Topics 59-61 Flashcards
Describe and calculate the stressed VaR measure introduced in Basel 2.5, and calculate the market risk capital charge
The implementation of Basel II coincided with the financial crisis of 2007-2009. Some people blamed Basel II because banks using the advanced internal ratings based (IRB) approach to calculate credit risk were allowed to use their own estimates of probability of default (PD), loss given default (LGD), and exposure at default (EAD).
As a result, the Basel Committee on Banking Supervision implemented a series of changes to the calculation of market risk capital. These changes were part of Basel II.5, implemented December 31, 2011.
There were three primary changes, including:
- The calculation of a stressed value-at-risk (SVaR).
- The implementation of a new incremental risk change (IRC).
- A comprehensive risk measure (CRM) for instruments sensitive to correlations between default risks of various instruments.
In the past, banks used the historical simulation method to calculate the VaR in order to find the market risk capital charge. The assumption in the historical simulation method is that percentage changes in market variables the next day are random samples of the percentage changes over the previous one to four years. Volatilities of most market variables were low in the pre-crisis period (i.e., 2003—2006). As such, market risk VaRs were also low during this period and continuing for a time following the start of the financial crisis. To remedy the problem of low VaRs, Basel II.5 required banks to calculate two VaRs, the usual VaR, using the historical simulation method, and a stressed VaR, using a 250-day period of stressed market conditions. Initially, regulators thought the year 2008 would be ideal for stressed market conditions. However, banks are now required to identify a one-year period when their actual portfolios performed poorly. This means the stressed period may be different across banks.
The total market risk capital charge is the sum of the usual bank VaR and the stressed VaR. The formula for the total capital charge is:
max(VaRt-1, mc x VaRavg) + max(SVaRt-1 , mS x SVaRavg)
where:
- VaRt-1 = previous days VaR, 10-day time horizon, 99% confidence level
- VaRavg = the average VaR over the past 60 days, 10-day time horizon, 99% confidence level
- mc = multiplicative factor, determined by supervisor, minimum value of three
- SVaRt-1 = previous day’s stressed VaR, 10-day time horizon, 99% confidence level
- SVaRavg = the average stressed VaR over the past 60 days, 10-day time horizon, 99% confidence level
- mS = stressed VaR multiplicative factor, determined by supervisor, minimum of three
Because the stressed VaR will be equal to or, more likely, greater than, VaR, the capital charge for market risk under Basel II.5 will be at least double the capital charge under Basel II.
Explain the process of calculating the incremental risk capital charge for positions held in a banks trading book
Prior to the financial crisis, the capital charge for exposures in the bank’ trading book was generally lower than the capital charge for exposures in the banking book.
- The Basel Committee proposed an incremental default risk charge (IDRC) in 2005 to correct the problem. The proposal required a 99.9% confidence level, one-year time horizon VaR for instruments in the trading book that are sensitive to default risk. This change had the affect of requiring roughly the same capital for trading book instruments as banking book instruments.
- However, because much of the 2007—2009 losses in the financial sector were due not to defaults but instead to downgrades, widening credit spreads, and losses of liquidity, the Basel Committee revised the IDRC to become an incremental risk charge (IRC). Instead of instruments sensitive to default, it is now credit-sensitive instruments.
- Banks must consider ratings change sensitivities in addition to default sensitivity. Banks are expected to rebalance the portfolio through the year to lessen default risk.
- As part of the IRC calculation, banks are required to estimate a liquidity horizon for each instrument in the portfolio. For example, assume an AA-rated bond in the portfolio has a liquidity horizon of 6 months. If at the end of 6 months the bond has defaulted or has been downgraded, it is assumed that the bank will replace the bond with an AA-rated bond comparable to the one held at the start of the period. This rebalancing is assumed at the end of each six-month period (or three months, nine months, etc., depending on the estimated liquidity horizon). The Basel Committee set the minimum liquidity horizon at three months.
- This assumption of rebalancing to the beginning of the period position is known as the constant level of risk assumption. Small losses occur as bonds are downgraded and the portfolio is rebalanced, but the likelihood of default is lessened. Generally this assumption reduces the one-year, 99.9% VaR.
Describe the comprehensive risk measure (CRM) for positions that are sensitive to correlations between default risks
- The comprehensive risk measure (CRM) is a single capital charge for correlation-dependent instruments that replaces the specific risk charge (SRC) and the IRC. The measure accounts for risks in the “correlation book.” Instruments that are sensitive to the correlation between the default risks of different assets include asset-backed securities (ABS) and collateralized debt obligations (CDOs).
