What's wrong with the risk-based approach?
The risk-based approach to regulation is under fire. In the UK, the Northern Rock debacle could result in a reworking of the supervisory system, which is being criticised as too hands-off. Defenders of the system point out that a failure such as Northern Rock is inevitable, as the term 'risk-based' indicates that occasionally something will not seem very risky but prove to be dynamite. Critics say such events shouldn't be allowed to happen, as they threaten financial stability.
At the other end of the spectrum, and somehow more disturbing, is what is happening to the risk-based approach to anti-money laundering regulation in the US. At our annual AML USA event in New York, senior financial services executives complained that the risk-based framework was being used to set the bar for compliance ever higher, with negative public policy consequences.
Executives express concern that the 'best practice' sections of the Federal Financial Institutions Examination Council's BSA/AML examination manual is becoming the standard benchmark for compliance among bank examiners. Also, regulatory rules are being made up 'on the hoof' through enforcement actions. One example is the recent Union Bank of California enforcement action, which says banks should perform due diligence on new and existing customer accounts, and close accounts "if the information available to the bank indicates the customer's relationship with the bank would be detrimental to the reputation of the bank." Said one executive: "The last time I checked the Bank Secrecy Act examination manual, that wasn't in there." Says another: "We now have prosecutors acting as supervisors."
Executives say regulatory risk is driving firms, not the risk-based approach. That is, compliance executives are prioritising their activities not by their AML risks, but by the latest regulatory headlines and enforcement actions. Said one: "What risks are we managing, and is that the right thing?"
This approach to AML regulation and enforcement can't be good for the industry. Setting aside the stress levels imposed on compliance executives, regulations should be written by regulators, in consultation with the industry. Thought should be given to the public policy implications. A 'risk-based' approach should mean just that.
Ellen Davis, Editor
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@risk.net
More on Regulation
EBA seeks to allay Simm divergence concerns
EU validator pledges to co-ordinate with global regulators, but retains ability to act alone “if needed”
FRTB models find salvation in US Basel III proposal
Changes to P&L attribution test and NMRFs make IMA viable for US banks, risk managers say
US blows the floors off Basel III
Barr criticises “downward deviations” in US rule; Bowman rejects “blind adherence” to global standards
Basel III endgame – a timeline
A review of Risk.net’s coverage of the US implementation saga
Leaked EU plans offer extra temporary relief for FRTB models
Risk factors would need only two observations to be modellable. Do changes foreshadow US Basel III?
Iosco chief talks cyber, AI and clearing
Buenaventura discusses Iosco’s role in aiding market resilience and cross-border co-operation
US regulators bid to save FRTB IMA, but it’s no small task
Even if industry wish-list is granted, a 2028 start date might be too soon for model adoption
Hopes rise for cross-product netting under SA-CCR
Banks want rule change in Basel III endgame to lower capital costs of clearing UST repos
