The risks of de-risking and the industry’s response to financial crime regulation

Posted: 12th July 2016

De-risking in financial services is not a new phenomenon; however, with much regulatory attention being paid to financial crime management at the moment, we are seeing a correlative rise in firms’ desire to de-risk.

This comes in the form of ‘exiting’ clients or refusing to deal with specific cohorts of customers with the goal of removing excess financial crime risk from the customer base.

A catalyst for this movement is the high propensity for financial crime to take place around transactions made by certain types of organisation, and also the FCA’s requirement for a proportionate, risk-based approach to financial crime leaving some room for interpretation.

Indeed, given the current trend, certain business types, such as crypto-currencies, money service businesses (MSBs) and even some charities have had their  access to banking facilities restricted by virtue of financial services organisations deeming them ‘too risky’ to deal with.

The regulator has recently republished its expectations with regards to money laundering and de-risking, stating that wholesale discrimination of any group is unacceptable. With this in mind, how do firms avoid excessively risky relationships while ensuring their justification for doing so is considered and robust? How should firms react to the FCA’s signposting of its de-risking rules?

On the FCA’s 2015/16 work on de-risking…

In February 2016, the FCA stated that:

“We are aware that some banks are no longer offering financial services to entire categories of customers that they associate with higher money-laundering risk… Banks have told us that this helps them comply with their legal and regulatory obligations in the UK and abroad. However, we are clear that effective money-laundering risk management need not result in wholesale de-risking.”

In addition, the Financial Action Task Force (FATF) in October 2015 advised that de-risking may unintentionally “drive financial transactions underground, which creates financial exclusion and reduces transparency, thereby increasing money laundering and terrorist financing risks.”

The FCA’s statement highlights that de-risking whole groups is not an acceptable strategy. However, setting out a clear risk strategy in accordance with the FCA requirements and following this up with clear policies and procedures is acceptable.

In essence, the manner in which firms execute this is just as important as the principle. The FCA report, released in May 2016, entitled “Drivers & Impacts of De-risking”, cited how competition law may have been breached by wholesale account closures in certain segments of commerce. The report looked more broadly at the reasons financial institutions have engaged in aggressive de-risking, and the types of individuals and sectors involved.

The FCA concluded in part by stating that there is no precise quantifiable method for implementing a risk-based approach and that the approach taken should be tailored depending on certain factors such as geography, sector, type of business, political risk and distribution channel, amongst other considerations.

On the risk-based approach…

Although the need for firms to take a risk-based approach was first introduced by MLD3, it has become an explicit requirement within MLD4.

A “proportionate approach” to specific risks needs to be implemented to ensure that consumers are not excluded from facilities. As mentioned, the exact approach should be tailored to the real risks posed by the relationship and by the defined risk appetite of the firm. This would allow firms to strike the right balance between the risks presented, the methods and costs of prevention and the need to prevent to them.

The word ‘proportionate’ should of course not be used as a defence for having no risk-based assessment in place, and being able to evidence your firm’s work in this area is absolutely imperative to justifying your decision not to deal with a particular customer.

On consumer access to financial services…

In May this year, the FCA also released further documentation in relation to ‘Access to Financial Services in the UK’ as part of its Occasional Paper series (OP17).

The paper noted that “from the consumer’s perspective, trying to negotiate the identity requirements of banks, which differ between banks and sometimes between bank branches depending on the member of staff a consumer deals with, brings them up against a ‘maze’ of bureaucracy and processes which are not always consistently applied”.  In general terms, this suggests that firms should apply a consistent approach for all customers within a specific risk category.

There are various initiatives underway by the government, regulators, firms and technology providers to make access to financial services as painless as possible and to try to minimise the impact of financial exclusion.

The FCA’s OP17 summarises some of these key initiatives as follows:

• HM Treasury brokered a voluntary agreement with nine banking groups to offer new basic bank accounts and firms are also working on the implementation of the Payment Accounts Directive (PAD), which is in part designed to ensure access to bank accounts with ‘basic features’
• TISA (Tax Incentivised Savings Association) is currently working on the concept of a ‘digital passport’. The passport will aim to streamline the KYC and AML checks required to open a new savings account and the resulting transfer of assets in an existing account to a new provider
• New technology, for example block chain, was noted to potentially assist with the identification and creation of a secure online digital identity

The future of de-risking

A study conducted by John Howell and Co. for the FCA in February 2016 stated there is no ‘silver bullet’ to the de-risking dilemma faced by global financial institutions, and it remains of vital importance that firms effectively apply a ‘case-by-case’ approach to their de-risking strategies. They also need to ensure that all strategic risk appetite decisions are documented and verified to minimise the risk of breaching the TCF requirements. It is therefore vital that firms across the industry apply the letter and spirit of de-risking requirements.

A case-by-case approach will allow firms to adhere to developing regulation and help them justify decisions to restrict access to consumers or businesses on legitimate grounds. It will also minimise the financial exclusion that results from overly rigid processes, procedures and systems and enable firms to form consistently compliant business relationships.

De-risking does pose a threat to the success of financial crime legislation, but the bottom line is it can be performed if there is sufficient concern and it is executed in the right way. In order to be effective and compliant, it must be a product of clear strategies, comprehensive analysis, appropriate due diligence and strong controls.