FATF - Fines and compliance costs have driven de-risking

The Financial Action Task Force (FATF) has found that supervisory penalties and anti-money laundering (AML) compliance costs have contributed significantly to the de-risking trend among banks and other financial services firms. AML experts have added that the findings, set out in the FATF's new guidance on de-risking and correspondent banking, are the tip of the iceberg.

"I have absolutely no doubt that the stance adopted by regulators has contributed significantly to de-risking. This is clearly acknowledged in the FATF guidance," said Daren Allen, partner at Dentons.

He said regulators' approach to supervision and enforcement, far from promoting a risk-based approach, was leading to a risk-averse approach.

Lawyers said this risk aversion arises from bigger threats than regulators such as the Financial Conduct Authority (FCA) alone can create. There are a complex range of global factors, as outlined in the FATF guidance.

According to Guy Wilkes, partner at Mayer Brown, the size of FCA penalties has increased significantly in recent years, but these are dwarfed by the penalties imposed by regulators and prosecutors in the United States.

Transatlantic risks

"Banks are equally concerned about the knock-on consequences of regulatory penalties, such as the impact on their ability to secure correspondent banking relationships as well as the risk of U.S. class actions," said Wilkes, who was head of department for retail and regulatory investigations at the FCA, until February.

He said any banks processing U.S. dollars were vulnerable to these risks. "Banks are concerned about terrorist finance risks and, tied to that, the risk of breaching sanctions," he said. 

According to Wilkes, the enactment in the United States last month of the Justice Against Sponsors of Terrorism Act has potentially increased the scope for class actions against banks for unwittingly providing account facilities or processing wire transfers for customers that might be supporting terrorism. 

"Banks are paying close attention to customers which operate in parts of the world that are near to, or do business with, sanctioned countries or sectors perceived as high risk — for example, charities which operate in conflict zones," Wilkes said.

Colin Darby, a consultant at Bovill, said U.S. dollar clearing banks were concerned about the actions that U.S. regulators might take. "They have therefore looked to restrict, and in some cases withdraw, correspondent services," he said.

Compliance costs

According to the FATF guidance, a key driver of de-risking is compliance costs, including anti-money laundering and counter-terrorist financing, and confusion caused by the term "know your customer's customer" (KYCC).

Darby agreed with the FATF's findings that KYCC had caused confusion. "No law or regulation specifically requires it and the FATF has been clear it is not required under its recommendations, except for particularly high-risk cases. Nonetheless, some correspondent banks have adopted the practice as part of their risk-based approach, citing a desire to meet regulatory expectations as the basis."

He said that KYCC presented challenges. "The correspondent bank has no contractual relationship with the customer of its respondent and KYCC is arguably duplicative because the respondent bank should already have done adequate due diligence on its own customer," Darby said.

According to Darby, de-risking may not reduce risks at all. "There is little to stop an institution which has had its correspondent banking facilities withdrawn from becoming the downstream customer of a firm which has retained its facilities with the same correspondent bank. Effectively the correspondent bank carries the same risk exposure but with even less visibility as to the controls applied by the banks in the correspondent chain," he said.

Darby added that banks were working to understand how the changes to simplified due diligence under the Fourth Money Laundering Directive might affect correspondent banking relationships.

Wilkes said there were also reputational risks in withdrawing banking facilities, especially from sectors that provide services to parts of the community that are perceived as vulnerable — for example, charities. 

Competition law

When publishing its own report into de-risking in May this year, the FCA warned banks that they needed to be mindful of their competition law obligations when deciding to terminate existing relationships or decline new relationships. 

"The competition risks are particularly acute for banks which are dominant in a market. Banks that want to de-risk need to take competition law advice to ensure that they don't slip up," Wilkes said.

He said difficult de-risking scenarios would arise if a bank was the sole or main provider of correspondent banking services to its competitors in a local market and then wanted to withdraw those services on the basis of unacceptable risks.

"The FCA might view the bank’s withdrawal as an abuse of dominant position. A bank in that sort of situation would have to be incredibly careful. It would have to provide evidence that there were very good reasons for de-risking which justified that action," Wilkes said.

If a bank could establish that the banks to which it offered correspondent banking services were not compliant with AML requirements, this would count as such a reason. "But there will always be suspicion under these circumstances that it is acting for the wrong reason."

According to Wilkes, de-risking is still possible, but firms must go about it in the right way to avoid a breach of competition law.

"The FCA has competition law powers, and it may well use them against banks that breach these laws. The FCA has already started its first investigation into a potential breach of competition law, although the details have not yet been made public," he said.

Make or break

Under the money laundering regulations a bank needs senior management approval to establish a non-EU correspondent banking relationship. 

"Banks frequently fall down because they don't properly document the decision and rationale supporting it," Wilkes said. 

According to Wilkes, the documented rationale should include information on risks relating to the respondent's business, reputation, quality of compliance and its supervisory environment and how the bank intends to mitigate those risks, for example, through enhanced ongoing monitoring. That documentation should itself be updated and revised as part of the ongoing monitoring.

Allen at Dentons said that, as indicated in the FATF guidance, a complex range of issues could often come into play when a bank decided to terminate a banking relationship.

"Banks are, of course, entitled to terminate a banking relationship in accordance with the terms of the contract. The key for banks is to ensure that there is a clear audit trail to demonstrate the reasoning for the decision that has been made. This is something that the regulator will look at closely," he said.

Banks' rights

According to Darby, banks retain the right to determine whether or not they will offer services to a particular customer. They must be mindful, however, of the broader issues such as financial inclusion, access to payment systems and the maintenance of competitive markets. 

"The FCA has made clear that there should be relatively few cases where it is necessary to decline business relationships solely because of AML requirements," Darby said.

"Where a bank has determined ... that the withdrawal of services is necessary to best manage risks and costs, that decision should be ratified by senior management with clear communication to affected customers and a reasonable period allowed for affected customers to make different arrangements," he said.

Darby said to address de-risking in correspondent banking, banks could establish a clear risk appetite for the provision of services to particular types of clients. They could also deploy dedicated respondent risk assessment models which highlight the genuinely higher-risk cases for enhanced due diligence. 

They could also undertake qualitative assessments of the customer institution's AML/CFT controls to understand the referred risk, and perform KYCC in exceptional or particularly high-risk cases.

Financial crime risk management

According to Darby, banks should enter a clear written agreement with respondent institutions that sets out the respective responsibilities for financial crime risk management. They should also develop and deploy a suite of dedicated correspondent banking transaction monitoring rules. 

Darby said banks should use technology to reduce costs and focus their manual efforts on the areas of greatest risk. They should also commission third-party reviews of overseas regulatory frameworks and higher-risk institutions.

According to Wilkes, those in banks with responsibility for correspondent banking should read the guidance from the FATF, which enjoys significant authority among governments and regulators. 

"As well as being informative, the guidance serves to dispel some myths around correspondent banking compliance," he said.

Darby said all firms should consider the FATF guidance and determine whether they needed to make any changes to their operations. "Regulators may use this guidance to change their own rules," he said.