This is Part 2 of a two-part series from FTI Consulting. Read the first part here.
Governments and regulatory bodies increasingly expect financial institutions to man the front lines in the war against international corruption and bribery, levying significant fines against banks that have been used by criminals or have conducted business with sanctioned regimes. To survive in this environment, firms must up their game by implementing risk-based controls to account for both front-end client acquisition and back-end transaction risks.
This effort must be led from the top. Senior management must set the tone and be fully engaged in building the internal controls that can make their organizations less vulnerable both to missteps and the depredations of criminals.
However, given the complexities of global finance, and the cunning of criminals, these defenses need to be risk-based, with the institution’s finite resources devoted appropriately to businesses and jurisdictions with inherently higher risk profiles or weaker control environments.
Mitigating client risk
Client-onboarding rules and processes more be made rigorous before accounts are activated. This requires assessments that can indentify:
- Politically exposed persons.
- People with criminal backgrounds or connections.
- People conducting business in sketchy jurisdictions and geographies.
- Individuals acting as proxies for hidden players.
Criminals are continually changing their strategies, using opaque structures to hide the true sources and destinations of funds. It is therefore critical to employ experienced investigators to establish the identities of high-risk individuals and entities, especially when they come from countries where this data is difficult to verify.
Mitigating transaction risk
Banks should deploy technologies to filter suspicious transactions. There is a vast array of commercially available tools that can flag unacceptable transactions (such as identifying sanctioned country codes on transfer receipts). They can trigger alerts and automate watch lists for suspicious persons and transactions, and can also produce reports that are critical when an institution finds itself in the regulator’s crosshairs. But all these tools are only as good as the people who use them. Firms must acquire skilled staff to fine-tune the systems as well as to assess and act upon the alerts and reports they produce.
Taking these actions is a statement of good faith. Using up-to-date processes and tools, and staffing the risk-management function as diligently as possible will make regulators less inclined to punish firms that make the occasional, unavoidable mistake.
It’s Never That Simple
Because it’s nearly impossible to define the scope of the problem – that is, how much money is being laundered or moved around the globe by criminals and terrorists – it is hard for institutions to measure the effectiveness of their programs or assign an ROI to their investments. Consequently, they should be measured by what doesn’t happen – fines, reputational damage, remediation costs, and lost business – not what does.
Ultimately, it is unrealistic to think that the financial industry can take on the bad guys by itself. One hopes that the future will bring greater levels of cooperation between governments and the financial sector. Ultimately, that’s the only way to de-fund criminal interests, terrorists, and others who would seek to sabotage the world’s financial system and use it to further their own anti-social ends.
Peter Brooke and Christine Moran are Managing Directors in the Governance, Risk and Regulation team at FTI Consulting, based in London.
Peter Brooke is an experienced Risk and Regulation Consultant at FTI Consulting, based in London. With a unique blend of in-house and consulting experience, Mr Brooke has worked in financial services for more than 24 years.
As a highly experienced Group Head of Compliance, Christine Moran is an energetic consultant at FTI Consulting. Based in London, Ms. Moran has a highly collaborative, grounded and commercial approach. She has a proven track record of building enhanced and effective compliance and regulatory risk arrangements in both retail and institutional businesses.