Big banks and their game of risk

For US regulators, 2014 was a banner year for collecting fines against sanctions violators, according to The Economist. In June, BNP Paribas—France’s largest bank, and one of the largest in the world—agreed to shell out $9 billion to the US Department of Justice for violating sanctions against Cuba, Iran, and Sudan. This past month, US regulators slapped Germany’s Commerzbank—the country’s second-largest bank, with a similar global presence—with a $1 billion fine, after launching an investigation into its dealings with sanctioned countries. The increases in fines have signaled an aggressive, zero-tolerance policy toward violators, as well as a willingness to use the extraterritorial provisions of sanctions, which allow regulators to punish foreign-based banks.

To be sure, the logic of punishing banks for violating sanctions is sound. Fines induce risk aversion—the idea that when faced with two investments of similar expected return but different risks, an investor will prefer the one with the lower risk. In the world of banking, this means that financial institutions will be prompted to avoid any questionable dealings remotely tied to sanctions-busting, which makes it that much harder for, say, a country to acquire the restricted materials and technologies for nuclear or weapons programs.

But extremely large fines can sometimes have the opposite end result. Multibillion-dollar fines do send a strong message to banks, but they may also send too strong a message, causing large financial institutions—key to detecting misdoings—to entirely exit markets and end relationships that they deem too risky. This is dangerous, because the agencies that oversee sanctions are increasingly relying upon financially derived intelligence to fight nuclear proliferation. When big banks drop problematic accounts, they no longer have the ability to detect any suspected illicit activity by their customers and report it to the authorities—ultimately diminishing the ability of sanctions enforcers to use financial intelligence in counterproliferation. Love them or hate them, large banks do play a role in counterproliferation, largely by helping to detect suspicious transactions, as well as by enforcing norms and regulations. Consequently, an unintended consequence of ultra-large fines (coupled with the emergence of alternatives to the current financial system) could spell trouble for the agencies responsible for detecting and blocking proliferation-related finance. All of which highlights the need to balance penalties with the need to sustain transparency.

The effect on Iran negotiations.The fines come at a bad time. In November, the P5+1 (the United States, Russia, China, Britain, France, and Germany) and Iran agreed to extend nuclear negotiations for seven months, until June 2015. Signs of growing support on both sides of the negotiations are cause for optimism, and as negotiators press towards the June deadline, they will undoubtedly need to consider the components necessary for building a structure that allows for complete and comprehensive verification. Any such framework would need to include the technical aspects of limiting enrichment, tying it to the lifting of sanctions, and developing a strategy to be used by those responsible for helping to identify proliferation-related procurement—the global financial institutions. For the United States, mega-fines imposed against banks could prove to be a significant obstacle to constructing such a framework.

The harshest financial sanctions against Iran came in 2012, and although they severely limited Iran’s access to the global banking system, they also created compliance challenges for large financial institutions. Extraterritorial provisions paved the way for mega-fines and greater regulatory scrutiny, as attention focused on the role of third-country intermediaries—the exchange houses and trading companies that helped Iranian banks skirt sanctions and access the international financial system. In May 2013, for example, the US Treasury Department added Al Hilal Exchange—a Dubai-based money exchanger—to its list of those prohibited from conducting business with the United States, because Al Hilal Exchange had provided a sanctioned Iranian financial institution, Bank Mellat, with more than $55 million in foreign currency exchange services.

Caught in the regulatory crosshairs, many banks found themselves woefully unprepared to comply with these new regulations and looking for ways to minimize their exposure to risk. They played close heed to the experience of Standard Chartered Bank,which in 2012 forked over $667 million in fines for its role in third-party transactions connected to Iranian-controlled entities based in Dubai. The bank blamed an inadequate information technology system that failed to detect potentially high-risk transactions. (To be fair to Standard Chartered, identifying proliferation-related transactions is no easy feat, and of the millions of daily transactions, the vast majority are quite benign. Identifying violators is akin to finding the proverbial needle in a haystack.)

Ramifications. It is true that there is little point to enacting sanctions if regulators do not enforce penalties—after all, violators should be held accountable. BNP Paribas, according to the Justice Department, “went to elaborate lengths to conceal prohibited transactions, cover its tracks, and deceive US authorities.” And such business practices undermine US sanctions policies, but they also undermine the integrity of the financial system itself.

Yet, at the same time, these financial institutions play an increasingly important role in detecting proliferation-related procurement. Early in 2014, the Justice Department  announced indictments against Chinese national Li Fangwei for violating the International Emergency Economic Powers Act. Li, better known as Karl Lee, is accused of using a web of shell companies to procure restricted items destined for Iran’s nuclear and ballistic missile programs. In addition to the indictments, US regulators seized almost $7 million in assets and placed a $5 million bounty for information leading to Li’s arrest. Using a civil forfeiture statute, which was enhanced under the PATRIOT Act, the Justice Department was able to seize Li’s assets even though Li held the assets in foreign accounts overseas. The process works by seizing the foreign bank’s assets held within US accounts, known as correspondent accounts, in lieu of Li’s assets. Thus, the onus is placed on Li’s bank to make itself whole again, by deducting assets from Li’s personal accounts. This was an extraordinary feat, requiring the utmost coordination and cooperation with financial institutions.

