In recent years, U.S. authorities have increased their scrutiny of financial institutions’ antimoney laundering controls. In light of this development, banks and other institutions have begun to reassess perceived or actual AML risk across their operation. The notion of how institutions address risk is gaining traction again. In January, the Federal Deposit Insurance Corp. weighed in on the issue, stressing that instead of cutting ties with entire lines of businesses, financial institutions should take a measured approach to managing banking relationships.
The recommendation comes as financial institutions have moved to a “de-risking” approach in their operations. While de-risking – eliminating or significantly limiting – business lines, products, geographies, and/or clients that pose an increased risk to AML-compliance efforts may seem prudent, it also poses significant growth challenges for financial institutions. Over the past several years, institutions have sought to reduce risk by eliminating portfolios, counterparties, or entire lines of business. However, these moves may run counter to their ability to achieve strategic business objectives. These decisions may be overly broad since they may not be focused on those risks that may pose the biggest risks to the bank: high-risk customers, politically exposed persons, and regions such as emerging markets.
Given the potential adverse impact on profitability, financial institutions face a key decision: How much should we de-risk without placing constraints on the business? Financial institutions should also consider whether or not they can sustain growth by de-risking. Since eliminating all risk may be virtually impossible, de-risking may call for companies to shed certain businesses.
Managing risk intelligently vs. indiscriminate de-risking
By taking a fresh look at inherent as well as perceived risks, financial institutions can become risk intelligent, even before they conduct a formal AML risk assessment. Boards and senior executives should consider several key questions in managing risk appropriately:
- Does the company possess a culture of compliance that exists throughout the organization or are there silos present that inhibit a more integrated compliance approach?
- Has management established appropriate incentives to incorporate AML compliance objectives across the organization?
- Does senior management set the tone through active engagement and involvement in AML risk mitigation?
- Are the company’s policies and procedures aligned with the business’ operating model, and its various lines of business?
- Does management possess a holistic view of its customers across geographies?
- Are the company’s various reporting, technological, and other systems integrated geographically?
- Is our ongoing compliance monitoring and testing sufficient to identify potential weaknesses?
The Financial Action Task Force (FATF) appears to have noticed the de-risking trend. In October,1 it stated that certain financial institutions are overreacting due to regulatory actions and are eliminating business lines and clients. It continued by emphasizing that a “wholesale approach” should not be viewed as the be-all and end-all solution to appropriately managing AML risk.
The FATF expressed several concerns due to de-risking, such as:2
- De-risking can introduce risk and opacity into the global financial system, as the termination of account relationships has the potential to force entities, and persons into less regulated or unregulated channels. Moving funds through regulated, traceable channels may facilitate the implementation of anti-money laundering/countering the financing of terrorism (AML/CFT) measures.
- It is central to our mandate to ensure that the global AML/ CFT standard is well understood and accurately implemented, and that countries and their financial institutions are provided with support in designing AML/ CFT measures that meet the goal of financial inclusion.
Given these concerns, financial institutions may wish to consider other alternatives to de-risking in order to adequately manage AML risk. For example, companies may need to take into account the fact that a risk-based approach to AML compliance can create enterprise value. By adding another perspective that others might perceive as too risky, companies may establish a more robust control environment, which can enable senior management to pursue additional growth opportunities.
For example, some financial institutions have forged new relationships or offered new products in jurisdictions with a perceived higher risk of money laundering or other types of corruption. As a result, in some cases, financial institutions have been imposed fines or other penalties due to these ventures. Today it seems that a number of large financial institutions are revisiting or exiting their overseas operations to reduce the risk of potential enforcement action.
While entering high-risk markets – either through a new business or geographic market – may present significant revenue opportunities, the AML and regulatory risks may also be significant. As such, if senior management is not confident in its existing AML controls, it may opt not to pursue an opportunity due to potential regulatory intervention. However, senior management at a financial institution with robust AML controls may pursue it, while still maintaining overall AML risk at a tolerable level. It may do so by implementing additional controls to counter both perceived and inherent AML risks that enable it to pursue new relationships that can help it to achieve its growth objectives.