Global banks still suffering from lack of risk appetite
Banks are in the risk business. So what happens if regulators tell them to stop taking it?
A few of the globe’s top anti-money laundering watchdogs have conceded that their rules could stand to be a bit clearer - lest banks exit the risk business altogether.
“To some extent it’s not transparent,” Financial Action Task Force (FATF) president Je-Yoon Shin said recently at Sibos, a global payments and compliance conference in Singapore.
Shin was commenting on just exactly how much risk a bank can take on global payments according to the recommendations issued by FATF, an intergovernmental oversight body.
It is planning to issue a set of guidelines next June to clarify the first set of rules and help banks figure out how to calibrate an acceptable level of risk.
But in the wake of recent fines, the latest being nearly US$9 billion levied on BNP Paribas over sanctions violations, the current level of acceptable risk feels like zero for many banks.
“We are living in a very particular moment in the [anti-money laundering] arena because we are over-complying sometimes,” Guillermo Horta, head of global financial crimes compliance in the Americas at Bank of America Merrill Lynch, said at the conference. “The fear of the banks against regulatory actions has driven us to a state where rather than just complying with the regulatory requirement, and making sure we have an effective process to manage risk, we are just trying to eliminate risk.”
Much of the opacity surrounds requirements on the amount of due diligence that banks must do on their customers and at what point they should sever a relationship.
FATF has asked banks to take a “risk-based approach” in monitoring clients. This means that in higher-risk countries and industries, the banks raise their standards for tracking and catching suspicious transactions.
But FATF and many individual country regulators also clearly state that they have a zero-tolerance policy for infringements of the code.
As the industry continues to brace for billions in fines, banks say the risk-based approach is playing out as a zero-risk strategy on the ground.
“I still think there is a disconnect,” Jack Jared, head of business compliance and risk at Citi, said at Sibos. “We talk about risk-adjusted procedures and a risk-adjusted basis, but the perception out there is that there is zero tolerance.”
The current regulatory regime was a mix of clarity and questions on how far banks could stimulate their appetite for risk, said Henry Balani, head of innovation at payment solutions firm Accuity.
“If the regulation is clear on what is sanctioned then there’s a zero-tolerance policy,” he told the South China Morning Post. “But there are grey areas, like those for politically exposed people.”
Many of the biggest fines during the past three years, including BNP’s this year, have been for the violation of sanctions. In theory, a bank should be able to flag any transaction with a country that has been subjected to sanctions. In practise, several banks have told the Post that weeding out transactions that go to people connected to such countries can be onerous and costly – and often infeasible.
Requirements for identifying political figures, also called politically exposed people, can be more difficult because even family members or associates of those people are included in the description.
For many markets, banks have chosen to simply depart. De-risking is disconnecting many businesses and banks in Asia from the formal financial system, causing a new set of problems for regulators.