At present, there are 18 countries grouped within the Middle East and North Africa (MENA) region – all with significantly differing cultures, politics, economies, social societies and current events. This paper outlines the areas of increasing risk for businesses operating within or doing business with companies operating in the region. With recent events of social and political unrest unfolding, continuous country risk assessment is now more crucial than ever.
In this paper the MENA region is taken to be those 18 member countries of the Middle East and North Africa Financial Action Task Force (MENAFATF). Shown below in Arabic alphabetical order:
Jordan, United Arab Emirates, Bahrain, Algeria, Tunisia, Saudi Arabia, Sudan, Syria, Republic of Iraq, Oman, Qatar, Kuwait, Lebanon, Libya, Egypt, Morocco, The Islamic Republic of Mauritania, Yemen.
Although these countries are grouped as one region I acknowledge that each of the 18 is significantly different to the others in terms of culture, politics, economy, social society, and current events. Businesses need to closely re-assess country risk as events of social and political unrest unfold. I will not repeat here the history of events that are extensively covered in the world-wide media, as readers will be keeping themselves informed from general news bulletins.
The most noteworthy headline news for this subject can be summarised in the words ‘Increased Vigilance Required’. Governments, financial regulators, and professional bodies are currently advising businesses that they should be particularly aware of the elevated risks of laundering criminally derived funds from the MENA region, in particular funds moved from jurisdictions with recently ousted or threatened regime leaders and other public officials. Specific advice is that businesses should ensure that their screening and sanctions systems are fully resourced and updated. Many countries have already taken action to freeze funds linked to the former President and key government figures of Tunisia, the number of which continues to grow as the new regime makes allegations and take action
Similarly, the Egyptian Government has recently requested that foreign governments freeze the assets of several of its former officials. And of course international sanctions lists have grown with the addition of figures such as Muammer Gaddafi and key Libyan regime figures.
The risk environment
The overall risk is that businesses that operate within the MENA region, and those outside who transact with businesses within the region, are vulnerable to exploitation by a myriad of persons and groups who are taking advantage of fast moving events in an environment of reduced control.
In order to appreciate the increased risks, it is first of all important that businesses refresh their existing knowledge of financial crime in the region, as it is certain that all existing and long standing risks will increase considerably as a result of social unrest. Criminals and terrorists take advantage of social and institutional chaos – distracted and overstretched authorities and compliance personnel, enable monies to flow unchallenged. Businesses should help themselves by investing in the best intelligence and risk screening systems available to them. Increased vigilance will reduce vulnerability.
In particular businesses will be exposed to increased risks relating to:
Politically Exposed Persons (PEPs)
Bribery and corruption
Financing of armed insurgency and terrorism
Being vigilant and acknowledging the risks is not enough to avoid or remove them, but it is the essential first step in being able to manage the consequences. Businesses that are surprised by their exposure suffer reputationally – they lose commercial credibility with clients and investors; they suffer economically, being hit on all fronts by criminal losses and regulatory and contractual financial penalties; and unforgivably, they can expose their staff to physical harm.
The first risk is reputational damage. Political figures from governments which have become the focus of social unrest have come to global public attention. It will be damaging to businesses not to know who the individuals are that pose the greatest risk, or whether they are the indirect or even hidden beneficiaries of assets under management. Businesses may decide not to take any action and may be able to justify that decision to regulators, shareholders, and the public but only if that decision can be demonstrated as having been made on the basis of knowing the facts. Vigilance in the form of comprehensive screening of clients against known PEPs, their family members and associates is therefore essential to manage risk and demonstrate that the risk is being managed.
Several businesses around the world have decided to take action to mitigate any damaging association with discredited regimes by working with their national authorities to reveal accounts and/or assets held under management, whether via suspicious transaction reports or other means.
However, the second risk comes from that revelation – questions are now being asked by government officials, by a critical public, shareholders, and other influential commentators such as the anti-corruption organisations Global Witness and Transparency International as to why those assets found such willing and safe homes in the first place and most often, if not always, without prompting suspicious activity reports to FIUs. Suspicious activity reports have started to increase only after national governments have made announcements, warnings, and freezing orders. Businesses in this situation should prepare a response (i.e. a risk plan) again based on full knowledge of the facts of who they have been acting for, whether directly, or indirectly.
The third risk is from new business. There will be individuals throughout the region in political positions facing unexpected expulsion from their posts who may succumb to temptation to take/move/secure as much financial security as possible. Businesses need to know who are those figures in public positions, who are their family and associates, and of any association with criminal/corrupt acts. Businesses need to be aware of the elevated risk of previously ‘good character’ PEPs acting unusually. Vigilance is not a single act but a continuous state of selfprotection.
b. Bribery and corruption
PEPs aside, in times of social and political turmoil businesses in all sectors are highly vulnerable to exploitation.
