FINTRAIL co-founder Robert Evans recently spoke at the PayExpo MENA event in Dubai on the issue of de-risking, the impacts it is having on the correspondent banking, payments, remittance and FinTech sectors as well as offering business owners and leaders in the audience some practical advice on minimising the risk to their business. We thought it would be worth sharing some of the insight for our readers.
What is de-risking?
The Financial Action Task Force (FATF) defines de-risking as:
"Situations where financial institutions terminate or restrict business relationships with categories of customer to avoid rather than manage risk - such as respondent banks, NGO’s, gaming/gambling entities and money service businesses (MSBs)."
Within the financial institution community the term de-risking is seen as unhelpful, but we use it today as it has become a widespread and recognised label that carries a level of industry recognition.
As global correspondent and clearing banks have felt increased regulatory pressure in markets such as the UK and US, that has in-turn filtered down to regional correspondents, local respondents, issuers and all those that rely on the banks for their accounts and services.
There has been lots of debate about the issue of de-risking, with papers published by industry, regulators and global bodies and many industry initiatives underway to address the strategic drivers behind the trend. We are not going to re-hash that content here but instead focus on it from the other direction - bottom up.
We want to give business owners and leaders some advice based on our direct knowledge of leading de-risking decisions and some of the drivers behind it, in order that vulnerability and weakness can be addressed.
Reducing vulnerability to de-risking.
While we recognise that pan-industry efforts are critical to solving some of the fundamental drivers to de-risking (such as over regulation and cost of KYC), we also think as an industry we have not done enough to understand and articulate at a micro or individual level what drives some of the operational decisions that often lead to a de-risking or refusal to onboard scenario.
Historically during previous employment, our team have sat in client interviews, reviewed business profiles, business plans and looked at transactional flows that were very high risk, and in some cases that was totally new to those individuals we were talking to. Interestingly, and a cause for concern, was that some of the worst cases were not in those markets that were deemed to be traditionally ‘high risk’, but those within for example supposedly heavily regulated European countries. While we can potentially point the finger at the regulators and big bad banks, we think there is also a need for personal accountability amongst the industry, business leaders and individuals to look very carefully at their business models and ensure they understand the risks.
It will cost a bank somewhere in the region of £40-100k to onboard a new respondent, and it is not too dissimilar for payments firms, depending on the risk profile. In addition there are significant ongoing compliance costs that quickly mount up. In a high risk scenario annual due diligence could easily run to tens of thousands of pounds when you consider increased monitoring and onsite visitation requirements. In a pure correspondent banking scenario that is fairly easy to imagine but when onboarding or retaining a payments provider that is not so easy, especially where the margins for the bank are relatively small. Some of the core industry initiatives that are underway can and will drive down the associated costs, but making some of those items genuinely operational is still some way off.
All of this means that as a payment provider seeking an account or wishing to maintaining banking services you need to do everything you can to positively influence that risk vs reward equation. We are not going to focus on the commercials, especially as there may be little margin to improve that, particularly in the early days, but more on the risk side of the balancing act as that is one area we have seen can be significantly enhanced and make businesses more bankable.
FINTRAIL want to give you some simplified and distilled points drawn from direct experiences of assessing the risk reward equation - what were we and others really looking for when balancing that equation and how can you as a business owner and key industry leader help shape the tone of the discussion.
While some of these points may have slightly grand sounding titles or definitions, they are really real-world activities that will help you position your business and conversations far more effectively:
1. Understand and use a financial crime risk appetite.
All financial service firms should have an appreciation of their appetite for financial crime risk and how that correlates to their business strategy that in turn drives how you manage the day-to-day operations of your business. In simplistic terms we define a risk appetite as a formal statement of intent that guides and should underpin how you approach financial crime risk as a business and should really form part of your company DNA.
It is really important to acknowledge you can not operate a successful financial services business with zero financial crime risk, but you should be able to articulate and evidence how you are managing your business within a defined appetite that is based on an honest assessment of your control environment and the risks you face.
