Introduction

The phenomenology tied to money recycling, to financial crimes, to the "deviances" (1) of the market, and everything that has been constructed in the regularization of the finance pathologies, in recent years, allows, together and indubitably, moving the considerations on the approach – in my opinion completely innovatory – to the "prevention", rather than the "repression" of such situations.
"Situations" is a deliberately generic term, which I intend to utilize to remind, where there is still the need, that recycling, in all its forms, generates events; facts; default; elusion and evasion of regulations; distortion of the mechanisms relative to the destination of savings; acts of terrorism; associationism of the Mafioso variety; regulation arbitrage; distorted speculation (because the "good" one, so they say, "is the essence of the market"), market misuse; disloyal competition; credit risks; operative risks and the list could go on.
Up until today, I think I can say, that notwithstanding a significant improvement in the results (2) and techniques of investigation, the
"repressive" phase of the phenomenon de quo does not make progress, but not only for lack of means and an adequate "jurisprudential tradition" (3) .
This, in fact, does not greatly disturb the writer, who well knows the value, the attention, the recognized (also at international levels) expertise of the Police and Security apparatuses of our Country, together with that of the Anti-mafia Judiciary and of that apparatus specialized in investigations of the type of crimes under discussion.
Instead, attention must be addressed – to avoid using the term "alarm" – to the underestimation and superficiality of the approach to the "prevention" of recycling on the part of subjects delegated to this by the European and domestic regulations, since 1991.
Preliminarily, it should be clarified that:
- the reference is to the financial intermediaries, the free-lance professionals, the so-called "non-financial" subjects (i.e. real-estate agents, gold and jewellery traders, gambling houses and auctioneers etc.);
- the task of "prevention" assigned to them is still too confused with a (presumed) "repression" – as, it is said, is the privilege of other individuals and institutions – which the Law does not name; so much that the result is scarce (4) , both in terms of aid to the work of the investigators and, above all, in terms of organization of systems of "internal control" and of effective “compliance" for the same firms/corporations/companies which must, ex lege, utilize them as primary "tools" for prevention of the market risks (among which, recycling is fully represented!).
Let us try to see the reasons, even though considering the limits that this kind of argument will necessarily show in this article.


