The European Banking Authority (EBA) announced an opinion on money laundering and terrorist financing (ML/TF) risks in the EU with a remarkable title: A careless use of innovative compliance products can lead to money laundering and terrorism financing risks.

Of course, technical tools (such as AI) do not lead to ML and TF risks. What is being said here, albeit inaccurately, is that incorrect use of technical tools can result in ML and TF risks not being adequately detected, even though the user of those tools is obliged to do so. The title is probably caused by the laundering-reflex that characterises everyone involved in anti-money laundering: if you don’t do something right, you’re laundering money (even if you don’t have a penny of criminal money in your possession).

It is surprising that the EBA writes that de-risking would have been reduced [1].

The rest of the opinion contains passages that are consistent with what I have read before, such as the assumption that terrorist financing can be detected through transaction monitoring. I also continue to find it surprising that governments believe that financial institutions understand tax law and can detect tax crimes, especially since tax crimes are “self-laundering”.

As usual, it is assumed that PEPs (politically exposed persons) are relevant to the detection of criminal money, while I have yet to find any evidence that PEPs are more relevant to crime fighting than, for example, customs officials and police officers. It would be mature of the EBA to take a critical stance on anti-money laundering concepts, such as the ridiculously broad definition of PEP, but perhaps I cannot expect that from the EBA.

A slight criticism can be detected in the passage on targeted financial sanctions: the EBA acknowledges that it is very complicated for financial institutions [2] (so it is understandable that the rest of the business community does not understand it at all).

The EBA is paying attention to the increasing digital risks in financial transactions. Unfortunately, this supervisor is not paying attention to the inherent data protection and cybersecurity risks associated with the AML/CFT-system itself. It is important that this attention is given, otherwise citizens and SMEs will become victims of the success of AML/CFT regulations.

Notes:

[1] Paragraph 3.12. of the opinion, ‘Competent authorities took actions to tackle de-risking practices.‘
[2] Paragraph 3.13. of the opinion.