On 15th January 2014, The Basel Committee on Banking Supervision issued a set of guidelines, "Sound management of risks related to money laundering and financing of terrorism", describing how banks should include the management of risks related to money laundering and financing of terrorism within their overall risk management framework. In the report, the Committee points out that,
"prudent management of these risks together with effective supervisory oversight is critical in protecting the safety and soundness of banks as well as the integrity of the financial system. Failure to manage these vulnerabilities exposes banks to serious reputational, operational, compliance and other risks."
The new guidelines outline the "essential elements" of sound anti-money laundering and financing of terrorism (AML/FT) risk management, including those related to:
While there are new regulatory measures being discussed against money laundering itself at the regional jurisdictions' level (read the previous blog post: New Regulatory Measures Against Money laundering: Are You Ready?) these new guidelines from the Basel Committee address AML/FT in the group-wide and cross-border context, and outlines expectations for banking supervisors.
In its introduction to the new guidelines, the Committee is clear in that inadequate risk management of AML/FT risks within banks has led to the recent enforcement actions, reputational damage and corresponding (in)direct costs, all of which according to the Committee,
"could probably have been avoided had the banks maintained effective risk based AML/FT policies and procedures."
Whilst the overall guidelines are comprehensive, one underlying message that stands out is the emphasis on managing AML/FT risk management using a more holistic "joined-up" and end-to-end-approach. There is nothing new in this thinking, but clearly, whilst the industry has been talking about breaking down the various in-house risk, compliance and financial crime silos (including people, policies, processes and technologies), there is still some way to go and the expectation is that high profile enforcements will continue to be made.
So what can organisations do to manage AML/FT risks?
As I discussed in a previous blog post, having best of breed risk, compliance or financial crime detection, reporting and monitoring solution is just one part of the story. There is the need, perhaps now more than ever under the watchful eyes of more demanding regulators and shareholders, to provide an in-depth level of insight across the enterprise and to effectively identify, monitor, and manage risks and controls and policy/procedure adherence across lines of business and processes.
This level of insight is required to give stakeholders the confidence that the company is performing in line with stated business and regulatory objectives - not only profitability, but also from a reputational and compliance standpoint. It's only when individual financial crime, risk and compliance systems come together on a truly unified common data platform and under a robust Operational Risk, Governance and Compliance Management umbrella, can financial institutions truly get the required level of insight to consistently make the right "risk based" decisions that keep the company moving forward and stay on top of supervisor demands.
In a recent paper, FinTech Insights 2014: Financial Technology Trends and Innovations From Leading Industry Influencers, Chartis Research underlines this point, stating that in 2014 the biggest headaches facing financial institutions will be dealing with regulations and data, anticipating that 2014 will be, "the year of the beginning of the end for traditional silo-based risk management, now more than ever, everything needs to become enterprise-wide i.e. connecting the dots."
What are your views on the new Basel Committee AML/FT guidelines and the ever deepening unification of financial crime, compliance and risk management? How are you planning to tackle this? I would love to hear your thoughts.
Matthew Long is a Financial Crime, Operational Risk and Compliance Management Specialist for Oracle Financial Services. He can be reached at matthew.long AT oracle.com.