Risk management, De-risking and Cryptocurrencies in the Peruvian Financial Market

Efforts to understand the role of new technology products and their impact on the global scene date back to 2014, with the swift initiative of the International Financial Action Group (FATF) to clarify little understood concepts such as virtual currencies. The objective of the document “Virtual Currencies - key definitions and potential risks of ML / TF[1]”Was to guide the public and private sector on the challenge of regulating the universe of“ virtual currencies ”, explaining their types and operation. As expected, he also developed a broad definition of the term “cryptocurrency” as convertible and decentralized virtual currencies, based on mathematics, protected by cryptography principles to create a distributed, decentralized and secure information economy[2]. From that moment, it was the task of the financial institutions worldwide to be able to decipher their characteristics and to know this new sector of the economy that, to date, is still conceived by the participants of the financial system as a challenge, in order to encourage access to financial products that meet the needs of its customers, in a responsible and sustainable way[3].

Against this background, this article will try to explain step by step the context through which financial institutions study methodologically the risks generated by their clients classified as “high risk of money laundering”, with the purpose of explaining a particular behavior of these institutions that has affected precisely the companies that work with cryptocurrencies: De-risking.

What is risk management?

When we refer to the internal functioning of any financial institution, whether in Peru or in the world, risk management is one of the fundamental pillars to ensure balance in the financial markets. From the watchful eye of the Basel Committee on Banking Supervision (BCBS), an agency that establishes a regulatory framework based on global banking supervision principles and standards as a guide for countries, it seeks to safeguard a legal good on which global economic development depends: Financial stability

Under this framework of prudential macro guidelines[4], risk management is the tool that, by defining policies, processes, procedures, roles and responsibilities, seeks to manage risk within organizations. There are currently two positions on how to understand risk: the first and most traditional, defines it as the possibility of a negative event occurring and, the second, as the dispersion of possible future results, which can be both negative and positive.[5]. Our local regulator, the Superintendence of Banking, Insurance and AFP (SBS), through the Corporate Governance and Integral Risk Management Regulations, has been guided by the first definition. Based on this standard, risk, understood as the possibility of occurrence of events that negatively impact the objectives of the company or its financial situation[6], is identified and evaluated through these processes and policies to subsequently make a decision on its management according to the objectives of the financial institution and its strategic planning.

My institution has risks ... what do I do?

Companies may have four possible risk responses:

  1. Accept the risk as inherent in the activities of the organization.
  2. Reduce risk through control strategies and mitigation of their frequency and / or impact.
  3. Transfer it to a third party that can deal with the risk.
  4. Avoid it

The decision on the response to a risk is directly related to the “risk appetite”, which defines the maximum level of risk that a banking institution can assume given its current resources, regulatory requirements and contractual obligations[7]. Once the maximum risk quota is established, it follows the task of controlling that it remains within those limits through predefined monitoring procedures.  

Money laundering risks (LA / FT)?

The risk of money laundering is also included in the list of risks that a financial system entity must manage, understood as "the possibility that the company is used for money laundering and terrorist financing purposes"[8].  However, within this scheme, this risk has a particular detail that differentiates it from other risks.[9]: There is no risk appetite. No entity is willing to voluntarily and fully informed to use it to launder money or finance terrorism.

This scenario warns of a higher complexity in the ways of managing this risk, since its measurement becomes much more difficult since it cannot be based solely on the usual forms of measurement (mathematical calculations and formulas) with which other risks can be measured .

Our regulation, based on the main international guidelines, has established the mandate to establish compliance programs for the prevention of money laundering and terrorist financing, with minimum elements that imply the development of internal prevention policies, procedures and controls, which , together with a management based on a risk-based approach, seek to allocate resources and greater attention to those areas where the entity is most exposed to be used to launder money from illegal activities.

I don't want to take any risk: De-risking

Within this entire management context, a phenomenon has been going through financial markets for several years: the “de-risking”[10], a unilateral response to risk in order to eliminate it completely. Is the rejection or intentional termination of business relationships with customer groups or business lines considered high risk according to the standards of prevention of LA / FT [11].

Through this practice, when identifying these types of clients, financial institutions take the following measures:

  1. End business relationships (closing bank accounts).
  2. Reject the establishment of any type of business relationship in advance.

The risk management function recognizes that the company's activities necessarily imply uncertain results, with different consequences that can ensure the success of the organization's mission[12]; However, the possibility of exposing a bank to some types of customers using the products and services of financial institutions to launder money, such as money services businesses (MSBs), payment processing companies, companies of money remittances, embassies, correspondent banks, marijuana marketing companies for medicinal purposes and accounts related to cryptocurrencies, exceeds the desired risk exposure limit.

