Since the FCA’s last annual report on anti-money laundering there has been further activity on derisking.
Earlier this year (27 April 2015) the FCA updated its webpage on money laundering to include a statement on derisking and its expectations on banks’ management of money laundering risk. The FCA stated that it was aware that, due to legal and regulatory obligations in the UK and abroad, some banks were no longer offering financing services to entire categories of customers that they associated with higher money laundering risk, such as money transmitters and FinTech companies, as well as withdrawing from providing correspondent banking services.
The FCA stated that where a bank does not believe that it can manage the money laundering risk associated with a business relationship effectively, it should not enter into, or maintain, that business relationship. However, the regulator added that the risk based approach did not require banks to deal generically with whole categories of customers or potential customers. Instead, the FCA would expect banks to recognise that the risks associated with different individual business relationships within a single broad category varies, and to mange that risk appropriately.
The FCA statement was followed in June by a statement from FATF. FATF felt that derisking was a “complex issue” that goes far beyond AML and CFT. The FATF approach to derisking is based on its 40 Recommendations which require financial institutions to identify, assess and understand their money laundering and terrorist financing risks, and implement AML/CFT measures that are commensurate with the risks identified.
When establishing correspondent banking relationships, FATF stated that banks are required to perform normal customer due diligence on the respondent bank. Additionally, banks are required to gather sufficient information about the respondent bank to understand the respondent bank’s business, reputation and the quality of its supervision, including whether it has been subject to a money laundering or terrorist financing investigation or regulatory action, and to assess the respondent bank’s AML/CFT controls. Whilst FATF recognised that there will be exceptions in high risk scenarios, its Recommendations do not require banks to perform, as a matter of course, normal customer due diligence on the customers of their respondent banks when establishing and maintaining correspondent banking relationships.
FATF stated that it would be undertaking work to further clarify the interplay between its standards on correspondent banking (Recommendation 13) and other intermediated relationships, and the FATF standards on customer due diligence (Recommendation 10) and wire transfers (Recommendation 16). However, there have been no further FATF publications on this topic so far.