Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Risky Business Should Mid-Size Financial
Institutions Bank High-Risk
Customers?
Katie Foley, CAMS
2 | P a g e
Table of Contents Executive Summary ................................................................................................................................. 3
Introduction ............................................................................................................................................ 4
Definitions ............................................................................................................................................... 4
De-Risking ............................................................................................................................................... 5
System Considerations ............................................................................................................................ 6
Staffing Considerations ............................................................................................................................ 8
Risk versus Reward ................................................................................................................................ 10
Conclusion ............................................................................................................................................. 13
References ............................................................................................................................................ 14
3 | P a g e
Executive Summary In today’s ever changing regulatory environment financial institutions are constantly evaluating risk
and looking for effective and cost efficient ways to mitigate risk. The trend has become so prevalent
that the concept of de-risking has resulted; where some financial institutions have executed mass exit
strategies of certain business relationships to decrease their overall risk and better comply with
changing regulations.
As a result, many of these so called high risk businesses have been left to find alternatives to the
traditional banking system or are attempting to open accounts at small or mid-size financial
institutions. Many times these accounts are being opened in the hopes of flying under the radar.
This migration of sorts creates an interesting opportunity for mid-size financial institutions willing to
take on the operational and regulatory risk of banking these high-risk customers.
Proper planning prior to on boarding high-risk customers can result in mutually beneficial
relationships. Planning should include consideration and evaluation of current monitoring systems
and/or manual processes, staffing considerations such as training and experience level of staff, pricing
considerations, time considerations and regulatory impact.
This paper will explore the unique opportunity this situation provides mid-size financial institutions.
With the appropriate due diligence conducted up front combined with accurate pricing, high-risk
customers can go from risky business to profit generator.
4 | P a g e
Introduction The one constant in the financial industry is change. A shifting economy, regular changes to regulatory
guidance and increasing assessments for non-compliant financial institutions has put risk mitigation
at the top of many financial institutions’ to-do list. The Dow Jones & ACAMS Global Anti-Money
Laundering Survey Results 2016 found that “60 percent of respondents cite increased regulatory
expectations as the greater AML compliance challenge, followed by concerns regarding having enough
properly trained staff. Formal regulatory criticism increased by 4 percent from 2015.”1
In March of 2016 the United States Government Accountability Office issued its Report to
Congressional Requesters regarding Financial Institutions: Fines, Penalties, and Forfeitures for
Violations of Financial Crimes and Sanctions Requirements. The report indicated that “from January
2009 through December 2015, federal agencies assessed about $5.2 billion for BSA violations, $27
million for FCPA violations and about $6.8 billion for violations of U.S. sanctions program
requirements”.2 That works out to an average of approximately $2 billion assessed annually to
financial institutions for program violations. This increasing volume of financial assessments
combined with the ever changing regulatory environment has financial institutions constantly
evaluating risk versus reward and looking for more effective and cost efficient ways to mitigate risk.
As a result of this combination of financial assessments and regulatory changes some high risk
customers are facing an interesting challenge themselves. They are being forced out of larger financial
institutions in what has been widely known in the industry as de-risking. These customers are now
opening accounts at small or mid-size financial institutions either with full disclosure of their intended
activity or more commonly in the hopes of flying under the radar of less sophisticated monitoring
systems. In some cases, these high risk customers have been left to find alternatives to the traditional
banking system altogether.
This convergence provides an interesting opportunity for willing mid-size financial institutions that
are not averse to taking on the risk associated with banking these higher risk customers. The key is
finding the right balance between risk and reward. This paper will explore how that balance can be
achieved through proper planning and due diligence before on boarding.
Definitions Currently, there is not a consensus on the definition of a mid-size financial institution. A paper
published by Heather Gratton, a senior financial analyst at the FDIC, in June of 2004 indicated “The
midsize banking sector is difficult to define. We call “midsize” any banking organization (bank or
thrift holding company, independent bank, and independent thrift) that has aggregate assets of more
than $1 billion, excluding the 25 largest banking organizations”.3
1 http://www.acams.org/2016-aml-challenges-survey-results/ 2 United States Government Accountability Office. “Financial Institutions Fines, Penalties, and Forfeitures for Violations of Financial Crimes and Sanctions Requirements”. Report to Congressional Requesters. 22 Mar. 2016. 3 Gratton, Heather. “Regional and Other Midsize Banks: Recent Trends and Short-Term Prospects”. Future of Banking Study. 1 June 2014.