That is all very theoretical but how does this manifest itself in the real world? Your risk appetite is a neat and concise way to articulate your overall risk profile to a potential partner that further underpins your ongoing dialogue regarding controls and flows. It also underpins policy decisions about clients and markets as it can be used to guide strategy.
We have seen a number of beautifully crafted risk appetite statements but we continue to see very poor operationalisation of the intent behind the statement. You may ask why risk appetite is so important - and our answer is that the process of developing a risk appetite forces you to consider and genuinely understand your likely exposure to financial crime risk and possibly even more important, assess how effective your controls actually are.
If for example a business stated to us that they have no appetite for defence and arms related business, we would expect that it manifests itself in policies and procedures, restricting those clients at onboarding and in turn this should be further reflected in the transactional flow.
You must always allow a margin of error and potential differences in definitions but systemic failings call into question the efficacy of the control framework and would be an immediate red flag of wider issues.
2. Know and understand your customer base.
This links quite nicely to our observation about risk appetite and is one of the ways we would assess how a risk appetite is operationalised.
Would we expect you to know every single client by name? No, but you should have a view of your customer base and risk segmentation, especially when it comes to those customers that may fall into the high risk categories such as PEP’s or in a bank context, MSBs/payment firms.
It builds confidence that controls are well established and effective if you are able to accurately articulate the segmentation of your customer base and evidence that coherently. It also goes a long way to building open and transparent relationships with your partners as you are able to identify anything particularly high risk that you may wish to disclose or discuss. It is worth noting that depending on the exact nature of the transactional relationship, your partner will be able to see roughly what your customer base looks like so hiding it is not helpful. This will magnify the issues if something contentious is identified.
3. Transparency and Openness
We have always believed that fighting financial crime should be a team sport pan industry, between public and private sector and especially between partners. As an industry have we always approached it that way? Probably not but there is growing recognition that we need to do more.
When engaging with partners it is about building a relationship of trust and that requires transparency. Bring your partners along on your journey. If you have a weakness, don't hide it but explain what it is and what is being done about it - it builds trust.
Make sure you start your compliance dialogue at an early stage and take the time to understand the drivers on both sides of the conversation - it will help you articulate the message and information more effectively.
Make sure you clearly understand the questions that your partner is asking and they understand exactly what you need from them. We have seen confusion lead to a rapid break down in trust.
Additionally, try and make sure your data and materials are easy to understand and relevant. We are not suggesting you need beautiful designed templates and dashboards but it really helps the dialogue if your materials and data make sense.
4. Controls
We do not necessarily mean some of the more mundane items but more specifically, what you are doing to manage the higher risk business categories. For example are you processing payments from locations that may be transit countries for foreign terrorist fighters? How do you control and mitigate the risks of that?
You need to be able to clearly articulate to your partners what the risks are, what controls you are applying, and the icing on the cake is when you can evidence the control is effective.
One of the best working examples of this we have seen in previous employment was a UK based entity who had a relatively large component of gaming and gambling activity. Transactional analysis had identified what appeared to be fairly high risk activity that was on face value outside our risk appetite but our engagement with the client soon allayed specific fears as they were very quickly able to articulate precisely what additional controls they were applying to that activity, and prove effectiveness - we allowed them to continue to process that flow.
Their approach was so effective, because they had already done step 1, 2 and 3.
In Summary
We have deliberately simplified some points to fit them into a short article and we recognise that some of these items are not new and not necessarily easy to do, especially when you add scale and global presence into the mix, but hopefully the sentiment of what we are suggesting is evident.
Do we need to do more to address the strategic issues driving de-risking - absolutely. However there is also more self help that smaller businesses can do to engage effectively with partners at both the initiation of the relationship and an ongoing basis. We have seen first hand that there is far more that the industry can be doing to make themselves attractive customers, especially in the early stages where the commercials may not tip the balance in that all important risk vs reward equation.
The team at FINTRAIL are uniquely positioned to help organisations address the issues and challenges presented by de-risking and a risk-off appetite as well as supporting businesses to effectively engage Partners in higher risk scenarios. Please contact the team at FINTRAIL for further information.