The UK Financial Conduct Authority (FCA), the financial services regulator, has issued a statement asking banks to use ‘judgement and common sense‘ when applying a risk based approach to anti-money laundering controls.
The FCA is concerned that some in the financial services sector have applied ‘wholesale derisking’ to money transmitters, charities and FinTech firms, effectively removing banking services from these organisations due to an un-manageable high risk of money laundering. Feedback from banks to the regulator revealed that not offering financial services to entire categories of customers helps banks to comply with financial services regulations in the UK and overseas.
Money services businesses (MSB) losing banking services is not news. By the late 2000s, the vast majority of MSB business in the UK was managed by Barclays Bank. Last summer, one UK banker told me that no bank was doing business with money remittance firms. If MSBs were effectively frozen out of the UK financial system, who were they doing business with and how were they doing it?
Anyone following AML in recent years will have seen wholesale derisking on the horizon. As banks reassess risk appetites in the wake of a financial crisis, some ventures will always fall outside of the newly redrawn lines. It is no surprise that MSBs and, regrettably, charities are being refused services. Both have been labelled as high risks for money laundering and terrorist financing for some time. FinTech or financial technology companies pose higher risks of exposure to cyber crime – the newest spectre on the block and one which has made the headlines of late.
But the risk based approach, in its essence, is designed to allow all forms of business access to banking services, each subject to the appropriate level of risk management. Would a local charity which manages food banks in the south Wales be treated in exactly the same manner as an aid charity which worked entirely with overseas projects in post-conflict zones? The latest missive from the FCA suggests that it would.
Let’s briefly recap on what the regulator says a risk based approach to money laundering should look like:
- Policies and procedures to identify, assess and manage money-laundering risk which are
- Comprehensive and proportionate to the nature, scale and complexity of the bank’s activities and able to
- Identify the risk associated with different types of customers and inform not only the level of customer due diligence measures banks apply but also their decisions about accepting or maintaining individual business relationships and finally they should
- Recognise that the risk associated with different individual business relationships within a single broad category varies, and to manage that risk appropriately.
This seems clear enough – the regulator’s expectation is that banks will apply the RBA thoughtfully, and perhaps with some consideration of inclusivity rather than using it as a reason to exclude business from the books. No bank wants to lose business, but if the money laundering risk – could we replace that with regulatory risk? – is too great, financial institutions will protect themselves first.
Maybe the FCA’s call for the application of a bit of common sense is not far from the mark, but banks can argue the flip side of the coin. Protecting your business from potential damages from a regulatory hit, which would incur severe reputation loss and large costs also makes common sense.
So if both sides can argue good judgement, how does the regulator get its message across and begin to influence change in financial institutions in terms of the risk based approach to money laundering?
One solution is to offer good training on the basic principles behind anti-money laundering and counter-terrorist financing. But if we are to take the UK regulator’s lead, training should encompass more than this. Perhaps a refounding exercise is needed across the entire sector, by both regulators and financial institutions to realign themselves with common sense and remind themselves of what the goals of AML/CTF really are.