First, I would like to express my gratitude to The Bangladesh Express for initiating a unique dialogue of bank CEOs through a special publication. In today’s interconnected business world, industry dialogues, policy discussions among stakeholders can reduce policy gaps to help businesses spur growth. While dialogue or debate is a way to foster understanding, cooperation a free and lively exchange of ideas, print media dialogues have an impact on business and growth. And thus the publication helps the CEOs to minimize gaps between the regulators and industry leaders with the policymakers to mitigate industry problems. As criminality and technology risks are becoming increasing concerns of banks and FIs, this print media dialogue on thefts and threats in baking will help us all to take precautionary measures enriching our knowledge through interactions and sharing ideas among market players, policymakers, and regulators, I believe.

The keynote paper of the dialogue has rightly focused on the money thefts and the cyber threats—the two new epidemics now hammering banks and financial institutions globally. Continued reliance on manual controls to detect red flags and well-known frauds such as diversion of funds and fraudulent documentation (leading to loan fraud) continues to impact the banking sector more significantly than cybercrime and identity theft, which are dominating the global banking fraud landscape. So regulators around the world are proposing stricter banking rules to cover cyber, fraud risks. Some governments are even pursuing penetration testing, also referred to sometimes as “war games,” to help strengthen the defenses of their most valuable banking institutions. On one side, these war games are reshaping banks’ strategy mainly in two ways—firstly capital-intense activities are being reformulated or discontinued, and banks will have to balance capital-intense activities, such as loans, with capital-lite activities such as services, asset management, payments and so on. This is a big change for traditional banks and a new threat to their correspondent banking business. On the other side, clients are demanding digital relationships—a challenge for the banks that requires them to invest heavily in technology to change the business model.

The banking scandal in Bangladesh is widespread, incompetence, corruption, and greed have been endemic and the recent bank fraud incidents are now a global hot topic. In response to a series of loan scandals that many say illustrates a culture of rule-breaking in some leading banks of Bangladesh. As the regulator of banks and FIs, the Bangladesh Bank has stepped up rigorous scrutiny, strengthened supervision, and sharpened its tools. A war virtually has begun in the country’s banking landscape to combat thefts and threats. The real challenge for the banking community is to show by the deeds, and not just by their words.

For the last two years, we have been seeing a significant development in fraud risk management perspective, with the BB issuing several directives aimed at improving governance and profitability levels among banks, by mitigating the risk of loan defaults and fraud. But cyber security issues remained on the sideline. Recently, the BB has asked all banks and financial institutions to set up appropriate technology platforms to safeguard money from cyber criminals and implement KYC practices in their organizations to remain safe. Sound KYC tool is a critical weapon in managing banking risks. So, all banks should implement KYC practices strictly in their operations in every branch and monitor the practices strictly.

The ongoing battle: Is regulation enough?

Over the last decade, the global banking sector has experienced a plethora of regulations while in developed economies the prime focus has been financial inclusion. A battle against money laundering and terrorist financing has already started at the global level and continues to be stirred by regulatory bodies such as the Basel Committee on Banking Supervision, the Financial Action Task Force (FATF), the European Commission, while the Basel Committee is consulting on a revised version of its General guide. Last month, the US anti-money-laundering authority proposed tougher regulations in a move aimed at choking off financing for terrorist organizations and other crime groups. The new rules, among the nation's strictest, would require senior financial executives to certify personally that their institutions had strong safeguards to identify, weed out, and prevent illicit transactions. Violations potentially could subject the officials to legal penalties, which have already reached a billion-dollar amount. But the question still is looming largely among bankers all over the world: Is the regulation enough to check fraudulence incidents in banking when banks are facing tough situations with rising costs and fines?

I don’t think so. Regulation alone cannot be a solution. Collaboration among banks and cooperation between the regulators and the market players are vital components to win the battle. In this race, the BB’s structured approach to fight ML-TF is laudable and a unique model for Third-World countries.

 Where do we stand in the battle?

At Exim Bank, we put more focus not only on KYC implementation practices but also on the policy of recruitment process as, we believe, the placement of the right people in the right places is necessary to stop loan fraud, money laundering, and financing to terrorists. To prevent cyber attacks, we have upgraded our IT security systems and our process does not end here. We are continuously adopting the latest technology to scrutinize all transaction processes and strengthen credit risk management tools to combat all threats and thefts in our banking operations. But we need to do more as criminals are clever, and brilliant and are likely to attack us any time.

Recently we have fitted our ATMs with PIN shields and anti-skimming devices. We have SMS notifications to account holders for all sorts of withdrawals and deposits and are going to make more secure ATM cards with EMV chips and OTP (One Time Password) very soon, while the encryption process of interunit data communication is underway. We are reviewing several systems to protect the systems from new threats like Advanced Persistent Threats (APT), Zero-Day Attacks, etc. For perimeter security, we have deployed next-generation firewalls with Intrusion Detection System (IDS) and Intrusion Protection System (IPS) for all inbound and outbound traffic. We are periodically conducting Vulnerability Assessment and Penetration Tests in many of our banking systems to ensure they are protected from any kind of attacks.

De-risking: BB’s approach is laudable

Many banking experts say the “Know Your Customer” (KYC) guidelines set by the intergovernmental Financial Action Taskforce have made it difficult for financial criminals to access banking services and damage developing economies’ growth opportunities. Banks are now required to know not only their customers but also their customers’ customers (Know Your Customers’ Customers or KYCC). Money transmitters, charities, and fintech companies are among the sectors particularly affected by the new extended policies and some banks are also withdrawing from providing correspondent banking services for safety and security. The more the banks invest their resources in AML/CFT controls, the more secure will the financial markets be.    

Financial institutions are arguably rational in their determination that the bottom line is not anyhow affected adversely by the overheads of AML/CFT move; therefore, bankers are earnestly implementing BB-initiated financial inclusion policy as a suitable means to offset the overheads of AML/CFT. The goals of financial inclusion, anti-money laundering, and countering the financing of terrorism (AML/CFT), are not inherently in conflict.

So, I think bankers in Bangladesh will cooperate and coordinate with the BB on its way to setting streamlined definitions, standards, and strategies about AML/CFT- for the sake of a better financial environment in the country.