31 Jan 2016 by Nathan Van de Velde

Is a risk-based approach to AML paving the way for wholesale de-risking?

Financial institutions continue to struggle with the conflicting pressures to maintain certain high-risk accounts and facilitate financial inclusion whilst satisfying the regulatory demands of adequate anti-money laundering (AML) controls. With heightened regulatory scrutiny of AML controls, stronger enforcement actions for non-compliance, as well as the threat of individual accountability, financial institutions tend to be more risk averse than ever. Many financial institutions are reassessing their risk-appetite and have started to de-risk certain high risk accounts in order to avoid negative regulatory and reputational backlashes of AML violations.

One of the main contributors to the conflicting AML pressures is the lack of global harmonisation of AML requirements. An important step for a better regulatory alignment was made in June 2015 when the European Union adopted the fourth anti-money laundering directive (AMLD4). Compared to its predecessor the new Directive closely follows the financial action task force’s (FATF) recommendations of 2012, further endorsing a risk-based approach. This type of approach to AML supports evidence-based decision making and places the responsibility of adopting adequate measures on the financial institutions themselves. This implies that they will need to identify and understand their exposure to risks and on the basis of such an assessment must adopt and implement adequate mitigating security measures. An effective risk-based approach should enable financial institutions to identify the hazards associated with different types of customers and assist them in deciding which level of customer due diligence measures should be applied.

Amongst other amendments, the AMLD4 also introduces more stringent sanctions for financial institutions who fail in meeting their AML obligations. New sanctions include the issuance of a public statement detailing the breach of AML procedures, cease and desist orders, revocation of financial licenses and higher monetary sanctions. In addition, members of management or any other individual within the institution responsible for the breach can be subject to these sanctions. The shift towards stronger enforcement actions within the AML sphere is noticeable in other jurisdictions as well. For instance, US regulators are imposing larger monetary penalties for alleged AML compliance violations. Recent examples include the $1.45 billion settlement of Commerzbank and a $2.6 billion settlement of JPMorgan Chase Bank NA. Individual accountability for non-compliance has been considered by financial regulators too.

The New York Department of Financial Services (NYDFS) recently issued a public consultation on a proposed regulation that would require regulated financial institutions as well as their senior-level management to comply with more stringent AML controls. The new rule set would allow the imposition of criminal sanctions on senior executives in the event of non-compliance. Considering these developments, risk mitigation has become key for financial institutions, who are reviewing and reassessing their risk exposure as well as their client base. In order to avoid the far-reaching negative consequences of non-compliance, an increasing number of financial institutions have opted to “de-risk”. De-risking is the practice of terminating or restricting relationships with entire categories of customers and lines of businesses who are associated with higher money-laundering risks. This new approach is the result of the commercial trade-off financial institutions have to make: in many instances it is often deemed safer to avoid high-risk clients entirely than to manage the associated compliance costs. Wholesale de-risking could potentially have far-reaching implications however. Simply declining financial services to high-risk clients does not fix the problem. This merely shifts the burden to other institutions, as clients will naturally look for alternative ways to access financial services. Instead of adequately managing client risks, clients are thrusted towards smaller financial institutions that often lack the resources and expertise to effectively manage higher risks.

In response to the de-risking phenomenon, various financial supervisory authorities have addressed the issue. The general consensus is that wholesale de-risking is an overzealous and disproportionate reaction which could have a negative backlash on the global financial system. Early 2015, the Federal Deposit Insurance Corporation (FDIC) encouraged institutions to take a risk-based approach in assessing individual customer relationships rather than refusing to provide financial services to entire categories of customers. It was argued that financial institutions should assess individual risks on a case-by-case basis and implement adequate controls to manage the relationship in proportion to the risks associated with each customer. Similar to the view of the FDIC, the FATF stated that, financial institutions should only terminate customer relationships where money laundering cannot be mitigated. Wholesale de-risking without taking into account the individual level of risk or without risk mitigation measures for individual customers is as such not aligned with the recommendations. More recently, in October 2015, the FATF issued a statement on its website concerning its efforts to combat de-risking. It stated that it is seeking to clarify regulatory expectations that are particularly relevant to de-risking to ensure that AML measures are being implemented effectively and in line with its risk-based approach.

It is clear that wholesale de-risking cannot be an acceptable consequence of heightened regulatory scrutiny. But how should financial institutions deal with these conflicting pressures? The main issue lies in the fact that as long as the balance for serving high-risk accounts tips in favor of de-risking, it will continue to be an issue. Corresponding a risk-based approach to financial inclusion goals remains a difficult balancing act, one where financial institutions would benefit from additional guidance from financial regulators. One potential solution is to pursue financial institutions which adopt wholesale de-risking on the basis of heightened regulatory risk. However, such an outlook is incompatible with the rationale of the risk-based approach. Besides, financial institutions are generally not public-utility entities and should retain the right to be able to choose their clients. It is up to them to consider whether they can offer their services and maintain overall AML risk at an adequate level. Instead, the first step should be to clarify the current uncertainty of AML compliance. Proper guidance detailing the expectations and standards required to deal with high-risk accounts would alleviate concerns on potential non-compliance backlashes and offer financial institutions with an alternative to de-risking.

Nathan Van De Velde is a Legal Researcher at KU Leuven Center for IT & IP Law – iMinds

Register for Updates

Enter your email address below for paper and proposal calls, updates and info