The reputation of a financial institution is one of its greatest goods. Pressured by large amounts of new regulations, it is understandable that many organisations are confused how to comply. In order to ensure compliance, firms therefore often shy away from any form of business activity where there is even the slightest possibility it could harm the institution. That, however, damages business, excludes start-ups and entrepreneurs from access to financing. What is worse though is that it does not necessarily cancel the risk for financial institutions. A case study.
When the FATF published its Guidance on the Risk-Based Approach for Effective Supervision and Enforcement by AML/CFT Supervisors of the Financial Sector and Law Enforcement in 2015, it also reported on its efforts to tackle de-risking. In a press statement, the organization said that the “drivers of de-risking are complex and include: profitability; reputational risk; lower risk appetites of banks; and regulatory burdens related to the implementation of anti-money laundering and counter-terrorist financing (AML/CFT) requirements, the increasing number of sanctions regimes, and regulatory requirements in financial sector”.
The FATF had rightly identified that the rising regulatory expectations with regard to preventing money laundering and terrorism financing had spooked financial institutions to a point where it damaged legitimate business and drove “financial transactions underground which creates financial exclusion and reduces transparency, thereby increasing money laundering and terrorist financing risks”. It therefore tried to provide some clarity upon what was expected and where financial institutions could draw a line.
As a result of new rules and regulatory actions, banks had reached the point where they would rather shut down or stay clear profitable activities in case of the slightest uncertainty that it could result in fines and enforcement actions against the firm. It is nice to see the change in approach towards the prevention of money laundering at financial institutions – for many years the reluctance of firms to accept potentially dirty money was far less developed as a number of high-profile cases like the £506m in fines against Deutsche Bankin 2017 for its failure to prevent money laundering.
On the other hand, it often results in a form of overcorrection where the legal implications and the potential risk even outpace the damage to lawful business activities. Take the case of Blockchain startups that struggled to open bank accounts: British banks were shunning companies that handle cryptocurrencies, forcing many to open accounts in Gibraltar, Poland and Bulgaria and “prompting some to question the UK’s ambitions to be a global hub for the fast-growing fintech sector”, as the FT wrote in 2017. Banks in other European jurisdictions like Germany or the Netherlands are equally reluctant to deal with start-ups active in the crypto space and the French central bank even published a report in March 2017 that contained the proposal to ban insurance companies, banks and trust companies from taking part in deposits and loans in crypto-assets.The proposal of the Swiss Banking Association to introduce reduced requirements to a minimum to shorten the approval process account opening process in order not to damage the attractiveness of Switzerland as an innovation hub was a clear sign for the confusion that reigned supreme even among experts in the industry as it had two major flaws:
- The different regulatory obligations with regard to AML, CFT and fraud protection exist for a reason and all firms regardless of the sector need to abide by the rules. It is irrespective of the products or services a company offers fundamental that the flow of money in and out of firms is clear and documented accordingly to avoid abuse.
- Firms dealing in cryptocurrencies are frequently associated with fraud or money laundering. This is so for a reason as, unfortunately, there are a number of ICOs that are outright frauds or a way to launder the profits from criminal activities. It is therefore all the more important that rigorous due diligence is conducted and that these firms can evidence the origins of their funds. However, many ICOs have made progress on this aspect, foremost in order to comply with said rules and to avoid trouble with regulators. If the results of these efforts are sufficient for the authorities, it is difficult to comprehend why they wouldn’t for banks, too. The outright association with fraud or money laundering and subsequent denial of doing business is bad enough for these firms. It is an aspect that anyone contemplating a venture in this field needs to be aware though and take into considerations when starting a project. It is worse still for firms that work on Blockchain products that have nothing to do with cryptocurrencies nor have raised funds through a token offering. Sadly, these firms are often put in the same bracket while they should be treated like any other tech start-up.
So much for the real-life impact for businesses. But it also is far from a safe approach for financial institutions either. This was highlighted by the recent case against the Royal Bank of Scotland. It’s a fairly straight forward example: an authorised payment institution in the UK providing foreign exchange and payment services to its customers banked with RBS with the main accounts including a pooled client account. In October 2015, RBS froze the accounts held with it by its client and terminated the banking relationship, claiming that it suspected the pooled account being used for boiler room fraud and money laundering. RBS also notified the authorities of their suspicion with regard to the criminal activity. The client sued RBS because it felt that the bank should have given at least 60 days’ written notice to close an account, while RBS argued that given the situation these events constituted an “exceptional circumstance” and therefore RBS was not required to give written notice as it could have tipped off the client to move the funds elsewhere.
As a result, the UK High Court ruled that the circumstances were indeed exceptional and that the contractual terms provided RBS with the discretion to close the accounts, without having to establish or prove the crime. At the same time, the court made it clear that similar claims must be handled on case-by-case basis as the terms of each bank may differ and that each bank must therefore have due regard to its own contractual agreement and the precise terms contained therein. Therefore, it gives banks some certainty, but as the High Court pointed out banks don’t have free reign to de-risk and close accounts at will without due consideration of their contractual obligations.
With this risk in mind, what could be an alternative route for financial institutions to take? To begin with, most diligent controls to make sure that an adequate picture of a client’s dealings is established rather than an outright condemnation, though this obviously comes with a cost.
Talking about cost though, the mind immediately turns to RegTech and its promise to provide better solutions at reduced costs. For this reason, the better way forward should be to leverage technology to tackle what is probably the most pressing operational risk concern for financial institutions. The use of big data (or better smart data) is fundamental to identify AML/CTF issues as well as a proactive approach rather than a mentality that addresses a problem only once it has already caused significant damage.