- In normal periods, there is little risk of loss for highly rated tranches of these instruments. However, in times of stress, as in the 2007—2009 financial crisis, correlations with other instruments increase and even the highest-rated tranches can be vulnerable to loss.
- The committee has specified a standardized approach for rated instruments. Due to the experience of the financial crisis, resecuritizations, such as CDOs of ABSs, have higher capital requirements than normal securitizations such as mortgage-backed securities.
- For unrated instruments or instruments rated below BB-, the bank must deduct the principal amount of the exposure from capital. This is equivalent to a 100% capital charge; banks must hold dollar-for-dollar capital against the tranche.
-
For unrated tranches banks are allowed, with supervisory approval, to use an internal model to calculate the CRM. If a bank is allowed to use an internal model, it must routinely perform rigorous stress tests. Internal models must be sophisticated and capture the cumulative effects of several factors including:
- Credit spread risk.
- Multiple defaults.
- The volatility of implied correlations.
- The relationship between implied correlations and credit spreads.
- The costs of rebalancing hedges.
- The volatility of recovery rates.
- The Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank) does not allow ratings to be used in setting capital requirements. As such, the United States is trying to devise its own CRM rules that do not use ratings.
Define in the context of Basel III and calculate where appropriate:
- Tier 1 capital and its components
- Tier 2 capital and its components
- Required Tier 1 equity capital, total Tier 1 capital, and total capital
Basel III _eliminated Tier 3 capita_l.
Tier 1 capital (or core capital) includes:
- Common equity including retained earnings (called Tier 1 equity capital or Tier 1 common capital).
- Non-cumulative perpetual preferred stock (additional Tier 1 capital, part of total Tier 1 capital).
Tier 1 capital does not include:
- Goodwill.
- Deferred tax assets.
- Changes in retained earnings arising from securitized transactions.
- Changes in retained earnings arising from the bank’s credit risk, called debit (debt) value adjustment (DVA).
Tier 1 capital is adjusted downward to reflect defined benefit pension plan deficits (but is not adjusted upward for surpluses). In addition, there are rules governing capital issued by consolidated subsidiaries and also for the inclusion of minority interests.
Tier 2 capital (or supplementary capital) includes:
- Debt subordinated to depositors with an original maturity of five years or more.
- Some preferred stock, such as cumulative perpetual preferred.
Common equity is known as going-concern capital. It absorbs losses when the bank has positive equity (i.e., is a going concern). Tier 2 capital is known as gone-concern capital. When the bank has negative capital and is no longer a going concern, Tier 2 capital absorbs losses. Depositors are ranked above Tier 2 capital in liquidation so theoretically, as long as Tier 2 capital is positive, depositors should be paid in full.
Capital requirements for each tier and for total capital are:
- Tier 1 equity capital must be 4.5% of risk-weighted assets at all times.
- Total Tier 1 capital (i.e., equity capital plus additional Tier 1 capital such as perpetual preferred stock) must be 6% of risk-weighted assets at all times.
- Total capital (Total Tier 1 capital plus Tier 2 capital) must be at least 8% of riskweighted assets at all times.
By comparison, under Basel I the equity capital requirement was 2% of risk-weighted assets and the total Tier 1 capital requirement was 4% of risk-weighted assets. The new requirements are significantly more rigorous both because the percentages are higher and because the definition of what qualifies as equity capital has been tightened. The 8% total capital requirement is the same as under Basel I and Basel II, but again, the stricter definition of equity capital applies under Basel III.
Describe the motivations for and calculate the capital conservation buffer and the countercyclical buffer introduced in Basel III
- The capital conservation buffer is meant to protect banks in times of financial distress.
- Banks are required to build up a buffer of Tier 1 equity capital equal to 2.5% of risk-weighted assets in normal times, which will then be used to cover losses in stress periods. This means that in normal times a bank should have a minimum 7% Tier 1 equity capital ratio (i.e., 4.5% + 2.5% = 7.0%). Total Tier 1 capital must be 8.5% of risk-weighted assets and Tier 1 plus Tier 2 capital must be 10.5% of risk-weighted assets in normal periods.
- Banks need an extra cushion against loss during stress periods. The idea behind the buffer is that it is easier for banks to raise equity capital in normal periods than in periods of financial stress.
