LEGAL SIDEPIECE

Your Guide to Legal Insights

Beyond Compliance Programs: Re-examining the Role of Disclosures in Financial Risk Management as a Tool for curbing Financial Crimes

Published by

Legal Sidepiece

on

Written By:

Lucy B. BENSON; Legal & Corporate Governance Professional;

Banks and Financial Institutions spend billions of dollars annually to ensure compliance with regulations on Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT). However, there is little evidence based on empirical study to suggest that the amount of money expended by these financial institutions to build robust compliance programs has brought the much desired result. This is true in the face of huge fines and penalties still meted out to financial institutions by regulators for non – compliance and/or breaches in internal control measures. This article takes a glossary look at the disclosure requirements on financial institutions at the international level and the steps taken by domestic financial institutions to implement these requirements. It makes a case for the need to re-examine the role disclosures play as a regulatory tool for financial risk management. It suggests that disclosures can play a pivotal role in financial risk management if repositioned to be used at the beginning of the financial risk management process rather than functioning as an end product of financial risk management. This article also offers recommendations for regulators on redefining the role of disclosures in financial risk management.

Introduction

Financial institutions are an intrinsic part of a nation’s economic growth largely because of the central role they play in enabling business transactions, investments and maintaining financial stability. These key functions performed by financial institutions are not without their associated risks also known as financial risks which can hamper the overall performance of a financial institution resulting in negative consequences for the broader economy. In light of this, the importance of financial risk management cannot be overemphasised. Proper financial risk management mitigates risks which in turn minimises financial losses and boosts the integrity of the financial system.

In this context, financial risks are those factors or occurrences that can cause monetary losses or have an adverse outcome on an organisation’s financial health. For financial institutions, financial risks can occur from changes in the dynamics of financial markets (market risks); default of a financial obligation by a contracting party (credit risks); lack of funding to meet operational costs (liquidity risks); failure of an organisation’s internal processes and systems (operational risks); and non-compliance with legal and regulatory requirements (legal and regulatory and regulatory risks.1 Accordingly, financial risk management involves implementing strategies, policies and controls to identify, analyse and mitigate the potential occurrences of these financial risks.

Most studies and industry reports reveal that a holistic and well structured internal control system can help financial institutions manage financial risks effectively and ultimately prevent the multiple occurrences of financial crimes.2 An internal control system creates a well structured mechanism made up of policies, procedures and processes that are designed to enhance the efficiency and effectiveness of an organisation’s operations by segregating duties and responsibilities to various personnel in order to ensure compliance with applicable laws and regulations.3 It is an essential part of an organisation’s compliance program since the successful prevention and management of risks including financial risks depends on the inherent strength or weakness of the internal control system. Internal control systems act as the foundation upon which the corporate governance and compliance structure stands. This explains why most financial institutions expend billions of dollars on compliance programs and initiatives annually hoping to set up an efficient system of internal controls that achieves the organisation’s compliance aims and objectives.

A report published by Oxford Economics in collaboration with LexisNexis revealed that in the United Kingdom, financial institutions spend a staggering sum of €38.3 billion annually on compliance which is equivalent to Estonia’s GDP.4 In a similar vein, The True Cost of Financial Crime Compliance Study – Europe, The Middle East and Africa (EMEA) Report also revealed that financial crime compliance costs for firms in the EMEA region increased for 98% of financial institutions in 2023 raising the total cost of financial crime to $85 billion.5

Given the huge sums spent by these institutions each year, one would expect a corresponding high-achieving result on compliance. Regrettably, this is not the case. Due to the dynamic nature of compliance requirements, effective compliance programs require regularly monitoring and updating to keep up with the evolving nature of risks, as well as the complex and fluid nature of financial crimes. Therefore, firms with outdated monitoring systems or gaps in their internal control system may still find themselves falling short of regulatory requirements. For instance, in 2024, the Central Bank of Nigeria, acting as regulator, imposed over N15 billion in penalties on 29 Nigerian banks for non-compliance with AML/CTF regulations. Similarly, banks in South Africa, the United Kingdom, United States of America, Australia and indeed all around the globe continue to face sanctions and/or fines for non-compliance with regulatory requirements.6 This creates a major problem for corporate governance and compliance. On the one hand, lies the commitment and resources of financial institutions to achieve full compliance with regulatory requirements and on the other hand, the systemic failures of these institutions under the scrutiny of regulators. Consequently, there is a strong need to look beyond compliance programs for a nuanced solution that bridges the gap between the dynamic nature of risks and regulations on one part and the introspective nature of internal control systems on the other part.

