Cash management: Payment risk
Recent high-profile cases have drawn attention to the financial and reputational risks for banks of breaches of money-laundering regulations. Banks need to change their cultures, but they also need to invest in technology to better assess risks in the complex international payments system.
Over the summer, HSBC was hauled before a US Senate Committee. Then Standard Chartered was hit by charges from a hitherto unheard-of regulator. Both were for breaches of US sanctions on money laundering. The transaction banking world snapped to attention. Was this, bankers wondered, the start of a new campaign against the payments business, one of the banking industry’s most lucrative cash cows?
"The industry didn’t expect HSBC’s and Standard Chartered’s problems with the US regulators – at least they didn’t expect things to turn out the way they did," says Chris Cooper, managing director at Challenge Consulting, which counts leading transaction banks as clients. "It has created a febrile atmosphere and damaged confidence; there is a degree of concern that didn’t exist before and a fear that banks are in a minefield. They are now less certain about what’s going to be under the next foot."
One veteran transaction banker sums up the reaction of the industry. "Were we surprised by HSBC’s and Standard Chartered’s problems? Yes and no," he says. "Yes, because of the magnitude of the problems, how they were reported, and the size of the fines and consequences for these banks. No, because regulators continue to dig ever deeper into issues that have previously been considered to have been laid to rest. They are constantly roaming our offices and those of our peers. It’s not good for anyone’s business."
Certainly, the HSBC and Standard Chartered cases are far from unique. Over the past three years, Barclays, Lloyds, Credit Suisse, ING and ABN Amro have paid around $2.3 billion in fines to US regulators for breaches of sanctions. A number of other banks, including BNP Paribas, Crédit Agricole, Commerzbank, Deutsche Bank, UniCredit’s HVB unit and RBS, have said they are in contact with US regulators about similar transactions or are internally reviewing their records to check they are in compliance.
Given this recent history, some observers – such as Ed Shorrock, director of regulatory services at Baker & Partners, a Jersey-based law firm specializing in financial services regulation – characterize the moves against HSBC and Standard Chartered as just more in a series of actions by US regulators to target banks perceived to be abusing the privilege of using the dollar. "To use the dollar, banks have to play by the rules of regulators, which means assisting them to meet national security and economic objectives," Shorrock notes. "And because every single US dollar payment has to be cleared through New York, every bank has to play by the rules."
However, many others in the industry believe that the events of this summer amount to a fundamental change in how regulators pursue banks believed to have done wrong – and how they are punished. At the least, everyone in the transaction banking industry recognizes that the scale of the challenge facing the business in addressing compliance issues such as anti-money laundering (AML) is now out in the open. Similarly laid bare are the risks to broader banking groups of their transaction banking business, which have grown in importance and size since 2008.
|Frédéric Boulier, director of compliance, EMEA, at NICE Actimize|
"AML is no longer [just] a compliance issue," says Frédéric Boulier, director of compliance, EMEA, at NICE Actimize, a financial crime, compliance and risk management solutions provider. "There has been a seismic shift in terms of regulators’ expectations of AML standards and the size of fines imposed for AML breaches over the past 10 years. With fines that could well exceed $1 billion, AML has now become a banking issue. That makes it a key priority for bank management committees and senior executives." This summer’s events cost Standard Chartered $340 million and HSBC has set aside $700 million to cover potential fines. Reputational risk is as great a problem for banks as fines – perhaps even more so given the low standing of banks in the post-financial crisis period, notes Robin Booth, general counsel at BCL, a London-based law firm that specializes in regulatory enforcement and money-laundering compliance. "What reputation banks have left they need to look after. Clearly, as recent cases have shown, there can also be a significant impact on the share price when serious failures to meet AML requirements are exposed." Standard Chartered lost more than a quarter of its market capitalization in the 24 hours after it was accused of assisting $250 billion of money-laundering transactions.
For the transaction banking industry, HSBC’s headline-grabbing basic failures of compliance involving drug runners in Mexico were relatively unimportant. The more worrying aspects of the summer’s revelations were the sub-committee’s attacks on how HSBC managed its correspondent banking business. That concern was reinforced when, just a few weeks later, Standard Chartered came under fire from the New York state Department of Financial Services for similar infringements.
Away from the arcane specificities of Swift message stripping, the travails of HSBC and Standard Chartered were a reminder – as if the industry needed it – of quite how complex cross-border payments are, according to Robert Bradfield, managing principal at Capco, a business and technology consultancy. "Different countries interpret AML rules differently despite the existence of international directives," he says. "It’s hard not to have sympathy with global organizations given the challenges of finding out who they are dealing with. It’s even trickier when they are facilitating payments via correspondent banks."
Correspondent banking is an especially sensitive issue for US regulators, says Baker & Partners’ Shorrock. "If a foreign bank with a dollar clearing licence has a relationship with, for example, a suspect Pakistani bank, then that bank effectively has direct access to the US financial system," he explains. The problem is magnified by the provisions of the USA Patriot Act, which give US regulators wide-ranging powers over US dollar correspondent banks. As a result, when banks sign up to a US correspondent relationship they have to commit themselves to being transparent with the correspondent bank in order to bind them into the US way of doing things. "Inevitably, that requirement creates great tensions in correspondent banking relationships and it has resulted in banks placing great emphasis on their correspondent banking relationship policies," says Shorrock.
