Who Wins the Derisking Shell Game? Bad Guys, Mostly

Register now

On the surface, the story of derisking is simple enough. Rather than deal with the possibility of regulatory run-ins, traditional financial institutions decide to close the accounts of companies such as money service businesses and digital currency firms that are deemed "too risky" to bank. The unintended consequences of the derisking phenomenon include strained remittance corridors and frustration for legal businesses struggling to get by without reliable banking services.

Other consequences of derisking are less widely discussed. A growing lack of transparency between some businesses and their banking service providers now directly threatens our ability to effectively manage money laundering and terrorist financing risk. We've wound up in a shell game of "hide the risk" — and everybody's losing.

If you haven't heard about businesses struggling to survive without access to banking facilities by now, you've probably ignored financial news for the past two years. The global effects of derisking have attracted the attention of the Group of Twenty, the Financial Action Task Force, the Financial Crimes Enforcement Network, the World Bank and many more. While it's clear there are issues in terms of access to banking, let's be honest: while some businesses will close up shop if they can't work with financial institutions, many others will take a different tack.

These businesses find ways to carry on when banks reject them, whether that means using alternative financial service providers, payment processors, personal bank accounts or simply opening accounts at other financial institutions without revealing the true nature of the underlying activity. I've spoken personally with businesses that have taken these approaches, although it's never been their first or most ideal choice. They aren't criminals carrying out nefarious business. They are entrepreneurs who would prefer to provide their real business plan to banks and explain their activity honestly. But they do not believe this option is available to them.

Consequently, a bank with a policy that prohibits certain businesses from holding accounts instead winds up dealing with businesses that have gone to great lengths to conceal the true nature of their activities. These banks are unaware of the true nature of the activity passing through their accounts and therefore ill-equipped to manage the associated risk. The strain on banking resources must be phenomenal, as banks must constantly devise new ways to interpret patterns of customer activity to detect undeclared MSB or digital currency activity. While it isn't easy to quantify these costs, I can only surmise that the cost of this detective work must be high — as well as inefficient.

Further muddying the waters is the fact that businesses that hide their legal activities in order to avoid derisking may wind up conducting business in a way that looks criminal to the bank. For example, if business owners believe their relationships with banks could be endangered, they may open many accounts under a combination of personal and business names and conduct banking through each of them, transferring funds from one account to another as needed. On the surface, this pattern can seem similar to "layering" or "structuring" activities — techniques used by money launderers to make funds more difficult to trace. Thus the lack of transparency between businesses and banks further burdens financial institutions by creating more activity that they must monitor and investigate.

Countries outside the U.S. are bearing the costs of derisking as well. Nations like Somalia have large populations that are dependent on remittance payments from friends and family living and working abroad. Now reliable and cost-effective remittance payment providers are shrinking in number, with potentially disastrous results. This situation is absurd in an era when technology can facilitate payments in seconds.

It's not just far-flung places that are suffering as a result of derisking. The U.S. national security system is dependent on our financial intelligence units' access to reliable data. The reliability of that data is undermined at every level by fallout from derisking.

In the current landscape, businesses do not declare the true nature of their activity — and there are no incentives for them to do so. This means that banks do not understand their customers' businesses, making it difficult for them to detect potentially criminal activity. As a result, banks are likely to see an uptick in "false positives" for criminal activity, skewing the data they report to financial intelligence units. All this makes it harder for law enforcement and other national security agencies to rely on banks' data to perform their roles effectively.

There are, however, two potential winners in derisking.

The first are unregistered or unlicensed MSB businesses. These businesses ignore regulatory requirements and carry on without reporting to financial intelligence units. In some cases, these businesses will even minimize their interactions with the local financial system by using foreign bank accounts (and point of sale terminals) to collect customer funds. While the risk of incurring regulatory penalties is high, the reward can be tempting — particularly when businesses are able to complete transactions that pose a challenge for their compliant counterparts.

The second possible winners are criminal organizations. When legitimate businesses are performing transactions that look like money laundering, detecting true criminal activity becomes exponentially more difficult. I can only assume that money launderers are laughing all the way to the bank.

Derisking is a complex problem with complex outcomes. But the solution need not be complicated. It must, however, involve cooperation across the financial services community, including regulators, banking service providers and businesses.

This community must come together to reassess the costs and benefits of derisking. When banks are capable of accepting and managing accounts for businesses considered to be "higher risk" they should do so, with their regulator's blessing. Rather than perpetuating the shell game, regulators should encourage financial institutions to manage risk and provide them with solid guidance on how this should be done. Finally, banks, businesses and regulators must commit to transparency. The lines of communication closed by derisking must be reopened, allowing banks to have honest conversations that will provide real insight into their customers' businesses and lead to effective long-term risk management.

Amber D. Scott is founder and chief AML "ninja" at Outlier Solutions Inc. Follow her on Twitter @OutlierCanada.

For reprint and licensing requests for this article, click here.
Law and regulation AML