5 | P a g e
An article published in American Banker in February of 2012 entitled FDIC Seeks New Definition of
Community Bank discussed the FDIC’s efforts to look at more than asset size when defining a
community bank. The paper discussed the traditional cutoff of $1 billion in assets or less to be
considered a community bank but found that many financial institutions in the $10 to $20 billion
dollar range functioned as community banks in all other aspects outside of their asset size.4
Similarly, the Mid-Size Bank Coalition of America defines mid-size financial institutions as having
assets between $10 and $50 billion.5
For the purpose of this paper, mid-size financial institutions will refer to financial institutions with an
asset size of $1 billion to $20 billion.
There are a number of factors used to determine what constitutes a high risk customer and customer
risk ratings are subjective among financial institutions. The FFIEC BSA/AML Examination manual
identifies high risk customers and entities as: 1.) nonresidential aliens and foreign individuals, 2.)
politically exposed persons (PEPs), 3.) embassy, foreign consulate and foreign mission accounts, 4.)
nonbank financial institutions, 5.) professional service providers, 6.) business entities (domestic and
foreign) and 7.) cash intensive businesses.6 The risk these categories of customers pose is quite
different and therefore the mitigation techniques are likewise varied.
The FFIEC BSA/AML Examination manual provides financial institutions a solid framework that
can be used to assist in creating procedures for mitigating the risks these unique customers pose.
Ultimately it is up to each individual financial institution to determine how best to meet these standards
with the organization’s available resources. While larger financial institutions may be more readily
equipped to efficiently bank many or all categories of high-risk customers, small and mid-size financial
institutions may not. Those wishing to begin banking high-risk customers should carefully evaluate
how these customer types could fit into their existing monitoring framework.
De-Risking De-risking has become a hot debate in the financial and regulatory sector as increased regulatory
assessments and changing regulations have forced financial institutions to continuously evaluate risk
exposure. De-risking is not a new concept among financial institutions as many financial institutions
have historically maintained exit strategies for customers who have opened the institution up to
regulatory scrutiny or proven to not be worth the risk of the relationship. However, the recent
convergence of financial assessments and regulatory changes have some financial institutions mass
exiting entire high risk segments or customer bases in an attempt to reduce risk and exposure.
The Dow Jones & ACAMS Global Anti-Money Laundering Survey Results 2016 found that “In 2016,
40 percent of respondents report their companies have exited a full business line or segment of
business in the past 12 months due to perceived regulator risk and/or the organization’s inability to
manage the risk, an increase from 2015. About one-third of respondents claim their companies are
4 Adler, Joe. “FDIC Seeks New Definition of Community Bank”. American Banker. 23 Feb. 2012 5 http://midsizebanks.com/about/ 6 FFIEC BSA/AML Examination Manual Pages 286-324
6 | P a g e
planning to exit and/or are investigating the possibility of exiting a business line or segment in the
next 12 months due to regulatory risk.”7
What’s important to note in the de-risking debate is the point that not all high-risk customers are
created equal. As varied as the list of high-risk customers are the techniques to mitigate the risks they
pose is equally varied. Additionally, within each category of high-risk customers there are varying
degrees of risk. The FFIEC BSA/AML Examination Manual states “An effective risk assessment
should be a composite of multiple factors, and depending upon their circumstances, certain factors
may be given more weight than others…Bank management may tailor these factors based on their
customer base or the geographic locations in which the bank operates. Management should weigh
and evaluate each risk assessment factor to arrive at a risk determination for each customer. A bank’s
due diligence should be commensurate with the level of risk assigned to the MSB customer, after
consideration of these factors.”8 For example, choosing to bank a cash intensive convenience store
which offers check cashing services and maintains one location within the vicinity of the financial
institution would require a lower level of due diligence than a cash intensive convenience store which
offers check cashing services, prepaid cards, international transfer services and maintains multiple
locations across multiple states. This varying degree of risk underscores the importance of knowing
your customer (KYC). Mid-size financial institutions considering on boarding high-risk customers
should evaluate the strength of the institution’s current KYC program to ensure it is commensurate
with the added risks these customer types pose.
