On 15th January 2014, The Basel Committee on Banking Supervision issued a set of guidelines,
"Sound management of risks related to money laundering and financing of terrorism", describing how banks should include the management of risks related to money laundering and financing of
terrorism within their overall risk management framework. In the report, the Committee points out that,
"prudent management of these risks together with effective supervisory oversight is critical in protecting the safety and soundness of banks as well as the integrity of the financial system. Failure to manage these vulnerabilities exposes banks to serious
reputational, operational, compliance and other risks."
The new guidelines outline the "essential elements" of sound anti-money laundering and financing of terrorism (AML/FT) risk management, including those related to:
- Assessing, understanding managing and mitigating risks
- Customer acceptance policies
- Customer and beneficial owner identification, verification and risk profiling
- Management of information and record keeping
- Reporting suspicious transactions and asset freezing
While there are new regulatory measures being discussed against money laundering itself at the regional jurisdictions' level, these new guidelines from the Basel Committee address AML/FT in the group-wide and cross-border context, and outlines expectations
for banking supervisors.
In its introduction to the new guidelines, the Committee is clear in that inadequate risk management of AML/FT risks within banks has led to the recent enforcement actions, reputational damage and corresponding (in)direct costs, all of which according to
"could probably have been avoided had the banks maintained effective risk based AML/FT policies and procedures."
Whilst the overall guidelines are comprehensive, one underlying message that stands out is the emphasis on managing AML/FT risk management using a more holistic "joined-up" and end-to-end-approach. There is nothing new in this thinking, but clearly, whilst
the industry has been talking about breaking down the various in-house risk, compliance and financial crime silos (including people, policies, processes and technologies), there is still some way to go and the expectation is that high profile enforcements
will continue to be made.
So what can organizations do to manage AML/FT risks?
As I discussed in a previous blog post, having best of breed risk, compliance or financial crime detection, reporting and monitoring solution is just one part of the story. There is the need, perhaps now more than ever under the watchful eyes of more demanding
regulators and shareholders, to provide an in-depth level of insight across the enterprise and to effectively identify, monitor, and manage risks and controls and policy/procedure adherence across lines of business and processes.
This level of insight is required to give stakeholders the confidence that the company is performing in line with stated business and regulatory objectives - not only profitability, but also from a reputational and compliance standpoint. It's only when individual
financial crime, risk and compliance systems come together on a truly unified common data platform and under a robust Operational Risk, Governance and Compliance Management umbrella, can financial institutions truly get the required level of insight to consistently
make the right "risk based" decisions that keep the company moving forward and stay on top of supervisor demands.
In a recent paper, FinTech Insights 2014: Financial Technology Trends and Innovations From Leading Industry Influencers,
Chartis Research underlines this point, stating that in 2014 the biggest headaches facing financial institutions will be dealing with regulations and data, anticipating that 2014 will be, "the year of the beginning of the end for traditional silo-based risk
management, now more than ever, everything needs to become enterprise-wide i.e. connecting the dots."
What are your views on the new Basel Committee AML/FT guidelines and the ever deepening unification of financial crime, compliance and risk management? How are you planning to tackle this? I would love to hear your thoughts.