Risk mitigation vs. risk avoidance in the payment sector – Op Ed

 By Agnė Selemonaitė, board member of ConnectPay

The payments sector has always been under the microscope in terms of regulatory compliance. Now, with a number of scandals and compliance discrepancies, financial institutions have responded in a growing trend of terminating accounts deemed high-risk—a process also known as de-risking. While in the risk management space the term describes hedging against precarious exposures, within the payments sector it has become synonymous with avoiding risks.

Since the financial crisis of ’08, FIs have been hit with approximately $36 billion of non-compliance fines. The significant growth corresponds with the ever-tightening AML/CTF rules, as well as the general tendency of policies becoming more and more strict. With a continuously toughening regulatory environment, financial institutions are less inclined to take on dubious clients and would rather eliminate any viable threats than risk getting fined by the regulatory authorities. Agnė Selemonaitė, board member of ConnectPay, emphasizes that while de-risking is necessary, it should not become the basis of the entire approach to how financial institutions tackle risks.

Although de-risking has been gaining traction in the payments sector, it is important to disclose the shortcomings associated with the practice. The case of Malta, a EU country bordering the Mediterranean sea, is a good example of how strict de-risking policies can impact the payments landscape and alter a country’s image on a global scale.

Maltese FIs have been under mounting pressure from the European Central Bank, as well as local regulatory authorities due to a significant number of ambiguous industries thriving in the country. For instance, the gaming sector accounts for 13.2 % of Malta’s overall economic activity. Called out to re-evaluate their risk profiles and strengthen AML and CFT strategies, FIs chose to not risk sky-high fines, rather terminate riskier customer bases. This has pushed many businesses to direct their payments to out-of-country vendors, while Maltese institutions lost trust due to unbalanced de-risking.

“Now, businesses operating in higher-risk markets are hesitant to rely on a single regulatory jurisdiction to mitigate risk exposure in terms of payments security. Yet provider diversification leads to missing out on a number of benefits, for example, potential discounts, offered due to high payment volume associated with a client,” explained Agnė Selemonaitė. “We’ve noticed this tendency amongst our own clients too. Many are being overly cautious and choose to carry out only a small fraction of payments, fearing for things to take a similar turn, as it did in Malta, and become the ones deemed high-risk.”

“However, higher turnover helps to better mitigate client-specific risks. For instance, the more vendors from any given corporate group are onboarded, the more we can learn about the payment behaviors in their industry, and, consequently, introduce better risk controls to prevent ML, TF and other threats to clients’ funds.”

Ms. Selemonaitė notes that hasty de-risking could contribute to other issues as well, like the growth of the shadow market. “The higher number of such accounts are rejected, the more inclined they become to look for alternatives to continue their business,“ she adds. “In a way, de-risking might increase the very thing it aims to mitigate for a more transparent market.”

That is why it is crucial for governments to establish a clear position on where the entire country stands in terms of risk tolerance. “Regulators implement changes that are passed down to them by the government. If the latter clearly communicates their stance beforehand – there is less room for distrust and ambiguity from the business’s perspective too.”

Selemonaitė argues that FIs should retain a healthy risk appetite and pool more resources into controlling dubious activities, rather than rely solely on de-risking as the basis for risk mitigation. “De-risking is a necessity – we have leveraged the practice ourselves. However, we are more focused on enhancing our overall risk control capabilities.”

She also raises the idea that sharing the market between banks and EMIs may be even more reasonable in terms of keeping risks at bay. “EMIs are more agile and prone to technology innovation, this allows them to have laser-focus on a single sector and become experts on its common threats. Thus deliberate market division creates the conditions for more strategic risk management across the sector.”

According to her, encouraging a dialogue between the regulators, fincrime watchdogs, market players and other institutions is equally important, as they determine the ins and outs of de-risking. Selemonaitė notes Lithuania’s State Tax Inspectorate (in Lithuanian – VMI) initiative as one of the examples of encouraging back-to-back communication: instead of handing out fines for possible compliance violations, they reported them back to the companies and gave a timeframe to address the issues. “In 6 years, this helped cut down on the auditing almost twice, as well as increased general trust in VMI, which rose from 25 to 75 percent, showing just how important it is to maintain a direct line of communication between regulators and regulatees.”

The TMNL initiative in the Netherlands is also a good example of how consistent dialogue can pave the way for more efficient and transparent process control. Following the initiative, banks are working closely with government parties, such as the Ministries of Finance and Justice and Security, to combat threats related to AML/CTF compliance via real-time transaction monitoring network.

“A joint approach on detecting suspicious patterns enables to take a firmer stand towards mitigating risks, emphasizing the point that, essentially, this is a two-way street: further growth and security in the sector depends on both sides’ efforts to keep communication open and transparent.”

Overall, refusing to work with certain customers or markets focuses only on avoiding risks. As she summarized, “the main goal should be not to shy away, but to increase the capacity to control risks on your own terms.”