While many illegitimate businesses and bad actors exist there are plenty of legitimate high-risk
customers who may be worth the risk and additional due diligence required to bank them. The key is
attempting to decipher between the two prior to on boarding rather than after the account has been
opened. This distinction highlights the need for strong risk rating procedures at account opening to
ensure that customers who meet the definition of high risk are properly identified at account opening
and appropriate due diligence is executed.
Mid-size financial institutions can maximize their profits, when choosing to bank these high-risk
customers, by evaluating the financial institution’s strong suits and creating a niche for themselves
within the market. Focusing on a specific high-risk customer category rather than taking on all types
of high-risk customers can allow mid-size financial institutions to profitably bank these customers in
a more cost efficient manner. Additionally, slowly expanding the varied customer base mid-size
financial institutions bank can allow institutions to learn from their mistakes on a smaller scale and
make adjustments as needed to course correct. An added benefit of slow expansion rather than
explosive growth is a reduced risk of serious regulatory infractions.
System Considerations A primary consideration for mid-size financial institutions looking to bank higher risk customers
should be system considerations. Are the organization’s current automated AML and fraud detection
7 http://www.acams.org/2016-aml-challenges-survey-results/ 8 FFIEC BSA/AML Examination Manual Pages 303-304
7 | P a g e
systems sufficient enough to provide proper mitigation for these higher risk clients or will additional
manual processes have to be implemented to meet regulatory requirements?
Automated systems can provide a cost effective solution for monitoring high risk customers.
Parameters within the system can be adjusted to allow alerts for high-risk customers to trigger at lower
thresholds thus ensuring these customers’ activities will be reviewed on a more frequent basis.
Additionally, many automated systems allow for customer risk ratings which can also be used to
produce alerts at varied thresholds based on a customer’s perceived risk. Many of the FFIEC
guidelines can be accomplished through a combination of utilization of automated alerts and adding
additional steps within the alert review process for these customer types thus eliminating the need for
manual reviews to be completed on a specified basis. The key is ensuring procedures are preserved
in writing and periodically updated as applicable. This provides solid documentation for regulators
which shows the bank’s due diligence efforts and can also be used for quality control purposes when
evaluating alert analyst’s reviews.
Additionally, the possibility of creating targeted alerts or adding rules to existing alert types to identify
specific potentially suspicious situations should be explored. For example, an ATM alert could be
modified to trigger for cash deposit activity between the hours of 1am and 5am. The generation of
an alert with these parameters could signal potential illicit funds being run through a personal or
business account. The specificity of this type of customized alert also reduces the likelihood of a large
volume of false positives as it is identifying a very specific pattern of activity which could identify high-
risk behavior. These more dialed in alerts can assist in identifying potentially risky changes in existing
customers’ patterns of behavior or flag concerning new customer behavior.
Even if customization within an alert system is not feasible, many alert monitoring systems provide
reporting capabilities or the capability to extract transactional data from the system into Excel or other
similar products for analysis. Data can then be sorted, filtered or run through pivot tables to allow
for quick analysis of month over month or year over year activity. Properly trained staff can then
quickly manipulate this data to look for trends or significant changes in customer behaviors.
Maximizing canned reporting or data extracts is an excellent time saver when manual reviews of high-
risk customers are required.
Another consideration when evaluating automated system capabilities is the capability for peer-based
monitoring. Does the system have the capability to produce alerts for high-risk customers whose
activity far exceeds other customers in the same industry? This type of analysis is often even more
useful than looking for anomalies within the customer’s activity as it can highlight outliers to a peer
group. Additionally, it would be very hard to manually recreate this type of information. Not all
systems offer peer-based monitoring so mid-size financial institutions should consider how impactful
this capability or lack of will be for the type of high-risk customers they are considering banking. For
example, a financial institution considering banking PEP’s would be less impacted by the lack of this
capability than a financial institution considering banking Money Service Businesses (MSBs).