The financial sector being one of the largest contributors to GDP, having a central role in economic growth and development[13], the effect of this practice extends.

This concept is often associated with the desire of the bank to avoid regulatory and compliance risks.[14], which in our system would translate to avoid an overexposure to legal risk[15]; however, the sanctions of regulators for breaches of LA / FT policies are only one of the factors by which these positions are adopted, as we will see below.

Why do I want to eliminate the risk of ML / TF?

1 Perception of high risk exposure

The main reason is the high risk of money laundering that is associated with the sector to which certain types of customers belong. The risk is that the maintenance of commercial relations with some classes of companies generates a high exposure to the entities of the financial system of being used as means to perform acts of conversion, transfer, concealment and possession, or function as a link for the realization of acts of transport, transfer, entry or exit of money or instruments of illicit origin[16].

For the international and national community, the most risky sectors are the Fund Transfer Companies (ETFs)[17]), embassies, payment processing companies, correspondent banks in jurisdictions considered high risk, exchange houses, medical marijuana trading companies, nonprofit associations, foundations and precisely for our matter, cryptocurrency exchange platforms.

2 Increase in compliance costs

Having a high-risk client within the portfolio implies the application of much more demanding controls, which guarantee that the institution is taking all the necessary measures to mitigate the inherent risk it presents. However, the implementation of controls is not free: the problem lies in the high cost of guaranteeing the application of Customer Knowledge (KYC) policies and the requirements of Enhanced Due Diligence (EDD) throughout the business relationship. The verification of the origin of funds, the identification of the final beneficiary, analysis of the purpose of the account, evaluation of the client's profile, especially the relationship it has with its suppliers and customers (Customer Knowledge), among other activities, must be carried out with a strict data collection and immediate verification. The information is expensive, and even more check it. This difficulty in obtaining and verifying the information is increased by factors attributed to the client (information classified as confidential, which the client says cannot provide or claims to ignore), or due to inconsistencies in the requirements of other judgments. For example, this last point is expressed in the refusal of foreign financial institutions to share information of their clients in order to comply with their local personal data protection regulation[18].

This item also includes the high operating costs incurred by companies for the maintenance of the accounts, in order to ensure compliance with internal regulations (procedures of each entity) and external (applicable regulations) that falls on the regulatory compliance framework of the entities of the financial system.

3 Analysis of rentability

Under the eyes of the business areas, the process of adoption or admission of customers is the first stage of the chain, which opens the doors to a credit evaluation for the granting of a financial product or service that generates income. Based on the expectation of raising funds and placing them, compliance costs are assumed with the expectation of return. The key question is the following: what happens to those high-risk clients that, despite requiring a greater effort to apply the Customer Knowledge guidelines, do not generate greater profitability and simply expose the entity to greater ML / TF risks. ? The response of the entities that carry out these practices is that, by disconnecting and cutting off relationships with a client, the financial institution will lose business opportunities, but the loss will be compensated by not having to deal with the cost of compliance.

An Accuity study reveals a decrease of 25% in global correspondent banking relationships between 2009 and 2016, implying the refusal or closing of correspondent accounts of banks in Latin America and Africa. The direct consequence is the rejection of financing by more developed countries, depriving companies from “high risk” capital jurisdictions to achieve their objectives[19].

4 Regulatory requirements and fines

The global financial crisis of 2007-2008 marked a before and after, not only in macro and micro prudential standards[20], but also in the tightening of national and international regulations against LA / FT. Since 2009, global financial institutions have been fined more than USD 17 1 billion, with the recent case of Danske Bank being the most emblematic, since, to determine the guilt of the Danish bank for laundering money through its branch of Estonia[21], could receive up to USD 8 1 billion, surpassing even the famous HSBC case[22].

The contagion continues: Deustche Bank has also been involved in the case by being investigated by the Frankfurt prosecutor's office for allowing the Estonian estuary of Danske Bank to transfer amounts of more USD 200 billions as a correspondent bank. The challenge lies in the stricter interpretation of the ML / TF prevention regulations, which seeks to leave no room for organized crime to be interned within banks and that these are inflexible and thorough in monitoring.

