20170214 Comments to Complinet re De Risking and Watch Lists

Following the case in which a bank dropped a mosque as a customer based on information in a watch list, I was contacted by Complinet, for which I am a consulting editor, and asked for an opinion on the general circumstances of financial institutions, watch lists and de risking in general.

I was not invited to, and did not, comment on the specific case.

Complinet is owned by Thompson Reuters

My entire comments in relation to the questions are below.

1. The process of de-risking has been driven by two primary concerns: first, the cost of maintaining accounts that do, or may, require close monitoring and secondly the high risk of action by US authorities against foreign banks who are accused of failing to monitor, according to US authorities, accounts which do, or may, require close monitoring. While the initial selection of which accounts to close, worldwide, may be a media report or a watch list or, even, an association with a cause that the USA disagrees with, the simple truth is that commercial interests do, and must, outweigh a customer's right to hold a bank account. For the bank's own protection against huge fines, it has to set that bar low.

2. Regulators have long pushed technology as the solution to a range of aspects of money laundering, etc. risk management. The tendency to believe what appears on a computer screen is hard wired into most people. But effective risk management should use that information as a starting point, not as a decision making tool. Regulators have failed to make that point, advisers have failed to ensure that systems take account of that. Simply, financial crime risk officers, hard pressed for budget and time, have tended to rely on that information as conclusive.

3. It is important to draw a distinction between comment found in general media and that contained in watch lists. Many users of watch lists assume, incorrectly, that the data is researched, even fact-checked. However, generally, watch-lists lists are collated, not curated, content, gathered from news sources all over the world. Rarely are they proprietary information or intelligence. As such, they are a convenient, rapid tool but should always be a starting point for deciding whether to accept or reject a customer, or to maintain or close accounts.

4. In the specific HSBC case, we have to understand that the bank was under attack from regulators for money laundering compliance failures and other matters and had paid huge penalties with more expected. De-risking was part of an overall review of the bank's activities worldwide. It has disposed of entire business units, effectively pulled out of entire countries and reduced its exposure to a range of voluntary, charitable and other sectors. Any hint that the bank might get into more trouble, no matter where that hint came from or how credible, would be enough to cause HSBC to have a wobble in relation to any account worldwide, especially if that account had any connection to US dollars. After the revised SWIFT rules came into force, all USD transactions contain the account holder's details, those are checked by correspondent banks in the USA. If there is a watch-list hit, those correspondents have no duty to the end-customer and therefore do not undertake any investigation: they simply send an automated SAR to FinCEN. That would result in another investigation of HSBC in the USA. In those circumstances, any bank doing business with any customer in USD has almost no choice but to, at least, cease all USD business for that customer and, as a risk management exercise in relation to previous activity, it is prudent to close the account.