Regulatory compliance has become a high-priority topic on the agenda of many senior managers. Marcus Sehr, global head of cash management financial institutions, product, and Ulrich Goeres, global head of anti-money laundering and anti-financial crime, at Deutsche Bank discuss the current challenges facing banks and correspondent banking services in particular.

Q: How critical a factor has compliance become when selecting a correspondent banking provider?

Marcus Sehr: Compliance has become one of the most crucial factors for banks selecting one another as business partners. Indeed, when engaging in correspondent banking services, it is self evidently in the mutual interests of all parties involved to work with providers that have the most stringent controls in place to identify and deal with any wrongdoings that could potentially arise.

In the past two years alone we have seen that having the wrong client or processing the wrong transactions can result in severe risks and subsequent losses for banks. Regulators, especially in the US, have recently intensified their actions against rule-breaking banks. As a result, they are increasingly requiring banks to justify sustained correspondent banking account relationships. A number of areas in particular are coming under scrutiny, from failure to obtain or maintain due diligence or Know Your Customer [KYC] information and failure to have adequate monitoring procedures in place for transfers, to failure to provide adequate resources – such as staffing and IT – to maintain effective anti-money laundering [AML] programmes.

It is clear to the market as a whole that the consequences of non-compliance can be severe. Not only have substantial fines been issued, but the effect on reputation can be even more damaging (though harder to quantify). Non-compliance also has a major impact on the correspondent banking landscape. Some providers are reviewing their relationships entirely, while others have pulled out of certain jurisdictions (wilfully or otherwise) or exited specific types of transaction banking instruments where the cost of maintaining the business was felt to outweigh the risk involved. This has effectively resulted in a further wave of market consolidation, both in the flight of business to providers who have made the necessary investments (not just for compliance) over a sustained period of time, and also in the intensification of existing relationships that have been built on trust.

Q: Regulation on compliance and AML is nothing new per se. To what extent has this become more complex and what do banks have to do to make sure they effectively manage the challenges?

Ulrich Goeres: While compliance itself and the challenge it brings is nothing new, the expectations of regulators around the globe have increased significantly in the wake of the global financial crisis, and understandably so.

One of the main challenges arises from the global nature of the industry and related complexities. For example, the necessary objective of preventing criminals and terrorists from accessing the financial system and abusing electronic transfer mechanisms has seen the development of a complex structure of interwoven AML legislation, and the emergence of enforcement activities globally. Navigating a multi-jurisdictional risk matrix is far from easy and requires across-the-board co-operation and extensive expertise.

The implementation and enforcement of legislation varies considerably across multiple jurisdictions and each country has its own regulator; an added complexity that global banks, such as Deutsche Bank, must take into account. Certainly, regulatory compliance is more complex than ever, and is right at the top of senior management’s agenda.

Other focal challenges that we face as an industry include the speed with which regulation is evolving, and – with specific regards to AML – the increasing sophistication of techniques used in criminal and terrorist activities. Indeed, there has not only been an increase in criminal or suspicious elements across jurisdictions (including previously low-risk areas), but also a growing use by criminal elements of non-bank financial intermediaries, including payment service providers and money service companies.

Consequently, banks are being required, above all, to increase their regulatory- and compliance-related investments. However, investment is not the only issue – all industry participants must have the overarching objective to not just obey legislation, but to more fundamentally support all efforts to ensure financial services are not abused by criminals and terrorists. This is therefore an ongoing process, where banks need to take a risk-based approach entailing various levels of controls for business in legal and compliance as well as for group audit. In doing so, they are being challenged to develop tools, reassess operations and implement more secure systems, while improving IT and communications.

Q: What are the challenges relating specifically to financial institutions’ [FIs] cash management business?

MS: As mentioned, correspondent banking services incur several high-risk elements, including reputational, financial, operational and counterparty credit risk. In managing all these aspects, close cooperation and communication with support functions is absolutely essential. For example, here at Deutsche Bank, regular dialogue takes place between our operational risk, product management, AML, anti-financial crime, credit risk and legal departments.

Furthermore, we firmly believe that the business needs to work closely with its FI clients and their markets, and that ultimately the responsibility – for collecting KYC data and documents for new client adoptions and regular client reviews, for example – remains with the business line at all times. As a result, our client managers take part in continual training to ensure they fully understand the regulatory environment and respective risks involved when offering payment services to our FI clients.

In addition, in our operations as a global provider, we need to align our procedures across jurisdictions. This means having harmonised data and documentation requirements, one risk scoring methodology applied per client and per account jurisdiction, harmonised KYC process flows with clear roles and responsibilities, and maintenance of IT systems to support KYC workflows.

Finally, the importance of ongoing dialogue with our clients cannot be underestimated. We hold regular seminars and training sessions for our clients to keep them abreast of the latest developments and we also encourage them to engage and learn about their products, services and customers better. By getting to know the business, operations and AML professionals within their institutions, risk control programmes can be further enhanced. Information exchange is a vitally important aspect, yet, at the same time, we have to be fully aware of local client confidentiality agreements.

Q: There has been a lot of press activity lately around virtual currency systems. These systems, such as Bitcoin, do not currently comply with applicable AML statutes and KYC controls in the same way as the traditional financial sector. How are banks reacting to this? In particular, can Bitcoin, as a decentralised system that doesn’t require any third-party interaction, simply be controlled or directly regulated by a central authority?

UG: The concern for virtual currencies is that they offer a high degree of anonymity. Given that anonymous nature, virtual currency transactions are particularly vulnerable to money laundering and terrorist financing risks. As a result, digital currencies are classified as financial products with a very high risk profile.

