd pages.

Then we go into the Wolfsberg Principles which are another set of high level principles before we move to look at the US regulatory framework which is a nonstandard framework. The way they have organised things in the US at present is quite different to any other country. We then cover the sanctions regime and that is also quite different because it is not risk based and if someone is on the sanctions regime then you must not deal with them and that’s it.


We focus on each of the main areas that would exist in a financial crime deterrent regime. That is in know your customer, the training, or the identification of retail or corporate customers or whatever, and lead each of those areas through to how you should investigate a suspicion. One of the difficulties that many of the banks have is that utilisation of software means you get quite a lot of false positives, transactions that would be reported to the investigational agency within the firm which could be money laundering but when you actually do the investigation you find that they’re not, so the investigation process and how you would go about swamping the reporting bodies with a whole load of information which is no use to them whatsoever, is being included.

We go into areas regulators are most concerned about like corresponding banking where there’s been a lot of publication and we think about that ending up talking about software. Then we go through 37 different countries in terms of how money laundering has happened and been dealt with. We cover countries from Albania to Vietnam, and you’re probably wondering why Albania; it’s the nature of the country and its positioning at the edge of Europe that made it important. We’ve got a mixture there of big international financial centres through to smaller institutions perhaps used for tax minimisation strategies, together with some interesting ones that people might be surprised we bothered to look at. In places like South America you immediately go and look at somewhere like Brazil, which is the driver there, and in Africa you want to look at somewhere like Nigeria and Kenya and South Africa, we tried to hit those main markets but of course you can’t do absolutely everything.

JB: What is it about the US regime that is so different to the rest of the world?

DC: Essentially many of the laws they have predate the Financial Actions Task Force guidelines – the Bank Secrecy Act 1970 is effectively an older act which has been amended, so they come from a different source when trying to come up with a regime. The rules are also broken up in a number of places between different Acts so it’s just a different way of doing things.

JB: Are there grey areas in money laundering where people can get tripped up without even realising?

DC: I think that if someone is moving money from a criminal source that is very clearly money laundering. But then you have to ask the question what is a crime? Coming from the United Kingdom, if you fail to pay your TV licence in principle that is a crime with proceeds which in principle is money laundering. Clearly that is not what we are seeking to identify.

Another would be tax avoidance and tax evasion. Tax avoidance is clearly seen as a typical thing that companies do although that’s been challenged by exploitive tax avoidance perhaps on one or two jurisdictions. Tax evasion is clearly illegal. If you’re looking at someone that may be paid in cash like a plumber or taxi driver, is it plausible that they might not disclose all of their income to the tax authorities? Well if they fail to do so that is criminal activity and therefore those funds are potentially going to be laundered but of course they are comingled with the legitimate funds, so that’s quite difficult. The difficulty with terrorist financing is identifying who is actually a terrorist? How do you decide where a freedom fighter stops and a terrorist starts? So there are those kinds of grey areas.

Another problem is the definition of a politically exposed person. I try and encourage firms to go beyond the rules of the country and always say the rules of the country are there to make sure you are not committing criminal activity but that may not be sufficient to fully protect the firm from reputational risk. When you end up with a headline on the newspaper it doesn’t tend to say “oh and by the way, they complied with the laws of the country”. So there are some grey areas particularly in the area of how a crime is defined.

JB: You used the term layering, could you explain what that means in this context?

DC: Well a layering process would be for example, when there is a theft at your house and someone now has all of your electrical goods. They now want to turn those into cash and will do that probably by selling it at a market and turning it into physical cash. But for them to spend that money potentially they want to try to get it into a legitimate- looking bank account if they are doing this as a volume activity. The banking market gets touched when the proceeds are turned into physical cash, though it will not end up there, particularly if it’s organised crime when the layering process will be used. It is similar to putting layers of veneer onto a piece of wood, it tries to disguise the original asset by moving it from place to place from asset class to asset class and then at some stage it is going to end up in the place the criminal is going to try to extract the money from. At that stage it will go into an apparently legitimate looking bank account but there could be 15-20 different paths it goes through before that.

We’re not going to stop crime by stopping money laundering but what we can do is make it more difficult for the criminal to extract their funds.

JB: Typically money laundering is associated with organised crime, but cases cover a much wider spectrum.