Within that scenario, according to the survey conducted by Dow Jones and SWIFT in 2017, rising regulatory expectations continue to represent the greatest compliance challenge, followed by concerns about increased enforcement of current regulations.[23]. In general, representatives of financial institutions report that regulators should be able to provide more guidance or help on compliance measures, as well as improve communication between members of the regulated and regulatory sectors to have a more appropriate perspective when developing their internal policies .[24]

This problem can be seen from a macro perspective, since several financial institutions seek to ensure that the results of financial globalization also affect the homogenization of regulatory approaches.

What happens with cryptocurrencies?

Despite the great efforts to raise the understanding of blockchain technology in different sectors of society, especially banking, combined with all the aforementioned factors, the reaction of several financial institutions against them has not been long in coming. In Singapore, the DBS Bank Ltd. closed the accounts of CoinHako, a popular company dedicated to the exchange of cryptocurrencies[25]. To justify the measure, the bank referred to multiple reasons, such as "not keeping the account in good standing, not providing timely and accurate information, inexplicable inconsistencies in the activity of the account or an unacceptable risk of criminal or terrorist behavior"[26]. This would not have been the only case in that country, since 10 would be cryptocurrency companies in total, including 185 fintechs accounts. Under these circumstances, the Monetary Authority of Signapur made clear its position of non-intervention with any commercial decision made by financial institutions, including the incorporation and termination of customer relations.

On the other hand, in Latin America, the wave of De-risking has also been felt by the private sector and regulators. The main Brazilian banks were sued before the courts for closing accounts and freezing funds of several cryptocurrency exchange platforms. Santander Bank lost an appeal against Bitcoin Market[27]In addition to being ordered to reopen those accounts that had closed to Bitcoin Max and pay a fine, a decision that also affected the Bank of Brazil[28]. Another Brazilian bank that refused to accept as a client a company that provides services with cryptocurrencies is Bradesco, which in February of this year notified Bitblue, a popular exchange, closing your accounts. What stood out most was that the measure not only included the company's account, but also the shareholders' personal accounts.[29]

In Chile, a similar panorama was experienced in the 2018, when, by contagion effect, the main Chilean banks refused to open bank accounts at Buda.com and CryptoMKT, two cryptocurrency exchanges that operate in several Latin American countries. Banco Itaú CorpBanca, Banco de Estado de Chile, Santander, BBVA, Banco de Chile, Banco de Crédito e Inversiones, Banco Industrial y de Comercio Exterior, Security and Scotiabank were denounced for “executing anticompetitive conduct consisting of abuse of their collective domain position and when performing an exclusive abusive exploitation of its dominant position »[30] before the Chilean Court of Free Competition. Surprisingly, the precautionary measures were swift, including government support from the same Minister of Economy of Chile, which stated in the media "We cannot stay out of these innovations or outside this economy of the future, artificially"[31].

What happens to cryptocurrencies in Peru?

There are no glimpses of a bill to provide legal recognition to crypto assets. However, promoting a regulatory climate that preserves the freedom to innovate using new blockchain technologies has also not been fruitless. Peru would be the third country with the largest transactions in cryptocurrencies, after Colombia and Venezuela, according to the market analysis of BitPoint Peru, a Japanese company that began operations in Peru last June[32]. According to their statements, they will use savings accounts in local banks to make all the deposits and withdrawals necessary for the purchase and sale of cryptocurrencies, for which they said they are coordinating with the Intelligence and Financial Information Analysis area of ​​the SBS and the same Central Reserve Bank of Peru (BCRP). This management demonstrates that cryptocurrency exchange platforms are seeking to ensure their permanence in the Peruvian market and avoid any risk of future compliance.

Notwithstanding the foregoing, the position of the BCRP has already been made known, stating that “so-called cryptocurrencies are unregulated financial assets, which do not have the status of legal tender nor are they backed by central banks. Likewise, they do not fully fulfill the functions of money as a medium of exchange, unit of account and store of value "[33].

In the same way, the Superintendence of Securities Market has declared the non-existence of a specific regulation of virtual currencies and, consequently, its lack of support by any financial authority or governmental entity, and the lack of regulation of the companies that carry out cryptocurrency offers. The most worrisome part of its institutional statement was a warning about its purchase: “at an international level, various financial authorities have spoken warning about the risks and speculative factors associated with the acquisition of cryptocurrencies or tokens, about fraud risks and their possible link with illegal activities, as well as the precautions that must be taken regarding their acquisition ”[34].

Finally, the representatives of the SBS have also had a similar statement in the media: “in the case of cryptocurrencies you have to be careful. It is not a currency in the traditional sense of the word, but rather virtual goods that have been created and have a real existence and that can be traded within the framework of the freedom of contract that exists. Therefore, if a person wants to invest in a cryptocurrency, they have every right to do so. However, it is not an activity that is supervised by the SBS »[35].