Recycling is "typical" risk

The three European Directives against recycling (5) – the last also against the financing of terrorism – have, however, always referred explicitly to recycling as "risk", and not only as crime. This, also, on the grounds of the unequivocal indications coming from other, and much more important legislative sources (6) .
It is affirmed, erroneously, in fact, that the third of these directives (7) contains the innovation of the so-called ‘approach based on the risk’, since the real novelty lies only (but it is, however, not little!) in the jurisdictionalization and proceduralization of said approach.
When the preliminary considerations, 22 and 24, of said provision speak of "risk-based approach", which is manifested, as we see, in specific measures of detection and monitoring of the same, they say nothing more than what is already found in various passages of the preliminary considerations and articles of the previous directives.
It is sufficient to makes a textual search for "key word" to realize how the leitmotif of the provisions de quibus is the "risk of recycling".
And since the Directives have a clear imprint of "prevention", taking – always in my opinion – almost for granted the necessity of "repression" of the phenomenon; since the latter is entrusted, by the national regulations, to the practice of the criminal legislation; the term "risk" being clearly of economic-finance derivation, the syllogism is easy.
The danger is all for the corporate State, the economy, the system, whereas it becomes juridical at the moment in which the damage makes impact and "offends" the person, his property, the enterprise and the market; but this is due to the crimes the legislation has provided for: it is the cause of the phenomenon, not a consequence.
Without what the international regulations call "predicate offences", in fact, there is no recycling; and it is notoriously easier to judge, after the obvious investigations and diagnoses of the Investigative Police, the presumed crime from which the recycling derives.
Our Central Bank, in the "Surveillance Instructions for the Credit Intermediaries" (8) , has, for some time, been aware of such reality. Title IV, Chapter II, Section II of the Provision, at paragraph 2.3, distinctly identifies – after the classic ones "of credit", "of tax", "of opposing party", etc. – the so-called “other risks" among which, that of recycling. It is expressed in this way: "The banks adopt adequate internal measures to avoid any involvement, also unknowingly, in facts of recycling".
This following part is included, not by chance, in the chapter on "internal controls"; "the definition of a good system of internal audit passes for the choice and adoption of suitable organizational and procedural safeguards, actions and instruments which allow the management and compression of the risks" (9) .
If it is true then, as it is true, that recycling is not only a crime, but "operative risk", it should not surprise anyone that the international regulations, urging the national ones, made request to the financial intermediaries – and little by little, to other obligated subjects in virtue of the widening and diversification of the courses of money laundering and wealth from illicit origins – for that "active collaboration" which is manifested in the adoption of noted systems of identification and registration of the clientele, as well as the reporting of suspect operations.
The collaboration de qua is, however, "bi-directional" (as I like to define it), to the contrary of those who believe it to be only a social usefulness or those who are able to describe it – I don’t know with what convincing argument – as something with a para-investigative nature.
The intermediaries and, more in general, the obligated subjects keep data-bases available to the Authorities, or rather, report to them suspect operations, sparking off (by doing so, let us remember, the nature and function assigned to them by the clients, comes to an end) not news of crime, but (potential) (10) investigations by the Investigative Police and/or Intelligence activities.
The Authorities, in their turn, furnish return flows in terms of information, statistical data or orientation on the extent and quality of the phenomenon, guaranteeing an easier monitoring, and according that activity of "qualified consultation" which the operators use not only to better comply with the obligations in examination, and avoid the risk of sanctions, but above all, to maintain at a distance from their everyday activities, from their accounts and from their clients, the risks of infiltration of illicit capital and of utilization of same in contempt of any rule of wise administration and stability of the structures which are insurmountable parts of the process of correct collection and allocation of savings (11) .
To complete the picture, from the viewpoint of Italy assuming the introduction – also in our financial system – not only of the rules of compliance; that is, the "conformity" of the actions and works of the banks and the financial intermediaries to the dictates of the laws and of the sector regulations, but also of the international best practices.
The same Banca d’Italia (12) , when it delineates the optimal structure of the function in question, it is imposed as supplement to the structures of risk management, but also, and above all, as incentive and "certification" – to a certain extent – for the company activities to conform to the better criteria of management.
Well then, tasks in matters of anti-recycling are entrusted also to this function, but oriented, not so much to controls ex post, as to the identification ex ante of the areas at risk and of the consequences deriving
from the failed adoption of consequent comportment, in abidance with the regulations and suggestions of the Authorities.
All this apparatus of controls and levels of close examination of the operative risks function (rectius, should function), in the provisions of the national and super-national regulators, in the same way and with the same intensity, in the on-going monitoring process of credit allocation; the intermediate resources; the trust granted and generated in the clientele; the services furnished; the transparency of the rules of offer; the compatibility of the organizational structure with the needs and expectations of the shareholders; the rules of conduct; the accountability of management; privacy; the security of the employees and much more (13) .
And so, as has already been affirmed in other places, "The reason for the reticence on the "recycling risk" escapes the writer, as does the reluctance in assuming it as such, instead of acknowledging it and metabolizing it in the "management of business". (14) .
Today, a particular object of vehement opposition by the intermediaries and, especially, by free-lance professionals is the provision of the obligation – clearer than in the past (but also justified by Art.23 of the new Decree) – of "abstention" from the potential establishment of relations with non-collaborative clients, who do not furnish the necessary information as to the exact qualification of their operations and to the so-called "adequate verification".