- Dividend payments are constrained when the buffer is wholly or partially used up.
- While left to the discretion of individual country supervisors, Basel III also recommends that banks have a capital buffer to protect against the cyclicality of bank earnings, called the countercyclical buffer. The countercyclical buffer can range from 0% to 2.5% of riskweighted assets. Like the capital conservation buffer, it must be met with Tier 1 equity capital.
- For countries that require the countercyclical buffer, dividend restrictions may apply.
Describe and calculate ratios intended to improve the management of liquidity risk, including the required leverage ratio, the liquidity coverage ratio, and the net stable funding ratio
- In the wake of the 2007—2009 financial crisis, one of the primary goals of Basel III is to improve liquidity risk management in financial institutions. Basel III specifies a minimum leverage ratio (capital / total exposure) of 3%. As of the 2010 Basel III publication date, the type of capital required to calculate the ratio was not decided. Total exposure includes all items on the balance sheet, in their entirety (i.e., not risk-weighted). It also includes some off-balance sheet items such as loan commitments.
- Basel III requires banks to meet the following two liquidity ratios: (1) liquidity coverage ratio and (2) net stable funding ratio.
- Liquidity Coverage Ratio (LCR): The LCR focuses on the bank’s ability to weather a 30-day period of reduced/disrupted liquidity. The severe stress considered could be a threenotch downgrade (e.g., AA to A), a loss of deposits, a complete loss of wholesale funding, a devaluation of the value of collateral for funding agreements like repurchase agreements (i.e., increased “haircuts”), and potential drawdowns on lines of credit. The ratio is computed as:
high quality liquid assets / net cash outflows in a 30-day period > 100%
- Net Stable Funding Ratio (NSFR): The NSFR focuses on the bank’s ability to manage liquidity over a period of one year. The ratio is computed as:
amount of available stable funding / amount of required stable funding > 100%
- To calculate the numerator, each source of funding (such as retail deposits, repurchase agreements, capital, and so on) is multiplied by a factor that reflects the relative stability of the funding source. See Figure 5 for the available stable funding (ASF) factors and types of funding available.
- To calculate the denominator, each required amount of stable funding is multiplied by a factor that reflects the relative permanence of the funding required. See Figure 6 for the required stable funding (RSF) factors and the types of assets requiring the funding.
Describe the mechanics of contingent convertible bonds (CoCos) and explain the motivations for banks to issue them
Contingent convertible bonds (CoCos), unlike traditional convertible bonds, convert to equity automatically when certain conditions are met. These bonds typically convert to equity when the company or bank is experiencing financial strains. The motivation for banks to issue CoCos is that during normal financial periods, the bonds are debt and thus do not drag down return on equity (ROE). However, in periods of financial stress, the bonds convert to equity, providing a cushion against loss, which helps prevent insolvency. The needed capital is provided by private sector bondholders rather than the government, allowing the bank to avoid a bailout.
Potential triggers that activate conversion are:
- The ratio of Tier 1 equity capital to risk-weighted assets. For example, Credit Suisse issued CoCos in 2011. Conversion is triggered if Tier 1 equity capital to risk-weighted assets falls below 7%.
- Supervisors’ judgment about the issuing bank’s solvency prospects. For example, the Credit Suisse CoCos automatically convert if bank supervisors determine that the bank needs public sector aid (i.e., equity capital) to avoid insolvency.
- A minimum ratio of a bank’s market capitalization to its assets. Market value triggers may reduce balance sheet manipulations (as one might see if the ratio of capital to risk-weighted assets is used as a trigger) but might instead introduce stock price manipulation
Explain the major changes to the US financial market regulations as a result of Dodd-Frank
The act is intended to protect consumers from abuses and prevent future bailouts and/or collapses of banks and other financial firms. Some of the major changes include:
- The establishment of the Financial Stability Oversight Council (FSOC). The job of the FSOC is to look out for risks that affect the entire financial system. The body monitors systemic risks.
- The establishment of the Office of Financial Research (OFR). The OFR conducts research on the state of the economy and it, along with the FSOC, identifies risks to the financial stability of the United States. The bodies seek to maintain investor confidence and promote market discipline.
- The FSOC and the OFR are charged with identifying systemically important financial institutions (SIFIs). The FSOC can impose extra capital requirements on SIFIs. In the United States, a bank with more than $50 billion in assets qualifies as a SIFI. The definition is less clear for non-banks.
