Despite the investments being made in terms of raw compliance spend, the current framework for managing AML risk is underperforming. With only a small proportion of laundered funds recovered each year, and with the annual cost of compliance continuing to rise as the benefits of automation are offset by an increasingly complex and fragmented regulatory landscape, calls for increased effectiveness are growing.
Weak foundations - problems with the existing AML framework
At the heart of the current AML framework is a risk-based approach to managing financial crime. According to the Financial Action Task Force (FATF) what this approach means in action is:
“...that countries, competent authorities, and banks identify, assess, and understand the money laundering and terrorist financing risk to which they are exposed, and take the appropriate mitigation measures in accordance with the level of risk.”
“Risk-Based Approach for the Banking Sector” (FATF, October 2014)
In practice then, financial services institutions have been left to decide for themselves how best to focus their resources, encouraged to take stronger measures in higher risk situations, and conversely to adopt a more simplified approach where risk is deemed to be lower.
The blunt intention here is to provide institutions with maximum optionality and avoid hasty de-risking of the kind that could impact the operation of financial markets. And, in the absence of clear guidelines, other global institutions besides FATF have built on their core definition.
For example, the US Treasury Department’s Office of Terrorism and Financial Intelligence issued a joint statement with FinCEN in 2019 concerning their mutual efforts to enhance the transparency of their risk-based supervisory approach. However, while such clarifications are useful, in the absence of clear regulatory requirements they still leave much of the fine detail for banks to work out for themselves.
This challenge extends to the setting of institutional risk appetites, the establishment of mitigating controls and, of course, decisions about where and how precious resources should be allocated to manage institutional risk. This situation is imperfect for three reasons:
- It is inefficient - risk-based calculations rely on highly manual processes, lacking the efficiencies achieved in other areas of risk management.
- It is outdated - processes are typically conducted annually, taking up to six months to complete, by which time their findings may already be out-of-date.
- It is subjective - since many of these processes are not driven by data, in some cases firms run the risk of failing to deliver the objective insights required to optimise the control environment.
As a result of these shortcomings, today’s financial crime risk measurement methodologies may legitimately be described as underdeveloped. And so, given the enormous stakes that exist in this arena, the time has come for a new approach to managing financial crime risk, one that utilises a data-driven framework, that enables clear benchmarking and comparisons, and that engenders trust between parties. Trust being the crucial element in how firms address the AML challenges of the future.
Between a rock and a hard place - Correspondent Banking
To illustrate this problem, we can look at its impact in the area of correspondent banking, which plays a critical part in the functioning of the global financial system. Correspondent banks allow their respondent bank customers to process a range of cross-border transactions without requiring a presence in every jurisdiction. Typically, correspondents are the largest, most internationally active banks and provide services ranging from international wire transfers to foreign exchange in a range of far-flung locations.
However, correspondent banking is also a higher risk when it comes to financial crime. Special guidance issued by AML standards setters such as FATF and the Wolfsberg Group have sought to address this, and correspondents must be able to show their respondent bank customers have adequate financial crime controls in place.
To do this, they must perform adequate due diligence, and for many this involves the use of an industry standard questionnaire developed by the Wolfsberg Group. However, following a spate of recent high-profile AML-related failures at institutions such as Danske Bank and Deutsche Bank, there has been a sharp decline in correspondent banking relationships driven by precisely the sort of rapid de-risking that the risk-based approach was supposed to eliminate.
Naturally, this has had a number of negative consequences for the market, with financial crime risk being shifted elsewhere - to smaller local banks who may lack adequate controls or, worse still, through informal channels which are opaque - making AML/CFT risk much harder to calculate and monitor. There has also been a significant impact on market access for NGOs and other humanitarian organisations in countries such as Bangladesh and Mexico, with financial inclusion inevitably taking a hit.
Respondent banks play an important role in their local economies, particularly in emerging markets, where access to international finance and the ability to make and receive cross-border transactions is vital for economic growth and development. However, as a result of reflexive de-risking in the wake of such scandals, many respondent banks are now facing inflexible compliance procedures and lower levels of risk transparency. And, of course, COVID-19 has only magnified the level of stress that respondent banks have experienced in their correspondent banking relationships, further undermining the efforts of respondents to improve controls and shore up their own financial crime risk management.
Unlocking the power of the network
Against this backdrop, there are clear advantages for both correspondent and respondent banks in adopting an industry benchmarking approach to financial crime risk. However, as our new report, entitled “Rethinking the Financial Crime Risk Framework: Network intelligence for transparent and effective compliance, demonstrates, showing the financial crime risk of all parties in a complex network of correspondent banking relationships is even more powerful.
Typically, these relationships are managed on a bilateral basis, with decisions about financial crime risk based on a variable and often subjective understanding of what that risk actually is. The Elucidate FinCrime Index (EFI) addresses this issue by providing a standardised means of benchmarking financial crime risk.
The system has two key applications:
- Firstly, it enables correspondent banks to have a better understanding of the risk of their counterparties and the respondent banks in their network.
- Secondly, the EFI enables financial institutions to measure their own financial crime risk better and articulate that position clearly to their correspondent banking partners and other stakeholders.
With the EFI platform, participants have access to standardised and objective assessments of financial crime risk across a network. And, greater transparency about where risks lie encourages other members of that same network to ensure they are doing their part to manage their financial crime risk more effectively.
In this context, correspondent banks can make better decisions about their respondent bank customers that are more in line with their risk appetite. This, in turn, can be benchmarked against the EFI too, supporting better informed discussions around remedial actions rather than simply jumping to de-risking. In addition, respondent banks can share their EFI risk scores with correspondent banks, empowering them in those negotiations rather than forcing them to conform to standards that may not be appropriate.
Financial crime risk management needs the discipline, methodology and measurement capabilities that underpin other types of risk management. This will create opportunities to price financial crime risk into products and services, will feed into ESG assessments, and can also be used as a mechanism for better managing and spreading risk through the use of financial crime derivatives.
Most importantly though, by increasing the transparency of financial crime risk management in the correspondent banking network, EFI can help to improve the effectiveness of financial crime risk management and evolve the way that the industry approaches risk assessments. And, in this context, everybody wins.
Get the full analysis and insights downloading the full report.