Banks are de-risking due to lack of regulatory direction

While regulators ramp up their warnings on the consequences of wholesale de-risking, banks are requesting clearer and more specific guidance related to anti-money laundering (AML) and counter-terrorism financing (CTF) compliance.

The lack of regulatory guidance on how to continue serving companies in high-risk countries is particularly worrying when the risks of non-compliance are so high, said Danny Sanhye, head of the financial intelligence unit for Europe at HSBC.

"There is a perception now from regulators of intolerance, that [AML] breaches are unacceptable," he said, speaking at the Association of Certified Anti-Money Laundering Specialists' (ACAMS) European conference in London on May 28. "And this has triggered a reaction from financial institutions, which is called de-risking. This is not a good thing, because we are not helping to fight money laundering." Instead, the withdrawal of banking services from certain sectors or regions creates avenues for criminal activity, he said.

Speaking on the same panel, Chrisol Correia, a director, AML global at LexisNexis Risk Solutions, also warned of the paradox of mass de-risking: "In one way de-risking is seen as a means to eliminate the risks of AML compliance, but at the same time it may increase the risks of AML by driving it underground."

While global banks are increasing investment in AML/CTF compliance to mitigate their exposure to various risks, the challenges of keeping pace with know-your-customer (KYC) rules are vast, the conference heard. Internal hurdles stem from siloed business units operating in multiple jurisdictions, and cultural difficulties related to data screening makes things difficult on the ground: in some countries, for instance, it is common for citizens to not have passports or forms of ID such as proof of address.

In one way de-risking is seen as a means to eliminate the risks of AML compliance, but at the same time it may increase the risks of AML by driving it underground

Regulators refocus expectations

The Financial Action Task Force (FATF) updated its guidance in October 2014 to remind banks of the need to take a risk-based approach to clients and sectors, pointing to indicators from national risk assessments, typologies and financial intelligence units.

But with many banks closing the accounts of money services business, charities, non-governmental organisations and online gambling companies, regulators have refocused their expectations in the past few months.

The UK's Financial Conduct Authority issued a regulatory statement on April 27, reminding banks: "We are clear that effective money-laundering risk management need not result in wholesale de-risking." Meanwhile in the US, the Federal Deposit Insurance Corporation has reminded firms of the importance of case-by-case customer assessments and the implementation of controls to manage individual relationships accordingly.

But this is often contrary to the conversations banks are having with their regulators, said LexisNexis's Correia. "As I understand, it's not uncommon for a regulator to say 'well, actually, you can't do business with these types of customers'."

He said the debate "doesn't seem to be resolvable". When a business is faced with low margins, there may be no way to sustainably manage the compliance risk by going through a case-by-case assessment. "It may actually become a compliance issue because it pulls away resources from higher risk priorities."

"Sense of uncertainty"

Confusing things further still, a wholesale approach to de-risking may sometimes be considered acceptable when political and economic priorities are involved, said Correia, pointing to the sanctions levelled against such countries as Russia, Iran and Somalia, where disengagement is encouraged by enforcement authorities.

"And this has led to a sense of uncertainty. That is compounded by what I think is a relative lack of guidance in Europe between regulators and enforcement agencies and obligated institutions," he said.

Correia said that in the US, the Office for Foreign Assets Control (OFAC) seems a lot more proactive in educating its authorised institutions about its expectations. "It could be that perhaps OFAC has more resources, but there seems to be more openness for either formal or informal channels to discuss these matters in greater detail, whereas I think that may be a bit lacking at times over here."

On another panel on May 29, David Clark, financial crime leader at GE Capital, said he doesn't like the word de-risking. "I think there is just some funky risk management going on under pressure and we actually just need to refine it. You're never going to get to a case-by-case basis because of the volume of businesses [global firms deal with]."

"At the end of the day though, you need to look at the costs of compliance. A lot of banks out there aren't doing it for the public service, they're out there to make a profit, and they're bringing those calculations in as well," he added.

John Byrne, executive vice-president at ACAMS, said there is no easy answer. "Obviously, in general all of us want to see financial inclusion and help economies, but, on the other hand, financial institutions are pushed against the wall ... I don't get the sense that the regulators have been part of the conversation, but I think they have to be in order to try to solve this."