- The elimination of the Office of Thrift Supervision, a former supervisory body that regulated savings and loan institutions.
- The expansion of the Federal Deposit Insurance Corporation’s (FDIC’s) powers to liquidate banks. For example, the FDIC is allowed to take over large firms that are failing and sell their assets, even at a loss to shareholders and creditors. The financial industry, not taxpayers, should bear the costs of failures.
- Permanently increasing the FDIC deposit insurance limit from $100,000 to $250,000.
- Greater reporting requirements for large hedge funds and similar firms. These firms must now register with the SEC.
- The establishment of Federal Insurance Office that will work with state insurance regulators and monitor the insurance industry.
- The establishment of the Volcker Rule, intended to curtail proprietary trading by institutions (like banks) that accept insured deposits as a source of funding. One of the problems with this rule is that it can be difficult to distinguish between a bank’s speculative trading and hedging activities.
- The requirement that some financial firms spin off high-risk trading operations into separately capitalized subsidiaries.
- Increased regulation and improved transparency of over-the-counter (OTC) derivatives including requiring standardized OTC derivatives be cleared by exchanges or by central clearing parties (CCPs). To facilitate OTC trading, swap execution facilities (SEFs) were mandated.
- The Federal Reserve must set risk management standards for systemically important financial institutions engaged in clearing, settlement, and payment functions.
- The requirement that rating agencies be more transparent in their assumptions and methods used to rate firms. An Office of Credit Ratings was created to monitor rating agencies. The potential legal liabilities of rating agencies were also increased.
- The use of external credit ratings in the regulation of banks and other financial institutions was banned. This is in direct conflict with the Basel Committee, which uses external credit ratings to set some capital requirements.
- Individual protections were increased, both for investors and consumers. The Bureau of Financial Protection was created within the Federal Reserve to ensure that consumers understand loan applications and terms for things like mortgages and credit cards. The goal is that consumers receive clear and accurate information when they shop for financial products and services.
- Firms are required, with some exceptions, to keep a minimum of 5% of the assets they securitize.
- Changes in compensation. Compensation packages that encourage short-term performance goals that may lead to increased risk taking are discouraged. Shareholders were given a non-binding vote on executive compensation packages. Board compensation committees must be made up of independent directors.
- Banks are required to assess a mortgage borrower’s ability to repay. Foreclosures may be disallowed if a bank does not make a good faith effort to determine that the borrower can repay the loan.
- At least one board member should have risk management experience at large, complex organizations.
Describe the proposed changes to the Basel market risk capital calculation and the motivations for these changes, and calculate the market risk capital under this method.
- In May 2012, the Basel Committee on Banking Supervision began considering the next round of changes to market risk capital calculations for banks. This process is known as the Fundamental Review of the Trading Book (FRTB).
- In order to properly understand the changes, it is necessary to first understand the previous market risk requirements. The Basel I calculations for market risk capital involved a 10-day value at risk (VaR) calculated with a 99% confidence interval. This process produced a very current result because the 10-day horizon incorporated a recent period of time, which typically ranged from one to four years.
- The Basel II.5 calculations required banks to add a stressed VaR measure to the current value captured with the 10-day VaR. The stressed VaR measures the behavior of market variables during a 250-day period of stressed market conditions. Banks were required to self-select a 250-day window of time that would have presented unusual difficulty for their current portfolio.
- The FRTB has proposed an alternate measure using expected shortfall (ES), which is a measure of the impact on the profit and loss statement (P&L) for any given shock of varying lengths. The expected shortfall asks the question: “If things get bad, what is the estimated loss on the bank’s P&L?”
- Instead of using a 10-day VaR with a 99% confidence interval, the FRTB is proposing the use of expected shortfall with a 97.5% confidence interval. For a normal distribution, with mean of μ and standard deviation of σ, these two measures yield approximately the same result. The 99% VaR formula is μ + 2.326σ, and the 97.5% expected shortfall formula is μ + 2.338σ. However, if distributions have fatter tails than a normal distribution, then the 97.5% expected shortfall can be considerably different from the 99% VaR.
- Just as with the 250-day stressed VaR, banks would be charged with self-selecting a 250-day window of time that would be exceptionally difficult financially for the bank’s portfolio.