At the same time, there is a lot of uncertainty surrounding virtual currencies. On the one hand, various central banks, such as those in France and Germany and the European Banking Authority [EBA], have highlighted the risks faced by everyone buying, holding or trading virtual currencies such as Bitcoin. The EBA has explicitly stated that “no specific regulatory protections exist that would cover the investor for losses if a platform that exchanges or holds the virtual currencies fails or goes out of business”. One of the most recent warnings came from the Dutch central bank in June, which, rather than addressing end-users of digital currencies, warned that banks and payment institutions should be aware of integrity risks derived from processing transactions related to digital currencies.

Warnings have not just come from agencies and central banks, however. In a recent keynote speech at the annual European Security Conference entitled 'Organised Crime: the Scale of the Challenge Facing Europe', Rob Wainwright, the director of the EU's law enforcement agency, Europol, warned against the “totally unregulated” online financial market. He went on to state that “some regulation is needed to put virtual currencies on a level playing field with electronic banking with regulated currencies. If not, the lack of traceability will leave the door wide open for money laundering and terrorist financing.”

One of the most contentious points about virtual currency schemes is that they operate outside the banking system. Janet Yellen, chair of the US Federal Reserve, made it clear to senators that the Fed simply does not have the authority to supervise or regulate Bitcoin in any way. That said, there has been recent speculation that the Fed is at least contemplating regulation.

Yet the US Treasury’s Financial Crimes Enforcement Network (FinCEN), like many supervisory authorities, stated that “administrators and exchangers of virtual currency are money transmitters under existing regulations, and thus must register with FinCEN, keep particular records, and report suspicious transactions to adequately guard against money laundering and terrorist financing abuse”.

This approach will also be taken by the Monetary Authority of Singapore, which announced that it “will introduce regulations to require virtual currency intermediaries such as Bitcoin exchanges and Bitcoin vending machines that buy, sell or facilitate the exchange of virtual currencies for real currencies to verify the identities of their customers and report suspicious transactions to the Suspicious Transaction Reporting Office. The requirements will be similar to those imposed on money changers and remittance businesses who undertake cash transactions.”

Given the lack of clarity on the regulatory side, each financial institution has to develop its own strategy based on risk appetite. A financial institution could restrict transactions to any virtual currency exchange at which virtual currencies can be bought with real money, or to intermediaries that provide exchange from the virtual currencies into fiat currencies (such as US dollars, euros or sterling). Furthermore, a financial institution could prohibit setting up derivative virtual currency products such as certificates, or trading shares in funds.

Q: Regulatory compliance is putting additional pressure on margins in a business already characterised by low margins. Are there areas where banks can collaborate to reduce costs?

MS: Given the current environment, banks are certainly exploring areas of collaboration with a view to relieving cost pressures. The simple fact is –  as compliance and maintenance costs rise, budgets shrink and large investments in new platforms become more difficult to fund – the 'go it alone' approach may be unsustainable in the long term. As a result, pooling resources and setting up shared utilities are becoming increasingly attractive options.

One such example is the Society for Worldwide Interbank Financial Telecommunication (Swift) KYC Registry, a project in which Deutsche Bank is participating as a member of the working committees. As things stand, there is a lack of standardised, on-demand sources for up-to-date KYC information – resulting in huge numbers of document exchanges and duplicated costs and efforts. Swift itself has stated that the 7000 banks involved in correspondent banking on Swift have more than 1 million individual relationships, meaning more than 1 million document exchanges are taking place.

The utility will provide a global platform of accurate information hosted and managed by Swift, but with member banks that have ownership of and responsibility for their own information. That is an important element as Swift would have no involvement in any type of judgemental activities such as due diligence, screening or risk scoring. The registry is designed to act as a central repository that allows institutions to access up-to-date KYC information (Swift would be responsible for sending reminders if documents expire), thus facilitating efficiency and transparency.

Q: How important is ongoing dialogue with the regulators? Is there, for example, a need for greater feedback, consultation and communication of good practice? How influential are working groups such as the Wolfsberg Group?

UG: As stated before, the goal of regulatory compliance is to ensure a financial environment that minimises criminal and terrorist abuse as much as possible. The best way to achieve this is to have constant communication between banks, their clients, regulators and law enforcement. Obviously banks need to be aware of what is expected of them and the mechanisms that they need to implement in order to remain compliant. If they do not comply, further stringent penalties can be expected. However, it is also important to encourage greater dialogue so as to avoid any unintended consequences. It could be argued that legislation is becoming overly prescriptive, causing some payment facilitators to become so risk averse that they financially exclude some of their customers. An ongoing dialogue is therefore essential to find the right balance.

With regards to the Wolfsberg Group – an association of 11 global financial institutions, including Deutsche Bank – the group’s aim is to develop financial services industry standards and related products, for example KYC, AML, counter-terrorist financing and anti-bribery and corruption policies. Current Wolfsberg initiatives that will lead into future publications include 'Wolfsberg AML Principles – Frequently Asked Questions with Regard to Risk Assessment for AML, Sanctions and Anti-Bribery and Corruption' and 'Wolfsberg Trade Finance/Correspondent Banking/Swift Relationship Management', to explore trade finance-specific issues and the use of Swift relationship manager. Another key issue is around data protection. A dialogue has been initiated between the Financial Action Task Force and Wolfsberg, which I consider to be very important, and indicative of the wider industry discussions needed.

PLEASE ENTER YOUR DETAILS TO WATCH THIS VIDEO

All fields are mandatory

The Banker is a service from the Financial Times. The Financial Times Ltd takes your privacy seriously.

Choose how you want us to contact you.

Invites and Offers from The Banker

Receive exclusive personalised event invitations, carefully curated offers and promotions from The Banker



For more information about how we use your data, please refer to our privacy and cookie policies.

Terms and conditions

Join our community

The Banker on Twitter