What Bank Directors Need to Know About AML and Basel II

When the regulations of Basel II come into force, they will determine the minimum capital banks’ need to reserve in order to absorb potential losses from market, credit and operational risks. In essence, Basel II is designed to make banking safer by encouraging banks to align their capital resources more closely to the demands of their regulators.

The regulations encompassed within anti-money laundering (AML) legislation have put banks and other financial institutions under tremendous pressure, necessitating a need to secure the interest of genuine customers on the one hand, while also avoiding liability exposures on account of failure to report suspicious transactions to the regulatory authorities.

Compliance with some of the most stringent regulations under both AML and Basel II will have a large impact on systems infrastructure in almost all cases. It will require a bank to amass and process a considerable amount of historical data. Databases will have to be built and integrated with the bank’s processes, as data must be available to banks and their subsidiaries across all geographical locations.

A need to know basis

Some of the key regulatory requirements that the board of directors must be aware of and be able to act on are as follows:

• They should be aware of the major aspects of operational risks as a distinct category, and they should approve and periodically review the bank’s operational risk management framework.
• They must ensure that the bank’s operational risk management system is subject to continuous internal audit, and that this internal audit process is carried out by staff members who are well qualified, well trained and operationally independent.
• They must ensure that the following processes are being used to identify and assess operational risks:
  Risk mapping: under this process, organizational functions or process flows under various business units are mapped by risk type.
  Key risk indicators: these are statistics, often financial, which can provide insight into a bank’s risk position.
• The board should implement a process to regularly monitor operational risk profiles and material exposure to losses. There should be regular reporting of pertinent information to senior management and the board of directors that supports the proactive management of operational risk

There are synergies that can be created by appropriately linking the investment made in an AML solution with those required under Basel II. This solution should be capable of collating the same banking data where data required by AML regulations directly relates to data required under Basel II regulations. The bank’s AML system should have the ability to monitor all transactions all the time. It should provide the right data management capabilities, with common feeds from the transaction systems in the chart of accounts to the data warehousing for broader finance and risk data.

Where AML and Basel II meet

How do anti-money laundering efforts help bank directors to address the requirements of Basel II? Firstly, banks are required to maintain three years of historical data before Basel II goes live. The original Basel Capital Accord of 1988, adopted by more than 100 countries worldwide, has been superseded by the latest and more comprehensive Basel II, which comes into force in 2006/7. By designing a transactional framework for anti-money laundering that aligns with Basel II requirements, banks can make the best use of their information without investing in multiple systems.

Secondly, unlike the original accord which dealt with market risk only, Basel II addresses credit and operational risk as well, and these cannot be tackled with poor data. Poor data still remains the primary obstacle to effective risk monitoring, despite the proliferation of systems that promise to improve its quality and visibility. Moreover, Know Your Customer (KYC) is the cornerstone of AML and is important for implementing Basel II. Taking these factors into account, it becomes clear that the groundwork required for implementing anti-money laundering solutions and Basel II is largely the same. That said, the scale of work involved in implementing Basel II is expected to be as significant as that of Y2K and the euro conversion.

Basel II defines operational risk as: “The risk of direct or indirect loss resulting from inadequate or failed internal processes, people and systems or from external events”. The new accord requires banks to set aside a portion of their capital against operational risk. Since, by the above definition, failure to comply with anti-money laundering regulations affects operational risk, Basel II will go hand in hand with the preparedness of banks in meeting anti-money laundering requirements.

The new accord relies on a framework of three mutually reinforcing pillars: Capital adequacy, centralised supervision, and market discipline. Under the second pillar, supervisors have a right to intervene if banks do not employ effective internal processes to evaluate risks and assess the adequacy of capital held against operational risk. Many banks and financial organisations have failed to address the risks posed by technological invasions, and the outcome of the Barings and Enron scandals proves that the consequences of failure to address operational risk can be far-reaching. With the new regulations catching up swiftly, there is a heavy burden on bank directors in the adoption of a phased approach to implementing systems and processes for AML and Basel II.

Since AML and Basel II cover virtually the entire spectrum of banking operations, a methodological approach to address these two challenges will equip banks to substantially lower their risk profiles and to improve profitability. The sooner banks are able to perceive this, the earlier they will be equipped to push themselves through the crisis. Banks that move fast to implement, integrate and upgrade strategically their internal and external risk management capabilities will gain competitive advantage in the form or efficiency, transparency and security.

Comments are closed.