If a financial institution does not have an automated system capable of producing the appropriate
alerts, then a manual process would need to be drafted to accomplish the additional required due
diligence. A frequency schedule as well as a template for review would need to be drafted and
maintained to provide consistency in the review process. As noted above, financial institutions
8 | P a g e
requiring a manual process should consider if there is the capability to extract data from any existing
alert monitoring system to try to streamline analysis of account activity. Additionally, the added time
for the manual process should be considered in planning to allow for timely completion and
appropriate staffing levels. Manual reviews can easily fall to the back burner with the steady stream
of alerts generated through automated systems. It is imperative that these reviews be completed within
the guidelines of the procedure created by the financial institution to ensure compliance.
Regardless of how the additional due diligence is completed, either through automated alerts or
manual reviews, the process should be regularly evaluated for both its effectiveness and efficiency.
Completing an analysis of all active, as well as inactive, alert parameters on a periodic basis can clue
management in to the effectiveness of various alert parameters. The analysis should include an
evaluation of the alert to case or alert to SAR ratio. This data can then be evaluated to determine if
an alert type is ineffective, if parameter adjustments are needed or perhaps if additional training of
staff may be in order. Regularly completing this exercise can provide management with invaluable
data which can be used to effectively make decisions regarding the current monitoring system’s
settings and effectiveness. Given the varied alert monitoring systems and the uniqueness of each
combination of alert parameters, thresholds and specific rules there is not a rule of thumb for alert to
case or alert to SAR ratios. It is therefore critical that this data be compared over a specified timeframe
such as month over month or quarter over quarter to create a reasonable baseline that the financial
institution can use for evaluation. This period over period data can then be used to lend clues to
which category the alert falls into. For example, a parameter which has been consistently effective in
the past three quarters at 3.2 percent and drops to 1.1 percent in the most recent quarter could be an
early indicator of a shift in the financial institution’s customer base or activity or could be an indication
that training may be needed to reinforce what things should be evaluated when looking at that specific
alert type. An alert which has never been effective would need to be evaluated for potential parameter
changes or for deactivation.
Additionally, as the number of high-risk customers a financial institution maintains increases,
management should pay attention for critical tipping points where maintaining manual review
processes becomes less cost effective than purchasing software with the appropriate capabilities or
considering the use of consultants. It is critical that management have a strong understanding of
manual review processes and the expected time of completion so they can more readily identify when
this tipping point is approaching. For example, if a manual process that was previously requiring 1.5
full-time employees (FTEs) is now taking 3 FTEs to complete, the number of accounts requiring
manual review may have grown to the point where automation or the use of consultants may be a
more cost effective solution than continuing to hire full-time staff.
Staffing Considerations Staffing considerations are another important aspect to the decision of whether or not to bank high-
risk customers. A strong BSA/AML compliance program starts at the top and should be led by an
experienced BSA Officer. Subsequently, highly trained BSA/AML/Fraud analysts can more
effectively and efficiently evaluate account activity than analysts with less experience. Additionally,
analysts with a higher level of expertise can ultimately save the financial institution time and money
by reducing the risk of loss from missed activity or regulatory violations. When evaluating staffing,
9 | P a g e
financial institutions should consider things such as training options, experience level of current
analysts and compensation expense.
Training of analysts can be completed either internally or externally. Internal training can be achieved
quite cost-effectively by having senior analysts assist in the training of lower level analysts. This can
be accomplished through one-on-one trainings, senior analysts leading specific training on areas in
which they are subject matter experts, etc. Additionally, there are a number of out-of-box training
programs or webinars which can be adapted to provide cost effective training to multiple analysts at
once. Custom training sessions can also be designed by management or senior analysts to expand the
knowledge base of current analysts based on information found through research conducted online
using reference rich websites such as ACAMS, Bankers Online, Bankers Toolbox, etc.
Team huddles are another cost effective way to share information across the department and allow
for collaboration and cross training. In order to maximize effectiveness, huddles should be well
planned with specific topics for conversation and a framework for discussion. Topics should be
distributed in advance along with a stated expectation of participation. This will allow participants
time to properly prepare and actively contribute to the conversation. Additionally, huddles should be
interactive as all levels of analysts have valuable insight based on unique backgrounds and experiences.
