Insights

We all know our high-risk countries, don’t we?

Written by Martin Nordh | Aug 11, 2021 10:00:00 PM
North Korea. Iran. Myanmar. Because it’s easy – Just take the FATF grey list, the EU high-risk third countries and top up with Transparency International’s Corruption Perception Index and we’re home free. Right? Turns out, it’s not that simple. At all. And here is why:

In order to understand the misconception about high-risk countries we must travel back to the root cause of even being interested in pinpointing jurisdictions in the first place: To get some guidance and help us find, stop and report criminals trying to misuse our specific company for financial crime. That is, money laundering, terrorist financing and sanction violations. Before we get into the details around the specifics, let’s start out with clarifying why you can’t rely solely on the FATF grey list, EU third countries or Transparency Internationals list over reportedly corrupt countries.

Surely, FATF must know what they’re doing?

Yes, they do. It’s an excellent set of people with the best of intentions. Their country rating however is not what you believe. The FATF is an inter-governmental organisation where all membership countries (including the EU Commission) commit to following certain rules. These rules are stated in the FATF recommendations outlining what a state should have in terms of laws, regulations and supervision in order to comply with what FATF expects. If a country for whatever reason chooses to disobey these rules they’ll end up on the FATF grey list – rendering them into a high-risk jurisdiction in the eyes of FATF and it’s membership countries. Does that mean that countries that complies with the FATF recommendations have no criminals living off money laundering, terrorist financing or sanction violations? Of course not. On the contrary, most EU countries face the highest financial crime risks from their own county or at least other FATF-compliant countries. How can this be? Well, it’s simply a fact of criminals having a habit of breaking the law – even if the law is technically compliant with the FATF recommendations.

EU then – they MUST know what they’re doing?

Once again – yes they do. But once again – the purpose of the EU high risk third countries is not to tell you how likely it is that you’re exposed to financial crime. Very much like the FATF, EU has a risk assessment process in place to define what countries that don’t comply with the standards. In this place however these standards are the 4th EU AML directive rather than the FATF recommendation (even though they are very much interlinked- more on that topic another time).

Let’s take an example: Poland and Sweden are part of the EU and has implemented the AMLD to a full extent. As it happens, serious organized crime networks have strong ties between the two countries, making operators in banking, finance, gambling, accountancy and lawyers especially vulnerable to financial crime. If you are an operator in these countries and industries, could you with good condfidence put the corresponding country on your low-risk country list? Of course not.

Transparency International – we’ve used them for years. Surely, they must be good enough?

Yes they are. But only if you’ve deemed your company to be especially exposed to bribery and corruption. For any other financial crime type like human trafficking, environmental crime or jihadist recruitment, Transparency International Corruption Perception Index is as good for you as a bag of rocks. Oh yes, did we mention it was a corruption PERCEPTION index? Corruption is notoriously hard to measure, but the mere fact that it’s a measurement of perception rather than actual crime statistics gives you a notion of how good of an idea it is to rely solely on that as your high-risk countries lists.

Money laundering, terrorist financing, sanction violations and countries

What countries that actually make sense for you to keep on your high-risk countries list depends on who you are as a company, where in the world you’re located and what you do. Different sorts of criminals will try and misuse you in different ways depending on if you’re a law firm in New York than it you’re a small retail bank in the Netherlands. Simply because that’s the way things are.

In order to know what countries that actually pose a risk to you, you must know two things:

1) how you could be misused by criminals for money laundering, terrorist financing and sanction violations

2) where your highest risks are

In other words, you must really do your homework in order to be able to use countries (if any) as a relevant piece of your financial crime efforts. Sure, you must adhere to regulatory requirement stating that you must walk the extra mile for customers with ties to EU high-risk third countries and FATF grey-list jurisdictions. But remember that just focussing on these countries will get your nose barely above the surface at best – at worst you’ll spend the majority of your anti-financial crime compliance budget on ineffective countermeasures for little to no use at all.