Making financial crime compliance count in the Middle East
With the avalanche of shifting regulatory requirements and new criminal threats, financial institutions need to rethink current compliance frameworks and adopt a more innovative approach
The stories in the media about big banks being hit by fines for non-compliance have not changed for over a decade. Since the global financial crisis in 2008, US and European regulators have imposed substantial penalties for money laundering and facilitating the evasion of sanctions. The global focus on compliance accelerated during this time, pushing the industry to build confidence amongst depositors, investors and governments.
Banks with major operations in the US and Europe were forced to react quickly and Financial Crime Compliance (FCC) in those banks underwent a complete overhaul. For banks in the Middle East, however, change has been much slower as Western correspondent accounts were seen as the only real US and European regulators. Motivation to follow better practices has also been less as banks here have been able to cooperate with local regulators without the fear of major fines and penalties that were levied in the US and Europe.
However, change in the region is inevitable and the signs of it coming are already clear, with the focus of Western regulators recently being trained on the regional operations of several big global banks. In 2018, fines from the US and UK on one bank totalled over $1bn for FCC failings. New York State fined a large UAE bank $40m for lax anti-money laundering (AML) controls. Last year, the Dubai Financial Services Authority (DFSA) also imposed its largest ever fine, $315m, on a firm for serious wrongdoing.
On the back of recent Financial Action Task Force (FATF) reviews around the Middle East and South Asia, financial crime regulations for banks in the region will become more stringent and one can expect the new appetite for fines to continue. So, let’s discuss the challenges for banks in the region and what they can do to overcome them.
Few banks show a deep enough understanding of how to integrate a “risk-based approach” to FCC across their compliance framework, effectively. The core of the issue is that banks are having difficulty completing sufficiently substantive FCC risk assessments across the organisation that could mitigate regional risk and create opportunities for more business.
Regionally, there is also a lack of experience and exposure to best practice approaches to FCC at the middle management level, the first line of defence and in operations. A lack of understanding of the role in mitigating FCC risk at the first line is probably the most glaring issue. Many first line staff lack experience in detecting signs of financial crime. In some banks, operations staff do not receive appropriate training in FCC.
Unfortunately, a finite amount of resources leads to less willingness to plan proactively, especially in compliance. This is an area where the big international banks have really led the way, engaging with regulators and international standard setters to apply best practice. In our region, the attitude to regulation is to wait and see instead of adopting a proactive approach.
So how can banks improve in these areas and do so quickly?
Banks should seek multiple sources of advice as some regulators in the region are falling over themselves to increase resources and react to new laws. Advice from best practice banks, industry experts and former regulators from countries that drive regulations would be invaluable. Not only that, banks that show they are actively trying to improve their capabilities will fare better in supervisory reviews.
First line staff must take ownership of compliance risk and the whole organisation needs adequate training. A best practice FCC training plan includes appropriate training commensurate to the level of all bank employees, including operations.
Embed compliance culture in your bank. Be the innovator instead of a reactionary. The de-risking approach to managing risk is now mostly a thing of the past. Increasingly, senior management and boards of banks are expected by regulators to find innovative solutions to compliance challenges, whether through technology or through a different perspective on how to measure and mitigate risk. And ultimately, a culture of compliance could actually help the bank make more money.
The risks for banks are only increasing day by day with technology and ever-smarter criminals. And while banks are working with regional regulators, the global focus of financial crime is now here, in the Middle East. As fines continue to mount, the cost of non-compliance is also steadily growing.