Are the world’s financial institutions and their leaders ready to begin defending the front lines in the war against international financial crime and terrorism?

They’d better be.

Opinion_Bug7Governments and their regulatory agencies increasingly expect these institutions to serve as police, to work harder to prevent themselves from being used for money laundering and to prevent breaches of sanctions against countries with poor human rights records and those that support international terrorism. And regulators are punishing institutions when they fall short.

U.S. enforcement authorities, flexing their regulatory muscles, recently imposed fines for sanctions breaches on Lloyds Banking Group ($350 million), Barclays ($298 million) and Standard Chartered ($327 million).

The Department of Justice and the Securities Exchange Commission are using the Bank Secrecy and Foreign Corrupt Practices acts to demand greater due diligence from all parties involved in transactions, holding them responsible for both sins of commission (facilitating money laundering or committing sanctions breaches) and omission (failing to implement sufficiently strong internal controls against either or both).

Peter Brooke, FTI Consulting

Peter Brooke, FTI Consulting

In December 2012, HSBC agreed to a $1.9 billion settlement to resolve charges that it had failed to monitor more than $670 billion in wire transfers, allowing for money laundering, and had also breached U.S. sanctions against Iran, Libya, Sudan, Burma and Cuba. And in December 2013, RBS was fined $100 for violating sanctions against Iran, Sudan, Burma and Cuba.  More recently, the Federal Reserve has held up M&T Bank’s merger with Hudson City Bancorp until M&T beefs up its anti-money laundering controls. In short, governments are making it clear that they will not tolerate what they deem to be reckless conduct by financial institutions or a weak commitment to abiding by international rules.

Governments want senior management – CFOs, chief executive officers, chief compliance officers and chief risk officers, among others – deeply engaged (with compliance experts sitting on boards) and leading the work to build financial crime defenses.

It won’t be easy.

It’s been estimated that $2.9 trillion worth of stocks, bonds and derivatives are traded in U.S. financial markets every day.  According to a 2012 report by the European Central Bank, 2,827 non-cash transactions (credit transfers, direct debits, credit card payments and checks, among others) are made by European financial institutions every second of every day of the year. That works out to about 248 million every day, and 90 billion last year.

And with the increased popularity of mobile banking, one may presume those numbers, already enormous, will only grow.

Given the volume and pace of transactions in global financial markets – magnified and accelerated by new technologies – it’s easy to see how keeping track of both  financial transactions and the people who conduct them is monumentally difficult for banks, hedge funds and other financial serviced institutions. It keeps their risk and compliance officers up at night.

Generally, financial institutions believe the expectation that they can act as a branch of law enforcement unreasonable. They cannot, they say, monitor every transaction or client with 100 percent certainty, nor make their businesses risk-free. They say the investment they must make in people, processes and technology to comply with regulations places a massive strain on resources.

Christine Moran, FTI Consulting

Christine Moran, FTI Consulting

Consequently, some banks are voting with their feet and pulling out of more risky industry sectors and geographies. Both Barclays and HBSC, for example, decided last summer to stop providing banking services to cash transfer businesses in Somalia for fear that they could be used for money laundering. And while the banks felt they had no choice, demonstrators in London protested that the banks were abandoning people in need, painting Barclays and HBSC, not the relatively invisible and untouchable money launderers, as the bad guys.

This was a classic no-win situation. And if the financial sector doesn’t change the way it approaches its role in stopping (or at least vigorously limiting) how it’s used by the bad guys, there will be many more.

Manage Risk, Not Money
To prevent themselves from being used by criminals and terrorists, financial institutions must improve their risk-assessment capabilities and make that effort an organizational priority.

In short, banks need to get smarter about both client and transactional risk, and do more about them.

This effort must be led from the top. Senior management must be fully engaged in building the financial crime defenses – the internal controls – that can make their organizations less vulnerable both to missteps and the depredations of criminals.

They have no choice but to accept their role in the global struggle against financial crime and terrorism and work consistently to build ever stronger defenses, with risk assessments completed intelligently and thoughtfully and regularly updated. The list of U.N.-sanctioned countries and politically exposed persons must be monitored continually.

