Latest posts by Graham Barrow (see all)
OK, that’s quite a provocative title but helpful in gaining your attention.
In a recent article, among a number of detailed and thoughtful comments, was a sequence of questions from David Maxwell which, in the round, represented some quite profound challenges to banking in general and Anti Financial Crime practitioners in particular and I’d like to pick up some of the bigger questions he asked and tackle them here.
“Have global banks become too big to manage?”
In a companion article written by my business partner Ray Blake (link) he made mention of Dunbar’s number. I first came across this proposition in Malcolm Gladwell’s book “Tipping Point” in relation to the Gore company (manufacturers of Gore-Tex) who apply a limit of 150 people per working unit. If the limit is exceeded, the company construct another building (often next door) for the next unit to inhabit.
The reason behind this is that Bill Gore, apparently intuitively, discovered that once a workforce had grown above 150, people become disconnected from each other and the purpose of their role within the business. With that disconnection came a falling off in output, job satisfaction and engagement.
This happened to coincide with research performed by anthropologist and evolutionary psychologist Robin Dunbar who discovered the self-same number as, apparently, a natural limit to the social networks that most people can maintain. It has to be pointed out that his research was conducted in the early nineties before the online social network became ubiquitous and relates far more to real life social networks than to virtual manifestations.
However, I do think this is a powerful idea. One of the things I have found repeatedly when training a wide variety of people both in the first line (sales or sales support, client onboarding etc.) and in the second line (compliance, AML, Investigations, etc.) that there is little, if any, appreciation of what the world looks like from the other side of the fence.
Hence compliance is the “business prevention unit” and the sales team are “avaricious chancers” who break all the rules at the first opportunity.
Oddly, if you are ever able to get them in a room together (away from their workplace) a paradigm shift often takes place.
But these tend to be special circumstances and hard to replicate across the board. So the question is, can banks organise themselves in small units encompassing sales, sales support, compliance etc., and still be cost effective? I suspect the answer to that may be no, at least within wholesale, commercial and global banking environments, but it could be a conversation worth having.
It would be interesting to contrast the old fashioned manner of retail banking, based on branches, bank managers and local staff who genuinely “knew” (or at least, got to know) their customers over time, with the incidence of money being laundered through the retail banking system.
Of course, the explosion in global criminal activity has occurred at much the same time as the move away from personal, local relationships towards centralised online relationships and, while I’m not aware of any research into this, it would be interesting to see if this is merely a correlation and not a causation.
After all, cloud storage, big data and RegTech are being held out as the potential saviours of bank’s anti-financial crime controls. It would be odd if the centralisation and automation of systems and controls was also one of the causes.
I wrote in another article about whether banks make good moral decisions and I think, ultimately, regardless of the technology that we can bring to bear, if banks do not address the moral dilemmas posed by accepting and transacting business with customers who cannot properly validate their credentials, no amount of technological wizardry will make the difference. And that means either splitting banks into smaller, more manageable, more socially networked units or addressing the moral issues through training and education.
Either way, if people within the bank do not feel that they count, do not understand the role they play and how they can make a difference, do not feel listened to or important, then the situation will never improve.
How many people reading this article who work within one of the major banks will be nodding at this point.
And how many people who work for a small consultancy or within any other business unit where they pretty much know everyone else will also understand the profound difference such a situation makes to their job satisfaction?
David also said in his comments
“We have moved away from the original concept of a partnership approach, in which the financial industry would work alongside intelligence agencies, the police and the regulators to combat financial crime and catch the bad guys. The industry, especially the banks, are seen as part of the problem.”
I suspect that’s a view that many will echo.
I’m not entirely sure I do, though.
I have been fortunate to work with a number of current and former regulators and, consistent across this population, is a desire to work with the banks to help them to implement effective control frameworks. I’ve also worked with former members of the NCA and, whilst they unanimously despaired at the level of defensive reporting they received when they were there (or with their predecessor) or the poor quality of the SARs that were written, they were still keen to be involved in educating the filers to improve the system and make it work more effectively.
Yes, big data and RegTech can make a difference here as well, but firms have to find the courage and maturity to stop filing SARs on any potential misdemeanour and restrict themselves to where there is a clear suspicion of money laundering as defined in the relevant acts.
