CORRECTED: Bank regulators globally add AML to safety and soundness issues
By Nick Paraskeva, for Compliance Complete
NEW YORK, July 8 (Thomson Reuters Accelus) – Bank regulators around the globe are increasingly focusing on anti-money laundering (AML) and operational risks as part of their role in overseeing institutional safety and soundness. This follows huge enforcement fines imposed on systemically important banks by regulators and justice ministries. It also reflects a concern that any attendant hit on a bank’s reputation could affect its ability to obtain short-term funding or trade other than on a fully-secured basis.
The Basel Committee on Banking Supervision last week proposed standards on money laundering risks, which require banks to include AML within their firm-wide risk management process. “Basel’s commitment to AML is fully aligned with its mandate to strengthen the regulation, supervision and practices of banks worldwide, with the purpose of enhancing financial stability,” the committee stated on issuing the proposal for consultation.
AML is a new area for Basel, which usually deals with prudential standards such as the Basel III capital rules. Its efforts are in addition to those of the Financial Action Task Force (FATF), which issued global AML standards in 2012 and a flurry of practice guidelines last week. Basel supports individual country implementation of FATF standards, and views their proposed standards as supplemental to these, including cross-references back to these in its text.
The moves illustrate the overlap between conduct of business and prudential regulation. This is relevant to both individual banks and the integrity of the banking system as a whole. Poor oversight raises a bank’s exposure to reputational, operational, compliance and concentration risks. The resulting consequences that could affect a bank include losing access to wholesale funding, legal liability claims, costs of investigations and asset seizures.
“Our new sister organization, the PRA, will be interested if, say, weak anti-money laundering controls or a large fraud poses a threat to the prudential health of an institution,” Tracey McDermott, director of enforcement and financial crime at the UK Financial Conduct Authority (FCA), told the agency’s crime conference this week.
The UK has a twin-peaks regulatory model with separate agencies for financial and conduct risks. This is split between the Prudential Regulatory Authority (PRA) and the FCA. The Financial Policy Committee which oversees systemic risk stated its need to have powers to impose controls on poor conduct in areas such mortgages, which if conducted widely could have a macroprudential impact.
Large fines in AML enforcement actions by regulators highlight the costs to banks. In addition to a greater number of actions, the level of individual fines is greater. Many of the violations, including areas such as suspected LIBOR rate rigging, took place before the financial crisis, and are only now being pursued. In the current environment, regulators do not want to appear to be weak on enforcement, having faced recent criticism on this point.
Last August, the New York Superintendent of Financial Services fined Standard Chartered $340 million for money laundering violations relating to Iran. In June, the Department of Financial Services also fined Tokyo-Mitsubishi UFJ $250 million for moving funds for government and private entities in Iran, Sudan, and Myanmar. In December, HSBC paid $1.9 billion for breaching sanctions, as part of a settlement with the U.S. government, and federal regulators.
The entrance of new regulators into the AML space has led to some banks facing multiple fines. Four months after settling with New York, Standard Chartered also paid U.S. federal regulators $327 million to settle similar charges. Other regulators are also getting tougher, with the UK Financial Services Authority joining U.S. regulators in the HSBC settlement, and imposing governance improvements across the group.
The higher profile of money laundering cases also puts pressures on legislatures. In the U.S. Congress has passed tougher sanctions laws in recent years and conducted its own investigations of violations. Six months before the HSBC fine, the Senate had issued an investigative report on HSBC with details of the breaches.
The UK FCA held a financial crime conference this week to emphasize AML risks to banks in trade finance. Its enforcement team handed out a record £321 million in fines in the last year, more than triple the previous high of £89 million. While still not at the levels routinely charged in the U.S., they are closing the gap. In addition, France last week fined UBS the maximum amount of €10 million for helping its clients evade taxation.
In Asia, the Hong Kong Monetary Authority (HKMA) in June stated that tax evasion would be a primary focus of its next series of on-site exams. New guidance requires senior management to deliberate on the bank’s measures for combating tax evasion and to be alert to new and aggravated types of money-laundering threats. Banks will be examined on how they adhere to the new AML rules, as well as the effectiveness of their customer due diligence to assess tax crime risks.
In Australasia, New Zealand has this week ramped up its AML regime, with the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 finally taking effect. The new laws put in place a comprehensive AML/CFT framework, with senior managers of reporting entities having direct oversight over their firm’s AML compliance. The supervisors have said they will be questioning senior managers directly during supervision visits about their anti-money laundering systems and controls.
Consolidated supervision of banking groups, long used for financial oversight, is also relevant to AML, as customers often deal with several group companies and businesses. The Basel committee expects IT systems to provide management information that aggregates AML risk exposures across the entire group, and report key risk profile changes for their customers. There also needs to be a process to report instances of suspicious activity.
“The committee believes there is no justifiable reason why local legislation should impede the transfer of customer information from a host bank branch or subsidiary to its head office,” the Basel proposals stated. Such inter-affiliate communications would be required to allow a bank parent company to assess firm-wide exposures.
Banks are also being pushed to do more to prevent use of new payment systems for fraud. Last month, the United States charged Liberty Reserve, a virtual money transmitter, with running a $6 billion laundering scheme. The Basel proposals also cover risks where banks use third parties to introduce business, and actions have recently been brought against U.S. banks for allowing marketing firms to debit customer accounts.
The Basel committee outlines how governance of AML risks should be integrated with the management of other risks, such as market and credit. The three main lines of defense within firms are the business unit; AML and compliance functions; and review by internal audit. Key controls reside in the account acceptance process, such as customer due diligence, identification of account owners and beneficiaries, verification and risk profiling.
Ownership transparency is now an intergovernmental initiative, to stop tax avoidance and raise revenues. The G8 in June agreed that companies will need to identify beneficial owners, with a new UK database to be set up in Companies House. Enforcement of the rule may focus on banks as regulated entities. Banks were also commissioned to help stop tax avoidance through the US Foreign Account Tax Compliance Act, which is now being adopted globally.
In a June report, the Office of the Comptroller of the Currency (OCC), highlighted AML, cyber threats and strategic risks as major concerns for U.S. banks.
“OCC examiners will focus on banks’ strategic planning processes and new product planning to ensure consideration of safe and sound business practices, and potential compliance, reputation, and operational risks,” the report stated.
**Note: The eighth paragraph was corrected removing “wire transfers from Mexico” to “laundering violations relating to Iran”.
(Nick Paraskeva is principal of Reg-Room LLC (www.reg-room.com), which provides regulatory information and consultancy. He covers various facets of the banking and securities industry and delivers exclusive analysis through Thomson Reuters. He can be contacted at (212) 217-0403 and email@example.com. Follow Nick on Twitter@regroom.)
(This article was produced by the Compliance Complete service of Thomson Reuters Accelus. Compliance Complete provides a single source for regulatory news, analysis, rules and developments, with global coverage of more than 230 regulators and exchanges. Follow Accelus compliance news on Twitter: @GRC_Accelus)