There will be a slowdown in economic growth due to the unrest; banks will be more cautious about extending loans, struggling businesses will still need loans, perhaps more so, and this limited liquidity opens up a market for criminal organisations to:
a) launder money
b) take control of legitimate businesses.
Firms in the regulated sector (particularly banks and accountants) need to understand who their clients are dealing with, not only as customers and suppliers but also investors. It is not enough to know who you are doing business with but you must also know who they are doing business with.
At times of economic turmoil investments and contracts (long term and immediate) become uncertain for suppliers, purchasers, and investors; security of employment becomes uncertain for all, particularly public officials – those conditions provide all of the motives to offer and take bribes. Criminal customers and/or corrupt staff will exploit the instability to excuse their failure to prove/ obtain the necessary identification, contractual, or other due diligence information.
Businesses need to be alert to these internal and external threats and reinforce their own anti-bribery and corruption procedures, and to insist that their customers also adhere to anti money laundering, anti corruption, and other high regulatory and ethical standards.
In particular banks need to be vigilant about suspicious activity by their clients, for example, being alert to cash extractions in high risk countries; increased payments to companies or persons for ‘professional fees’, and to be confident that their customers also have in place robust anti bribery and corruption procedures for themselves and their third parties. Importantly, businesses need comprehensive screening to apply due diligence to third party relationships, as often it is the more remote links to intermediaries that present the greatest threats.
c. Armed insurgents, terrorists and organised crime groups
These are three very different categories of people with different motives and methods of operating, and there are even distinctions within each category. For example, in some countries in the region, there is not one single easily identifiable opposition insurgency; different groups (whether geographic, tribal/ethnic, or ideological) will fragment and each pursue their own objectives – ranging from wealth protection (e.g. land claims to natural resources, trading rights), to local/ regional autonomy or national government. And what appears to observers to be a people’s movement or democratic revolution is often a separatist uprising based on ancient tribal lines, or an oppressed minority/majority attempting to reverse the power balance – rather than redress the power balance.
All countries throughout the world feel the presence and effects of organised crime; and many experience the presence and effects of terrorism; however relatively few experience the presence and effects of armed insurgents. When all three are present in any one country (and there is a high risk of this within the MENA region) the lines of distinction blur, not only due to the level of association and provision of mutual support, but more fundamentally the same individuals who engage in combat, often degenerate to terrorist acts, and general crime such as drug trafficking, kidnappings etc.
To explain further, crime groups, insurgents, and terrorists will find that they need each other. For example the recently formed or recently emboldened armed insurgents will benefit from the organised crime groups’ funding, their logistics networks, and established corrupting influence. The crime groups obtain freedom to operate and proliferate in a chaotic territory (having a clear advantage over destabilised businesses, institutions, and local government), and are attracted to future political influence should the insurgents be successful. Individuals within each group will assist the others with crimes or combat operations. Terrorist groups similarly affiliate with both, obtaining a massively increased military and funding advantage, and can bring a unifying set of values to all. The continuing evolution of terrorist financing is often towards laundering the proceeds of crime, as terrorist groups move from committing crimes to fund specific terrorist expenditure, to committing crimes just to make money. Then even after cessation of the armed struggle, many former insurgents and terrorists will continue their criminal enterprises as before.
One result of this blurring of crime category is that businesses can discover acts of suspected criminal money laundering, act in accordance with their AML risk plan but then be surprised to find themselves being pursued by national and international regulators for suspected terrorist financing – of a completely different scale of risk.
What does this mean to businesses? As well as knowing the names of leaders and prominent figures in the various insurgent, terrorist, and organised crime groups, businesses need to keep on top of the complex relationships between them and make judgements about the possible context of financial transactions, such as donations to ‘community projects’. Vigilance through comprehensive business intelligence will also be able to identify the ‘foot soldiers’ and that can reveal unknown criminal/terrorist/corrupt relationships. Essential knowledge to develop effective protective risk management plans.
d. Corporate security
In times of increased social turmoil and break down in law and order businesses must remain alert and reactive to wider, increased security risk, stemming from criminal financial motives – mainly extortion, kidnap, and theft. The principal business assets at risk are employees, premises, equipment, data, and intellectual property such as brand. Losses of any of these assets due to action by organised crime, terrorism, or armed insurgency are likely to be serious, with a high possibility of fatal consequences for any business. Businesses need to be vigilant about who they employ, who are their on-site contractors, who has access to intellectual property and to sensitive data. Good business intelligence systems enable effective screening to conduct protective due diligence. It is worth repeating that vigilance in this area of risk is not a single act but a continuous state of self-protection.
The increased risk here relates simply to the fact that more individuals based within the MENA region may be added to the array of different lists, as already mentioned Gaddhafi and other Libyan figures have recently been added. The risk is that businesses within the MENA region or businesses that trade with the MENA region may already have long established relationships with these individuals, or suspect that they do via intermediaries. The first stage in self-protection is to understand the degree of exposure and that process can be aided by business intelligence resources that have the capacity to screen names, variations of names and ‘fuzzy derivations’ and preferably, one that can disentangle the many overlapping sanctions lists, removing duplicates etc. In this way businesses can improve the efficiency of the risk and compliance departments, and most importantly help protect the business from inadvertent breaches of sanctions that can bring heavy financial penalties and reputational damage. Money laundering and terrorist financing risks.
