Re-assessing the risks
Serving low-risk clients in high-risk markets is made harder by financial crime compliance obligations, but not impossible
Financial crime compliance is very different from the political processes that give rise to the rules and sanctions lists with which banks and others must comply. It is as unequivocal as a light switch: there is no gradual withdrawal of darkness, nor partial application of light. “Compliance is not negotiable,” says Jochen Metzger, head of department, payments and settlement systems, Deutsche Bundesbank.
In the context of geo-political shifts, financial crime regulatory requirements are continually reshaped by events, but the obligation on banks to comply is constant, fixed and immovable.
Political leaders express goodwill towards former ideological adversaries; diplomats negotiate partnerships with once-hostile counterparties. But where sanctions apply, they remain switched on until they are switched off. “In high-risk jurisdictions, a high quality of compliance standards and their application are the crucial factor in the decision process whether business in the end will be conducted or not,” says Metzger.
For international banks, de-risking options are very much on the agenda, including the ultimate don’t-go-there option, which might be understandable from any individual bank’s perspective, but is politically unacceptable if pursued collectively. Increasingly, the question is: can technology help banks to comply with regulations while also profitably serving low-risk customers in potentially volatile, high-risk markets? And if technology holds the key, what role does risk management play, from an overall governance perspective and on the ground?
New models, new technologies
In compliance and in banking more generally, technology is only an enabler, albeit a critical one. Compliance is not just a matter of implementing technology, however many systems, solutions and frequent upgrades it might require to keep within the rules. At the same time, changing business and risk models and emerging payments methods open up new opportunities, rendering existing remote markets more accessible. Advances in technology help make these new business models possible: more transparent transaction chains – enabled by technology innovations such as blockchain – can enable banks to nurture client relationships they might previously have shied away from.
But the compliance obligation – at the risk of repetition – doesn’t change. “Independent of underlying trends in business models, legal requirements need to be applied properly. Compliance processes and their proper application must not be left behind due to innovations and possible disruptive trends,” Metzger adds.
The evolution of financial crime compliance practice by banks can be viewed positively. “Compliance adds real value. It protects reputations and saves lives. If your anti-money laundering/counter-terrorism financing efforts catch something, think about what you might have prevented,” says Stuart Weinstein, professor at the Faculty of Business and Law, Coventry University, and author of the International Securities Services Association’s study on ‘Transparency in Securities Transactions and Custody Chains’. Weinstein argues that financial crime compliance is a “societal responsibility” for individual banks and the wider banking industry alike – a responsibility that is shared by regulators even more than it is overseen by them. This suggests we all have a role in maintaining compliance. But Weinstein goes further: “International banks and the whole banking system are an essential infrastructure. Banks can’t cut out whole sections of the globe from the international market. They have to find better solutions than that.”
An analogy: if you’re getting burnt, withdraw your fingers from the stove. It is wholly rational – and compliant – to address “extremely big penalty risk” by withdrawing from relationships, and indeed, from whole markets – Somalia, for example. Cutting out whole sections of the globe, as Weinstein puts it, is an extreme form of de-risking, and in the short term, it does indeed amputate a whole set of risks. But to sever an array of relationships, to withdraw from a geography, is not only to cut off today’s dialogue; it is to put the phone down on tomorrow’s potential, which may be harmful to future profits, more so to political stability. “As banks derisk, people invest less in their due-diligence processes and they invest less in their correspondent-banking relationships, and it really should be the other way round,” says Weinstein.
For banks unwilling to accept the opportunity costs inherent in extreme de-risking Weinstein highlights possible ways forward. “International banks and their correspondents have to work together. Blockchain technology has the potential to introduce transparency throughout the transaction; payment-screening processes and the use of greater information helps as well. Data analytics is very promising,” he says – concluding with the suggestion that a “good-faith standard” backed by technology-enabled transparency and mutual understanding may be more effective than today’s strict-liability standard.
Consulting Group McKinsey & Company put out a paper in January 2016 – ‘A best-practice model for bank compliance’ – that gives an interesting slant on de-risking. The paper’s authors, Piotr Kaminski and Kate Robu, director in McKinsey’s New York office and principal in the Chicago office respectively, argue for “active ownership of the risk-and-control framework” alongside “integration with the overall risk-management governance, regulatory affairs, and issue-management process”. The paper makes a very neat point: “Compliance risks are driven by the same underlying factors that drive other banking risks, but their stakes are higher in the case of adverse outcomes … Therefore, it’s only fitting that a modern compliance framework needs to be fully integrated with the bank’s operational-risk view of the world.”
In the current environment, compliance considerations are inherent in the business of banking. But if improvements in technology and processes allow banks to engage with risk rather than stepping away – even where that might seem the prudent move – how do we exploit the opportunities while avoiding the pitfalls? Beyond core compliance, what are the next steps to safely banking low-risk clients in high-risk jurisdictions?
Risk and reward
For reasons of politics and profits, banks must be able to support sound business cases when the appropriate opportunity arises. “In principle, it should be possible for correspondent banks to safely bank low-risk clients in high-risk jurisdictions. However, the underlying risks involved need to be addressed and minimised by applying compliance standards and requirements accurately. Compliance and its proper application may not only add value to an evolving correspondent model, but in the end may be the key to conducting business successfully at all,” says Metzger.
Compliance requires engagement, and engagement requires communication, and ultimately, the determinant of successful compliance is the communication of best practice down to the local level. As well as enterprise-wide risk management policies and processes that are coordinated and calibrated to the bank’s overall risk appetite, this ‘risk-sensitive’ approach to financial crime compliance also demands education, if not enterprise-wide then certainly at several levels within the bank, especially for client-facing staff. While bank staff need constant education in understanding and identifying the different types of risk that new clients and markets represent, they too can be the educators. As a compliance culture evolves and takes root within banks, and the understanding of compliance obligations become embedded, there is also an opportunity to educate local clients on how to comply with sanctions and identify behaviours and patterns consistent with criminal activity.
We have the technology and the will. We can, as Weinstein suggests, save lives. So, is it time to take the more extreme de-risking options off the agenda of effective compliance? Do we have the skills and the tools to achieve the levels of engagement needed to safely bank low-risk clients in high-risk jurisdictions? Given the penalties for non-compliance, it’s a judgement every bank must weigh seriously and continuously. “The solution to that one,” Weinstein says, “is the customer-relationship person at the local bank. Every day, people who work in those banks have to deal with these situations; every day, they have to rely on their gut sense, which is usually right. They’re the unsung heroes of compliance.”
Find out more from industry experts at the ‘How to safely bank low-risk clients in high-risk jurisdictions: Is it time to “re-risk”?’ session, which takes place on Monday 26 September at Sibos 2016 Geneva.