“Should I be worried?” wondered one Beirut Souks restaurant owner. During a lunch at the local establishment the restaurateur passed by the table to inquire about the meal and service, casually mentioning concern over an American law – one targeting Hezbollah’s alleged money laundering through financial institutions worldwide.
Local business owners outside the banking industry should hardly be worried. It is the banks that are responsible for complying with the Hezbollah International Financing Prevention Act, Lebanon’s central bank circular 137 stipulates, and in so doing must carry out client due diligence when opening accounts or facilitating transactions. To the banks this is just another chapter in the book of risk management, where compliance with the laws of foreign jurisdictions in which they do business is not a choice, because the banks must comply and have long invested in the tools to do so.
This is money well spent, says Chahdan Jebeyli, the chair of the compliance committee at the Association of Lebanese Banks (ABL), who also heads compliance at Bank Audi. Referring to investments in compliance infrastructures to satisfy reporting requirements, he tells Executive that rules first started to surface following the terrorist attacks on the United States on September 11, 2001, with harsher rules introduced in the aftermath of the global financial crisis. In the years since, the costs of compliance have increasingly become a topic of boardroom conversations, not only of local banks but those worldwide as well.
For risk managers the question has never been whether to comply or not, but rather how much investment is necessary to satisfy regulators while not being overly cautious in a way that jeopardizes legitimate opportunities. Compliance costs have certainly increased and are significant, Jebeyli says, noting that its rise has become increasingly more challenging for smaller banks to meet, but one that is still manageable. “You cannot really compromise on [compliance] requirements for the purpose of saving money because you may end up paying a more expensive price. Compliance failure, if it is serious enough, could affect the franchise. That’s why this is essential spending,” he adds. Industry wide figures on investments into compliance structures in Lebanon are not available because they are difficult to determine – they are intermingled with other expenditures such as IT investments or otherwise enmeshed in human capital costs spread across departments. On the other hand, the proprietary nature of those investments, such as for sophisticated software, discourages disclosure of those figures.
For risk managers the question has never been whether to comply or not, but rather how much investment is necessaryto satisfy regulators
The structure of a bank’s compliance department has varied looks, says chief economist at Byblos Bank, Nassib Ghobril. Foremost, it is a mesh of human resources and technology, a combination of interfacing with the client plus sophisticated software tracking transactions and managing clients’ identities.
Compliance is no joke
That the cost of compliance is looked at as an institutional investment is telling: it is an intangible deposit in the bank’s reputation, lending credibility and assurance to correspondent banks – those banks that facilitate a local bank’s transactions in the former’s jurisdiction. Non-compliance with the US law, or Lebanon’s central bank failure to regulate compliance, would jeopardize partnerships, cutting Lebanese banks off from correspondent banks in the United States. That Lebanon is a dollarized economy, and that the bulk of transactions are in US dollars, also fuel the existential necessity of complying.
Of course investing in compliance is no guarantee that a correspondent bank will continue the relationship; the risk of severance is only decreased by proof of compliance. But the cost of a cut off can be far greater than the investment. When a bank is accused of being non-compliant a number of cost factors come into play: the difficult to quantify losses in opportunity resulting from suspended relations with a correspondent bank, and the more easily measurable financial penalties from regulatory action or litigation.
Were a correspondent bank to cut relations with an accused financial institution, the ability to conduct transactions in US dollars would no longer be possible, affecting not only the bank but its clients too – local businesses trading internationally and Lebanese abroad transferring dollar-denominated remittances back home. What’s more, the mere hint of non-compliance may cost the bank – damaging its reputation, an accusation might push clients to migrate to a competitor for any number of reasons.
Were a correspondent bank to cut relations with an accused financial institution, the ability to conduct transa ctions in US dollars would no longer be possible
By size of infractions, Lebanon, in the years since 2002, has not really been on the radar of anti-money laundering concerns. But when terrorism finance is factored, where very small amounts can actually finance a bomb, then Lebanon is on the map. In 2015, the subsidiary of Bank of Beirut in the United Kingdom was fined £2.1 million for intentionally misleading regulators with false information concerning its financial crime systems and controls. Lebanon’s biggest case in money laundering – the forced closure of the Lebanese Canadian Bank (LCB) in 2011, settled for $102 million in 2013 – pales in comparison to bank penalties in Europe or New York. Take, for example, the 2015 case of French bank BNP Paribas (BNPP), at the time the fourth largest in the world by total assets. BNPP was accused of laundering upwards of $100 billion for several sanctioned countries, including Iran and Sudan. The bank was convicted of violating US economic sanctions and forced to pay a total financial penalty of just under $9 billion.
To say that Lebanese banks are panicked that their compliance investments might not satisfy American standards may be an overstatement, but it certainly is an issue that compliance executives and banks’ management are following closely. “I’m not trying to minimize the [issue] but I’m saying it is important to the US, it’s important to us and it’s important to our clients,” Jebeyli says. Lebanese banking officials and executives are acutely aware of the seriousness of the American legislation, a notion that Jebeyli and others that Executive spoke with pointed out. And the lessons learned from the case of LCB – of alleged management complicity in money laundering and that of insufficient controls – are now core considerations in assessing compliance programs.
But smaller banks, perhaps in acknowledgement of the high investment threshold of compliance, do recognize that client due diligence, coined KYC for “know your client,” is a challenge. “It’s not written on their face and you don’t ask them to fill a document asking ‘Are you Hezbollah? – click yes or no.’ We investigate and do our homework on due diligence but at the end of the day we cannot do anything if someone is Hezbollah and we don’t know that. There is an element of uncertainty that we are worried about, definitely,” says Raed Khoury, chairman and general manager of Cedrus Invest Bank.
As Lebanon’s largest bank, Bank Audi may be less concerned than smaller financial institutions because it can more easily absorb the costs and may be able to incorporate more sophisticated compliance solutions. That continued availability of its banking products or services in parts of the country where clients may come into contact with, may be linked to or directly connected to Hezbollah, is a non-issue for the bank, Jebeyli says. “It is clear which individuals are listed or designated [sanctioned by the Americans], and there are the proper diligence rules that are driven by risk classification,” he says before confidently telling Executive, “We treat our clients fairly and properly. At the same time we’ll apply the law as and when we should and to the extent that we need to.”