A methodology for enterprise-wide risk assessment in small banks and credit union
Date | 01 February 2021 |
Pages | 372-393 |
DOI | https://doi.org/10.1108/JMLC-08-2020-0098 |
Published date | 01 February 2021 |
Subject Matter | Accounting & finance,Financial risk/company failure,Financial compliance/regulation,Financial crime |
Author | Philippa Duncan |
A methodology for enterprise-wide
risk assessment in small banks
and credit union
Philippa Duncan
University of Belize –Belize City Campus, Belize City, Belize
Abstract
Purpose –This paper aims to provide an easy to follow, practical guide for small traditional banks and
credit unions to conduct an enterprise-wide risk assessment of the financial institution’s anti-money
launderingcompliance program.
Design/methodology/approach –Information was collected from relevant documents published by
global standard setters in the disciplines of anti-money laundering, financial crime prevention and risk
management.The data was integrated with common challenges experienced by small financialinstitutions to
produce an application-basedguide that practitioners can readily implement.
Findings –Though not a new concept, macro-level financialcrises and institutional level financial crimes
have influenced the rapid evolutionof risk management in financial institutions over the past three decades.
Small unsophisticatedbanks and credit unions are expected to now perform an internal risk assessment.An
abundance of informationis available on risk assessment, but small institutions remain challengedin finding
a turnkey document that is readily actionable to stimulate a less arduous undertaking, especially given the
institutions’limitedresources.
Research limitations/implications –The setting reflects small deposit-taking institutions with
traditionalservices. It is tailored for easy understandingand practical use by the institutions.
Originality/value –This could influence small institutionsto conduct enterprise-wide risk assessments
and formulateand use more specific risk managementpolicies.
Keywords Risk management, Risk assessment, Anti-money laundering,
Enterprise risk methodology, Enterprise-wide risk assessment
Paper type Research paper
Introduction
Macro-level financialcrises and institutional level financial crimes have influenced the rapid
evolution of risk management in financial institutions over the past three decades. Post
mortem conducted on the 2008 financial crisis highlighted weaknesses in risk management
practices within financial institutions (Financial Crisis Enquiry Commission, 2011). Risk
management is not a new concept and had always maintained a vivid presence in the
insurance industry, but as risks evolved, the tentacles of risk management have extended
with more prominence in other financial sectors. Also, the scope of mitigating strategies
expanded to areas other than credit and market risks, for example, one of the more recently
emerged risks in financialinstitutions is money laundering.
The Financial Action Task Force (2012) (FATF) continually revises its series of
recommendations to encourageeffective implementation of robust policies that can mitigate
the risks of money laundering and other financial crimes. A new anti-money laundering
(AML) trend is for financial institutions to perform an enterprise-wide risk assessment
(EWRA) to understand their exposureto money laundering. EWRA influences an approach
to risk management that is institution-wide, transparent, forward-looking and specific. An
JMLC
24,2
372
Journalof Money Laundering
Control
Vol.24 No. 2, 2021
pp. 372-393
© Emerald Publishing Limited
1368-5201
DOI 10.1108/JMLC-08-2020-0098
The current issue and full text archive of this journal is available on Emerald Insight at:
https://www.emerald.com/insight/1368-5201.htm
abundance of information is available on various approaches to risk assessment, but small
institutions with limited resources remain challenged in finding aturnkey document that is
readily actionable to fostera less arduous undertaking. Such could dissuade institutions and
stymie the formulation and implementation of policies specific to the institution’s
circumstances. This documentaims to provide an easy to follow, actionable guide for small
traditional banks and credit unions to conduct EWRA of its anti-money laundering
compliance program.
Blueprint for small banks and credit unions
Under FATF Recommendation 1, countries should require financial institutions to identify,
assess and establish strategies pertaining to money laundering (ML) risks. The common
model reflected in small banks and credit unionsincorporated risk management of financing
terrorism, corruption, bribery and other financial crimes with ML. Therefore, in this
document, ML is used holisticallyfor all financial crimes.
Authors have published copious amounts of information on EWRA. However, the
information is largely generalto cover diverse financial services and institutions of all sizes,
educational to complementcollege lectures and theoretical to communicate best practiceson
risk assessment. This article expands on existing material to increase the body of
information at theapplication level.
Multiple variations are recognized in the approaches to EWRA; thereby, underscoring
the importance of a clearly documented methodology to articulate the model used by the
financial institution (The Wolfsberg Group, 2015). Financial institutions perform EWRA,
and a written EWRA methodology approved by the institution’s board of directors can
minimize biases in conducting the assessmentand increase credibility in the results. While
internally generated, EWRA results are also of interest to external stakeholders, including
regulators and examiners who now considerEWRA findings in the broader examination of
banks and credit unions. In the US Bank Secrecy Act/Anti-Money Laundering Examination
Manual (2020), the authorities confirmed EWRA results could increase bank examiners’
understanding of the institution’s risk profile and influence scoping and planning of the
examination.
In upcoming sections of this paper,a methodology is presented as a solution to ignite the
process and make it less onerous on small banks and credit unions. The products and
services in these institutions are largely traditional, operations and structures are
noncomplex and roles and responsibilities are not highly specialized. Consequently, the
adequacy of this blueprintfor small deposit-taking institutions.
Limitations
The setting reflects small deposit-takinginstitutions with traditional services; however, the
underlying risk management concepts can be extended to financial institutions of varying
types and sizes. This article was written from an application perspective based on global
standards pertaining to anti-money laundering and risk assessments; therefore, theoretical
discussions of such standards were notreproduced. Presented in the article is a systematic
model simplified for small banks and credit unions, which couldnot reflect risks peculiar to
individual institutions, but idiosyncrasies will be recognized in performing the EWRA and
highlighted in the report. Procedures to carry out the risk assessment were not detailed in
this manuscript because the focus was on preparing a written methodology within which
framework the EWRA could be conducted.
Small banks
and credit
union
373
To continue reading
Request your trial