We blogged previously on the significant steps the European Union (“EU”) recently has taken toward implementing a rigorous new transnational anti-money laundering (“AML”) and countering the financing of terrorism (“CFT”) enforcement framework. This included, inter alia, EU-wide guidelines proposed by the European Banking Authority (“EBA”) for AML/CFT compliance officers. The need for competent, experienced, and sufficiently empowered AML/CFT compliance teams was further underlined by an Opinion and Report (“Opinion”) issued by the EBA last week on the potentially problematic trend of widespread “de-risking” across the EU.
“De-risking” is the term for a financial institution’s decision to terminate a business relationship, or refuse to do business, with an individual or category of individuals associated with a heightened risk of involvement in money laundering or terrorist financing. The EBA was impelled to address this institutional behavior, which, even if consistent with existing Authority guidance, “can be unwarranted and a sign of ineffective ML/TF risk management,” if done “without due consideration of individual customers’ risk profiles.”
The Opinion points out that indiscriminate de-risking can have the unintended effect of excluding certain (non-criminal) categories of individuals and entities from the financial system. This is framed, if not explicitly labeled, as a civil rights issue: the Opinion states that “access to at least basic financial products and services is a prerequisite for participation in modern economic and social life.” In some cases, the Opinion notes, financial institutions themselves have found themselves the targets of de-risking because of their regions’ reputations for ML/TF problems. De-risking these institutions essentially disqualifies them from participation in the EU transnational financial system, potentially affecting the socioeconomic stability of their home EU member state.
Such de-risking also, paradoxically, has the potential to exacerbate risk for the EU as a whole. The Report notes that “customers affected by de-risking may resort to alternative payment channels in the EU and elsewhere to meet their financial needs. As a result, transactions may no longer be monitored, making the detection and reporting of suspicious transactions and, ultimately, the prevention of ML/TF more difficult.” Because, as noted previously, entities need to access “at least basic financial products and services” to participate in modern society, restricting their access to such services may push them to seek alternatives in the so-called “shadow banking system,” an unregulated web of lenders which the EBA has attempted to weaken.
The Opinion notes several “drivers” of this excessive de-risking approach to compliance. Some are the inevitable by-products of the unpredictability that accompanies a regulatory regime in transition. For instance, the perceived risks – whether financial, legal, or reputational – of dealing with a certain type of customer may exceed a bank’s risk appetite. Or the cost of maintaining a robust compliance program with sufficient wherewithal to handle those types of customers may cut into, or even exceed, the bank’s anticipated profit margin.
The “driver” that jumps out, however, is the fact that many EU financial institutions lack the relevant knowledge and expertise to assess accurately the risks associated with specific business models. This is by no means a novel diagnosis. In fact, the same lack of institutional and individual competence in this sphere has likely served as an instigator not only for the issuance of the aforementioned Guidelines for AML/CFT compliance officers, but also the proposals for the establishment of an EU Anti-Money Laundering Authority and for the publication of an EU AML/CFT Rulebook, about which we previously blogged.
The Opinion presents a number of proposals to address this issue, divided into two categories – some aimed at “competent authorities,” and others addressed to the governing entities of the EU. These proposals have two common themes:
- The need for guidance and education to close the “information gaps” that contribute to unwarranted de-risking. On the “competent authorities” side, this includes providing easily digestible informational literature for participants in the market – both to financial institutions (on, g., the range of acceptable options for “know your customer” documentation for asylum-seekers or non-profit organizations) and to individual customers (explaining what information financial institutions require in order to satisfy AML/CFT obligations). On the “EU government” side, this includes issuing guidelines to “clarify the interaction” between AML/CFT obligations and the EU’s emphasis on access to the financial system as a fundamental aspect of civic participation. In both cases, the aim is clearly to compensate for the current perceived lack of expertise in AML/CFT compliance on the “front lines” of the consumer financial system.
- Endeavoring to keep the targets of de-risking within the financial system instead of pushing them via institutional ostracism into the shadow banking world. On the “competent authorities” side, the EBA suggests providing individuals and entities in the categories disproportionately affected by de-risking with a “vanilla” option – a package of “basic financial products and services” which would serve “to restrict the ability of users to abuse these products and services for financial crime purposes” – presumably until such time as an individualized assessment of their suitability can be completed, or they establish their bona fides via a meritorious payment history, and thereby gain access to the full menu of services. On the “EU government” side, this includes clarifying guidelines as to when such a “starter package” may be offered (or should be revoked), as well as mandating transparent institutional review processes on how such decisions are made.
The Opinion is the latest step in what is perhaps as close as a decentralized transnational bureaucracy can get to a coordinated effort to address shortcomings in its existing approach to AML/CFT enforcement. Given the proliferation of American firms whose business models (e.g. cannabis, crypto, etc.) make them easy targets for blanket de-risking by financial institutions with overextended compliance teams, it will be interesting to see whether a similar concern about the ripple effect on the integrity of the financial system “crosses the pond.”