These three perspectives of the regulators show mainly a concern for the respect of the right of the consumers, under a reluctant and distrustful look of the incipient role of the cryptocurrency market in Peru, to alert about possible related criminal activities. In that sense, it is expected that those entities of the Peruvian financial system that manage accounts of cryptocurrency exchange companies are exposed to greater scrutiny during inspection and supervision visits.

What do we expect for the future?

The FATF has already ruled on this, clarifying several important points about the implication of De-risking in the banking sector[36]:

  • De-risking is not an exclusive element of LA / FT: Includes other types of factors that are beyond your analysis, such as credit, operational and reputational risks.
  • The elimination of risks creates greater risk and opacity in the global financial system: The closure of accounts forces these entities and people to use other types of channels that are less regulated and with low prevention standards. Allowing the funds to use banking platforms facilitates their tracking and traceability.
  • Strict supervision and penalties refer to specific cases: the very high sanctions and corrective mandates of supervisors are mostly applied to companies that deliberately maintained poor controls and monitoring plans, directly contravening with prevention regulations.
  • The risk-based approach must take precedence: The FATF recommendations indicate that, in case the ML / TF risks cannot be mitigated in a specific case, the commercial relationship must be terminated, which does not imply cutting off and excluding a whole group of clients. without identifying, measuring and evaluating risk mitigation strategies.

Under the light of these principles, the De-risking practices that occurred between members of the financial systems of Chile and Brazil should not be imitated in our country, in order to promote new forms of technological development. As the World Bank states, financial integrity and financial inclusion are complementary concepts, because financial inclusion is a prerequisite and necessary to effectively mitigate risks and combat any financial crime[37]. The next step is to ask yourself: how “reinforced” is my EDD policy to manage my institution's high-risk client portfolio?

Footnotes page:

[1] Translated from “Virtual Currencies - Key definitions and potential AML / CTF Risks”. Taken from https://www.fatf-gafi.org/media/fatf/documents/reports/Virtual-currency-key-definitions-and-potential-aml-cft-risks.pdf

[2] FATF, "Virtual Currencies - Key definitions and potential AML / CTF Risks".

[3] Definition of financial inclusion by the World Bank. Taken from https://www.bancomundial.org/es/topic/financialinclusion/overview

[4]According to the definition of the International Monetary Fund (IMF), macroprudential regulation is defined as the use of normative standards as prudential instruments to prevent the occurrence of systemic risks that may cause the interruption of financial services, partially or totally, with a adverse effect on the economy.

[5] Parsons, Goeffrey. "The Law of Governance, Risk Management and Compliance." Wolters Kluwer, 2017, p.3.

[6] Resolution SBS 272-2017 “Regulation of Corporate Governance and Integral Risk Management”

[7] Idem

[8] Idem

[9] Article 23 of Resolution SBS 272-2017 lists a non-limiting list of the risks that companies in the financial system are exposed to: credit risk, liquidity, market, reputation, technical, reinsurance, strategic, operational, and money laundering and the financing of terrorism.

[10] The Anglo-American term translated into Spanish varies from “sector discrimination”, “risk elimination”, etc.

[11] Stabile, Carol. “De-risking. Does one bad apple spoil the bunch? ” ACAMS Today, 2014, Vol. 13 No.4

[12] Parsons, Goeffrey. "The Law of Governance, Risk Management and Compliance." Wolters Kluwer, 2017, p.3.

[13] "What you need to know about De-risking in 7 steps." Economic Commission for Latin America and the Caribbean (ECLAC). Taken from https://www.cepal.org/sites/default/files/infographic/files/derisking_infographic-25.05.2017_2.pdf 

[14] “An overview of De-risking: Causes, Effects and Solutions”, Association of Banking Supervisors of the Americas, 2017.

[15] According to the Regulations for Operational Risk Management, Resolution SBS 2116-2009, the legal risk is the “possibility of occurrence of financial losses due to the failure to execute contracts or agreements, unintentional breach of the rules, as well as to external factors, such as regulatory changes, legal proceedings, among others. ”

[16] Legislative Decree No. 1106 “Legislative Decree on the effective fight against money laundering and other crimes related to illegal mining and organized crime”, modified by Legislative Decree No. 1249.

[17] In English the term is Money Services Businesses (MSBs)

[18] "An overview of De-risking: Causes, Effects and Solutions." Association of Banking Supervisors of the Americas, 2017.