Compare the various liquidity horizons proposed by the Fundamental Review of the Trading Book (FRTB) for different asset classes and explain how a bank can calculate its expected shortfall using the various horizons
- According to the Basel Committee, a liquidity horizon (LH) is “the time required to execute transactions that extinguish an exposure to a risk factor, without moving the price of the hedging instruments, in stressed market conditions.”
- Five different liquidity horizons are now in use: 10 days, 20 days, 60 days, 120 days, and 250 days
- Under FRTB proposals, every risk factor is assigned a liquidity horizon for capital calculations. For example, investment grade sovereign credit spreads are assigned a 20-day horizon, while non-investment grade corporate credit spreads are assigned a 120-day horizon and structured products have a 250-day horizon. This proposed new process is formally known as the internal models-based approach (IMA). In the internal models-based approach, expected shortfall is measured over a base horizon of 10 days. The expected shortfall is measured through five successive shocks to the categories in a nested pairing scheme using ES1-5. ES1 is calculated as a 10-day shock with intense volatility in all variables from category 1—5. ES2 is calculated as a 10-day shock in categories 2—5, holding category 1 constant. ES3 is calculated as a 10-day shock in categories 3—5, holding category 1 and 2 constant. ES4 is calculated as a 10-day shock in categories 4—5, holding categories 1—3 constant. The final trial, ES5, is calculated as a 10-day shock in category 5, holding categories 1—4 constant. The idea is to measure the hit to the bank’s P&L for ES1-5. The overall ES is based on a waterfall of the categories, as described above, and is scaled to the square root of the difference in the horizon lengths of the nested risk factors.
- This relationship is shown in the following formula:
Explain proposed modifications to Basel regulations in the following areas:
- Classification of positions in the trading book compared to the banking book
- Treatment of credit spread and jump-to-default risk, including the incremental default risk charge
- The FRTB also addressed regulatory modifications. One modification is to clarify if a risk asset should be considered part of the trading book or the banking book. Historically, the trading book consisted of risk assets that the bank intended to trade. Trading book assets have been periodically marked-to-market. The banking book has consisted of assets that are intended to be held until maturity, and they are held on the books at cost. Banking book assets are subject to more stringent credit risk capital rules, while trading book assets are subject to market risk capital rules. Using different rules has enabled a form of regulatory arbitrage where banks will hold credit-dependent assets in the trading book to relax capital requirements.
- In an attempt to mitigate this regulatory arbitrage, the FRTB makes a specific distinction between assets held in the trading book and those held in the banking book. To be allocated to the trading book, the bank must prove more than an intent to trade. They must meet dual criteria of:
- (1) being able to trade the asset, and
- (2) physically managing the associated risks of the underlying asset on the trading desk.
If these two criteria are met, then an asset can be allocated to the trading book, but the day-to-day price fluctuations must also affect the bank’s equity position and pose a risk to bank solvency
- Another important distinction was made in terms of reclassification between a banking book asset and a trading book asset. Once an asset has been acquired and initially assigned to either the trading book or the banking book, it cannot be reclassified except for extraordinary circumstances.
- An example of an extraordinary circumstance is if the bank changes accounting practices that is a firm-wide shift. Another caveat is that any benefit derived from calculating capital requirements under a post-shift category is disallowed. The capital requirement of the original method must be retained.
- Basel II. 5 also introduced the incremental risk charge (IRC) to further mitigate this regulatory arbitrage. The IRC recognizes two different types of risk created by credit-dependent risk assets: (1) credit spread risk, and (2) jump-to-default risk.
- Credit spread risk is the risk that a credit risk asset’s credit spread might change and thus cause the mark-to-market value of the asset to change. This risk can be addressed by using the expected shortfall calculation process. The IRC process allows banks to assume a constant level of risk. This means that it is assumed that positions that deteriorate are replaced with other risk assets. For example, if a bank has an A-rated bond with a three-month liquidity horizon that suffers a credit-related loss, then it is assumed that the bank replaces this risk asset with another A-rated bond at the end of the three-month liquidity horizon.
- Jump-to-default risk is the risk that there will be a default by the issuing company of the risk asset. A default would lead to an immediate and potentially significant loss for the bank that holds the defaulted issuer’s risk asset. This risk is subject to an incremental default risk (IDR) charge. The IDR calculation applies to all risk assets (including equities) that are subject to default. It is calculated based on a 99.9% VaR with a one-year time horizon.
