December 18, 2018

In the 17 years that followed the attack on the Twin Towers in New York, many national and supra-national initiatives were launched to enhance the ability of the financial sector to deter money laundering and terrorism financing attempts. Regulators and banking supervisors around the world took their responsibility to issue relevant regulations and ensure that they achieved the desired effect of enhancing controls. Between 2009 and 2012 alone, more than 50,000 such regulations were published across the G20[1].

Prevention comes at a cost. The aggregate investment to upgrade the sector’s overall vigilance will easily run into many hundreds of billions of dollars. Add the fines imposed on institutions for regulatory breaches, which are to date in excess of 300 billion dollars[2], and we may safely conclude that from society’s perspective integrity really does mean business.

Yet, despite the attention and investment over the years, regulatory breaches still occur with depressing frequency and severity. The recent Den Danske, ING, Deutsche and HSBC rulings are particularly stark and sobering examples. This begs the question: what underlies this apparent inability of the industry to come to grips with an issue that we collectively find very important? I put forward a few possible reasons and invite our readers to contribute their own thoughts about this.

Let me start with a, I think reasonable, supposition that banks do not employ people with a higher than average propensity to engage in criminal activity. In fact, given established employee screening protocols I think the opposite is a defendable position. Here are my thoughts about this frustrating conundrum.

What’s the problem?

– Whilst societal condemnation of crimes such as illegal drugs trade, human trafficking and corruption is generally uncontested, the same cannot be said about the laundering of funds earned by these crimes. Being one step removed from the offense apparently softens the perception of criminality. If true, this helps explain the difficulty to embed a culture of prevention in the institutional DNA, especially if it conflicts with other worthy objectives such as protecting customer privacy, increased service satisfaction and meeting shareholder expectations. Also, the larger and more multi-cultural the organisation, the more difficult it will be to infuse a culture of shared financial integrity norms.

Mix & mingle

– Since the Big Bang, some 30-plus years ago, liberalisation of global financial markets and in its wake financial innovation enhanced competition and prosperity. The huge increase in the size and velocity of international financial flows had a profound effect on the sector, such as the entrance of new financial parties and changing roles of traditional banks. As the sector’s largest actors, banks’ businesses, balance sheets, risks and rewards expanded to the extent that managing these organisations became very complex. Add to this a fragmented landscape of regulatory regimes and financial institutional interdependency and you have a perfect shroud within which clever criminals thrive.

Thank you for the music

– Globalisation has not only benefited the financial sector. Criminal organisations also ride that wave. The larger syndicates are run like conglomerates with balance sheets and management sophistication to match. They have the means to tempt the best and brightest to devise clever new ways to launder criminal money, leaving the industry in a perpetual catch-up mode.

No risk, no reward

– Banking is a risk-taking business and mistakes will be made. It is unlikely that we will be able to stop all the criminal money flowing through the system. It is best we all realise this and focus on the 80/20 rule and not lose faith.

The above may help clarify why incidents such as with Den Danske and ING can still occur. Each incident has its unique features, but the sad conclusion is that despite all the attention and money spent, the sector still struggles to face down the regulatory threats.

Enter the AML/CFT Control Framework

Because of the described complex and fluid environment it is critically important for banks to establish organisational anchors around which to build their defences. Continuously nurturing a culture of integrity is one such anchor, building a sturdy AML/CFT control framework is another. On the latter, the framework should fit the business, i.e. be robust enough to handle the threats effectively, yet flexible enough to deal with the realities of running a commercial enterprise. Well understood and executed, this framework provides essential clarity for the organisation and comfort for management.

Fortunately, over the years a workable framework emerged that is considered current best practice. This model is based on five design principles.

  1. Develop one KYC/AML policy for the group
  2. Apply a client-centric & ‘risk-based’ approach
  3. Manage the client through the ‘life cycle’
  4. Align local/regional business practice with group policy
  5. Maintain central management & oversight

For some practical implications of these design principles you are invited to review the attached slide pack.

The described model remains work in progress and should of course be subject to regular challenge and review. Just make sure that the review is driven by the desire to improve the overall protection or you may find yourself in the company of those firms who fail to learn from history and are condemned to repeat it.

Pieter van den Akker, December 2018

Download your copy of the design framework info slide pack HERE.

[1] Source: Finextra, Assessing the Impact of Global AML & Sanctions Fines, September 2018

[2] Source: Quinlan & Associates, Value at Risk, September 2017