WASHINGTON The banking industry and federal regulators are struggling to find a middle ground between financial inclusion and thwarting bad guys from gaining access to the mainstream financial system but it doesn't appear a solution is coming anytime soon.
Fearing regulatory enforcement, banks have dropped relationships with certain businesses like online lenders that may have a higher risk of harboring illicit activity and require more resources to stay compliant with Bank Secrecy Act and anti-money-laundering laws.
The phenomenon known as "derisking" the wholesale exiting of certain types of businesses reached new heights again this year in the wake of high-profile anti-money-laundering enforcement actions and a separate push by the Justice Department to cut off bad actors from the payment system.
It became severe enough that it prompted federal regulators and an international watchdog to issue statements this fall attempting to stop banks from dropping customers, reiterating that they want banks to evaluate customers on a case-by-case basis, rather than cutting off entire industries. It's unclear that regulators' reassurances have done much to slow the trend, however.
"It is going to continue to be an issue; it represents a disconnect between the regulators and the private sector," said Robert Axelrod, a director in Deloitte's anti-money-laundering practice.
John Byrne, executive vice-president of the Association of Certified Anti-Money Laundering Specialists, agreed.
"There is going to continue to be a conflict between the regulatory community and the regulated community regarding risk assessment, risk mitigation and also the collateral issue of providing banking for as many types of services as possible," Byrne said. "I don't see that changing anytime soon."
Regulators have acknowledged that it's a problem. On the one hand, they expect banks to zealously guard the financial system from illicit actors, but they admit that dropping entire business lines can result in cutting off low- and moderate-income consumers from the banking system.
"We are keenly engaged with this issue because we recognize that 'derisking' can undermine financial inclusion, financial transparency and financial activity, with associated political, regulatory, economic and social consequences," said David Cohen, Treasury undersecretary for terrorism and financial intelligence, in a speech at a conference in November that was co-sponsored by the American Bankers Association and the American Bar Association.
Cohen added that derisking "reveals a misalignment between regulatory risk and actual risk that serves no one's interests."
But if the message has reached regulators' top ranks, it appears not to have filtered down to the examiner level.
"The folks in Washington that oversee their examiners are pretty straight forward... where the message gets lost is with the examiners in the field," Byrne said.
Carol Beaumier, executive vice president at Protiviti, a global business consulting and internal audit firm, suggested that it may take an exam cycle before the industry is comfortable in determining how to approach new and existing banking relationships and products.
"The statement might help on the margin," she said. "What will really determine whether or not it has the effect that Treasury might have hoped is how the field examiners actually deal with it as they are doing individual examinations."
The other challenge to stopping derisking comes because banks know they face potentially crippling fines if they mishandle the risk of a client. But they face no penalty for dropping an entire business line.
"The suggestion from Treasury that it is the right thing to do to be more inclusive probably is not going to be terribly effective only because there doesn't seem to be any penalty for a bank derisking," Axelrod said. "Different banks are taking very different views on [derisking]; there is no consensus so I think it is going to be a muddy issue in 2015."
Jihan Bahhur, director of regulatory compliance at the National Association of Federal Credit Unions, said the difference between derisking because of fear of regulatory enforcement or due to an individual determination about a particular firm is opaque especially around money-services businesses which have been at the heart of the derisking issue.
"Because of the regulatory environment and regulatory burdens institutions face today, it's very difficult to really tell the difference between whether an institution isn't banking MSBs because of an unmanageable risk profile or if it's just fear of banking the business because of negative connotation and regulatory burden," Bahhur said, adding that the statement from regulators may help some, but will not be a cure-all. "Even though it may provide comfort to some institutions it won't provide enough comfort for everyone."
Still, industry representatives are hopeful that 2015 can begin to turn the situation around. They are urging the government to provide more information about the threats it sees.
"One of the things we are hoping to see given more attention in 2015 is the feedback from the government and law enforcement to the financial industry on how things are working and what isn't working so in turn the financial sector can focus their efforts and resources where it is doing the most good," said Robert Rowe, vice president and associate chief counsel at the American Bankers Association.