Explain best practices recommended by the Basel Committee for the assessment, management, mitigation, and monitoring of money laundering and financial terrorism (ML/FT) risks
The Basel committee (referred to as the Committee) is committed to combating money laundering (ML) and the financing of terrorism (FT) as part of its mandate to enhance worldwide financial stability via a strengthening of regulation, supervision, and bank practices. The Committee has a long-standing commitment to sound Anti-Money Laundering and Countering Financing of Terrorism (AML/CFT) policies and procedures in banks.
Risk Assessment
The bank must have policies and procedures for:
- Customer identification.
- Customer due diligence.
- Customer acceptance.
- Monitoring of business relationships.
- Monitoring of business operations.
The bank must develop a thorough understanding of ML/FT risks present in:
- The customer base.
- The bank’s products and services.
- The delivery channels for products and services, including products and services in the development stage.
- The jurisdictions within which the bank and the bank’s customers do business.
- The bank’s understanding of inherent ML/FT risks is based on both internal and external data sources, including operational and transaction data (internal) and national risk assessments and country reports from international organizations (external).
Risk Management
- The board of directors and senior management should appoint a qualified chief AML/CFT officer with the stature and authority to garner the attention of the board, senior management, and business lines when ML/FT issues arise.
Risk Mitigation
- First line of defense. The business units (e.g., the front office and customer facing activities) are the first line of defense in identifying, assessing, and controlling ML/FT risks. Policies and procedures should be specified in writing and communicated to bank personnel. There should be procedures in place for detecting and reporting suspicious transactions.
- Second line of defense. The chief officer in charge of AML/CFT is the second line of defense. To avoid conflicts of interest, the officer should not have business line responsibilities or be responsible for data protection or internal audits. The officer may also be the chief risk officer and should have a direct reporting line to senior management and/or the board of directors.
- Third line of defense. The third line of defense is internal audits.External audits may also play a role in evaluating a bank’s policies and procedures with respect to the AML/CFT function.
Risk Monitoring
- Monitoring systems should be able to provide accurate information to senior management on issues such as changes in the transactional profiles of bank customers.
- The IT system should also enable a bank to determine its own criteria for monitoring and filing suspicious transaction reports (STR) or taking other steps to minimize ML/FT risks.
- Internal audits should evaluate the effectiveness of IT monitoring systems.
Describe recommended practices for the acceptance, verification, and identification of customers at a bank
Customer Acceptance
Banks must determine which customers pose a high risk of ML/FT. Factors the bank should consider include the customer’s:
- Background.
- Occupation including public and/or high profile figures.
- Business activities.
- Sources of income and wealth.
- Country of origin.
- Country of residence, if different from country of origin.
- Choice and use of bank products and services.
- Nature and purpose of the bank account.
- Linked accounts.
Enhanced due diligence may be required for:
- Accounts with large balances and regular cross-border wire transfers.
- A politically exposed person (PEP), especially foreign PEPs.
Customer Verification
In terms of verification of a person’s identity, the bank must be aware that the best documentation is that which is difficult to forge or to obtain illicitly. A bank may require a written declaration of the identity of a beneficial owner but should not rely solely on such a declaration. A bank must not forgo identification and verification simply because the customer cannot be present for an interview. The bank should pay particular attention to customers from jurisdictions that are known to have AML/CFT deficiencies. Enhanced due diligence is called for in these circumstances.
Customer Identification
In order to develop customer risk profiles (or categories of customers), the bank should collect data pertaining to the:
- Purpose of the relationship or of the occasional banking transaction.
- Level of assets.
- Size of the transactions of the customer.
- Regularity or duration of the banking relationship.
- Expected level of activity.
- Types of transactions.
- Sources of customer funds, income, or wealth (if necessary).
If the bank cannot perform CDD, it should not open the account or perform a transaction. If the bank must, so as to not interrupt the normal conduct of business, engage in a business transaction prior to verification, and ultimately cannot verify the customers identity, then the bank should consider filing an STR (suspicious transaction reports). The customer should not be informed that the STR has been or will be filed, either directly or indirectly. If the bank believes a customer has been refused banking services from another bank due to concerns about illicit activities, the bank should consider classifying the customer as high risk and engage in enhanced CDD or reject the customer altogether. If the customer insists on anonymity (or gives an obviously fictitious name), the bank should refuse to accept the customer.