However, given the complexity of global finance, and the cunning of criminals, all defenses have to be risk-based, with the institution’s finite resources devoted appropriately to businesses and jurisdictions with inherently higher risk profiles or weaker control environments.

Mitigating Client Risk
Financial institutions need to make their client onboarding rules and processes more rigorous before accounts are activated, and those accounts need to be reviewed regularly afterwards.

This requires repeatable risk-based client assessments that can identify politically exposed persons and people with criminal backgrounds or connections. The assessments also must be able to unearth people conducting business in sketchy jurisdictions and geographies and individuals acting as proxies for hidden players.

Criminals are continually changing the ways they move money in and out of institutions, and use increasingly complex and opaque structures to hide the true sources, identities and destinations of funds.

Mitigating Transaction Risk
Banks should acquire and implement detection technologies that can filter and flag sanctioned or otherwise suspicious transactions. There is a vast array of commercially available transaction-monitoring tools that can introduce business rules into an institution’s systems and define acceptable or unacceptable transactions (such as identifying sanctioned country codes on transfer receipts).

These tools can establish thresholds that trigger alerts, and automate watch lists for suspicious persons and transactions.  They are also capable of sophisticated record-keeping and can produce compliance reporting that can be critical when an institution finds itself in a government’s or regulatory agency’s crosshairs. But all these tools are only as good as the people who use them. Firms must acquire skilled talent to fine-tune the systems as well as to analyze, assess and act upon the alerts and reports they produce.

These tools and processes, and the human capital that make them work, are necessary for financial institutions to steer clear of trouble. Their implementation is also a statement of good faith. Making sure the compliance and risk-management function is well-staffed and independent of business pressures, and deploying up-to-date processes and tools will make regulators less inclined to punish firms that run into trouble or made the occasional, unavoidable mistake.  

It’s Never That Simple
Because it is difficult (if not impossible) to define the scope of the global problem – how much money is being laundered, where it is coming from and where it is heading – it is challenging for CFOs and other business leaders to measure the success, failure or even the outcomes of any anti-money laundering effort and thereby assign an ROI to anti-money laundering investments. Again, these investments should be viewed in the light of risk mitigation, and their efficacy determined in large part by what doesn’t happen – fines, reputational damage, lost business – not what does.

Ultimately, it is unrealistic to think that one firm or even and industry can take on the bad guys by themselves. Fighting crime is not a role for which financial institutions were created or designed. However, in today’s climate, they have no choice but to play the part as best they can. That means continually improving the ways in which they protect themselves and the world’s financial system.

One can hope that the future will bring greater levels of cooperation between governments and the financial sector. Ultimately, that is the only way to begin to de-fund criminal interests, terrorists and others who would seek to sabotage the world’s financial systems and use them to further their own anti-social ends.

Peter Brooke and Christine Moran are managing directors  in the governance, risk and regulation team at FTI Consulting, based in London.

One response to “Banks Must Lead Fight Vs. Money Laundering”

  1. I find it refreshing that per your article you are stating that “compliance officers” are now being appointed to the Board of Directors. During my accounting career I spent time as a chief auditor for the Pacific Stock Exchange, Arcata Corporation and Audit Manager of the Wells Fargo Trust Operations and Wells Fargo Investment Advisers. I assumed you are stating the chief auditor is now a member of the board of directors. If that is true it is the correct course of action to make the “compliance function” (internal audit?) not have to report on and report criticisms of operators (officers) who have a say over their compensation, work location(s), offices, etc. To me it was inherently obvious after several occurrences of having my salary and career development blocked due to being critical of persons higher in the corporate hierarchy. My solution to this situation when it occurred with me — was I departed the corporate world — explained to the people that I felt were responsible why I was leaving and started and developed my own local CPA firm that for a number of years provided a full array of accounting and tax services. I am now “semi-retired” and focus my work activities on individual, small business and non-profit tax services. As the result of my position I suffered significant decreases in my income stream for more than 10 years, but feel that that course was necessary in order to express my concerns about the inconsistencies in the field of auditing (both internal and external).

Leave a Reply

Your email address will not be published. Required fields are marked *