Transaction banking and the use of correspondent banks is as old as the hills – after all, merchants have always needed to pay each other and banks have never been able to have a branch in every country – but part of the problem revealed by the summer’s events involving HSBC and Standard Chartered is that many banks are still at the beginning of the process of stitching together the many operations that constitute transaction banking, according to Challenge Consulting’s Cooper.
"The attractive characteristics of treasury services have been latched onto by many banks but often there is not a single control function or even a single view of how to interact with customers," Cooper says. "Those things are hard and expensive to achieve."
Bradfield at Capco agrees: "AML has three main components: knowing who your customer is; the ability to monitor what that customer is doing; and the ability to look at activity across the entire organization. The last is very hard to fulfil. Many banks have a silo approach to their businesses, products and geographies, and it requires large investment to overcome that: think of the difficulties banks have even in presenting a consolidated view of a retail customer’s banking information."
|Chris Cooper, managing director at Challenge Consulting|
The problem is exacerbated by the fact that many banks have grown by acquisition and consequently use multiple legacy systems that are linked by complex workarounds and ad hoc connectivity. "That enables things to fall through the cracks," says Shorrock at Baker & Partners. More generally, Cooper says that the summer’s events raise concerns about the level of importance placed on IT at banks. "It is not completely obvious that all have viewed it as a core long-term strategic planning obligation," he notes. "While compliance and risk management experts sit on the executive committees of banks, not all banks have a genuine, modern, high-performance IT management expert at the top table." Boulier at NICE Actimize says that there are also specific technological problems relating to AML, with some banks having simply failed to invest in technology-driven models. "We’re still at the beginning of the curve in terms of banks’ investment in AML monitoring capabilities for trade finance and correspondent banking," he says. "Many banks are unwilling to develop their own solutions for this given the scale of investment required, and instead are seeking to leverage external AML solutions they have for other parts of their business models."
Given the complexities of cross-border payments, it is unclear whether or not banks will be able to simply drop in technology from other parts of the business – most obviously retail banking, where AML technology has been in use for years. "[Transaction banking] regulations are so complex," says Shorrock. "In trade finance, for example, sanctions can apply to very specific types of goods. Yet invoices may not be detailed enough to reveal the exact good or the intended use (which can also determine whether or not a sanction is triggered). Even where there is effective technology in place, human analysis is essential."
HSBC’s and Standard Chartered’s summer problems have undoubtedly damaged their reputations and, as a result, their peers have become more cautious, according to a banker with a global role in transaction banking. "However, the approach of regulators is right," he says. "Banks should be cautious in what they do. Regulators have to push harder because of globalization." Nevertheless, AML scandals will not make transaction banking less attractive. "Clients have to make payments, and payments are at the heart of the business – so banks have to be there," he adds.
But how should transaction banks respond to HSBC’s and Standard Chartered’s problems? "Clearly, the regulatory environment is getting stricter and more complex, so investment in processes and technology in AML will have to increase," says another senior banker. "Given the overcapacity in the industry, the only way for banks to remain viable is to invest. It’s essential for banks to comply with both the letter and the spirit of the rules. There’s no choice." One added bonus, adds yet another banker, is that consolidation of the industry will likely accelerate, benefiting those banks that already have scale. "The scale of investment required will impact smaller players – it raises the barriers to entry even higher."
|Robin Booth, general counsel at BCL|
To ensure that investment delivers results, banks will also have to change their culture. "There is always an underlying tension between the goal of making money and fulfilling regulatory requirements," says Booth at BCL. "It’s hard to turn down a lucrative customer. As a consequence, there is a tendency for compliance to be seen as a drag on commercial profitability. The HSBC and Standard Chartered cases seem to show that some banks have not yet bitten the bullet. Zero tolerance of money laundering has not been embedded in the culture." Booth says that there is a need for banks to make sure that AML is so much a part of the culture that its costs – in terms of potentially turning away business when requirements are not met – are just accepted as necessary and unavoidable. "The key to this is commitment at the top of an organization – procedures can’t catch everything; a strong culture of intolerance of money laundering is needed," he says.
How the AML problems at HSBC and Standard Chartered occurred is a question that only the banks (and possibly the regulators) can answer, says Cooper at Challenge Consulting. "However, they will prompt this question among banks," he says. "Does ‘do the right thing’ sit clearly enough at the heart of their culture? AML must start with a cultural understanding of how a bank should behave. Some of the incidents that occurred would not, on the face of it, have easily passed the right-thing test." Booth agrees: "If banks engage in practices [such as Swift code stripping] that aim to hide information that could cause problems with regulators – even if the practice is not illegal in itself – then it has to be asked what the underlying motive is and what it says about the organization’s values."
The challenge of creating and embedding such a culture – where the spirit of the law as well as the letter of the law is followed – can only get harder as emerging markets become more important to the global economy, according to Capco’s Bradfield. "Cultural attitudes are different in China or Russia – that will be difficult for international banks to address. It is also difficult to sift out what constitutes normal business against illegal business in such countries."
Everyone interviewed for this article agreed that there will always be breaches of the rules – and a certain number of banks will always be caught. "It would be naive to assume that other banks have got it right because they have not been in the headlines," says Booth. However, given the potential rewards – and risks – most in the industry expect that the events that so damaged HSBC and Standard Chartered this summer will spur an unprecedented effort to improve standards of AML compliance. Only time will tell if the necessary cultural changes are also undertaken.