Recent record fines imposed on major financial institutions once again affirm that banks face unprecedented pressure to comply with financial crime regulations. Financial sanctions have become the tool of choice for government policymakers in combating terrorism, weapons proliferation and crime. In this environment, regulators have placed increasingly high expectations on banks and have dramatically stepped up compliance enforcement. Penalties for non-compliance are severe, driving home the point that there is no tolerance for failure. Regulators have levied more than $10 billion in fines and settlements on banks over the last 18 months, demonstrating the determination and ability of regulators to use civil and criminal law to enforce financial sanctions on a global level. Anyone who thought these regulations inconsequential has now been disabused of that notion.
While the mandate is straightforward, the means of achieving it are not. When violations of a country's regulations can occur anywhere in the world, compliance must be managed consistently and within a global framework. However, rules differ and sometimes conflict across jurisdictions, and are subject to frequent change. The sanctions lists against which customers and transactions must be screened change on a regular basis and continue to grow in size and complexity. Presently there are more than 30 lists from various jurisdictions and sanctions programs containing the names of more than 30,000 sanctioned entities and individuals. Banks are not only expected to catch transactions involving those named on the lists but are also expected to catch transactions containing variations or misspellings of their names. Consider the inherent challenge when there are, for example, hundreds of possible variations on Muammar Gaddafi's name and there are no agreed-upon guidelines in terms of how many of these variations should be checked. Tight policies would increase the number of alerts generated by the screening process; these in turn would have to be manually investigated to ensure accuracy, and the full process would need to be documented in a time-consuming, labor-intensive process. Loose policy, though, could potentially expose a bank to liability for lax compliance. Each bank must make a judgment call weighing the costs and the risks, in line with its own risk appetite.
Similarly complicated is the world of know-your-customer regulation, in which banks must not only know their own retail and corporate customers and monitor their transactions, but they must also know and monitor their correspondents and counterparties, upstream and downstream. Under the parameters of KYC compliance, each bank must collect, validate and maintain information about its correspondent banks. This information must be updated on a continuous basis to reflect any changes. To put it in perspective, within the SWIFT network there are more than 7,000 banks active in correspondent banking that maintain 1.3 million distinct correspondent relationships. The result is an enormous amount of redundancy in the system, as well the risk of error, as these institutions repeatedly send the same or similar information to each of their counterparties in order to comply with KYC regulations.
This level of complexity renders financial crime compliance one of the most difficult and costly challenges confronting banks, and it underscores the banks' need to comply effectively and efficiently. Effective compliance is of paramount importance but it must be achieved it in a manner and at a cost that is sustainable for the ongoing operations of the business. In their quest for effectiveness, banks have invested billions of dollars in their compliance programs. However, given the rapidly evolving requirements, it has been difficult to invest these funds with a view towards a long-term, scalable solution. Almost nothing has been done to develop standards or best practices benchmarks, as each bank has tended to tackle financial crime compliance on its own, in an individual and bank-centric way. Much of the cost and effort has been duplicative — each bank, in effect, inventing its own wheel. The result is ballooning costs and redundancies.
The inefficiency of plowing investment into solving the same industrywide problems is abundantly apparent, but it does not have to remain the status quo. Compliance is not a competitive field. While each bank must be compliant, being compliant does not confer a competitive advantage upon any bank. Instead there needs to be a marked shift in the industry's approach to compliance. The cost and inefficiencies of financial crime compliance are motivating banks to move from standalone, proprietary solutions towards collaborative, utility approaches. Banks already use utilities to confirm and settle trades and make international payments because they realize these processes offer no competitive advantage. A similar industrywide utility approach to financial crime compliance can help crystallize best practices and serve as a forum for further innovation. Standardized solutions can unlock economies of scale. For instance, compliance reviews will become more automated and more efficient, enabling banks to redeploy valuable human resources to areas that add to the bank's bottom line.
While banks will benefit from efficiency and cost perspectives, regulators will also benefit as banks working together can create a system more capable of effectively enforcing financial sanctions across the global financial system — thanks to fewer errors caused by having numerous banks rekeying the same information, and to the magic of network effects.
Luc Meurant is the head of banking markets and compliance services at the Society for Worldwide Interbank Financial Telecommunication.