Banks and national regulators should adopt a more finely tuned, risk-based approach towards compliance and supervision to prevent the wholesale offloading of money services businesses and other categories of clients they view as inherently prone to illicit finance.

After publishing more than 400 pages of guidance this month to help financial institutions adopt a more nuanced system for evaluating financial crime-related risk, the European Banking Authority clarified Monday that its intent was to combat the now decade-long de-risking phenomenon, not exacerbate it.

“De-risking can be a legitimate risk management tool in some cases but it can also be a sign of ineffective ML/TF [money laundering and terrorist financing] risk management, with severe consequences,” the EBA said Monday. “It has become apparent that more comprehensive action is needed to address unwarranted de-risking.”

Since the beginning of March, the EBA has listed the threats of money laundering and other crimes affecting the European Union, issued new guidelines on key aspects of risk-based compliance and formally requested feedback on future guidance for risk-based supervision.

Nonprofit groups, especially those in warzones, and asylum seekers without standard due-diligence records, often lack financial services, but the impact of de-risking is much broader, the EBA claimed Monday. MSBs and other cash-intensive businesses also suffer from overly cautious banks, as do firms whose products facilitate anonymity, such as prepaid card providers.

Real estate companies struggle to open and maintain bank accounts, according to the EBA, as do cryptocurrency exchanges, e-money issuers and other firms in emerging sectors that banks perceive as having limited knowledge of anti-money laundering compliance.

“The EBA recalls that a proper risk assessment must include such considerations and cannot be a blind instrument used to get rid of risky clients,” Peter Oakes, former director of enforcement and AML at the Central Bank of Ireland, told ACAMS after reviewing Monday’s statement. “Financial institutions must be prepared to answer questions about it.”

Many banks in Europe have grown reluctant to handle the transactions that back remittances to the world’s poorest countries, and now even hesitate to serve real estate agents, soccer clubs, corporate services providers and other parties whose risks they consider unmanageable.

De-risking has also reached U.S. financial institutions and drawn the attention of the Treasury Department’s Financial Crimes Enforcement Network, which encouraged banks in guidance seven years ago to rethink any decision to shun the remittance industry.

“The Bank Secrecy Act does not require, and neither does FinCEN expect, banking institutions to serve as the de-facto regulator of the money services business industry any more than of any other industry,” FinCEN advised in 2014. “It is not possible for a bank to detect and report all potentially illicit transactions that flow through an institution.

Reputations to consider

A mindset of corporate social responsibility has also led to the termination of accounts and services for companies in industries perceived as risky “from an environmental, security or health perspective,” such as tobacco, weapons and coal.

According to the EBA, this trend has had the perverse effect of encouraging rejected clients to turn to institutions in jurisdictions with lax AML supervision, or worse, to underground banks and other informal channels that operate beyond government supervision.

“The risk associated with individual business relationships may vary, even within one category,” the EBA warned Monday. “The application of a risk-based approach … does not require financial institutions to refuse, or terminate, business relationships with entire categories of customers that are considered to present higher ML/TF risk.”

National regulators should address the trend by improving their grasp of sectoral risks, and pay more attention to the affected industries to restore the trust of banks, the EBA recommended.

“This may include increased supervisory activities in the sector or additional guidance to the sector,” the regulator suggested. “Furthermore, the EBA encourages competent authorities that have not yet performed an assessment of de-risking in their jurisdictions to consider performing such an assessment.”

Several national regulators, including France’s Prudential Supervision and Resolution Authority and Britain’s Financial Conduct Authority, have sought to address de-risking through guidance, public statements and technology.

Since 2011, the Central Bank of Ireland has collected more data on the operational risks of affected businesses through its “Probability Risk and Impact SysteM,” or PRISM, and by requiring financial technology-centric firms, also known as fintechs, to provide more details on their business models than other regulated institutions.

But the extent of de-risking varies greatly across Europe, said Oakes, now a consultant in Dublin.

“Data is the key, and not everyone collects and analyzes the same amount at the same level,” Oakes said. “As EU institutions operate within a framework aimed at reducing regulatory arbitrage and supervisory divergence, it is only a matter of time before uniform operational rules emerge for the entire bloc, even more with regards to the plan to create an EU-wide supervisor.”

In the interim, the EBA encouraged banks to find a path to engage with high-risk clients, such as by adjusting the level and intensity with which they monitor them, or by offering them only basic financial products and services to reduce their exposure to financial crime.

De-risking has also appeared on the agenda of the Financial Action Task Force, which sets global AML standards. The intergovernmental group launched an initiative last month to study and mitigate the consequences of incorrect implementation of its recommendations for a risk-based approach.

ACAMS is hosting their 16th Annual Anti-Financial Crime Conference – Europe, virtually from May 18-20, 2021. To find out more visit their website.