Derisking Is Risky
If your savings account has been closed without warning, get mad at the regulators not at the bank!
Dateline: Woking, 9th January 2024.
There has been much media comment, in the U.K. and elsewhere, about the issue of banks either denying accounts to people or closing the accounts of existing customers. In fact it's taken on the appearance of something of a moral panic in recent times. What is slightly puzzling to me is that people are getting angry with the banks when the banks are responding rationally to the economic incentives set for them by their regulators. If people want to get angry about this stuff, they should be getting angry with the government and the Financial Action Task Force and the various people responsible for the regulations!
Suspicious Activities
We’ve all heard stories about friends or colleagues finding them, or their kids’ sports club or their elderly parents or their cousin’s small business, getting a letter from the bank saying “sorry, your account is being closed, there’s no point calling us because we can’t tell you why”. These are stories about what banks refer to as “exiting” or “de-risking” but, as a very good piece in the New York Times points out, this isn’t about banks getting tough on people who bounce checks: this starts with regulators and then trickles down through bank compliance departments and on to your branch manager (or managerbot).
One of the reasons for this is that banks are required file a “suspicious activity report” (SAR) when they see transactions like unexpectedly large cash transactions or wire transfers with banks in high-risk countries. According to Thomson Reuters, U.S. banks filed over 1.8 million of these SARs last year and this year there will be more than two million of them. Multiple SARs often lead to a bank closing a customer’s account, but accounts may be closed for any number of other reasons that lead a bank to consider the risks unacceptable.
It is this issue of risk that is the core of the problem. In the U.K., Andrew Griffith, the Economic Secretary to the Treasury, wrote to the Financial Conduct Authority (FCA) about accounts being closed and said that while he recognised the importance of measures to prevent money laundering, "it is crucial that an appropriate balance is struck”. What appropriate balance could there be though when the banks can be fined millions of dollars for falling foul of know your customer (KYC), anti-money laundering (AML), counterterrorist financing (CTF) and politically exposed persons (PEP) regulations — which together I will label Customer Due Diligence (CDD) regulations ?
If you look at the overall spending of financial institutions on anti-financial crime measures, around two-thirds of the money goes on these CDD activities, so you can see why banks are going to take the time to calculate if the expense is worth it. Why take the risk of earning a paltry few bucks on some money transfers when you might get fined a few million quid if the due diligence was incomplete or incorrect? Santander was fined a hundred million quid for AML failures on its business banking side and let’s not forget that US regulators fined HSBC a couple of billion dollars for the same thing.
The situation in Europe is going to get worse because of the 5th anti-money-laundering directive (5AMLD), which levies a maximum fine of €5 million or 10% of annual turnover for violations. Banks therefore have to assess the risk associated with providing accounts for PEPs in particular. The outcome has been predictable, with the British finance minister complaining that he himself had been denied a bank account!
Things are going to get even worse in the U.K. too because the banks are now forced to recompense customers who are the victims of scams. Hence it is entirely predictable that banks will become more cautious about opening or maintaining accounts for disadvantaged, older or more vulnerable consumers. This is why I expect to see another rash of the stories about de-banking in a few months time when the Financial Conduct Authority's new “Consumer Duty of Care Regulations” begin to bite. Banks will be required to assess vulnerable customers and make additional provisions for supporting these customers. Since these provisions will be expensive and will undoubtedly include indemnifying these customers against fraud and scams of all kinds under the Contingent Reimbursement Model, it seems to me an entirely predictable outcome that banks will begin to drop vulnerable customers like hot potatoes.
Instead of journalists complaining about their children not getting accounts, they will be complaining about their parents’ accounts being shut down as banks become more cautious about opening (or maintaining) marginal accounts because of concerns that they may have to accept 50% of the costs of any APP fraud. As a result, they will inevitably be less likely to open accounts for low income, disadvantaged, technologically challenged, older or vulnerable consumers, or close their accounts to limit exposure to this new level of liability.
with kind permission of Helen Holmes (CC-BY-ND 4.0)
Driving “risky” people out of the system may not, however, be the best strategy for society. The U.S. Treasury Department has said that bank de-risking could hurt some communities and even “pose a national security risk” by driving transactions out of regulated institutions and into shadowy corners of global finance where they cannot be monitored.
Time for Change
So what could be done? Well, I have seen more than one call for something along the lines of TSA Pre. Instead of having each bank duplicate effort on CDD and risk metrics, why not take most low-risk people out of the loop completely? Go to a bank branch with your passport (or other acceptable “real ID”), proof of address and whatever and get yourself a Bank Pre Number!
(If you think about it, the US $10,000 limit for transactions that do not need reporting was set many, many years ago. If adjusted for current prices, it would be closer to $100,000. We could recognise this by allowing people with Bank Pre to send $100,000 without filing an SAR.)
Then, when you open a bank account, hire an accountant or wire money to an elephant sanctuary in Thailand, you can give your Bank Pre Number. When you wire money to the elephant sanctuary, the bank or accountant or remitter can check that your Bank Pre Number is still valid and then send the money. The bank doesn’t need to file an SAR and you can make as many of these transactions as you like without getting de-risked.
Business Case
While we might all agree with the goal of stopping fraud, terrorism, money laundering, bribing politicians and all sorts of other crimes, it does seem that many normal people are being inconvenienced (to say the least) by this top-down purge and this is not the best outcome for society as a whole.
Whether something like Bank Pre works or not, it is clear that the problem is ultimately, as many of you will already have concluded, one of identity. An obvious way to tackle the growing cost of CDD is digital identity: perhaps some sort of financial services passport.
Here in the U.K. we lack even the most rudimentary infrastructure for tackling financial crimes. Thousands of bogus companies are created every day at Companies House, billions of pandemic support money is still missing, authorised push payment (APP) scams are commonplace and fraud is completely out of control. Instead of incentivising banks to walk away from problems, couldn’t we instead incentivise them to co-operate and create an infrastructure for digital identity, strong authentication and verifiable credentials that might go some way to tilting the cost-benefit analysis around de-risking?
Are you looking for:
A speaker/moderator for your online or in person event?
Written content or contribution for your publication?
A trusted advisor for your company’s board?
Some comment on the latest digital financial services news/media?
Great write up. I'm shocked that this is happening in the UK. Thanks for sharing