Explain practices for managing ML/FT risks in a group-wide and cross-border context, and describe the roles and responsibilities of supervisors in managing these risks
ML/FT Risk Management for Cross-Border Banks
- Policies should be consistently applied (and supportive of the groups broader policies and procedures regarding ML/FT risks) even if requirements differ across jurisdictions. If the host jurisdiction’s requirements are stricter than the group’s home country, the branch or subsidiary should adopt the host jurisdiction requirements.
- If a host country does not permit the proper implementation of FATF standards, then the chief AML/CFT officer should inform home supervisors. In some instances, the bank may need to close operations in the host country.
- In a cross-border context, AML/CFT procedures are more challenging than other risk management processes because some jurisdictions restrict a bank’s ability to transmit customer names and balances across national borders. However, for risk management purposes, it is essential that banks be able to, subject to legal protections, share information about customers with head offices or the parent bank.
Banks involved in cross-border activities should:
- Integrate information on the customer, beneficial owners of the customer, and the funds involved in the transaction(s).
- Monitor significant customer relationships, balances, and activity on a consolidated basis whether the account is on- or off-balance sheet, as assets under management (AUM), or on a fiduciary basis.
- Appoint a chief AML/CFT officer for the whole group who must ensure group-wide compliance (across borders) of AML/CFT requirements.
- Oversee the coordination of group-wide information sharing. The head office should be informed of information regarding high-risk customers. Local data protection and privacy laws must be considered.
Role of Supervisors
Bank supervisors are expected to:
- Comply with FATF Recommendation 26 and apply the Core Principles fo r Effective Banking Supervision as it relates to the supervision of AML/CFT risks. FATF states the principles that are relevant to money laundering and the financing of terrorism.
- Set out supervisory expectations governing banks’ AML/CFT policies and procedures.
- Adopt a risk-based approach to supervising banks’ ML/FT risk management systems.
Explain policies and procedures a bank should use to manage ML/FT risks in situations where it uses a third party to perform customer due diligence and when engaging in correspondent banking
(Reliance on a Third Party, Outsourcing/Agency)
The FATF standards allow banks to rely on third parties for:
- Identifying the customer and verifying the customer’s identity using reliable, independent information.
- Identifying and verifying the identity of the beneficial owner.
- Understanding and obtaining information on the purpose of the intended nature of the business relationship.
Banks may outsource CDD obligations, and generally fewer restrictions apply in terms of who can act as the agent of the bank. The lower level of restrictions is offset by recordkeeping requirements.
Reliance on a Third Party
Reliance on a third party does not relieve the bank of its responsibilities in terms of CDD and other AML/CFT requirements on customers.
Relevant criteria for assessing reliance on a third party include:
- The third party should be as comprehensively regulated and supervised as the bank.
- There should be a written agreement between the parties acknowledging the bank’s reliance on the third party for its CDD.
- The bank’s policies and procedures must acknowledge this arrangement and establish adequate controls and review processes for the third party arrangement.
- The third party should implement the bank’s AML program, and may be required to certify that it has done so and that it performs CDD equivalent to the bank’s obligations and requirements.
- The bank should be aware of adverse publicity regarding the third party, such as enforcement actions for AML deficiencies or violations.
- The bank should identify and mitigate risks posed by relying on a third party for CDD rather than maintaining a direct relationship with the customer.
- The bank’s risk assessment should acknowledge the potential risk factors produced by relying on a third party for CDD.
- The bank should periodically review the third party’s CDD and should obtain documentation from the third party that it relies upon and assesses the due diligence processes and procedures, ensuring that the third party is complying with local regulatory requirements by screening against local databases.
- The bank should terminate the relationship with a third party that does not apply adequate CDD on their customers or fails in some way to meet the banks requirements or expectations.
Outsourcing/Agency
- Banks may engage in CDD directly or outsource the activity, sometimes in an agent relationship. If outsourced, it does not relieve the bank of its compliance responsibilities, which still lie with the bank.
- A written agreement between the parties should set forth the AML/CFT obligations of the bank and explain how they will be executed by the third party.
- An agent, under the law of agent and principal, is generally considered a legal extension of the bank. This means the customer is legally dealing with the bank itself and the agent is, therefore, obligated to apply the bank’s policies and procedures regarding customer identification, verification, and CDD.
- The third party must have technical expertise, knowledge, and training regarding customer identification and CDD. In some cases, the third party is not subject to AML/CFT obligations itself. Even if the agent does not have AML/CFT obligations, it must apply the principal’s identification and CDD requirements, and conform to the principal’s legal requirements.