Why it matters

For many financial institutions, derisking has become the name of the game. Seeking to avoid unwanted examination scrutiny by regulators, banks have terminated customer relationships with entities that are viewed as high-risk—payday lenders, cannabis companies, third-party payment processors and Bitcoin exchanges, just to name a few. In stark contrast to criticism by banks in the U.S. that Operation Choke Point and regulatory pressure have caused them to terminate the provision of banking services to certain types of businesses, the United Kingdom’s Financial Conduct Authority (FCA) recently said the opposite in a statement on derisking, making it clear that heightened regulatory risk will not suffice as a reason to drop a customer relationship. The U.K. regulator noted that it was aware some banks “are no longer offering financial services to entire categories of customers,” particularly FinTech companies, money transmitters and charities. “Banks have told us that this helps them comply with their legal and regulatory obligations in the UK and abroad,” the FCA said. “However, we are clear that effective money-laundering risk management need not result in wholesale derisking.”

The FCA then went one step further, hinting that it would consider taking action against financial institutions that terminate relationships resulting in a negative impact on consumers. Ironically, U.K. financial institutions hoping to avoid regulatory attention by derisking may now be inviting it. The FCA cautioned U.K. financial institutions that derisking strategies will now be examined during a regulatory examination. Whether or not U.S. regulators will follow the FCA’s lead remains to be seen.

Detailed discussion

In the wake of the financial crisis, regulatory oversight increased and institutions reacted by trying to lower their risk portfolio. Dropping customers with riskier anti-money laundering (AML) or terrorist funding problems seemed like the right thing to do.

Banks sought to avoid ending up on the receiving end of an Operation Choke Point action as CommerceWest Bank and Plaza Bank had, accused of facilitating consumer fraud by allowing third-party payment processors to make millions of dollars of unauthorized withdrawals from consumer accounts, and paying $4.9 million and $1.225 million, respectively, or agreeing to pay $1.2 million, in the case of Four Oaks Bank & Trust, which the Department of Justice said turned a blind eye to $2.4 billion in loans made by online lenders that were processed by a third-party payment processer that contracted with the bank.

The FCA has instead taken a different tack. “While the decision to accept or maintain a business relationship is ultimately a commercial one for the bank, we think that there should be relatively few cases where it is necessary to decline business relationships solely because of anti-money-laundering requirements,” the FCA said in the statement. “As a result, we now consider during our [anti-money-laundering] work whether firms’ derisking strategies give rise to consumer protection and/or competition issues.” Consumer protection and/or competition issues could arise when banks cut off dealings with an entire industry—payday lenders, for example—freezing entire business lines out of the market and leaving consumers with limited choices.

Banks should “put in place and maintain policies and procedures to identify, assess and manage money-laundering risk,” according to the statement. “But the risk-based approach does not require banks to deal generically with whole categories of customers or potential customers: instead, we expect banks to recognize that the risk associated with differing individual business relationships within a single broad category varies, and to manage that risk appropriately.”

In a response to an inquiry into whether the Federal Deposit Insurance Corporation (FDIC) is considering adopting a stance similar to that of the FCA, a spokesperson for the regulator told American Banker, “The FDIC encourages supervised institutions to take a risk-based approach in assessing customer relationships, rather than declining to provide banking services to entire categories of customers without regard to the risks presented by an individual customer or the financial institution’s ability to manage the risk.” Unfortunately, this backtracking by the FDIC after fallout over Choke Point comes too late for many legitimate businesses seeking to meet consumer needs that have already been dumped by skittish banks and are challenged in finding new ones.

Last November, David Cohen, deputy director of the Central Intelligence Agency, gave a speech in which he expressed concern about derisking in this country. “We are keenly engaged with this issue because we recognize that ‘derisking’ can undermine financial inclusion, financial transparency and financial activity, with associated political, regulatory, economic and social consequences,” Cohen said.

To read the FCA’s statement on derisking, click here.