Bank Compliance: How to Pass It
Banks are prudent and may refuse to provide services due to scandalous articles on the Internet. Looks unfair? Indeed, but you can work with it.
We are periodically contacted by companies and individuals who cannot pass bank compliance. The reasons may differ: there may be queries about previous businesses, old media releases, and even deceased relatives.
What’s the case of compliance risk management in banks and is it possible to rectify the situation after a refusal? Let’s figure it out.
Table of contents
Bank compliance control
To minimize legal and other types of risks, financial institutions have implemented compliance procedures. Banks screen potential clients to make sure they are law-abiding.
Bank compliance is an approach to organize internal and reputation control, as well as legal and financial risk management. The recommendations of the Basel Committee on Banking Supervision have introduced the ‘compliance risk’ concept. The Committee defined it as:
The risk of legal or regulatory sanctions, material financial loss, or loss to reputation a bank suffers as a result of its failure to comply with laws, regulations, rules, related self-regulatory organization standards, and codes of conduct applicable to its banking activities.
Various countries apply different banking compliance regulations standards. In the USA, banking compliance is regulated by the following federal acts:
- The Bank Secrecy Act of 1970 (BSA), also known as the Currency and Foreign Transactions Reporting Act, is a law requiring US financial institutions to assist US Government agencies in detecting and preventing money laundering.
- The Fair and Accurate Credit Transactions Act (FACTA): besides allowing clients to request credit reports, this act contains guidelines to prevent identity theft and requires security for using client information.
- The USA PATRIOT Act: following the terrorist attacks on 9/11, the USA PATRIOT Act compliance requires financial institutions to meet regulatory guidelines when verifying the identity of clients who want to open an account.
- The Financial Crimes Enforcement Network (FinCEN): FinCEN banking compliance regulations activate section 314(a) of the USA PATRIOT Act, allowing law enforcement to request information from financial institutions.
- The Office of Foreign Assets Control (OFAC): OFAC regulations implement the Specially Designated Nationals List (SDN List), which prohibits US businesses from engaging in financial transactions with any parties on the SDN List.
- The Electronic Fund Transfers Act (EFTA) – or Regulation E compliance – requires financial institutions to follow certain procedures when investigating consumer claims of electronic funds transfer errors.
What may happen if a bank neglects compliance requirements
A great example of problems that may result from insufficient compliance is a series of Deutsche Bank scandals over the last few years.
In July 2020, Deutsche Bank was fined $150 million. The New York State Department of Financial Services (DFS) detected major violations in maintaining the accounts of notorious financier Jeffrey Epstein, accused of sex trafficking.
According to the regulatory authority, “the Bank inexcusably failed to detect or prevent millions of dollars of suspicious transactions, that could draw additional attention to Mr. Epstein’s activities.”
A year earlier, Deutsche Bank had hired the daughter and the son of two Russian deputy finance ministers in exchange for lucrative contracts. This was enough for the US SEC to fine the bank $16 million, explaining it as a violation of anti-corruption laws and a conflict of interest.
Major violations threaten downgrading a financial institution’s rating, deterioration of relations with the government, and other negative consequences. Therefore, for a bank, an assessment of compliance risks is a mandatory condition for operating on the financial market.
What does compliance imply?
A compliance service studies international sanctions lists, global databases of state and law enforcement agencies, lists of politically exposed persons, and negative references in the media.
The ultimate goal of bank compliance is to reduce reputation risks and the probability of being fined by regulatory authorities. Therefore, financial institutions pay particular attention to KYC (Know Your Customer) and AML (Anti-Money Laundering) procedures, which should protect them from working with unreliable and dangerous clients.
If the bank compliance control detects any risks or illegitimate sources of funds, it will refuse to open an account. Otherwise, activities of the credit institution will attract the regulatory authority’s attention.
Financial institutions in Europe and the United States are used to checking publications about their clients and counterparties.
It’s difficult to predict exactly what the security service of a particular bank will decide to check. However, recommendations of the Financial Action Task Force (FATF) on money laundering, as well as of the EU Anti-Money Laundering Act, are publicly available. Therefore, the following points of bank compliance interest can be noted:
Type of client. Such groups of clients as politically exposed persons, casinos, financial institutions, and companies with nominee shareholders, trusts, and non-profit businesses will definitely raise certain questions.
Client’s jurisdiction. Citizens of countries with commonplace corruption and terrorism will attract additional interest. This also applies to representatives of sanctioned countries. The EU even has a list of high-risk countries.
The product the client applies for. This includes private banking services, anonymous and cash transactions, and securities services.
Media releases. Compliance officers will definitely study the publicly available information. There’s a chance that negative posts won’t be a reason for rejection, but they will raise additional questions during the interview.
What may go wrong upon compliance check
Compliance officers are not obliged to explain what caused a rejection. This can only be understood indirectly from the questions asked during the interview.
Bank security services tend to stick to an unspoken rule: ‘If in doubt – safer to reject’. Such an attitude results from the fact that developed countries strive to make financial flows as transparent as possible.
Since 2015, EU countries have been required to keep centralized registers of beneficial company owners and registers of trusts. Since the beginning of 2020, the fifth amended ‘anti-laundering act’ has come into force, expanding abilities to identify companies and related persons.
One of our clients encountered difficulties when approaching a large bank. Many years ago, the businessman was mentioned in a number of corruption-related releases. A well-known media outlet wrote about the case, with other sources reprinting the content. The client was mentioned at the very end of the article, and no charges have been laid against him. Thus, the case required a bank compliance consulting service.
The fact that this person was mentioned in a negative publication was sufficient for the security service to assess cooperation with him as a violation of the bank compliance policy.
Negative media releases alone can’t be a reason for rejection. This information leads to a more thorough verification of the source of the assets, the business scheme, beneficiaries’ biographies, and other factors.
Sometimes, preliminary examination of the business and its owner is enough to refuse cooperation. However, this requires strong arguments. In most cases, the information discovered lays the basis for an interview – it is mandatory for compliance officers to conduct one.
During the conversation, the bank representatives will ask about the negative references, what the reason for them was, and how they affect the current position of the business. The bank compliance service makes a decision based on this face-to-face meeting.
Bank compliance consulting: what to prepare for
There are no methods that can guarantee that you’ll pass compliance with an EU or US bank. You can only increase the chances for success using bank compliance consulting.
The bank may request an LEI code. This was introduced so that companies all over the world could identify each other. Bank clients have their own IDs, telephone operators have numbers, and legal entities have an LEI code. It consists of 20 characters assigned according to the ISO 17442 standard.
Feel free to ask for information. If you’ve failed to pass the security service examination, you may request a compliance check. This document specifies the points due to which a company or an individual was rejected. You should wait 4-6 months before re-submitting the application – this time is enough to fix the weak points.
The security service will collect information from all available sources. Bank compliance has access to the World-Check database, but such a check is more of a pro forma. Usually, it uses the information obtained by interviewing a potential client. The security service uses insider information as well: it interviews former partners, colleagues, and even friends. This is a common procedure that you should be prepared for.
Remove negative mentions, if necessary. The compliance databases used are constantly updated, so you can and should work with them, using bank compliance consulting. Legal deletion of information using removing techniques will help to neutralize unwanted information out of court.
More on the topic
What is World-Check Screening? In simple terms, it is a database of politically-exposed persons and heightened risk individuals and organizations around the world…