Disclosure Requirements as a Regulatory Tool for curbing Financial Crimes

In business terms, disclosure requirements are legal obligations that mandate the reporting of specific information about an organisation’s operations and transactions, ensuring transparency in business transactions. Disclosures whether mandatory or voluntary provides business information to the public, financial analysts and investors. The business information provided can assist regulators, analysts and investors measure an organisation’s financial performance, commitment to ethical and legal standards, and gauge the overall performance of an organisation in financial markets.7

The Financial Action Task Force (FATF) drives measures to combat money laundering and terrorist financing at the international level by setting out a comprehensive and consistent framework of measures which countries should implement in order to combat money laundering and terrorist financing. One of such recommendations is FATF Recommendation 18 which obligates financial institutions to implement internal programmes against money laundering and terrorist financing across their groups, foreign branches and majority-owned subsidiaries.8

Recommendation 18 in itself does not contain express provisions on disclosures however, a combined reading of Recommendations 26, 27 and 28 shows that countries are expected to supervise, monitor and ensure compliance by financial institutions with requirements of AML/CTF regulations. Recommendation 27 specifically instructs countries to empower regulatory supervisors to “compel production of any information from financial institutions” that is relevant to monitoring compliance with AML/CTF regulations. The production of this information often comes in the form of disclosures published in annual reports or financial statements.

At the regional level, regional organisations such as the Inter-Governmental Action Group against Money Laundering in West Africa (GIABA), Financial Action Task Force of Latin America (GAFILAT), Eastern and Southern Africa Anti-Money Laundering Group (ESAAMLG) and the Middle East and North Africa Financial Task Force (MENAFATF) are FATF-styled regional bodies and they aim to implement FATF standards while taking into consideration the peculiar needs and challenges of their regions.9 In line with this, regulators in these regions set up guidelines and codes of corporate governance imposing robust disclosure requirements on their domestic financial institutions. For example, in Nigeria, the Central Bank of Nigeria issued the Corporate Governance Guidelines for Commercial, Merchant, Non-Interest and Payment Service Banks (2023) and the Corporate Governance Guidelines for Financial Holding Companies in Nigeria (2023). Both Guidelines contain disclosure requirements on directors, corporate structure, risk management, fraud and forgeries, etc., and the disclosing firms are expected to comply with these requirements or face sanctions.

As a tool for curbing financial crimes, disclosures can play a vital role in the hands of regulators because disclosures can provide early warnings that there are gaps or weaknesses within an institution’s internal control system. These gaps or weaknesses can be flagged by regulators and referred to the affected institution to be closed-out before the occurrence of serious infractions. However, given that internal control systems are part of the internal affairs of an organisation and cannot continuously be subjected to external observation, the accuracy of disclosures from an organisation would depend largely on the level of transparency of that organisation.10 This has led to the argument that disclosures cannot be utilised to prevent fraud or aid the detection of illicit financial activities. In accordance with this argument, some commentators like Dalley suggest that a person who is willing to commit fraud will also be willing to manufacture false information to meet any disclosure requirement.11 Nevertheless, active review and analysis of disclosures can reveal inconsistent statements and misrepresentations which can light the path towards detecting crime or suspicious activities. For instance, the discrepancies at Enron (The Enron Scandal) were first detected by analysts and journalists reviewing publicly disclosed information. Thus, it is arguable that stipulating disclosure requirements for organisations has some advantages.

One of such advantage is that disclosure requirements facilitates improved oversight of regulators. By providing regulators with valuable information, regulators can report financial crimes or suspicious financial activities to the appropriate authorities for investigation and prosecution. This can help deter illicit financial activities. Additionally, disclosure requirements imposes a higher burden on organisations for increased transparency and accountability. Without disclosures, the activities of organisations would remain an internal concern but the imposition of disclosures forces organisations to reveal information in a way that portrays transparency and accountability in an attempt to boost public confidence and attract investors.

From the foregoing, it is clear that disclosures serve a useful purpose in financial risk management. But, in order for disclosure requirements to efficiently function as a roadblock to financial crimes, regulators need to play a more proactive role in how they utilise disclosures. To make disclosures more effective in curbing financial crimes, regulators should use disclosures to make informed decisions about the efficiency of an organisation’s internal control system. This approach positions disclosures at the beginning of the financial risk management process. To achieve this, regulators need to identify and recognise for themselves the kind of information they require from disclosures. This means that, away from the regular use of disclosures by financial analyst or investors, regulators should make themselves the target of disclosures, this way, regulators can establish what kind of information is required and the purpose of that information.12 This places a major responsibility on regulators to stay updated with emerging risks and regularly assess the type of information required to properly manage these emerging risks.

