The European Banking Authority (EBA) recently unveiled alarming information regarding anti-money laundering (AML) deficiencies in European banks. In their quarterly risk dashboard, the EBA highlighted the persistence of operational risks as a significant concern within the region's banking sector. Notably, two major risk factors dominated this landscape: information and communication technology (ICT) and cybersecurity-related risks, and AML-related shortcomings.
During the summer period spanning June to August, competent authorities reported a staggering 143 serious AML deficiencies across 57 financial institutions. These deficiencies encompassed a wide range of issues, and most pertinently affected credit institutions. Electronic Money Institutions (EMIs) came in second, although this could be attributed to supervisory priorities and timelines rather than substantial changes in their AML and counter-financing of terrorism (CFT) controls.
The primary areas of concern revolved around customer due diligence (CDD) policies and procedures, particularly in terms of transaction monitoring. Penalties for these deficiencies included fines and administrative sanctions, but the most severe measure taken during this period was the full withdrawal of authorization for a bureau de change.
Regulators also imposed 50 "corrective measures" on institutions to rectify these AML-related deficiencies. The EBA EuReCa data, a central database established in January 2022, is the source of this concerning information. It compiles reports from competent authorities on significant weaknesses in financial institutions' systems and controls, particularly those exposed to money laundering and terrorist financing (ML/TF) risks. These reports pertain to various sectors within the EBA's AML/CFT mandate, encompassing credit institutions, payment institutions, electronic money institutions, bureaux de change, investment firms, fund managers, credit providers, life insurance undertakings, and intermediaries, as well as an additional category of "others."
Moreover, operational risks, in terms of Risk Weighted Assets (RWA), continue to be a central concern, constituting 9.7% of total RWA. The key drivers for these operational risks include ICT and cybersecurity, fraud, and AML/CFT circumvention. The EBA Risk Assessment Questionnaire underpins these concerns, confirming that cyber risk and data security are pivotal components of operational risk. Nearly two-thirds of banks concur with this perspective, with conduct and legal risks and fraud following closely behind.
ICT and cyber-related risks have seen recent breaches and hacker attacks, highlighting the vulnerability of European banks in this digital age. Additionally, reports of substantial redress payments that European banks are required to make due to AML and sanctions-related breaches underscore the magnitude of the issue.
In conclusion, the EBA's findings reveal a pressing need for European banks to address AML deficiencies, with a strong emphasis on bolstering CDD policies and procedures. The continued prominence of operational risks, particularly in the realms of ICT and cybersecurity, underscores the ongoing threat to the stability and security of the European banking sector. It is imperative for financial institutions to prioritize robust AML/CFT controls and cybersecurity measures to mitigate these grave risks.
By fLEXI tEAM