The ECB and anti-money laundering: what we can and cannot do
It has been said that money laundering is a crime that lies behind many other crimes: the possibility of re-introducing illicitly gained funds to the legal economy, so that offenders can reap the benefits, provides an incentive to commit the crime in the first place. That is what money laundering is about: making “dirty money” appear clean so that it can be spent. Conversely, legally obtained money is sometimes used for illicit purposes – such as the financing of terrorism or the provision of funds to political regimes which are subject to financial sanctions.
Anti-money laundering (AML) and counter-terrorism financing (CTF) activities are governed by a legal framework at European level that is designed to prevent the misuse of the financial system. Occasionally, instances of major violations of these provisions emerge. In extreme cases, these can lead to the failure of banks.
When the Single Supervisory Mechanism (SSM) Regulation was drafted, legislators saw the close linkage between AML and the sphere of criminal law and between CTF and that of security policy, both of which are national competences. Consequently, they emphasised in recital 28 of the SSM Regulation that AML and CTF-related supervisory tasks and the enforcement of the relevant legislation were not among the competences transferred to the ECB. At the same time, however, they provided for a duty of the ECB to cooperate with AML authorities (recital 29).
That is, however, only part of the story. It is clear that breaches of AML or CTF provisions can be symptoms of unsound governance and internal control mechanisms, the supervision of which is a task of the ECB for significant banks. Breaches in those supervisory areas can be a ground for the withdrawal of a bank’s licence, which is a task of the ECB for both significant and less significant banks. Points of contact therefore exist between AML/CTF supervision and ECB competences. That means it is necessary to draw a line: where do the competences of the ECB end and those of other authorities begin?
Delineation of competences for licence withdrawal
The primary question here is whether the ECB can use its investigatory powers to collect evidence in order to decide on a licence withdrawal. Since the ECB’s tasks do not include AML/CTF, it cannot conduct its own investigations (for example, on-site inspections) into AML/CTF compliance. It has to rely on the facts as investigated by the other authorities competent for AML/CTF. Drawing conclusions from these facts, in particular whether they justify a licence withdrawal, would, however, be a competence of the ECB.
The delineation between the competences of the ECB and those of the other authority therefore corresponds to the demarcation between fact-finding (other authority) and evaluating those facts and assessing which conclusions should be drawn from them (ECB) with respect to the banking licence. Even where the AML/CTF authority establishes that AML/CTF breaches have occurred (and that these may have been severe enough to justify a sanction), this does not necessarily imply that a prudential supervision response that falls within the ECB’s competences (such as a licence withdrawal or a SREP capital add-on) is warranted. Only the authority competent for evaluating the facts from the supervisory perspective as established by the AML/CTF authority, i.e. the ECB, can draw such a conclusion.
This is particularly important in the light of the principle of proportionality, which implies that not all AML breaches are sufficiently severe to justify a prudential measure. The ECB can, however, request the assistance of national authorities responsible for AML supervision for fact-finding purposes if it finds that it has insufficient information, in potential AML/CTF cases, to conduct a prudential supervisory procedure.
Delineation of competences for governance/risk control supervision
The purposes of governance/risk control supervision are different from those of AML/CTF supervision. Governance/risk control supervision is intended to ensure that banks are properly managed to cover their prudential risks. For example, the ECB cannot monitor know-your-customer (KYC) procedures in individual cases, but it can check whether a general failure to conduct KYC procedures in a given bank is the result of more fundamental governance deficiencies. Nor can the ECB monitor whether a bank has complied with its obligation to submit suspicious transaction reports to the AML authorities; it can, however, check whether there is a more deeply-rooted problem behind the failure to submit the reports. The ECB can also assess whether there are legal, reputational or organisational risks to which a bank under its supervision is exposed.
Consequently, the ECB cannot determine whether breaches of AML legislation have taken place. The competence for investigating such breaches, and determining whether AML legislation has indeed been breached, lies solely with the AML authority, as part of its fact-finding competences. The AML authority may also use its own powers to respond to its findings, for example by imposing a fine. Once such breaches have been established by the AML authority, the ECB can take the facts thus identified as given and use its Pillar 2 powers. The most appropriate context for doing so would be the annual Supervisory Review and Evaluation Process exercise. Any measures adopted by the ECB would, however, always be applied from a prudential perspective and not from a crime avoidance perspective.
The same principles apply in other governance-related areas of the ECB’s supervisory activities. For instance, AML/CTF-related findings can be used to assess the suitability of a (proposed) board member in fit-and-proper proceedings (for significant banks) or of a proposed acquirer of shareholdings in a bank, in qualifying holding proceedings (for all banks). Here too, the investigations must be carried out by AML authorities, but the ECB can take their findings into account within the scope of its own responsibilities and tasks.