DC: Yes, organised crime is the area agencies are concerned with most because that tends to have the greatest public impact. These are large networks. Tax authorities pick up tax evasion cases. You have to think about the amount of terrorist activity that’s going on around the world. There are a lot of arms being purchased for terrorists and that all comes through this same set of rules and regulations and the terrorist financing part is a separate section. Clearly it is very bad news when a firm is involved in that. Again, it’s not that the terrorist phones up the arms manufacturer and says look, I’m a terrorist working in a certain country and I need a couple of tanks please! Much more likely there is an intermediary approaching the manufacturer who will be pretending to represent a country. The level of plausibility is really the thing that enables money laundering or terrorist financing to be successful. Much more interesting for the investigators to find something that really makes a difference – drug trafficking, child pornography, those kinds of areas are really high risk in terms of the impact on the public.

JB: How big a problem is money laundering in the UK?

DC: It is a big problem everywhere including in the UK. Money laundering and terrorist financing grows as crime and terrorism themselves grow. When someone wants to acquire armaments they have to get across to the legitimate economy in some way with those funds. That’s obviously really unpleasant for a bank to be involved in and, everyone does what they can to avoid being involved with it. In the case of inappropriate pornography, or countries where all pornography is inappropriate, that again is clearly unacceptable activity. Child trafficking, slavery, extortion, those heinous crimes are of course the things people try most to prevent, however, all the stats are showing us as areas of activity they are certainly not declining. We’ve seen quite recently the UK GDP figure changed for some activities which might be considered as inappropriate now added into the figures and money laundering is, of course, one of those.

JB: Is it possible then that all banks are involved to some extent?

DC: You have to be realistic – there is crime, and criminals have bank accounts. People do say that the fear of crime exceeds the probability of crime, but you see these things in the press all the time. A person may open a bank account and be doing perfectly legitimate activity at the time and then at some stage they start doing something or get paid to do something criminal – perhaps they lost their job and their needs changed, they can be pressured into getting involved with something – the bank is not easily going to spot this. In some countries there are secrecy regulations which actually get in the way of this. You are only really allowed to hold data for the purpose which it was originally intended and this is going beyond that. In some countries you are not even allowed to really link the customer with their spouse or their parents, you have got to look at them as an island and how are you ever going to know as a bank the people that someone is really dealing with and who they know – you don’t get that data. The banks can only look at the information that they have and they are ever only part of the story. Do they have people that they would rather not deal with inside their client box? I’m sure the answer is going to be yes. The question is what they knew when taking on the customer – are there things they ought to have done. That’s where the rules come in, to try to encourage them to think through and really understand. They offer to do things like check the source of funds, but if you turn around and say okay you’ve put a thousand pounds into a bank account where do these funds come from? You’ll look at me and say well it’s sort of leftover money really from my job. What am I supposed to do with this? If you say, I’ve sold a car, do you expect me to go and check who you sold it to? It starts to become unrealistic and that’s one of the difficulties. Often a bank is recording so they can give the trail to the FIUs and they are questioning under the risk-based approach if they have gone far enough and really understand their customer. It is quite different if someone is depositing to if someone is borrowing – if you are borrowing I want to know a lot about you because I want my money back but depositing, it’s your money. There’s a level I can ask for and that’s perhaps not quite what the public might expect.

JB: How effectively have approaches to dealing with money laundering been in the past in the UK?
DC: Approaches have changed. Initially when the anti-crime rules came through it was tick boxes, trying to come up with checklists. The Joint Money Laundering Steering Group produced a series of coloured books. The change that’s come through now is to move towards a more risk-based approach so that you really try to understand your client and the likelihood that they might be a money launderer. It’s more investigative and it’s trying to place the balance where it will add most value. If for example a wealthy businessman comes to you with a legitimate business to bank some funds with you, you shouldn’t have to kill yourself trying to find out information about them unless you think they may be taking bribes or something of that sort which of course is criminal activity. On the other hand if someone comes in with a large sum of money and perhaps they’re a mid-level government employee and that kind of sum is not commensurate with the income I would expect this person to have then you start to ask questions under the risk-based approach. It’s now about trying to think a bit more. There has also been better use of technologies and better investigative techniques encouraged by the regulations.

JB: So does Big Data make it easier for banks to identify anomalous behaviour?