So what exactly are the current money laundering and terrorist financing risks to the MENA region? I mentioned at the start of this paper that the increased risks are better understood in the context of the existing and often long-standing, risks.
Briefly, the reader should know that all 18 MENAFATF member countries have anti money laundering legislation, most have terrorist financing legislation in place, and the vast majority have signed and ratified the key United Nations Conventions against the Illicit Traffic in Narcotic Drugs; against Transnational Organised Crime; against Corruption; and against the Financing of Terrorism. All have established Financial Intelligence Units, in varying stages of maturity and effectiveness; and all of course are subject to publicly available Mutual Evaluations against compliance with the FATF 40 + 9 Recommendations.
Like all other countries the MENA countries are vulnerable to a wide range of harms caused by crimes and terrorist activity and associated money laundering and financing. The FATF Global Threat Assessment of Money Laundering and Terrorist Financing, published in July 2010, describes the features used; provides a table of general harms caused to individuals, to communities, and to nations at 5 different levels: physical, social, environmental, economic, and structural; and a table of the available mitigating measures to be taken. I chaired the FATF project team that created the Global Threat Assessment and was grateful for the extensive contribution by my colleague from the MENAFATF Secretariat.
The 12th Plenary of MENAFATF, held in Qatar on 30 November 2010, saw the adoption and then publication of the report ‘Money Laundering and Terrorist Financing Trends and Indicators in the Middle East and North Africa Region’, the product of contributions from 35 experts from 16 of the 18 member countries. The report covers real money laundering and terrorist financing cases; the features of those cases, e.g. the methods used such as bank transfers, use of intermediaries, purchase of moveable assets etc.; and suspicious indicators, e.g. multiple authorised persons, multiple use of single address, criminal associations etc.
Although the methods and indicators are not region specific the quoted cases bring a regional flavour that will assist firms to recognise and guard against similar circumstances. MENAFATF has other typology reports on its website including PEPs Guidance that advises screening for:
a) extended family members, and
b) close associates, including co-workers, personal advisors, and their financial consultants.
Other commentators have identified an underlying cultural feature that presents a threat to effective AML/CFT controls and that is one of trust and respect for customers/visitors. In January 2011, Hany Abou-El-Fotouh, the Founder of the Middle East Compliance Officers’ Forum, wrote:
“One of the biggest problems for AML initiatives in the Middle East is cultural customs that accept deference to customers and anonymity. Accounts lacking full identification details or with misleading information are not unusual in the region. Gathering customer information is generally a sensitive issue, as customers may view banks’ requests for additional information as intrusive or offensive. For example, it can be difficult for a bank to refuse to enter into or to exit a relationship with a politically connected person”.
The above mentioned increased risks of bribery and corruption are added to an already higher than average exposure – Transparency International’s Corruption Perception Index, the Global Integrity Index, and other assessors place countries in the MENA region as more vulnerable than the global average, although many countries have now taken significant anti corruption measures.
These recent assessments continue to describe the current risks that compliance officers need to be alive to and be active against.
MENA countries have made great progress over the last ten years in establishing and improving their prevention and detection of money laundering, terrorist financing, and corruption. Many challenges remain, as they do elsewhere in the world, but current events in the region mean that the external threats to good business have increased. That means the risks to businesses are greater, ranging from reputational damage, through lost profits due to criminal attacks, to the infliction of financial penalties by the authorities. Businesses need to take advantage of the tools available to them that will enable them to understand who it is that is presenting the threats and to allow themselves the added knowledge to devise or improve their risk management plan. Improved vigilance will reduce the opportunities to be exploited by others.
About the author
David Thomas is an internationally recognised expert in developing aligned anti-money laundering strategies. His deep understanding of suspicious activity reporting (SAR), money laundering threats, terrorist financiers and wider financial crime has seen him called upon by numerous governments and their Financial Intelligence Units who trust in his expertise and council. In 2005 David was appointed by Sir Stephen Lander (Chair-designate of SOCA and former Director-General of MI5) to be the financial crime expert in his team to review the UK Suspicious Activity Reporting (SAR) Regime. From 2006 until his retirement in 2010 David was the Head of the UK FIU within SOCA. In this role David was responsible for providing strategic leadership for the FIU, and also played a crucial role in liaising with national and international stakeholders. David was Project Leader and Chair for the Financial Action Task Force’s (FATF’s) project to design, research, and author the first Money Laundering and Terrorist Financing Global Threat Assessment published in July 2010. From 2006 to 2007 David served on the Egmont Group Committee and subsequently to 2010 he participated in each annual Plenary, and the Operational and Training Working Groups – frequently presenting the UK experience.