Why insurers’ banking relationships matter in AML compliance

Anti-money laundering is often mistaken as a secondary consideration to fraud in the insurance sector when it comes to financial crime. The pervasive view is that insurance companies are less likely to be targets of money laundering compared to banks, which consequently tend to be perceived as having more robust customer data, AML systems and processes in place.

However, not only do insurers have the same legal AML obligations as the banking sector, but insurers are also customers of banks themselves. This banking relationship matters when it comes to AML compliance. First, banking providers expect their regulated customers, such as insurance companies, to comply with AML requirements. Second, banks scrutinize their customers’ operations to ensure they fall within the bank’s AML risk appetite.

Let’s explore the importance of the bank-insurer relationship when it comes to AML and sanctions compliance, and examine the considerations that insurers must factor into their AML risk management processes as a result.

Insurers and AML

Compared to the banking sector, AML risks are often considered a step removed in insurance, and insurers do not always recognize why they need to comply with certain aspects of AML and sanctions laws and regulations.

Yet, their obligations to sanctions and money-laundering requirements aside, insurers must recognize that banks will perform their own due diligence on insurers to assess their AML risk rating. This information is used to respond to enquiries from U.S. correspondent banks about the AML risk presented by customers and whether that AML risk presents undue risk to the U.S. correspondent.

Banks will, therefore, likely ask as part of their customer due diligence and risk assessment whether insurers have in place an AML and sanctions compliance program that is in line with regulatory requirements. It is also common practice to include risk transfer clauses in contracts and account opening documents that require the insurance company to include sanctions clauses in their policies. With global insurance providers, there are also broader risk considerations to take into account; for example, the insurer may offer dollar-denominated policies and accept dollar premiums or make dollar claims payments, which means that, as their footprint in the U.S. becomes even larger, the insurer will need to have a sanctions program in place that aligns with the applicable guidance with the Office of Foreign Assets Control.

The bank-insurer relationship

Alongside banks’ expectations of customer compliance with AML and sanctions regulations, the bank’s own risk management frameworks can add an extra layer of complexity. These risk frameworks determine which geographies, sectors, target customers, and so on fall within (or outside) the bank’s risk appetite. Since the 9/11 attacks, banks have progressively tightened these frameworks, and organizations that fall out of scope are not being accepted as new customers or are offboarded. A recent high-profile example of this debanking trend is U.K. banks offboarding commercial customers that trade with Ukrainian companies due to concerns of breaching Russian sanctions.

Essentially, banks, just like any other organization, are entitled to set their own risk appetite threshold, and this includes defining what may or may not be classified as an unacceptable customer to them. Consequently, insurers must factor their bank’s risk appetite, which may differ from that of their own risk appetite, into their risk framework and risk management approach to AML. For example, a bank may not have the appetite to trade in or through a country, even though doing so would not breach any sanctions. If the insurer or their customers fall outside of this risk appetite, they may find themselves unable to process the payment of premiums from the customer or onward payments to a reinsurer, or even worse, can themselves be debanked.

Yet finding out this information from their bank can be challenging for insurers. Risk frameworks are privileged information that are not shared publicly due to their competitive nature. However, insurers can take a proactive approach by tasking their treasury departments or money laundering reporting officers to initiate a dialogue with their counterparts in the bank in an attempt to understand which geographies, customer groups and so on fall outside of risk appetite from the bank’s perspective.

Data challenges

Limited insight into policyholders is another consideration for insurers managing ongoing relationships with banking partners. Due to the very nature of their relationships, banks typically collect, or have at their disposal, much more detailed information on their customers. For example, they have much greater oversight of their customers’ activities, counterparties and jurisdictional footprint simply by viewing the activity in the account.

In contrast, insurers collect information to varying degrees and, due to the nature of their customer relationships, can have a less detailed understanding of their customers beyond their immediate insurance needs. Yet, for sanctions purposes, understanding the upstream and downstream relationships of their customers' stakeholders and counterparties is definitely required.

Insurers are also often hampered by legacy technology, which was never designed with screening purposes in mind. The often-disjointed nature of the technology infrastructure only adds to this issue, with separate systems typically used for different aspects of insurance operations. For example, underwriting systems are distinct from claims management systems.

Insurers must, therefore, revisit and invest, where necessary, in their data collection and storage processes. They must also ensure they collect the right information to effectively screen against risks. They should also have the appropriate data management technology in place so their data is in the right shape for screening purposes.

Revisiting the approach to AML compliance

An insurer’s banking relationships are not necessarily obvious considerations regarding AML compliance, but it is becoming increasingly important that MLROs factor them into their organisation’s approach to risk. Quite simply, banks expect their customers to be compliant with AML requirements and will not work with organisations that put their own continued compliance at risk.

In addition to the published sanctions obligations, insurers also need to recognise that banks have their own risk appetite and should ensure that there is an open dialogue between the two organisations to enable this appetite to become shared. This will allow the customer (the insurer) to understand where this appetite lies so their activities do not suddenly put them out of scope.

Revisiting the customer onboarding approach and the information collected on customers by insurers is essential to avoid gaps in compliance. Not doing so leaves insurers in the precarious and potentially existential position of having their own banks refuse business or off-board them.

Steve Marshall is director, advisory services, with FinScan. Contact him at [email protected].

© Entire contents copyright 2024 by InsuranceNewsNet.com Inc. All rights reserved. No part of this article may be reprinted without the expressed written consent from InsuranceNewsNet.com.