A positive team environment can be fostered through the sharing of wins and tips and tricks. Case
studies provide for real life scenarios and outcomes which are easy to connect with and remember.
Senior analyst’s skills and expertise can also be utilized in quality control functions to spot check the
work of lower level analysts. This will help financial institutions ensure consistency, accuracy and
completeness. Leveraging the skills of senior analysts can allow institutions to bank a higher number
of high-risk customer accounts at a lower cost.
When financially feasible, external training such as local seminars and regional conferences can provide
targeted training on specific areas of concern, expand general knowledge, provide invaluable insight,
provide tools and resources that can be brought back and implemented as well as offer networking
opportunities and contacts. External training can also be used as an incentive for high performing
analysts to grow their skills outside of their normal working environment. The information obtained
during these trainings can then be brought back and shared with other members of the department.
Financial institutions may also want to consider having analysts join local trade groups. These groups
can prove invaluable by offering peer groups which can give insight to trends or concerns noted by
other financial institutions in the area. Additionally, many often sponsor local events. Examples of
such groups include local ACAMS chapters, local Bankers Associations, Banking Coalitions with Local
Law Enforcement Agencies, etc.
The experience level of current analysts and potential analysts is also an important consideration.
Analysts with a higher level of expertise can more effectively evaluate the risk of a potential client
saving the financial institution time and reducing the risk of loss from missed activity. Senior analysts
can also more readily identify complex schemes that may go undetected by less experienced analysts.
Financial institutions should evaluate the experience level of their current team prior to onboarding
high-risk customers to determine if the current experience level of staff is commensurate with the
level of activity they will be monitoring for. Improperly trained staff or staff that lack the appropriate
expertise level to effectively analyze the increased risk posed by high-risk customers could be criticized
10 | P a g e
by examiners. Additionally, encouraging existing analysts to obtain certifications such as CAMS shows
the financial institution’s commitment to properly train staff.
Lastly, compensation expense should be considered by financial institutions when deciding whether
to bank high-risk customers. Automated systems can reduce the need for manual reviews by
highlighting potentially suspicious activity but analysts are still needed to review this activity.
Ultimately, the higher the experience level and training of an analyst the higher the compensation
expense the financial institution will incur. This increase in compensation can be offset in part by
properly pricing high-risk customer accounts. Additionally, higher level analysts, especially those with
advanced certifications, are more likely to identify suspicious activity early on which can save the
financial institution from costly assessments or loss due to fraud.
Mid-size financial institutions should also consider non-monetary incentives that could be offered to
higher level analysts such as flex time, additional PTO, opportunities to work from home, sporting
event tickets, etc. Many employees find these alternatives to traditional pay incentives as enticing, or
more enticing, than a straight salary negotiation. A recent article published in HR Today found
“Health insurance and 401(k)s have suddenly become old-school – necessary but not always sufficient
for attracting and retaining top talent, especially young workers who may need more incentive than
their older peers to commit to a company for more than a year or two. That’s why many employers
are adjusting their benefits packages to include a wide array of items that ease the stresses of workers’
day-to-day lives. The goal is to create happier, more stable workforces that are far less likely to be
distracted at the office because of unfinished tasks at home.”9 It can be costly to interview, hire and
train new analysts, especially in smaller markets where there are not a lot of other financial institutions
headquartered, so maintaining high performing alert analysts is a win for both the financial institution
and the analyst.
Risk versus Reward Perhaps the most import consideration for mid-size financial institutions looking to bank high-risk
customers is the concept of risk versus reward. Does the financial compensation received from the
maintenance of these higher risk accounts outweigh the risks associated with banking these customers?