DC: The larger banks systems will parameterise the customer and then identify a transaction that is not consistent with the expected behaviour for that type of customer. That happens a lot on cards, and as someone who is travelling quite a lot around the world it can be quite annoying to find my card is not working and that I then have to speak to a nice card company on the phone! I have been defrauded on my card before – once someone tried to buy a painting, and somebody else tried to buy a whole load of iron ore in Brazil. Now that was picked up by me finding my limit had gone and asking questions and on those particular occasions the card company didn’t find it, which I was a bit shocked by – I haven’t bought a museum quality painting before and I certainly haven’t bought any iron ore or been to Brazil! So the advent of Big Data and the data mining techniques that are available do facilitate better work. The data helps you find out quicker if you have been the subject of attempted money laundering and what they do to reduce it is to reject suspicious transactions when they come through. It’s never going to be fool proof.

JB: How optimistic are you that current approaches will be effective, or is it a constant battle?

DC:It is a constant battle and there is always a limit to how far you can go. As a customer wanting to use the bank there is a limit to how much intrusive questioning you’re going to be willing to put up with and that is the key balancing issue because I don’t have to go to a bank to deposit my funds, I could go and buy another asset. I could use electronic systems like PayPal or I could just go to an antiques market or something and pay cash for an item, sell it for cash and say I have sold an antique. It doesn’t have to go through the bank. So many things can be the subject of money laundering it just depends on the mind-set of the money launderer and how patient they are going to be and how much money they are willing to spend on the costs of layering. The area of terrorist financing is one where I think we can probably have a more successful approach. Crime is such a broad term and organised crime is very difficult to prosecute. The complexity of it means that trying to put it through an ordinary criminal court is always going to be quite difficult.

JB: So processes in banks are activated by a suspicion?

DC: Yes and it leads to a report being given to the organised agencies because you are just one among many institutions and if there is a complex money laundering scheme a lot of other institutions will be involved and you won’t see the whole story. Once you’ve made that report the Money Laundering Reporting Officer in pretty much every jurisdiction gets it. That overrides bank secrecy rules and data confidentiality and you have that protection as a Money Laundering Reporting Officer to enable you to do this. It is not easy to put the story together, some cases are very complex. The obligation on the firm is to do what they can to assist the investigating agencies to do their work effectively. A lot of our work within money laundering deterrent is to try to identify information that needs to be reported. Also you don’t want some of the headlines that we’ve seen in newspapers. You don’t want your brand associated with the word money laundering – or terrorist funding, or sanctions busting. So you do what you can to reduce as much as possible the probability that that’s going to occur. Can I eliminate it totally? I can’t. I remember one investigation we were involved in where we were looking for a particular person and there was a political thing, there’d been a problem and we were asked to do the investigation and I think we found $12,000 USD worth which was not significant in the great scheme of things but we were still in the list and we still got the adverse publicity. Life isn’t always fair and you do the best you can in this field and the people that know financial crime deterrents well and know their way around the systems and controls are very valuable people to the financial institutions in that they will reduce the incidence and likelihood of them being found guilty. Of course you also have a defence and a story because you’ve done what a reasonable bank ought to have done to try and make sure that you’re not caught by money laundering terrorist financer.

JB: Do you have a view on the emerging cryptocurrencies such as Bitcoin and whether we are equipped to deal with any potential threats they may pose?

DC: Well, if you take internet banking, when you open up a credit card or bank account and you’re not seeing the bank, there’s not a lot of point in me having your photograph now is there? I’m never going to see you so what you look like isn’t relevant to me and I’m going to have to think of a way of being more analytic in trying to understand you as an individual. I’m probably going to have to call up more independent reports than before and change the way that I work. Clearly anything that separates the customer from the bank and creates barriers is going to increase the probability that it’s going to be exploited by a money launderer, so internet banking becomes a preferred route of action. We have rules for non-face-to-face customers and a mixture of things that you must do and things you might like to do. The thing about Bitcoin is the lack of registration that is the concern and it does make various things quite difficult such as for a government to know the true money supply and how your economy is moving so that is not a great thing. If I’ve got some Bitcoins, where do they come from? They are not registered anywhere. Well if you think about the pound coins in your pocket, they’re not registered anywhere either are they. It’s another set of thought processes you just need to go through and think about what additional challenges it presents to you. Quite a high percentage of the coins in your pocket are probably forged – I’ve heard various percentages. It’s about one in ten. You can tell by the weight and quality. Of course if you spend that money, then you’ve laundered it. The Bitcoin is just another anonymous information source with the difficulty that it is international. We’ve always been worried about the payment services cross-border and Bureau de Change, those kind of areas. There are rules and regulations about that already, it’s just another one of those I’m afraid.

JB: Mr Cox, thank you very much for talking to us.