Pakistan banks raise the compliance game, in a hurry | Wolters Kluwer
  • Insights

  • Pakistan banks raise the compliance game, in a hurry

    By Selwyn Parker

    Published January 10, 2018

    They may be years too late but Pakistan’s regulators are finally demanding that the country’s banks step up their compliance in the wake of heavy fines slapped on Habib Bank by the United States.

    When Habib agreed in September to pay $225m to settle an enforcement action by the New York State Department of Financial Services (DFS), it exposed serious regulatory failings at home and abroad.

    As a DFS review pointed out, the institution had basically run roughshod through anti-money laundering and terrorist financing laws for years on end. It had failed to properly screen thousands of transactions, processing payments for known criminals and a variety of sanctioned entities. DFS superintendent Maria Vullo referred to “glaring deficiencies” that the bank had failed to fix despite “being given more than sufficient opportunity.”
    Habib has expressed contrition through its American lawyers and promised to strengthen its compliance processes, operations and control. However that won’t happen in the US – the bank will have to close down its branch in New York, its only office in the US.

    Nor is that the end of the matter – the bank must submit to another investigation by the department into transactions processed right up to July 2017.


    The whole episode is in an implicit criticism of the failings of Pakistani regulators who have been slow to match the crackdowns on money-laundering and terrorism financing that have been going on elsewhere. Making things worse, Habib is Pakistan’s biggest lender.

    Pakistan has been put under heavy pressure in the last few years to tidy up the compliance function in its financial sector as part of a broader attack on long-standing corruption. In fact, the country has just completed the first year of compliance under the United Nations Convention Against Corruption (UNCAC). The review of its performance revealed improvements but showed there’s a long way to go yet.

    It’s not that Pakistan doesn’t have laws against the kind of practices exposed by the DFS review into Habib, it’s more that they are not enforced. For example, Pakistan has had had a running battle with US regulators over terrorist financing. One problem is a shortage of state agencies with the power and competence to undertake investigations, although that’s now being addressed.

    In a hurry 

    The central bank, known as the State Bank of Pakistan, is in a hurry to sort things out. It has given the financial sector until the end of the year to install western-style compliance risk management. Welcome though this is, it’s a tall order considering that many financial institutions are coming from a standing start.

    As the central bank acknowledges: “At present the structure, scope, depth and breadth of [the] compliance function varies grossly among financial institutions and there exists a wide gap between the understanding of compliance risk and its management in the industry, and the related regulatory expectations.”

    Translated, the compliance function is woefully inadequate. Indeed, the State Bank of Pakistan noted in a report in early 2017: “Generally the compliance function has not been provided with due importance, support, independence and adequate resources to carry out their functions effectively.” (Similar observations were made about the compliance functions of much of the financial sector in the UK following the financial crisis.)

    So saying, the central bank has set the stiffest of targets for the compliance function. Namely, perfection. “The risk appetite for non-compliance of legal, regulatory requirements has to be zero,” it warns. “All financial institutions have no option but to comply with laws, rules and regulations as applicable to its business.”

    While leaving it up to the banks to design their own compliance systems, the central bank has urged them to adopt a “three lines of defence” model. In this, management is obviously the first line. The compliance function stands next in the queue, with considerable powers of investigation and follow-up. And finally, the internal audit function has the job of ensuring the first two lines of defence are working properly, and then reporting on their effectiveness to the board.


    Almost certainly, the top priority of all three lines of defence will be money-laundering and terrorism financing (AML/CFT) because of the breaches revealed at Habib. The central bank is so concerned about AML/CFT that it’s been organising seminars on the subject and, in late November, deputy governor Jameel Ahmad gave an address on the subject.

    Regulators are under pressure too. Pakistan’s banks, including Habib, are opening branches abroad, for instance in China, and must therefore adhere to international standards. The banks of other countries are returning the favour – Bank of China, one of that country’s big four, has just opened a branch in Pakistan.

    Meantime the country’s new wave of compliance officers could do a lot worse than study the DFS’s review of Habib’s misdemeanours over the years. Its investigators found a whole range of “insufficiencies” – in compliance training, risk rating of customers including due diligence of correspondent banks, documentation, management and head office governance, not to mention weaknesses in the internal auditing of compliance with the Bank Secrecy Act as well as in data mapping and the integrity of the data mapping programme.

    What particularly aroused the DFS’s ire was Habib’s failure to address issues that the New York investigators had identified and raised with management. Not only had they discovered repeated violations of regulations “in almost every year since 2006”, yet another examination in 2015 found that the bank’s compliance function had deteriorated even further, if that were possible. To cap it all, another review in 2016 showed Habib’s performance was so poor that they gave the New York branch the lowest possible rating – a “five”.

    The latest review revealed wholesale violations including the facilitation of “billions of dollars in transactions” with a Saudi private bank with reported links to al Qaeda, all without adequate AML/CFL controls. At least 13,000 transactions flowed through the New York office. Habib also ran a “good guy” list of customers that was used to camouflage the channelling of $250m to several proscribed individuals.

    The DFS investigation has done Pakistan’s regulators a huge favour by providing a template that should serve as a guide for compliance officers in the future. And international regulatory agencies will be watching closely to see what they learn from it.

    About the author: Selwyn Parker is an author of books on finance and business topics, a specialist in financial history, and regular contributor to newspapers and magazines. Based in Spain, France and the UK, he focuses mainly on European developments. His latest book, The Great Crash, is a new history of the Great Depression that among other things explains the rise of regulation in the form of the SEC and related authorities. Selwyn is a regular contributor to Wolters Kluwer Compliance Resource Network.

    If this article was useful to you, we can assist with more in-depth analysis needed to understand the ever changing regulatory environment.  We’ve made OneSumX Compliance Resource Network an all-inclusive information solution. In a single, convenient location, you can quickly and accurately access all pertinent regulations, legislation and updated rulebooks. Sign up for yourfree trial today  



  • Please take a moment and tell us what you think of our content.