The added strain the additional required due diligence will place on the existing monitoring systems
and staffing needs to be off-set by commensurate pricing. Terry Pesce, head of the global anti-money
laundering practice at KPMG gave the following thoughts on this topic, “Banks are not charities. If
it’s going to cost them more to manage a high-risk client then they’re going to make on the account,
they will probably cut off the customer.”10
Three things mid-size financial institutions should consider when evaluating risk versus reward are:
the time impact the maintenance of these accounts will have on resources and management, pricing
9 Milligan, Susan. “Employee Benefits Get Extreme”. HR Today. 25 Aug. 2016. https://www.shrm.org/hr-today/news/hr-magazine/0916/pages/employee-benefits-get-extreme.aspx 10 Ensign, Rachel Louise. “Banks, Regulators Reach Impasse Over Risky Account Closures”. The Wall Street Journal. 30 Mar. 2015. http://blogs.wsj.com/riskandcompliance/2015/03/30/banks-regulators-reach-impasse-over-risky-account-closures/
11 | P a g e
considerations to determine if the potential fees paid by these customers will offset the added expense
of maintaining the accounts and the potential regulatory impact to the financial institution.
The impact of time spent monitoring, reviewing and maintaining high-risk customers and accounts is
often hard to quantify as it impacts various departments across the financial institution. Additionally,
the true cost of time is not easily calculated as each department impacted would have a different cost
associated with it. The additional due diligence that would need to be completed at account opening
will affect branch personnel productivity times as they work with these clients to complete more
cumbersome account opening procedures. Additionally, the transaction types and volumes of activity
for some high-risk customers, such as cash intensive businesses, will affect branch personnel’s time
efficiency as one teller may be tied up for an extended period of time processing bulk cash deposits,
change orders or completing multiple deposits with high volumes of checks. Other time
considerations for branch personnel would include the need to order and process additional fed
shipments of cash or coin. Retail management may be impacted if branch personnel have questions
at account opening due to the complex nature of the due diligence required and the fact that these
accounts may not be opened at the same frequency as personal or small business accounts. BSA/AML
Fraud staff will be impacted by an increase in automated alerts and the potential need for manual
reviews. These reviews will likely be more extensive and time consuming based on the volume of
activity presented for review and a need to more thoroughly analyze higher risk activity. Other
departments that could be potentially impacted would include risk management, deposit operations,
treasury management, etc.
FATF Recommendations require financial institutions to identify, assess and understand their money
laundering and terrorist financing risks as well as implement measures that are appropriate for the
level of the risks identified.11 While financial institutions can’t eliminate all risks associated with
banking high-risk customers, it is imperative that they put appropriate measures in place to effectively
mitigate risk and identify potentially suspicious activity. The key is to appropriately identify risk so
that measures taken are commensurate with the risk identified. One way mid-size financial institutions
can reduce the amount of time needed to maintain these high risk customer accounts is by properly
completing KYC at account opening and ensuring new customers are appropriately placed into the
correct account type. This should be based on the risk the customer type and account activity dictates.
This will allow for a more efficient use of current resources on the back end and focus the financial
institution’s efforts on truly high-risk activity.
Setting customer expectations upfront can also reduce the risk posed when banking high-risk
customers. Legitimate businesses are generally willing to provide documentation up front to
substantiate their business. High-risk customers not willing to provide this documentation or
questioning the need for it indicates a red flag that should be taken into consideration prior to opening
the account. Documentation obtained at account opening can be used to evaluate account activity
from day one and can be used to more quickly identify potential changes in expected activity. Asking
for the necessary documentation to mitigate risk after an account is opened is often an uphill battle as
the customer has less incentive since the account is already open.
11 http://www.fatf-gafi.org/publications/fatfrecommendations/documents/fatf-recommendations.html
12 | P a g e
Pricing considerations should be examined and designed before a financial institution begins on-
boarding high-risk customers. Due to the nature of high-risk customers’ activity, they pose a higher
risk to the financial institution and as a result will require a higher level of due diligence. Mid-size
financial institutions should complete extensive research including looking at what peer banks are
charging for similar services prior to implementing a pricing structure for these higher risk customers.
Pricing should take into consideration the additional risk, the additional due diligence required, the
need for ongoing monitoring, both automated and manual, and the staffing requirements to manage
the automated alerts, enhanced due diligence and manual reviews. The potential pricing structure
should then be reviewed against the added expense that will be incurred to determine if the pricing
structure will appropriately compensate the bank for the additional work required and risk posed. It
may be necessary to come up with several different pricing structures if multiple high-risk customer
categories are being considered. This can help offset the variation in risk and transaction type/volume.
For example, a financial institution would not want to place a customer who falls into the category of
a PEP in an account with the same fee structure as a customer who falls into the category of a cash
intensive business.
