In a practice referred to as “derisking,” banks have been avoiding customer classes with a higher propensity for money laundering and terrorist financing activity. But as certain business types like charities, remittance facilitators, crypto-currencies, and other money service businesses (MSBs) lose access to banking altogether, regulators are trying to course-correct.
The FDIC backtracked from initial guidance to avoid certain classes of customers. As stated in FIL-5-2015:
“Institutions are expected to assess the risks posed by an individual customer on a case-by-case basis and to implement controls to manage the relationship commensurate with the risks associated with each customer.”
The UK’s Financial Conduct Authority (FCA) has agreed and even raised the stakes by suggesting that avoiding certain classes of costumer may result in actions against banks.
“We are aware that some banks are no longer offering financial services to entire categories of customers that they associate with higher money-laundering risk….Banks have told us that this helps them comply with their legal and regulatory obligations in the UK and abroad. However, we are clear that effective money-laundering risk management need not result in wholesale derisking.”
As reported by the law firm Pincent Masons, financial regulation expert Michael Ruck said that the FCA’s statement could be seen as “a thinly-veiled threat of enforcement action for those banks that do not offer and provide bank accounts” to customers with riskier business models.
Depending on what side of the Atlantic you reside in, regulatory authorities are saying slightly different things.
In the US, guidance from the OCC acknowledges that certain types of customers pose higher risk. Accordingly, banks are advised to have policies about servicing these higher risk customer types. From OCC 2006-39: Risk Management Guidance:
“Before a bank engages in high-risk ACH activities, the board of directors should consider carefully the risks associated with these activities, particularly the increased reputation, compliance, transaction, and credit risks….Some banks have established policies prohibiting transactions with certain high-risk originators…”
“Examples of high-risk parties include online payment processors, certain credit-repair services, certain mail order and telephone order (MOTO) companies, illegal online gambling operations, businesses located offshore, and adult entertainment businesses.”
In the UK, statements from the FCA tell bankers to be careful about thinking categorically. From Derisking: Banks’ management of money-laundering risk – FCA expectations:
“The risk-based approach does not require banks to deal generically with whole categories of customers or potential customers: instead, we expect banks to recognise that the risk associated with different individual business relationships within a single broad category varies.”
Is this a difference of opinion between the US and UK or a sudden change in wind direction? It could be either, according to American Banker, which reported the FCA announcement “has spooked U.S. institutions who worry domestic agencies could follow suit.”
The costs of being wrong can be high. As written in FDIC: Managing Risks in Third-Party Payment Processor Relationships (Revised July 2014):
“Where a financial institution does not conduct due diligence, accepts a heightened level of risk, and allows transactions for high-risk merchants to pass through it, it may be determined that the financial institution is aiding and abetting the merchants…The financial institution may be subject to civil money penalties or required to provide restitution.”
Keeping up with the regulators has become a sport, especially as some agencies compete as well as collaborate with each other. Now the signals cross borders. As one commenter in American Banker writes paradoxically, the unpredictability of regulations creates its own set of risks:
“I agree that banks should take a risk-based approach to their business, but that must also encompass regulatory risk, which in fact today can be in many cases the greatest risk that a bank faces. Regulators need to own up to the fact that they are creating risks to the conduct of business. Acknowledging that will allow them to address risks that they are creating just as they want banks to do.”
As individual regulations changes, the value of knowing your customers remains constant. See how you can uncover hidden risks with KYC Governor® from G2.