Pitting business against compliance is a race to the bottom
For many banks, there is almost a line of demarcation between ‘the business’ of banking and its risk and compliance functions. Whereas the former may view increasing compliance requirements as a threat to growth, the latter can resent the apparent lack of goodwill exercised by ‘the business’. Efforts to improve risk management cannot really progress until the industry as a whole acknowledges the potential consequences of this schism and acts to redress it.
In 2015, The Wall Street Journal published what quickly became a sensational piece on the stunningly brazen corruption at the Malaysian 1MDB fund. The WSJ journal was not the first newspaper to break this story; local Malaysian outlets had been beating that drum for a while, but the paper’s global reach opened a can of worms that rapidly stunk across the globe to the doorsteps of regulators and law enforcement agencies in multiple countries, including the US Department of Justice. The jig was up on arguably one of the biggest fraud schemes of the decade.
The 1Malaysia Development Berhad fund, popularly known as 1MDB fund was a government run investment fund established in 2009 and a shared brainchild of Malaysia’s then prime minister Mr Najib Razak and one Mr Low Taek Jho (or Jho Low) a 28-year-old flamboyant businessman, in Kenyan media parlance. The overarching objective of the fund- on paper- was to promote direct foreign investment into Malaysia and forge long term strategic alliances and partnerships, particularly with Middle Eastern governments.
In less than a decade, however, Mr Low with the support of Mr Razak siphoned billions of dollars from the fund to shell companies and offshore accounts they controlled. The money was then moved around the world, disguised as business proceeds or family inheritance and used to purchase luxury real estate, artwork, jewelry and even bank rolled the block buster movie, “The Wolf of Wallstreet.” All told it is estimated that at least USD 3.5B was misappropriated from the fund by Mr Low, Mr Razak and their associates.
Based on the revealing U.S. Department of Justice (DOJ) filings, the roll call of those complicit was long as it was wide, consisting mainly of politicians from multiple jurisdictions and their hangers on. But as it happens with scandals of these magnitude, the corruption was also enabled or aided by a number of international financial institutions. From the filings and regulatory settlements/fines, the banks were used by Mr Low and his associates both to sidestep anti money laundering controls and in some cases, to bribe the higher ups of middle eastern governments in exchange for lucrative bond underwriting contracts with 1MDB.
The Banks’ Anti Money Laundering divisions were well aware of the risks associated with dealings with 1MDB and its associates, and on multiple occasions cautioned the business about said risks, but the risks were either ignored or management conspired with 1MDB surrogates to hoodwink Compliance officers according to filings and media reporting. The suspicious transactions were therefore processed undeterred and consequently billions of taxpayer money was lost.
The losses in this case may be some of the direst globally, but the root issues themselves are not unique. Numerous examples, including here in the East African region, can be cited on the persisting disconnect between compliance and business. Except for a small minority of institutions, compliance departments appear to be constantly at odds with the business units, flying in the face of the spirit of global anti money laundering laws, which envisage a harmonious working relationship where compliance protects business against unscrupulous actors and business on the other hand heeds to the advice of compliance.
"If businesses accepted that risk management is not only necessary in avoiding bad business and staying compliant but also a key catalyst to business growth and innovation, there would be no need to call for changes. It is high time that businesses welcome compliance back into the fold."
The Kenya Proceeds of Crime and Anti Money Laundering Act (“POCAMLA”), requires that reporting institutions (who are mainly banks) appoint a Money Laundering Reporting Officer (MLRO), who is of management level with relevant and necessary competencies, authority and independence. Ideally, the MLRO should functionally report directly to the Board of Directors and only administratively to the CEO. This is in alignment with the international standards of Anti Money Laundering (AML) laws. However, in real life and as this case study shows, this often plays out differently. With the Board having limited visibility on the day to day operations of the institution, the CEO and Senior Management have more latitude to impose on the MLRO on what is an acceptable attitude to risk, which is often driven by business interests. This imposition may take different forms, including implicit or explicit threats, coercion or lies. Were this not the case, known inveterate corrupt politicians would have nowhere to bank.
This therefore poses the question, does this self-policing model actually work? It is to be appreciated that there are no neat solutions and any alternatives are likely to be cumbersome, expensive or both. But there is a worthwhile discussion to be had on the improvement opportunities that can further bolster the ability and independence of compliance units without fear of perceived or actual reprisal from management.
An alternative to the existing model would be seconding bank MLROs from the Financial Reporting Centre, the regulator mandated to oversee AML compliance. The banks can then contribute the employment expenses of the MLRO directly to the Reporting Centre, creating the much-needed distance between the MLRO and the bank. This would have the effect of diluting the hold of the management on the MLRO and empowering the MLRO to stand up to management when situations call for it.
Another approach is a complimentary one to the existing model, and that is increasing the external reviews on reporting institutions, where issues pertaining to lack of independence of the compliance department can be picked and reported to the regulator. In the recent past, we have seen regulators in the East African region adopt this approach with Kenya mandating all banks to obtain a one off external review in 2019 and Uganda following suit shortly thereafter, requiring Banks to undertake a similar review every two years. If such reviews are embedded within the financial ecosystem applying the right regularity and expertise, we are likely to see improvements in the independence of compliance.
Finally, and most importantly, there must be a change of attitude in how business units view compliance. If businesses accepted that risk management is not only necessary in avoiding bad business and staying compliant but also a key catalyst to business growth and innovation, there would be no need to call for changes. It is high time that businesses welcome compliance back into the fold.
Related articles
Balancing access to digital lending with appropriate regulation in Kenya
Increasing access to credit is an essential aspect of Kenya’s efforts to accelerate economic growth. In light of the emerging nature of the non-deposit taking digital lending industry in Kenya, a complicated licensing framework specific to the digital lending industry may stifle its growth. PwC's Joseph Githaiga and Christopher Ndegwa discuss
Common pitfalls in ICT audits
Technology has evolved from being an enabler of business processes to becoming a key driver of business strategy. Now more than ever before, C-suite executives and Boards in the Financial Services sector need to understand the risk profile of their organisations and confirm that their systems and processes are adequate and capable of managing risk within acceptable tolerance levels. PwC's Peter Ojekunle writes
Harnessing Tanzania’s FinTech potential
It is now very difficult to imagine a world without the internet or mobile devices. Despite the increased activity in the fintech sector in Tanzania and the positive multiplier effect in the economy, there is significant potential for further growth. PwC's Uchenna Onuoha writes
Brenda Guchu
Senior Associate - Advisory at PwC Kenya
T: +254 20 285 5759 E: brenda.guchu@pwc.com