Again, it will be argued that the Senior Managers Regime encourages defensive filing but what is the alternative? Look back to the credit crunch and the fallout from that and it’s clear that a lack of accountability for the actions taken by many senior managers at that time made the situation worse. If you are going to take the money that comes with a position of such importance it doesn’t seem unreasonable that you should accept the accountability as well.
What matters here is a clear understanding of what that accountability is and how you meet it. All of the conversations I have had with regulators have centred on intention as much as anything else. Was the intention of the action to achieve the right outcomes even if the actuality fell short? Or was the intention to circumvent the right outcome in order to maximise profits or minimise costs?
The reason that the FCA moved from rules based to outcomes based regulation in the first place was to allow firms flexibility in approach and to avoid the previous issues around firms ticking the box against each rule but not actually improving the outcomes for their customers.
All of my conversations with regulators have left me with the strong impression that their enforcement powers are only ever used as a last resort and then only reluctantly. What they want is for firms to be open with them. To tell them when things go wrong. To do their level best to put them right. They know that firms cannot operate in a risk free environment (such a thing isn’t possible) but they do want firms to understand the risks that their business model exposes them to and take suitable action to manage them to the best of their ability.
Let me give you a couple of quotes from regulatory Final Notices. Both are in respect of Deutsche Bank.
The first one relates to their 2015 LIBOR fine totalling £324m (of which £100.8m was for breaching principle 11 – A firm must deal with its regulators in an open and cooperative way, and must disclose to the appropriate regulator appropriately anything relating to the firm of which that regulator would reasonably expect notice.).
In the summary of reasons, para 2.3 says:
“Furthermore, Deutsche Bank’s unacceptably slow and ineffective response to some of the Authority’s enquiries has prolonged the process of formal investigation significantly. This included misleading the Authority on issues of importance. These failings involved Deutsche Bank Managers and Senior Managers.”
Para 5.30 (Principle 11 failings) goes on to say:
“In a matter of this scale, it is expected that mistakes will be made and there will be allowances for human error. However, the scale and seriousness of the failures to collect and provide documents by Deutsche Bank during this investigation are such that they together amount to a breach of Principle 11, especially in light of the significant delays to the investigation and difficulties that resulted.”
Contrast these statements with the following which appeared in their recent final notice in relation to their AML failings.
In the summary of reasons, para 2.18 says:
“The Authority has also considered the nature and extent of co-operation provided by Deutsche Bank during the course of its investigation. Deutsche Bank has been extremely co-operative, it promptly notified the Authority following the discovery of the mirror trades, and it has taken significant steps to assist the Authority in its investigation. Deutsche Bank is continuing to undertake remedial action and has committed significant resources to improving its AML control framework. The Authority recognises the work already undertaken by Deutsche Bank in this regard.”
Para 6.18 goes on:
“The Authority considers that the following factors mitigate the breach:
(1) The Authority expects regulated firms and individuals to work with the Authority in an open and co-operative manner at all times. The Authority considers that Deutsche Bank’s co-operation was exceptional throughout the Authority’s investigation by ensuring that senior management was engaged from the outset, conducting extensive and wide-ranging internal investigations and reporting the conclusions of those investigations to the Authority in a fully transparent manner.”
What a contrast! The first FN was in April 2015, the second January 2017. It would be good to think that Deutsche Bank had learned its lesson in between times, and that the people in the firing line were intent on ensuring that they were not responsible for adding a further £100m to the inevitable fine (and potentially facing personal censure along the way).
So, even though the situation at DB was pretty dire and their control framework was clearly inadequate, a close reading of the Final Notices does indicate that change can (and did) happen, even if it was as much through stick as carrot.
Have other firm’s taken notice of this difference in the way that the FCA reported their dealings with DB? I hope so, because it should tell them that the regulator is willing to engage positively with firms who are open with them, and that they will acknowledge this through both words and actions when they do so.
On the other hand, if firms decide their best course of action is not to tell the regulator anything they don’t need to in the hope of either avoiding or mitigating any potential fine and censure, it will surely end in tears.
And to return to my original theme, if both sales and compliance sat within a much smaller, cohesive team, all of whom knew and worked alongside each other, would the mirror trading or LIBOR cheating have happened in the first place?
I can’t give you a definitive answer to that question but I feel, instinctively, that the likely answer is no.
Is it possible to organise banks this way? I can think of a number of challenges they would have to overcome but it would be interesting to see if it was possible.