Both know your customer and anti-money laundering processes, which are meant to reduce risks in the Indian banking sector, are themselves fraught with the danger of being caught in the web of operational risks
The Basel guidelines (a set of banking regulations put forth by the Basel Committee on Bank Supervision, which regulates finance and banking internationally) define operational risk as the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events. The Basel guidelines on operational risks also prescribe that banks should keep capital to protect themselves against operational failures. While operational risks arise from various banking activities, one of the key susceptible areas of operational risks that pose challenge for the entire banking system is the facts that know your customer (KYC) and anti-money laundering (AML) processes are not immune from operational risks. Both KYC & AML processes, which are meant to reduce risks are themselves fraught with the danger of being caught in the web of operational risks.
The Cobrapost expose on money laundering revealed it all. Employees across banks were found wanting in the implementation of AML & KYC guidelines. The Reserve bank of India (RBI) ended up penalising 22 banks. The HSBC money laundering case, at the international level, also reflected the role of operational risks in proliferation of money laundering process. During the investigation it was found that HSBC had a vastly understaffed compliance department. At times, only one to four employees were responsible for reviewing alerts identifying suspicious wire transactions. When HSBC processed bulk cash, a business it calls banknotes, only one or two compliance officials oversaw transactions for 500 to 600 customers, which shows a clear cut case of under-staffing.
So how does the operational risk impact the AML and KYC processes in the banks and financial institutions?
This needs to be understood within the context of the famous saying: a chain is as strong as the weakest link in the chain. The weakest link in any chain in the operational process is the human resource. The weaknesses arising from human resource gets aggravated if they are not duly supported by strong processes and technology, two other critical pillar of operational risk management. The weakness in the entire operational procedure can derail the successful implementation of AML and KYC process. Here is an indicative list of risks associated with the people, process and technology.
People-related risks | Process-related risks | Technology-related risks |
Untrained or ill-trained human resource | Dominance of check box approach in KYC & AML process | Single view of client missing which means that many banks cannot identify clients opening account based on different identification proofs as one single client. In absence of this multiple operations of clients from different locations cannot be tracked |
Revenue generation pressure forcing sales resources to compromise on KYC/AML practices | Risk assessment not always part of the process and is mostly reactionary | Technology resources not good enough to manage complex issues related to of handling of accounts related to high risk clients such as politically exposed persons. Also PEP database is always difficult to manage |
Lack of adequate staff and resources to oversee successful implementation of anti money laundering measures | Absence of a robust and ongoing due diligence process | Increasing cost of compliance which requires implementation of high end technology. Since it is not a revenue generating business for the bank, the banks and financial institutions may not be very keen on implementing it |
Frontend staff not very strict with implementation of AML & KYC process even in cases when they are well trained | Lack of integration of AML processes in new products launched by banks and financial institutions | Poor data quality of transactions as well as account opening is a big hindrance for effective usage of technology. Banks and regulators need to standardise account opening documents to make technology more effective |
Integrity of human resources cannot be gauged. This poses a serious threat to the spread of money laundering. A robust process with multi layer check needs to be implemented | Regulator’s role is reactionary and not pro-active. RBI penalised banks when cobrapost.com identified AML fraud in multiple banks | Lack of databases such as worldcheck.com which can provide effective management of loopholes in AML process |
It has been seen in many cases that banks and financial institutions have not been very particular about strict implementation of AML and KYC. The regulator has also shown some leniency in this regard. The RBI diluted the full KYC process for medium and low risk clients by issuing a circular, which stated that full KYC exercise will be required to be done at least every ten years for low risk and at least every eight years for medium risk individuals and entities. KYC process in the banks mostly ends with collection of relevant document by the staff at the bank counter and transaction monitoring is assumed to be completed if a customer furnishes his PAN card, which is more of a tax compliance document. The check box approach is dominating the bank system. This means mapping the documents and control points with what customer has declared at the time of account opening.
How the prevailing operational risks can be controlled remains a subject of debate. There is no need to say that the three-pronged approach of involving regulators, policy makers and banks is required. India has been granted. While the Financial Action Task Force (on Money Laundering) (FATF), has stated in its 8th follow up report of mutual evaluation that India has addressed the shortfall in fight against money laundering, much need to be done at the ground level to plug operational risks.
(Vivek Sharma has worked for 17 years in the stock market, debt market and banking. He is a post graduate in Economics and MBA in Finance. He writes on personal finance and economics and is invited as an expert on personal finance shows.)
Inside story of the National Stock Exchange’s amazing success, leading to hubris, regulatory capture and algo scam
Fiercely independent and pro-consumer information on personal finance.
1-year online access to the magazine articles published during the subscription period.
Access is given for all articles published during the week (starting Monday) your subscription starts. For example, if you subscribe on Wednesday, you will have access to articles uploaded from Monday of that week.
This means access to other articles (outside the subscription period) are not included.
Articles outside the subscription period can be bought separately for a small price per article.
Fiercely independent and pro-consumer information on personal finance.
30-day online access to the magazine articles published during the subscription period.
Access is given for all articles published during the week (starting Monday) your subscription starts. For example, if you subscribe on Wednesday, you will have access to articles uploaded from Monday of that week.
This means access to other articles (outside the subscription period) are not included.
Articles outside the subscription period can be bought separately for a small price per article.
Fiercely independent and pro-consumer information on personal finance.
Complete access to Moneylife archives since inception ( till the date of your subscription )
Thanks and regards.
Thanks and regards.
All the functionaries involved in the task need ( on a continuous basis )to exercise vigil and be willing to prevent Money Laundering and Suspicious transactions.
The interference, in the role of MLRO, by the field functionaries and or business development executives needs to be checked and controlled for prevention of the Money Laundering.