[19] The Costs of De-risking- impact on international trade and global banking. Accuity, 2017. Taken from https://accuity.com/resources/the-costs-of-de-risking-infographic/

[20] The Basel Committee's response to the financial crisis: report to the G-20. Bank for International Payments, October 2010. Taken from https://www.bis.org/publ/bcbs179_es.pdf

[21] The former head of the Danish bank Danske Bank was found dead in Estonia, dotted with money laundering. El País, September 26 of 2019. Taken from https://elpais.com/economia/2019/09/25/actualidad/1569439712_028740.html

[22] "HSBC will pay the highest fine in the US for money laundering." El País, December 11, 2012. Taken from https://elpais.com/internacional/2012/12/11/actualidad/1355259065_703559.html

[23] Global Anti-money laundering survey results 2017, Dow Jones and SWIFT,

[24] 2014 KPMG Global Anti-Money Laundering Survey, KPMG

[25] “Singapore Cryptocurrency Firms Facing Bank Account Closures” September 26, 2017. Taken from https://www.bloomberg.com/news/articles/2017-09-26/singapore-cryptocurrency-firms-facing-bank-account-closures

[26] "Are Banks in Singapore De-risking Cryptocurrency Firms?" Taken from https://aml-cft.net/banks-singapore-de-risking-cryptocurrency-firms

[27] "Justiça determines more than R $ 200 thousand fine to Banco Santader for blocking Bitcoin Market." Taken from https://br.cointelegraph.com/news/justice-determines-more-than-r-200-thousand-fine-to-banco-santader-for-blocking-bitcoin-market-account

[28] "Two Brazilian banks reopen local cryptobag accounts to avoid fines." Taken from https://es.cointelegraph.com/news/two-brazilian-banks-reopen-accounts-of-local-crypto-exchange-to-avoid-fines

[29] "Bradesco will close the crypto exchange account and its partners in Brazil." Taken from https://www.criptonoticias.com/negocios/banco-brasileno-cerrara-cuenta-criptobolsa-socios-personales/

[30] "Banks assemble legal teams to confront cryptocurrency operators in the TDLC." Taken from https://www.trom.cl/blog-trombenabogados/bancos-arman-equipos-jur%C3%ADdicos-para-enfrentar-a-operadores-de-criptomonedas-en-el-tdlc

[31] "In Chile, Justice ordered banks to pay bitcoin operators to close their accounts." Info Bae, April 28, 2018. Taken from https://www.infobae.com/cripto247/bitcoin/2018/04/28/en-chile-la-justicia-ordeno-a-los-bancos-pay-usd-12-millions-to-bitcoin-operators-to-close-your-accounts /

[32] "Peru is the third country with the largest cryptocurrency transactions in Latin America." Diario Gestión, June 2, 2019. Taken from https://gestion.pe/economia/peru-tercer-pais-mayores-transacciones-criptomonedas-latinoamerica-268891-noticia/?ref=gesr

[33] "Cryptocurrency risks". Central Reserve Bank of Peru. Taken from http://www.bcrp.gob.pe/sistema-financiero/articulos/riesgos-de-las-criptomonedas.html

[34] "Statement: warning about the acquisition of virtual currencies or cryptocurrencies and participation in schemes known as ICOs." Superintendence of the Stock Market. Taken from: https://www.smv.gob.pe/uploads/COMUNICADO%20ICOS%2021_11_2.pdf

[35] "SBS alerts the use of cryptocurrencies to scam under the story of 'extraordinary profits'", Diario Gestión, March 8, 2019. Excerpted from: https://gestion.pe/tu-dinero/sbs-alerta-criptomonedas-estafar-cuento-ganancias-extraordinarias-260731-noticia/

[36] "FATF clarifies risk-based approach: case-by-case, not wholesale de-risking." FATF Taken from http://www.fatf-gafi.org/documents/documents/rba-and-de-risking.html

[37] De-risking in the Financial Sector https://www.worldbank.org/en/topic/financialsector/brief/de-risking-in-the-financial-sector

- Advertising Notice-
Beatriz Aguedo
Certified Specialist in Money Laundering Prevention (ACAMS). Director of Training in Lawgic Tec. Bachelor of Law from the Pontificia Universidad Católica del Perú (PUCP). She currently works in the Peruvian subsidiary of the Industrial and Commercial Bank of China, specializing in Compliance, Risk Management and Prevention of Money Laundering and Terrorism Financing. Email: beatriz.aguedo@gmail.com


1,954Happy fans


*All fields are required
es Spanish