Supplemental income can also be obtained through fee schedules which charge customers a-la-carte
for transactions such as domestic and international wire fees, bulk cash ordering fees, coin processing
fees, sweep services, Positive Pay, etc.
Proper pricing of these accounts from acquisition can turn high-risk accounts into profit generators.
As previously noted, many of these high-risk customers/businesses are unable to find financial
institutions willing to take on this additional risk so they are often willing to pay higher rates and fees
to maintain their accounts. Financial institutions should ensure that their fees are reasonable in
comparison to the additional time and work required to maintain due diligence so that they are not
inadvertently adversely discriminating against these high-risk customers.
Additionally, financial institutions should be mindful that constant evaluation of processes and pricing
are needed to ensure effectiveness, necessity and accuracy over time.
Lastly, mid-size financial institutions should consider the potential regulatory impact these customers
could have on the financial institution. Recent large assessments that have made news included: Mega
International Commercial Bank Co, LTD., New York Branch paying $180 million for AML/BSA
Deficiencies, First National Bank of Omaha, Omaha, Nebraska paying $3 million for violations related
to billing practices and The Goldman Sachs Group, Inc., New York paying $36.3 million for
unauthorized use of confidential supervisory information, etc.12
Mid-size financial institutions should ensure that they have robust CIP, KYC, EDD, BSA/AML and
transaction monitoring processes in place along with written procedures to mitigate the added risks
these customers pose. Having a centralized and comprehensive BSA/AML Compliance Program
which includes written policies and procedures surrounding regulatory requirements and related
topics, products, services, persons and entities can provide needed documentation of the financial
institution’s efforts to comply with regulatory expectations. The FFIEC BSA/AML Examination
Manual provides an excellent framework that can be used when creating this centralized BSA/AML
12 http://www.moneylaundering.com/Calendars/Pages/Enforcements.aspx
13 | P a g e
Compliance Program. It is also important for mid-size financial institutions to remember that once
created this should be a living document that is regularly updated to include changes to products and
services offered, changes in procedures, etc.
Conclusion In conclusion, mid-size financial institutions can create lucrative niches within the market by banking
high-risk customers that align with the institution’s strengths. These niches can provide mutually
beneficial relationships for both the financial institution and the high-risk customer.
Financial institutions that successfully conduct the appropriate due diligence up front, accurately assess
current staffing and system resources and deploy strategic pricing can take potentially high-risk
customers from risky business to profit generators.
14 | P a g e
References
1.) ACAMS & Dow Jones. “Global Anti-Money Laundering Survey Results 2016.”
http://www.acams.org/2016-aml-challenges-survey-results/ Accessed 27 August 2016.
2.) United States Government Accountability Office. “Financial Institutions Fines, Penalties, and
Forfeitures for Violations of Financial Crimes and Sanctions Requirements”. Report to
Congressional Requesters. 22 Mar. 2016.
3.) Gratton, Heather. “Regional and Other Midsize Banks: Recent Trends and Short-Term
Prospects”. Future of Banking Study. 1 June 2014.
4.) Adler, Joe. “FDIC Seeks New Definition of Community Bank”. American Banker. 23 Feb.
2012
5.) MBCA Mid-Size Bank Coalition of America. http://midsizebanks.com/about/ Accessed 19
August 2016.
6.) FFIEC. “Bank Secrecy Act/Anti-Money Laundering Examination Manual” 17 Nov. 2014.
7.) Milligan, Susan. “Employee Benefits Get Extreme”. HR Today. 25 Aug. 2016.
https://www.shrm.org/hr-today/news/hr-magazine/0916/pages/employee-benefits-get-
extreme.aspx
8.) Ensign, Rachel Louise. “Banks, Regulators Reach Impasse Over Risky Account Closures”.
The Wall Street Journal. 30 Mar. 2015.
http://blogs.wsj.com/riskandcompliance/2015/03/30/banks-regulators-reach-impasse-
over-risky-account-closures/
9.) http://www.fatf-gafi.org/publications/fatfrecommendations/documents/fatf-
recommendations.html
10.) http://www.moneylaundering.com/Calendars/Pages/Enforcements.aspx