Rowe is one of the few who are optimistic that derisking is already starting to slow and that it will continue to do so during the next year.
"I don't think we are going to see the wholesale derisking we have seen in the past, but you are going to see situations where certain customers or certain groups of customers are no longer easily able to get bank accounts," he said.
Indeed, defining exactly what "derisking" means and the degree to which it is taking place is part of the issue.
Teresa Pesce, head of AML services for the Americas region at KPMG, said that while some might say wholesale exiting of certain lines of businesses is considered derisking, banks may be applying a more stringent risk-based approach.
"Some [bankers] say, 'I am not derisking; I am just applying the risk-based approach, and if I cannot manage the risk, then I can make a business decision not to maintain a banking relationship,'" Pesce said. "If something is a core product or business for an institution, I am sure they will look for ways to manage the risk, but when it comes to products or jurisdictions or client types that are not part of their core business strategy, they may just cut and run rather than manage the risk, which may not be a good thing."
The Burden of Compliance
Another problem for banks is the amount of resources that is required to keep BSA/AML programs in top shape. The industry is currently experiencing a shortage of talent, and while institutions are turning to technology to help identify illicit activity, the resources required to get those programs working properly are also significant.
"The cost of compliance is already extremely high, and considering that many of these businesses are being deemed high risk and therefore requiring enhanced due diligence which means more personnel, more staffing, more technology and monitoring systems," said David Schwartz, chief executive of the Florida International Bankers Association.
Axelrod at Deloitte said that "there simply are not enough people," and that institutions will probably start to take the "long view" and invest in training programs and repurposing businesspeople.
Pesce had a similar take. "I think firms would be doing themselves a service if they train people internally, not just young compliance officers... those that really understand the business," she said.
"I have found that often some of the best compliance officers were once in the line of business because they really understand the products, and once they understand the money-laundering red flags or other financial crime red flags they can really apply it to the products because they know how they work," Pesce said.
But encouraging people into anti-money-laundering compliance can be challenging because of the fear of being held personally liable for a mistake.
"One of the things that is a challenge... not just in BSA, but particularly in BSA compliance is the challenge of finding people who are qualified and willing to do the job," Rowe at the American Bankers Association said. "The rumors that were circulating about possible personal liability really made a lot of people sit up and go, 'Do I really want to take this risk?' and I think that is one of the issues we are going to have to work through."
Byrne at ACAMS agreed. "I think compliance officers are more worried than they have been at the past" about civil liability for anti-money-laundering compliance, he said.
Axelrod added that there is a lack of fresh faces as a whole. Many of the same people keep circulating between institutions.
"If you think about the last five years, so many people have gone from one bank to another and so many compliance officers have found themselves become compliance officers for hire," he said.
Tech, Personnel Challenges
To be sure, the technology for detecting problems has improved in recent years. But it still takes a lot of fine-tuning to ensure that those systems are making the right alerts.
"There is a lot of programmatic review, there is a lot of model validation to ensure that the transaction-monitoring systems or whatever automated systems they may have for other functions such as risk ranking are fit for purpose and working as intended, but there is also re-evaluating the risk generally," Pesce said.
But smaller institutions may have trouble finding the people with the right quantitative skills to develop those programs and systems.
"I think that the larger banks are better positioned with the resources to deal with it, because they can leverage those extra resources from other parts of the bank to help with the analytics," said Rick Aragon, a solutions consultant at LexisNexis Risk Solutions. "You get to smaller institutions, and they don't necessarily have a pool of quants that they can pull from."
Pesce also said that regulators are almost as demanding of the smaller institutions as they are of the large institutions. That is partly because of the fact that after the big banks began derisking, many of their clients ended up at small banks.
"The largest banks derisk, then [the risk] repopulates with the smaller banks," Axelrod said.
If regulators push illicit activity away from a large institution, it is likely to end up at a bank with less stringent controls, Axelrod said.
Byrne said the only solution is for bankers and the government to be more open with one another.
There is "still a lot of confusion of what is acceptable," he said. "It will never be solved unless there is a transparency; all sides have to give a little bit here."