De-risking: How it is changing the face of AML compliance programs
The last decade has brought with it sweeping changes to the financial industry that has made it increasingly difficult and costly for banks, money services businesses (MSBs) and other financial institutions to fulfill their anti-money laundering (AML) compliance requirements. Under pressure from executives, board members, and regulators alike, many banks have taken aggressive steps to reduce their exposure to fines and penalties. One such step that is becoming increasingly common is to sever ties with smaller financial organizations that they consider high risk, including MSBs, non-profits, foreign embassies and correspondent banks.
Known as “de-risking”, or “de-banking”, this practice sees larger financial institutions end certain lines of business, sever relationships with or close the accounts of smaller financial institutions. While this minimizes the larger bank’s risk exposure, it has significant implications for the smaller respondent banks that rely on their correspondent banking relationships (CBRs) to access international financial systems. Being denied this access further isolates some of the world’s most vulnerable areas, including developing nations, and drives many to smaller, potentially non-compliant financial institutions or illegal “shadow markets” of cash transactions to get the services they need.
The National Bank of Kenya is one affected bank, making news after Deutsche Bank decided to end its CBR with the institution due to suspected money laundering activities. The issue of de-risking has also grown in such proportions that in Belize, for example, only two banks maintain CBRs. The Caribbean has been hit particularly hard by de-risking, with a World Bank report indicating that 89% of jurisdictions in the region have reported significant declines in CBRs. The situation is dire enough that the Barbados-based Caribbean Development Bank (CDB) has even stepped in, putting USD $250,000 toward increasing financial transparency and helping limit the loss of CBRs in the region.
Changes to the AML compliance landscape
As they attempt to navigate this new landscape, respondent banks have had to adapt and evolve in order to reduce their risk to correspondent banks in a bid to avoid losing the relationship. De-risking is actively reshaping AML compliance programs in affected areas as financial institutions have had to re-evaluate and adjust their programs as part of their protection strategy.
These shifts include:
Leveraging more advanced technologies
As a report from PwC notes, while prudent relationship management is certainly part of solution, it is only one factor. With the massive volume of transactions being processed through CBRs, respondent banks will have to move toward implementing more cutting-edge, data-driven technology to continuously monitor all data and transactions in order to detect criminal activity such as money laundering. As Marlon Cooper, Managing Director of Symptai Consulting in Jamaica observes, “There has been a conflation of regulatory requirements—especially FATCA requirements. This is driving many companies to discard their manual processes and instead opt for comprehensive electronic solutions that use intelligence and analytics. The companies are also looking for solutions that will address risk across as many areas as possible.”
Many respondent banks are implementing technologies that help create an effective transaction monitoring program, which is highly important to CBRs. To get ahead of their AML risks—and thereby appear less risky to larger financial institutions—respondent banks are working with solutions that monitor their information and transactions to generate alerts that can be remediated before they impact correspondent accounts.
Advanced AML compliance solutions are also being used to detect missing or incomplete data captured during onboarding; it’s essential that there is a verification process in place to ensure that know your customer (KYC) compliance requirements are met. In addition, AML solutions should also calculate and maintain customer risk scores based on defined metrics that are updated as the customer’s information or circumstances change. This helps ensure that respondent banks know, at any given moment, the risk that each customer poses to them—and therefore to their correspondent banking partners.
Going above and beyond
To secure the trust of their correspondent banking partners, respondent banks are increasingly having to demonstrate their commitment to their AML compliance programs by not only meeting the minimum expectations set out by regulations, but by going above and beyond them. For example, some institutions are adopting the World Bank’s recommendation of having customers sign and submit a form declaring the identity and details of the ultimate beneficial owner (UBO) of a business relationship or transactions. Although not required by law, these declarations can deter individuals from falsifying information because they are written to state that criminal penalties will be placed on anyone found to have intentionally made a false statement on the form.
Respondent banks are also putting extra effort into staying on top of trends and methodologies, and doing their best to anticipate upcoming changes. Being able to foresee new types of criminal activity and respond proactively is valuable when it comes to protecting CBRs. This skill is helping respondent banks be better equipped to determine if a particular service area they have is vulnerable to new risks, then allowing the bank to decide if it’s simply not worth the investment of more effort or resources. Communicating this decision to correspondent banks demonstrates that compliance is at work within the respondent bank, and is an indicator of willingness to make tough decisions on compliance when needed.
Comparing risk appetites
Respondent banks such as the National Commercial Bank Ltd. (NCB) in Jamaica have realized that if its risk appetite is misaligned with that of the correspondent bank, there is an increased chance of de-risking. As Dave Garcia, General Manager, Group Legal & Compliance at NCB, noted in a recent webinar on de-risking, proactive respondent banks are adjusting their AML compliance programs by objectively assessing their risk appetites by formally documenting a risk assessment for their organization when possible. If a risk assessment cannot be developed, the bank must fully understand its risks based on its business model and strategy. Some respondent banks are also reducing risk by placing additional resources in at-risk areas in order to provide more complete coverage.
In addition, banks such as NCB are implementing other measures to reduce risk levels. “You must have a correct handle on the risk and how to manage it,” says Garcia. “In terms of monitoring our foreign currency cash flows coming in through NCB, we did a combination of policy-related activities and fee and transaction-based activities. For instance, we increased the fees associated with foreign cash lodgments in order to assist in driving that activity towards instruments and direct transfers. We also imposed limits on foreign currency cash transactions, both for our retail customers and our financial institution customers.”
Equipping the appropriate staff
In response to de-risking, many smaller financial institutions have begun aggressively redistributing staff as needed to best accommodate the needs of their correspondent banking partners. These employees are also receiving advanced training in order to be very knowledgeable not only of AML/CFT (combatting the financing of terrorism) requirements, but of the correspondent bank’s expectations. Designated staff frequently communicate with their correspondent banking partners, inspiring confidence in their compliance program by keeping them informed of business activities. Employees with skills in clear, timely, thorough and accurate communications are placed in these roles.
Staffing changes are also being made to ensure that there is a sufficient number of employees dedicated to verifying the accuracy of any customer information obtained during onboarding and throughout the duration of their relationship with the bank. Some respondent banks, such as NCB, have designated separate staff who are responsible for collecting and verifying that this information is accurate and error-free.
Not just a phase
While an unfortunate reality, de-risking is a practice that is only gaining momentum. To protect their business interests, both correspondent and respondent banks alike must continuously evolve their AML compliance programs to adapt to the landscape. By demonstrating their commitment to a strong compliance program, respondent banks become less risky—and therefore less of a liability—to their correspondent banking counterparts, ensuring continued access to the CBRs many regions of the world are heavily dependent upon.
To learn more about how de-risking is impacting correspondent banking relationships, download our white paper, Three Key Processes to Save Your Correspondent Banking Relationships.
About Andrew Simpson:
Andrew Simpson has close to two decades of experience in the information systems audit and security business; specifically data analytics, interrogation and forensics. He is a regular contributor to various auditing conferences and is acknowledged as an expert on continuous controls monitoring and revenue assurance.
Connect: Andrew Simpson