The “risk-based approach”
as an instrument in the
prevention of recycling

The “administration ex lege” (15) of an “approach based on the risk” to the subjects delegated to the prevention of recycling constitutes the real challenge for the system of prevention of recycling, a completion (and support) – where able – of the above mentioned new approach.
The risk-based approach actually originates, in our opinion, from Art. 3 (even before that of the part dedicated to the purpose) of the Decree 231.
In fact, and going back to the logic of the “principles”, it distinctly identifies what it defines the “general principles” of anti-recycling. Actually, all of a corporation management matrix, rendered compatible – which is my starting theory – with the force of the Law.
It is no longer said to obligated subjects – or rather this aspect is toned down compared to the past – “to do this or that”, but now, it is “to put yourself in the condition of doing”.
In the logic – that finds a single precedent in an almost “homonymous” law (the 231/2001, on the responsibility of the juridical persons (16) , also this with Anglo-Saxon origins, (the so-called American compliance programmes), asks for the preparation of “suitable and appropriate systems and procedures” to meet those which – precisely! - jurisdictionalized, appear (to the jurist) like “obligations”, but which are, instead, “principles of governance”, they are real and proper risk policies:
- adequate verification of the clientele;
- the reporting of suspect operations;
- the conservation of documents;
- the systems of internal control;
- the assessment and management of risks;
- the guarantee of the observance of the pertinent dispositions (compliance);
- communication
Art. 20 of the Decree 231/2007, faithful to the Directive, introduces into our System that which was already in nuce in the 2nd Directive, i.e. the approach based on the risk (17) .
To better understand the importance, the GAFI compiled a Guide in June, 2007, which is illuminating in its contents (18) .
An extremely opportune clarification is found in Point 2.46, which can be very useful to dispel certain doubts (and many preoccupations!) which are enveloping the application of the new informatory principle of the anti-recycling obligation fulfilments. It says in fact, that, in a context of approach based on the risk, “it is not possible to specify exactly what a financial intermediary must do, in each case, in response to the requirements of the Authorities”.
One can, however, as mentioned above, take the trouble to ensure the maximum adhesion of the systems of control to the required standards, according to the rules of proportionality.
This last principle constitutes the basis of the obligation fulfilments on the risk, and it could not be otherwise.
If, in fact, a series of measures intended to avoid the unwitting involvement in recycling matters is foreseen, these measures are taken in relation to the real exposure to said risk (ref. Art. 3 of the Decree 231/2007 and the GAFI document cited, passim). Likewise, it is true that it is difficult to weigh the proportionality, in the sense that the parameters tied to the activities (dimensions, volumes treated, operations effected, geographical location, clientele typology etc.,) cannot always be considered, either fully comprehensive or sufficient.
One could generate, therefore, amongst those who are concerned with the regulations, “the extremism of the obligation fulfilments” (allow me the expression, but it is what seems to be happening!): or nothing or everything, or too much or too little; all of this, topped of with the obligation of having to provide evidence in the case of verifications of the Authorities.
Perhaps the European Legislator could have made a little extra effort in filling this new parameter of clientele assessment with more content – something that, on the contrary, the GAFI opportunely does, in the cited Guide.
It contains a series of tables, besides principles of control and of compliance, which delineate a picture of possible obligations, besides being advisable, more calibrated to the operative reality of the financial intermediaries.
Among these obligations, and just to bear out the argument of the ascription to the organization of the obligated company, the effectiveness of the prevention of a “risk” which might be present in it, merits highlighting:
a) the application of unified policy (and unifying, I would say!) for all the group, where it concerns companies and “complex” realities (19) ;
b) the punctual verification of the risks associated to each company unit (20) ;
c) the constant up-dating of clientele data, above all, in relation to its operability;
d) the verification of the quality of the internal systems of control, including the processes for identification, registration, and indication of potentially suspect transactions;
e) the constant training of the assigned personnel.
To use civil law terms, the prevention of the risk of recycling no longer implies obligations “of result”, as one could assume by reading the previous Directives – even though, fortunately, it has never actually been explicitly required – but rather an “obligation of means”.
A “laissez faire” approach, suitably guided, which leaves to the market the production of anti-bodies necessary to resist the recycling “virus”.
With a burden of furnishing the evidence, obviously reversed; the preparation of the means (or better, the choice of the more effective ones) is left to self-regulation (perhaps too much), but nevertheless, conferring more importance on the demonstration (to the regulator) that everything objectively possible has been done.
It’s impossible not to see in this principle – automatically deriving from the above regulations – an excess of intrusion into the sphere of autonomy of the obligated subject.
To sustain the contrary, one need only remember the use of “good sense”, which implicitly (and more than other things), is required in the application phase of the anti-recycling regulations, and the growing recourse to models of behaviour founded on self-regulation in the financial and corporate ambit.
The streamlining of the principles and operational procedures, these last made less muddled by the attenuation of “bureaucratic” paperwork based on often impossible obligations (21) cannot but accompany – not to incur the free-riding – a request for non-evasive collaboration of the obligations which are fulfilable.


