New responsibilities

The strong emphasis on risk management controls means that customer due diligence has become more rigorous.

There is now a greater emphasis being placed on knowing the beneficial owners of a corporate entity. In some cases, establishing the beneficial owner can be challenging: Some corporates are structured to obscure the ultimate shareholders. Ownership can also change, so banks must be sure their records are regularly updated.

While many corporates are becoming increasingly comfortable about providing information on their beneficial owners, others may be put off by having to provide it — especially the first time the information is requested. This requirement, however, is designed for the protection of all users of the financial system. Moreover, inquiries about beneficial ownership are not at banks' discretion: They are a regulatory expectation that applies to all banks.

Banks must also closely monitor their clients' ongoing behavior. By understanding their expected levels of activity, it is easier to detect unusual behavior — such as a change in payment amounts — so that an investigation can be launched. Banks need to have clear plans for escalating and reporting irregular behavior as soon as it is noticed.

Understanding clients' customers

Another new responsibility placed on banks in recent years is the need to pay attention to their clients' customers, especially in areas such as casinos and money service businesses. Many consumer technology companies have expanded into the payment business. However, while these companies are responsible for effecting a payment, they depend on financial institutions — most usually banks — to provide access to the payments system and to process the payment.

Non-bank companies that provide payment services are subject to lower regulatory expectations than banks, and therefore may not have the required regulatory information on the client that a bank needs to complete the transaction. This puts additional responsibility on banks to evaluate the compliance programs of the payment providers they work with. Banks may therefore be interested in obtaining more information about the payer and payee involved in a transaction.

Unintended consequences

One unintended consequence of the increase in risk management controls is that some banks, rather than adopting stronger controls, are choosing to steer clear of certain types of customers. This exit by some banks from certain markets reduces competition, which could lead to increased customer pricing. Moreover, there could be broader economic consequences.

For example, there is still some uncertainty about the compliance responsibilities of banks involved in providing payment services to correspondent banks. There is a risk that some banks could choose to exit this market in order to de-risk, prompting banks that require correspondent banking services to turn to smaller institutions with potentially weaker controls: Clients' customers will still transact through the banking system but with less transparency. As importantly, the correspondent banking system is one of the cornerstones of the global financial system: All banks rely on it, since no bank has a network that reaches every part of the world. If banks become more risk averse in relation to correspondent banking, it could become more difficult for corporates to make or receive payments in certain countries.

Another area where banks face increased responsibility to perform due diligence on end customers is trade finance. The crucial importance of trade finance to global trade means that a reduction in bank activity in this area — if banks choose to de-risk — could be detrimental to economic growth.

A new culture

In addition to banks knowing more about their customers, regulations have spurred banks to re-think how they address compliance because the quantity and quality of information required has increased.

Increased regulatory responsibilities have resulted in a new ethos of personal responsibility at many banks. Almost everyone within a bank is affected by regulations. Banks have sizeable, dedicated teams of risk professionals focused solely on regulatory compliance. Equally important is the understanding by all employees within a bank — both customer facing and in the back office — of their responsibility to safeguard the bank and the overall financial system, and the need to incorporate their learnings into their daily workflow.

As well as having a moral obligation to meet compliance requirements in order to safeguard their customers, banks have a strong financial imperative to implement regulations effectively. Regulators (and in the U.S., the Department of Justice) have become more aggressive in pursuing regulatory breaches. Furthermore, the fines now being levied for regulatory infringements are enormous: Earlier this year, a large European bank agreed to a multi-billion dollar settlement with U.S. authorities for violating U.S. economic sanctions.

Expectations surrounding regulatory programs are significantly higher than in the past. Necessarily, regulators want to know that a program is being developed when new regulations are introduced. However, their expectations regarding the speed with which new compliance measures can be introduced are high. Similarly, when problems or omissions are noted by a regulator (or an auditor) the expectation is that they will be addressed rapidly.

Standards continue to change over time. In addition, best practices at one bank rapidly become the expectation at all banks. In order to maintain the highest standards on an ongoing basis, a bank must have a vision in relation to compliance, invest appropriate resources to build the necessary control and structures, and have an effective means of executing and monitoring its strategy.

Banks also need to be flexible to respond to changing conditions rapidly. For example, sanctions imposed by the U.S. and the E.U. following the annexation of Crimea by Russia (and successive rounds of escalation more recently) required banks to comply the moment the sanctions were introduced, despite the need to reconfigure sanction screening filters. Oftentimes creating an additional challenge, sanctions guidance is relatively broad: Some interpretation by the bank of the intended consequences of regulations may be necessary, which can be difficult in short timeframes.

Corporates' responsibilities

For banks, increased regulation and higher expectations regarding compliance can be difficult — and costly — to meet. To assist their banking providers, corporates need to ensure that their own client teams maintain robust due diligence and risk controls. Moreover, corporate treasurers should talk to their banks about their regulatory responsibilities and the potential implications, including the need for greater transparency and information from the corporate.

Many regulations introduced in recent years do not affect companies directly or require them to build their own controls. However, they do require corporates to adopt a new mindset in dealing with their banks. Corporates have a responsibility to be aware of banks' new regulatory requirements and be prepared to share more information with their bank, more readily than in the past.