Recommendations

In repositioning disclosures as a tool for curbing financial crimes, regulators can deploy modern technologies such as data analytics or machine learning to empower compliance analyst or internal control specialists who would lead Committees on Corporate Disclosures. These committees would work with a redefined mandate focused on setting up mechanisms around which disclosures targeted at regulators would operate. This mechanism analyses disclosures to identify what information is required, the veracity of the information by comparing the given information with other available information in the public domain and makes forecast on potential loopholes or the need for tighter compliance measures.

Furthermore, recommendations issued by regulators to financial institutions to make changes to their internal control systems should be closely monitored to ensure compliance as soon as possible. Compliance with these recommendations should form part of disclosure requirements. This is important because in the time frame between identifying a gap or weakness in the control system and properly implementing new measures to address such lapses, fraudsters can take advantage of the vulnerabilities in the system to perpetuate fraud.

Conclusion

Beyond compliance programs, disclosures can assist regulators assess the effectiveness and efficiency of an internal control system. The more effective and efficient a control system is, the easier it is for an organisation to fulfill its compliance obligations. Therefore, regulators can achieve more positive results with disclosures if they widen the scope of disclosures to include vital information targeted at regulatory compliance and AML/CFT prevention.

It is worth noting that disclosure requirements are not intended to function as a standalone regulatory mechanism. Disclosure requirements are most effective when administered in conjunction with other financial crime prevention measures such as regular staff awareness training and external audits.

Information on clear ownership of transaction monitoring process, the effectiveness and configuration of transaction monitoring systems, routine testing and updating of screening systems and awareness training on emerging risks can help regulators utilise disclosure requirements optimally.

References

  1. Corporate Finance Institute, Financial Risk Management Strategies <https://corporatefinanceinstitute.com/resources/career-map/sell-side/risk-managment/financial-risk-management-strategies/&gt; ↩︎
  2. Martinez, V. R., Complex Compliance Investigations, Columbia Law Review , Vol. 120, No. 2 (March 2020) Pp. 249 -308 <https://www.jstor.org/stable/26902675&gt; ; Gad, J., Voluntary Disclosures on Control System over Financial Reporting and Corporate Mechanisms: Evidence from Poland, Journal of East European Management Studies, Vol. 25, No. 4 (2020) Pp. 698 -729 <https://www.jstor.org/stable/26999932&gt; ↩︎
  3. Vutumu, A., Aregbeyen, O., & Akinteye, A.S., Internal Control and Fraud Prevention in the Nigerian Public Sector: A Partial Least Square Structural Equation Modeling Approach, Journal of Financial Risk Management,Vol. 13, (2024) Pp. 703 -729 <https://www.scirp.org/journalIjfrm&gt; ↩︎
  4. Oxford Economics, True Cost of Compliance – 2024 Report, <https://www.oxfordeconomics.com/resource/the-true-cost-of-compliance/&gt; ↩︎
  5. LexisNexis Risk Solutions, <https://risk.lexisnexis.com/global/en/about-us/press-room/press-release/20240306-true-cost-of-compliance-emea/&gt; ↩︎
  6. The Payments Association, Key Learnings from 2024’s biggest Financial Crime Fines, Thistle Initiatives,
    <https://thepaymentsassociation.org/article/key-learnings-from-2024s-biggest-financial-crime-fines/?&gt;
    ↩︎
  7. Jiao, Y., Corporate Disclosure, Market Valuation and Firm Performance, Financial Management, Vol. 40, No. 3 (2011) Pp. 647 – 679 <https://www.jstor.org/stable/41237920&gt; ↩︎
  8. FATF (2012 – 2025), International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation, FATF
    <https://www.fatf-gafi.org/en/publications/fatfrecommendations/fatf-recommendations.html&gt;
    ↩︎
  9. <https://www.fatf-gafi.org&gt; ↩︎
  10. Gad (n 2 ) P. 702 ↩︎
  11. Dalley, P. J., The Use and Misuse of Disclosure as a Regulatory System, Florida State University Law Review, Vol. 34, No. 4 (2007) Pp. 1089 – 1129 <https://ir.law.fsu.edu/Ir/vol34/iss4/2&gt; ↩︎
  12. Dalley (n 11) ↩︎

Leave a comment

Previous Post
Next Post

Discover more from LEGAL SIDEPIECE

Subscribe now to keep reading and get access to our full services

Continue reading