The “risk profile” of the client
as an instrument of prevention

The approach based on the risk becomes still more concrete, in a more “administrative” manner, in the coinage of an anti-recycling rating of the clientele.
In the idea of the Directive and of the Decree 231, the monitoring of the relation, made obligatory by Art. 15 as one of the moments of the “adequate verification”, is done (also) through a profile of risk, which takes into account a series of elements, known and unknown (but knowable) to the intermediary or to the professional.
On the model of credit scoring, and of the financial judgements of rating, the regulations require the information on the client to be interpreted as an on-going small history, making the information homogenous and classifying in a way which enables to perceive signs of risk.
Up to this point, there is nothing new for those who, for years and for “statute”, have had to evaluate whether or not to entrust money to a client, as well as, to accept or not, a professional assignment.
However, there is something new: that this course is no longer (solely) entrusted to “sensations”, or to contracts, or bank statements, but to a series of elements that are processed and go to constitute a “procedure”, and as such, is subject to regulations and controls.
For these reasons Art. 20 of the Italian Decree of adherence indicate the following criteria for “the evaluation of the risk of recycling or of the financing of terrorism”:
- with regard to the client - its legal nature; the prevalent activity; the comportment held at the moment of the establishment of the relation or at the accomplishment of the operation; the geographical area of residence or office;
- with regard to the operation or relation - the typology; the modality of execution; the total expenditure; the frequency of the operations and the duration of the relation; the geographic area of the destination of the product that is object of the service, or rather of the continued relation.
Actually, it is information that is in the cognitive store of the obligated subject, both because acquired by contact with the client, and because, to a larger extent, the registration (in the only anti-recycling Archives - be they computerized or on paper) are obligatory.
What the intermediary or the professional are not able to know – unless with frantic and “para-investigative” research, in any case forbidden – must be declared by the client at the moment of the compilation of the document of adequate verification: dealing with the “scope and nature of the operation/relation” and the “effective owner” of same. The whole “self-certified” ex Art. 21 of the repeated Decree, holds the client responsible – criminally sanctio-

nable – for givingany fraudulent or untruthful information. At this point, by combining the information already in possession with that gathered at the moment of identification, the addressees of the regulations have inherited a comportment “profile” on the clientele – naturally to be treated with all the measures of security and privacy prescribed by our regulations on the subject. The whole (22) is not functional solely upon indications of suspect operations, but certainly will allow a more precise and “guaranteed” method of investigating them (23) . The foregoing renders even more, according to the writer, the idea of an instrument of prevention of a corporation risk; given that not all profiled subjects are recyclers; that 90% of them are discovered with procedures “to the contrary” (24) ; that if the profiles are not wisely used and evaluated, it could turn out to be a defence system which is even excessive with respect to its own finality. This facilitation then, is up to the Corporation or the professional Office to defend. This is the new approach (and the future) of the measures to counter recycling, which must begin – more convincingly – with the prevention. Procedures and means to effectively carry out prevention are, of course, suggested and induced by the law, but are also subsumed in rules that the law itself could never identify in an exhaustive manner, if not by including measures and models derived from corporation management practices.

photo Ansa