But before such actions can be carried out, someone like Li needs to be detected in the first place, and spotting proliferation finance is not easy. In June 2014, a report submitted to the UN Security Council by a panel of experts warned that Iran had made extensive use of front companies and third-country intermediaries to mask the true ownership of companies, as well as provide a bridge to access international finance. These techniques create difficulties for governments in distinguishing proliferation-related procurement from legitimate commerce, and as a consequence, the panel recommended that states work to essentially create “profiles” of typical proliferation finance for financial institutions. But while such cooperative, information-sharing arrangements could enhance the capacity to detect and block proliferation-related transaction, the banks are moving in the opposite direction. From the banks’ point of view, the danger of being fined makes it better to get out entirely than to share information about wrongdoing with regulators.

According to The Economist, large banks are cutting back as much as a third of their correspondent relationships in countries considered a high risk for illicit activity—a process dubbed “de-risking,” which seeks to avoid, rather than manage, the risks associated with anti money-laundering and know-your-customer regulations. The banks would prefer to cut off some customers entirely, lose some accounts, and retreat, rather than offend regulators and expose themselves to potentially billions of dollars in fines. Sometimes the innocent are affected; these closed accounts have included charities, money transfer businesses, and nongovernmental organizations—all deemed too risky by virtue of their sometimes tenuous historical relationship to illicit finance.

In the opinion of the Financial Action Task Force—an inter-governmental organization that promotes standards of integrity within the global financial system—wholesale de-risking thus has the potential to actually decrease transparency, as counterintuitive as that may sound, by pushing entities into less-regulated markets. These blind spots—areas where US regulators could see significantly reduced transparency—will make detecting proliferation-related transactions difficult, if not impossible. As the task force noted, keeping transactions within “regulated channels” helps to ensure implementation and compliance with anti money-laundering regulations, as well as provide transparency to US regulators. The idea that imposing very large fines will promote self-regulation, or even act as a deterrent for other would-be violators, ignores the economic incentive to minimize risk, causing significant unintended consequences.

A balancing act. The reality is that regulators, when it comes to financial crimes, must walk a fine line between imposing penalties and maintaining the capacity to elicit much-needed information. Illicit procurement networks—nuclear included—are quite adept at adapting under changing circumstances.

For example, Iran and Russia may soon have alternative ways to conducting commerce, outside of normal channels. They were forced to do this by circumstances: In March 2012, US and EU regulators cut off Iran from the SWIFT inter-bank messaging system that enables over 20 million daily transactions in 215 countries. This move effectively prevented Iran from accessing global financial services. Fearing a similar fate, Russia announced in October 2014 that it would develop its own alternative to SWIFT, which it expects to complete by May 2015.

As relations between Moscow and Tehran warm, a SWIFT alternative could provide Iran with an alternate route to accessing global financial institutions, and more importantly, a means of accepting oil payments without conditions, as well as a way of continuing in its proliferation-related procurement with less scrutiny from US and EU regulators. (Of course, to be truly effective, Russia’s alternative system would need legitimacy among the world’s largest banks. But this could be an attractive option for large banks looking to reduce their regulatory risk exposure.) Ultimately, the proposed Russian alternative to SWIFT would decrease transparency, as well as weaken any leverage gained through financial sanctions.

Adding to the complications are the hawkish calls in the United States for imposing additional sanctions against Iran. Although President Obama has promised to veto any new bills that would jeopardize ongoing negotiations, in January the Senate will consider legislation to enact new, draconian sanctions under the Nuclear Iran Prevention Act of 2013—sponsored by Sen. Robert Menendez, chairman of the Senate Foreign Relations Committee, and Sen. Mark Kirk. These actions could further isolate the strategic financial partners needed to identify proliferation-related transactions, should the P5+1 and Iran fail to reach an agreement. The same would be true if Iran cheats under the Joint Plan of Action—an interim agreement that provides Iran with partial relief from sanctions and gives the country access to billions of dollars in oil revenues in exchange for limiting its enrichment activities.

The new, hawkish, congressional leaders are pushing for a number of changes to the current sanctions regime that would broaden extraterritorial provisions, including restricting the opening and maintenance of correspondent banking relationships with persons who enable a significant transaction on behalf of designated financial institutions. Broad language leaves significant room for interpretation, thereby increasing risk and uncertainty in an already skittish financial system fearing the next round of multibillion-dollar fines.

The future. Of course, the variants of the P5+1 negotiations are important and worth considering. Should negotiations collapse, new rounds of US sanctions are inevitable, and along with potential alternative payment systems, likely to further push Iran away from the Western financial system. This will make detecting and blocking proliferation-related transactions more difficult.

On the other hand, if the parties come to an agreement, transparency will become even more important, because legitimate trade will presumably increase and concerns about Iranian cheating will need to be effectively addressed.

Continuing to impose hefty penalties without balancing the unintended consequences could decrease transparency in regions where US regulators and monitors need it the most. The issue is not whether regulators should impose large fines on violators, but how to best calibrate the fines so as to penalize violations but minimize de-risking.

The solution is not easily defined, but it likely lies in enhanced cooperation between financial institutions and regulators, as regulators come to increasingly rely on financial institutions in the fight against proliferation. These relationships will need to go beyond the normal reporting procedures required by law, by re-establishing trust with foreign and domestic banking institutions, emphasizing proactive information-sharing, and increasing the scope and availability of proliferation finance profiles. US regulators, law enforcement, and intelligence communities should work to forge strong relationships with the private sector, emphasizing the importance of building the institutional capacity to detect and deter proliferation-related finance.