delivered the following remarks at the 6th Annual International Conference on Financial Crime and Terrorism Financing, Kuala Lumpur, 8 October 2014.
There has been a lot of discussion recently about the so-called “problem of de-risking”.
For example, the British journal, the Economist, wrote a lead editorial warning that some of the stronger regulatory practices in the area of anti-money laundering and counter terrorism financing threatened to de-bank significant regions or sections of the public.
This in turn would have the effect of driving the development of alternative financial markets and payment mechanisms - sometimes broadly described as ‘shadow banking’.
The term ‘shadow banking’ sounds sinister. It sounds threatening and worrying. Actually it could encompass a variety of practices. Some are positive innovations, and some are sinister and threatening. Mostly ‘shadow banking’ involves ways of taking deposits, extending credit and making payments that do not use the conventional and traditional banking methods. And very often these ways of taking deposits, extending credit and making payments, are not regulated or, at least, not regulated very much.
Let me illustrate which I am referring to here by reference to the use of mobile banking. This is the use of mobile phones to carry out the business of recovering and paying in a world where there are no banks. I have just come from a FATF President contributes to global standard-setting bodies' discussion on financial inclusion where Tanzania gave an excellent presentation explaining how mobile banking was providing opportunities for a large number of people that do not have access to conventional banking. Incidentally, we heard there as well from the Philippines, where agents are used to carry out banking where there are no banks or branches.
There are essentially innovative ways of doing the things banks have traditionally done. Yes, they raise issues and potential for abuse. But so does any technology.
Technology, including business models and systems, tend to be value neutral. They can be used for good. They can be used for bad.
The challenge for the regulator is to be flexible and to allow innovation to occur, and to adopt standards and regulations to deal with threats and dangers but not at the expense of killing off innovation.
Biometrics, for example, is a key development in developing countries for establishing peoples’ identity. And establishing their identity is crucial to allowing them to participate in government. In the economy, in society, we are seeing this. In India especially I have seen this, but in other countries as well.
In the developed world, where we already have identity documents and systems for identification and participation, it is too easy for the privacy lobby to simply criticise these developments in a rigid and ideological fashion.
I think the rigid and dogmatic application of so-called ‘privacy principles’ have a lot to answer for.
But after this excursion into some of the positive things that may be included in ‘shadow banking’, let me return to the problem of de-risking – so called.
I do not want to judge the particular celebrated examples where big banks have had to pay big fines on settlements. Except, I will say two things.
First, this regulatory action has concentrated the minds of financial organisations much, much more than all the resolutions, standard setting and guidance notes could ever have done about money laundering and terrorist financing.
Second, it illustrates the power and reason of regulators when they are intent on acting. Too often you hear regulators or police complaining that they do not have the powers or the regulatory armoury to act. That is very often an excuse for lazy regulation or lack of will.
The regulatory standards that the FATF has made and holds countries to account does require financial institutions to carry out a process of customer due diligence. It does require countries to see to it that their banks and other financial institutions make significant inquiries into their customers and what their customers are transacting to prevent money laundering and terrorist financing.
But nothing in these standards requires a rigid, blanket application of that requirement. It is sort of understandable that people working in banks find it easier to say ‘no’ rather than go through a process of understanding the intent and rules involved in a transaction. That of course is unless the customer is wealthy and the transaction is significant.
The critical requirement here is a proper risk analysis, a risk based assessment. Banks and financial organisations should get this. I recall when I first started with Citibank being told – banks do not deal with money (except superficially) they deal with the assessment and allocation of ‘risk’. The FATF takes that insight seriously. The problem seems to be that in the wake of the global financial crisis, in an atmosphere of growing apprehension about tomorrow; in a world where the reputation of big banks has taken a pounding; in a world where the increased prudential requirements are lifting; big banks are simply not prepared to play.
But they should be careful here. For a number of reasons.
First, there is reputational risk in de-banking essentially poor countries or classes of poor people.
Second, there is a commercial risk in withdrawing from doing business with a large proportion of the world’s population. There is now and in the future a significant amount of “money on the table”. If the big banks don’t play, others will.
Third, there is a business risk in failing to harness new ways of doing banking – mobile banking, banking through agents, etc. There are corporations such as Google, Apple, Telstra, for example, who can come into this market, who can build the requisite customer relationships.
So, yes there are risks in being in the game. But, to my mind, there are bigger long term risks in not being in the game.
The FATF is going to have a discussion about this issue of ‘de-risking’. We will not, I think, come to a definitive conclusion. More likely we will get clearer about issues - about the dangers of driving illicit markets; about the dangers of financial exclusion. But also about the need to give more helpful guidance to banks and other financial institutions about risk assessment and what may be acceptable practice; about how to deal with non-government bodies and charities for example.
Most likely what is required, I think, is the communication of more flexible regulatory practice and standards, and more refined and intelligent assessment of risk.