FIs must not stint on compliance costs

Do all you can - and hope for a more sympathetic regulatory ear in the framing of rules

By ERIC CHAN

Despite global economic woes, regulators continue to expect banks and other financial institutions (FIs) to take rigorous measures to fight money laundering and terrorism financing (commonly called anti-money laundering and combating the financing of terrorism, or AML/CFT).

One key requirement within any AML/CFT framework is for FIs such as banks to make extensive know-your-customer (KYC) inquiries before opening an account for, or entering into a business relationship with, a customer.

Typically, the FI would be required to check the customer's identity and obtain a variety of background information. The primary purpose is to ensure that the customer is not a dubious or fictitious personality out to gain access to the financial markets in order to launder the proceeds of crime or to fund terrorism-related activities.

The requirement to have in place a KYC process has had an enormous operational impact. FIs often employ large teams of compliance personnel, whose sole function is to scrutinise the mass of documentation and information as required by local regulatory requirements. Multinational FIs also have to grapple with differing KYC rules that apply in different countries within which they operate. While the Financial Action Task Force (FATF) has done much to standardise the rules, there remain significant differences. On top of this, most financial institutions will also have their own internal global KYC policy that has to be followed.

In the present economic climate where revenue and profit are already highly uncertain, it may be tempting for FIs to dial down their compliance efforts a notch or two in order to reduce costs.

This, however, is a step fraught with danger. The world today is no safer from terrorism than it was in September 2001. Nor has criminal activity and money laundering subsided. Governments and regulators continue to expect stringent measures in the fight against money laundering and terrorism (although the effectiveness of the measures may perhaps be the subject of a separate debate).

The recent Madoff incident shows that a failure in the compliance control mechanism will be met by a rigorous regulatory response.

If an AML/CFT control failure is specifically linked to an actual terrorism or money-laundering incident, the consequences would be catastrophic for the FI concerned.

It is a rapidly growing viewpoint that frontline business people, in their zeal to pursue business and revenue growth, care little or not at all about the legal and regulatory risks to which they expose the FI which employs them.

At the end of the day, there are valid concerns on both sides. The solution for management is not to come down on one side against the other, but to find ways and means for both sides to collaborate and work together effectively. In such a context, an adversarial system can have no place.

Compliance personnel have to be more efficient and effective in their work, and appreciate that an over-rigid adherence to rules will be damaging to the organisation. At the same time, the business folks must learn to take true responsibility for managing legal and regulatory risks.

In all of this, common sense (which is often not that common) is critical.

In the realm of KYC, one example is with respect to Internet searches. It is almost standard procedure in any FI's KYC process that a search should be conducted via the Internet to uncover if any negative information exists about a customer.

Typically, the search would be done by the business person who would certify that he had made the search and submit the results to Compliance for sign-off.

Verification

Assume that a bank relationship manager brings in a new customer named Tan Ah Kow, John. From the compliance standpoint, an Internet search should use parameters that would yield reasonably meaningful results. The relationship manager should appreciate that a search done against the name 'Tan Ah Kow John' alone (which would yield only four hits) would be insufficient.

Conceivably, the customer might use other permutations to his name. It would be necessary then to search against the names, 'Tan Ah Kow' (2,720 results), 'John Tan Ah Kow' (six results) and 'John Tan' (57,200 results).

Where the search yields too many results, (as in the case for 'John Tan'), good sense must prevail. It would be unreasonable for Compliance to insist that the relationship manager review all 57,200 hits. (And even if the relationship manager claims to have done so, that is probably something that no one can credibly believe!)

The solution would be for Compliance to sanction the inclusion of additional but pertinent search parameters. Thus, if the customer is known to be a mechanic, then a further search on 'John Tan' coupled with 'mechanic' ought to be acceptable. This would bring the number of hits down to a more manageable number (507), which the relationship manager and Compliance can meaningfully review and clear.

In short, Compliance and the business must work together and, more importantly, work smart. In an environment where a sense of gloom and doom pervades all things, now is the critical time for disparate teams with disparate job functions to work collaboratively, not antagonistically.

For the financial industry as a whole, the later years of the Bush presidency in the US have reflected a particularly stern and unrelenting rules-based regulatory approach. As Barack Obama prepares to take over responsibility for the world's most powerful economy, one item that will feature high on his agenda will be the reform of the US financial regulatory system (which would obviously have knock-on effects to other financial markets).

While one may expect a tightening in government regulation - particularly in the way FIs manage their financial risks, there is perhaps room for a little optimism that a more sympathetic regulatory ear would be proffered to the industry in the area of AML/CFT.

This article was first published in The Business Times (16 January 2009).