OCC finally comments on bank ‘de-risking,’ weighing guidance on risk-related compliance decisions

The regulator of the nation’s largest banks is analyzing whether it needs to release guidance tied to the practice of “de-risking” out of certain industries, customer types and regions, a move by banks taken in some cases to lower exam scrutiny and penalty exposure.

The Comptroller of the Currency, Thomas Curry, stated that the regulator is examining information on the issue, particularly bank policies around “risk re-evaluation” practices. Banks in recent years have paid massive penalties tied to anti-money laundering (AML) compliance failures and have become more reticent to bank certain customers or operate in regions known for corruption or weak controls.

As a result, some institutions that have been penalized, suffered formal enforcement orders or simply want to endure less compliance risk and monitoring costs have dropped ties to risky businesses, such as money services operations and third-party payment processors, products and countries, such as Cyprus and Somalia.

“Nonetheless, both hard and anecdotal data show that many such relationships have been terminated, particularly those with foreign correspondent banks,” he said Monday at an industry conference.  “This data has compelled the OCC to take a deeper look at how banks conduct risk re-evaluation.”

One reason Curry could be getting into this issue now, a practice going on for several years at this point, is because the OCC is likely getting pressure from federal law enforcement agencies and the US Treasury’s Financial Crimes Enforcement Network (FinCEN), to try to get banks to not be so fearful when it comes to certain banking relationships, particularly foreign correspondent relationships.

That’s because those risky relationships happen to be very rich relationships, from a data and intelligence perspective, for federal investigators trying to find elusive, ephemeral tendrils in the international financial system tied to organized crime and terror groups.

If banks drop relationships to entire regions or banks in risky regions, such as those next to terror hot-spots, all of that data goes dark and goes to alternative channels, where the US has no visibility.

So that may explain why the regulator is looking at how the institutions it supervises develop and implement policies and procedures for evaluating customer risks as part of their BSA/AML programs and for making risk-based determinations to close customer accounts.

“Our goal is to identify current practices and possible gaps in existing policies and procedures for conducting periodic client risk re-evaluations and for making account termination decisions,” Curry said.

“Through our supervisory process, we’ve been looking at whether banks have explicit policies on risk re-evaluation and who is involved in making the decision to terminate a relationship,” he said.

Examiners are also looking at whether banks use oversight committees to review these decisions, whether the decisions are reported to the Board of Directors or senior management, and whether correspondents have an opportunity to address concerns before the relationship is terminated.

The OCC is in the process of gathering data and other information to get a better picture of current risk re-evaluation practices.

“Once we’ve digested this information, it may be that we’ll find it appropriate to issue guidance to OCC-supervised institutions to better communicate what we’ve learned,” Curry said.

“In the meantime, let me say that host country practices matter,” he said. “Strong national AML regimes may give OCC-supervised institutions a greater degree of confidence about retaining existing relationships with foreign correspondent banks. It might also inspire them to develop new correspondent relationships.”