Non-financial Risk Management in the Financial Industry

Financial crime risk combines the risk of failing to prevent offenses related to financial crimes, such as money laundering, terrorist financing, fraud, bribery and corruption as well as insider trading. This risk type is high on the agenda of regulators and one of the core responsibilities of a bank’s compliance function.

The International Compliance Association (ICA) defines financial crimes as two different types of conduct:

“First, there are those activities that dishonestly generate wealth for those engaged in the conduct in question. […] Second, there are also financial crimes that do not involve the dishonest taking of a benefit, but that protect a benefit that has already been obtained or to facilitate the taking of such benefit.” [36]

In the US, the OCC describes financial crime as ranging “from fairly simple operations carried out by individuals or small groups to highly sophisticated rings seeking funding for criminal enterprises or terrorism.” [37]

There are several sub-categories of financial crime risks.

The Financial Action Task Force (FATF) describes money laundering as the processing of criminal proceeds to disguise their illegal origin. [38]Terrorist financing refers to the financing of terrorist acts as well as of terrorists and their organisations [39]with funds coming from both legitimate and illegitimate sources. [40]A general global guideline regarding the management of money-laundering and terrorist financing risk is the BCBS’s recently updated “Sound management of risks related to money laundering and financing of terrorism.” [41]The EBA also published guidelines on money laundering and terrorism financing risk factors. [42]In Asia-Pacific, the APRA, refers to the money-laundering and terrorism financing risk as one “that a reporting entity may reasonably face that the provision by the reporting entity of designated services might (whether inadvertently or otherwise) involve or facilitate money laundering or the financing of terrorism.” [43]

Based on these regulatory descriptions, we define money-laundering/terrorist financing risk as the exposure to legal penalties and reputational loss faced by financial institutions failing to prevent money laundering or terrorist financing.

In this context, sanctions refer to financial sanctions, which can be defined as restrictions on the free movement of capital and payments. [44]These restrictions are imposed on individuals or entities in an effort to curtail their activities and to exert pressure and influence on them. These restrictive measures include (but are not limited to) financial sanctions, trade sanctions, restrictions on travel or civil aviation restrictions. [45]An embargo is defined as a prohibition on commerce.

The Wolfsberg Group published a guide on sanctions screening. [46]However, there is no explicit regulatory definition of the sanctions and embargoes risk. Therefore, we define the sanctions and embargoes risk as the exposure to legal penalties and reputational loss faced by financial institutions failing to comply with existing sanctions or embargoes .

Transparency International (TI) UK states that there is no universal definition of bribery, but all definitions have in common that it involves someone in an appointed position acting voluntarily in breach of trust in exchange for a benefit. The benefit does not have to involve cash or a payment, instead it can take on many forms, including gifts, hospitality and expenses, access to assets or a favour to a relative, friend or cause. Bribery is defined as “the offering, promising, giving, accepting, or soliciting of an advantage as an inducement for an action which is illegal, unethical or a breach of trust. Inducements can take the form of money, gifts, loans, fees, rewards or other advantages.” [47]

Like TI, the Legal Information Institute of Cornell Law School in the US defines bribery as “the offering, giving, soliciting, or receiving of any item of value as a means of influencing the actions of an individual holding a public or legal duty.” [48]On the other hand, corruption is defined as dishonest or fraudulent conduct by those in power, with bribery being one example of such conduct.

Based on these definitions, we define bribery and corruption risk as the exposure to legal penalties faced if the company or its employees engage in bribery or corruption .

TI defines tax evasion as “the illegal non-payment or under-payment of taxes, usually by deliberately making a false declaration or no declaration to tax authorities – such as by declaring less income, profits or gains than the amounts actually earned, or by overstating deductions.” [49]In the US, the IRS defines tax evasion as “the failure to pay or a deliberate underpayment of taxes.” [50]According to the European Commission, tax evasion “generally comprises illegal arrangements where tax liability is hidden or ignored, i.e. the taxpayer pays less tax than he/she is supposed to pay under the law by hiding income or information from the tax authorities.” [51]

Based on these definitions of tax evasion, we define the risk for financial institutions from facilitation of tax evasion as losses or penalties resulting from knowingly assisting or turning a blind eye to the evasion of taxes .

As Copley asserts, there is no universal definition of either conduct risk, that is the risk stemming from a person’s actions, or what good conduct means in practice. [52]While multiple, sometimes contradicting, definitions of conduct risk exist, we shall settle on the one by the Central Bank of Ireland that it published in its Guide to Consumer Protection Management : therein, conduct risk “is the risk a financial services firm poses to its customers from its direct interaction with them.” [53]This definition is in contrast to the EBA’s definition, which limits conduct risk to the risks relevant should something harmful happen to a banking institution. The three key types of conduct risk will be explored further in the following.

First, market conduct risk can be defined as the risk of the market’s integrity and transparency being harmed by unfair or abusive behaviour towards fellow market participants. The Fixed Income, Currencies and Commodities Markets Standards Board (FMSB) outlines seven client misconduct patterns, [54]which can be observed in the market. While this analysis is not entirely original, a number of different authorities and reviews – most recently the Fair and Effective Markets Review (FEMR) by the Bank of England in 2015 [55]– have recognised the importance of focusing on the behavioural patterns underlying market misconduct. In 2018, the FMSB became the first standard-setting body to collate, analyse and publish these behavioural patterns of market conduct risk as a single reference point for market participants.

Client conduct risk can be defined as the risk of harm to clients by resolving conflicts of interest to their disadvantage, causing them financial loss or other detriment. There are seven key client misconduct patterns observable in the market, which form the basis of the conduct risk definition in the EBA guidelines on common procedure and methodology for the SREP. [56]Together with the FMSB’s report, the EBA’s guidelines serve as an exhaustive list of key conduct risk subcategories. While individual entities and institutions have adopted their own taxonomies, the above categories have served as the backbone for several conduct risk analyses.