Financial and credit institutions across EU Member States constantly strive to identify and manage their day-to-day risks in the most efficient manner.
Occasionally, when faced with elevated risks, organisations may be led to take difficult decisions. One may think that an easy way out of managing risk is to refuse business relationships or transactions altogether, particular those susceptible to higher levels of ML/FT risk.
Whilst it is recommended that organisations identify and assess the extent of risk they are willing to accept, the outright refusal of certain broad categories of customers, without due consideration to case-by-case circumstances or individual risk profiles, may be unnecessary and most likely, a sign of ineffective ML/FT risk management.
A recent study carried out by the European Banking Authority on the detrimental impact of unwarranted de-risking and ineffective management of ML/FT risks, addresses this practice in an effort to recognise and reduce its occurrence.
Who may typically face de-risking?
The study examined customer profiles that may typically struggle to establish a business relationship with financial and credit institutions. The study highlighted the following high risk profiles:
- persons associated with jurisdictions having strategic ML/FT deficiencies;
- persons deemed to lack a sufficiently transparent structure or who engage in cash intensive business;
- Non Profit Organisations (NPOs) and asylum seekers;
- Politically Exposed Persons (PEPs); and
- subject persons perceived to have higher risk levels or who benefit from exemptions from CDD requirements.
The study further revealed the three main drivers leading to unwarranted de-risking, these being:
- the lack of expertise required to sufficiently risk assess certain business models;
- an unreasonably low risk appetite threshold or prohibition of certain business profiles without justifiable reason; and
- the compliance cost of the business relationship would outweigh the projected profits.
What is the outcome of unwarranted de-risking?
Several organisations are facing serious challenges in keeping their operations and businesses afloat in the current financial environment. These challenges include:
- termination of business relationships where customers operate in designated high-risk or grey-listed jurisdictions;
- disruption in cash-management services and international payments;
- restriction of access to financial products such as loans, credit cards and mortgages;
- enforcement of 'blanket exit policies' on entire sectors;
- restriction from use of certain banking facilities;
- unnecessary restrictions faced by trust service providers, fintech firms and fund managers due to 'high risk' designation;
- excessive documentation and fees;
- rejection or closure of bank accounts;
- excessive delays in processing transactions concerning NPOs and humanitarian aid;
- limited opportunity to appeal or review unjustified de-risking decisions taken by institutions;
What is the impact of unwarranted de-risking?
Legitimate businesses and organisations are facing financial exclusion, affecting the financial stability of the EU market.
When legitimate businesses are denied entry to the financial market, they are forced to resort to less reliable channels, finding alternative workarounds for the transmission of funds (e.g. cash payments or de-centralised systems) in order to ultimately maintain business continuity. This derails the pursuit of the EU's objectives, particularly on fighting financial crime, promoting financial inclusion and strengthening competition in the single market.
It is evident that as a result of the rapid increase in regulatory requirements, oversight and penalties, certain institutions have taken the approach of avoiding risk altogether.
This damaging practice has also been observed on a local level, whereby several institutions have taken a business decision to thoroughly refuse or halt business with designated high risk business profiles and transactional activity. This has had a resounding impact on foreign individuals in Malta having ties to high risk countries and legitimate VFA businesses.
The inability to open bank accounts or transact in Malta has left its effects on the Maltese environment, forcing many Maltese companies owned by foreign individuals to close down and take their business elsewhere.
In particular, the reluctance of Maltese banks to facilitate VFA-related transactions has severely impacted this sector of work in Malta, resulting in a number of VFA Agents ceasing business and surrendering their registration.
Whilst a shift in mindset undoubtedly necessitates the support of regulatory authorities, it is up to the institutions themselves to, rather than de-risk entire categories of business, invest in, and adopt, a sound risk management framework in line with their AML/CFT obligations.
- design and implementation of a risk management framework
- design and implementation of a business risk assessment
- design and implementation of tailored AML CFT policies and procedures
- provision of external AML CFT compliance assessment
Originally published by BDO Malta
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.