Private banking: Indonesia swoops on wealth management industry

When BI launched its review of the way that 23 wealth management and private banking firms conducted their risk management and compliance regime they did not expect to find that there was total compliance - there never is.

But nor did they expect to find widespread failure to develop implement and maintain adequate systems nor to enforce internal compliance with the systems that were in place.

What BI found was so bad that, on 28 April 2011, it made the following startling announcement:

Following the special audit into 23 banks that offer priority banking/wealth management and also to further enhance service quality, security and customer protection, BI suspended 23 banks from signing up new priority customers and offeringwealth management to new customers. The suspension will last for one month commencing on 2nd May 2011. Notwithstanding, existing priority banking/wealth managementcustomers will continue to enjoy service as normal.
The action was taken in order for banks to comprehensively fix their policies, systems and procedures, internal supervision and risk management as part of efforts to boost service quality, security and customer protection. During the periodof suspension, BI will monitor and, at an appropriate time, evaluate the improvements made by the banks in question.
The public is urged to remain calm and not to worry because the move is a regular supervisory action that is commonly taken and will not affect banking services to customers in general.

The public is unlikely to be shaken: only 134 visitor had read the notice by close of business in Jakarta today and this writer and several of his colleagues plus several journalists known to us were amongst those.

But, on 6 May, BI made an even more surprising announcement.

As a follow-up measure to the problems plaguing Citibank associated with priority services (Citigold) and credit cards, Bank Indonesia conducted a special audit to confirm violations of prevailing regulations. The investigation unearthed violations of internal bank regulations and exposed weaknesses in the application of risk management, indicated by shortcomings in the Standard Operating Procedure/SOP and internal control pursuant to PBI No. 5/8/PBI/2003, superseded by PBI No.11/25/PBI/2009 regarding the application of risk management by commercial banks. Furthermore, violations and weaknesses were also discovered in the administration system for credit cards as legislated by PBI No.11/11/PBI/2009 and SE BI No. 11/10/DASP concerning card-based payment instruments.
Consequently, the following actions were decided at the Bank Indonesia Board of Governors’ Meeting on 6th May 2011:
Imposing sanctions on Citibank consisting of:

- Prohibiting the acquisition of new Citigold customers for one year.
- Suspending credit card issuances to new customers for two years.
- Prohibiting the use of credit card billing services by third parties for two years.

The sanctions are effective as of 6th May 2011 and will be reviewed if, at a later date, more serious violations are uncovered.

Bank Indonesia conducted the following measures:

- Fit & Proper Tests for bank executives and management at the affected banks.
- Instructed Citibank to suspend bank executives involved with priority services (Citigold) and credit cards until Fit & Proper Tests can be performed by Bank Indonesia.
- Instructed Citibank to dismiss employees working under executives directly involved with the Citigold priority service and credit cards.

Those affected by points 2a and 2b have been instructed not to leave Indonesia until such time when Fit & Proper Tests can be completed..

Bank Indonesia instructed Citibank to:

- Enhance its implementation of risk management and internal control.
- Undertake corrective actions in accordance with the results of the audit and immediately communicate the outcome to Bank Indonesia.
- Refrain from opening new branch offices for one year commencing from 6th May 2011.
- Bank Indonesia requested Citibank head office in New York to evaluate the internal control function of Citibank Jakarta as a whole.
The actions taken by Bank Indonesia are part of the efforts to protect the interests of the customer as well as maintain banking industry credibility as a whole. The general public is urged to remain calm and not to worry because the current condition of the banking industry is favourable and stable and the actions taken against Citibank will not affect banking services to customers in general.

The banning of Citibank from taking on new Citigold customers is, in some respects, not surprising given the recent news of the discoveries by PPATK, the Indonesian FIU.

As a sanction, This is similar in nature to penalties that the Bank of Japan has imposed on banks there, particularly in private banking. In the case of credit cards, it is not clear whether it means customers who are new to the bank or customers who are new to the credit card business, regardless of whether they are new to the bank. If the latter, then this will be a serious blow to Citibank which aggressively markets its card services and regards them as a core revenue generator.

More interesting from a broader perspective is banning of outsourcing for credit card billing.

This is a reflection of a widespread problem across the financial sector and relates to the supervision of outsourced services. It has long been established in for example the UK that, where services are outsourced, the service may be outsourced but risk and compliance responsibility is not. Those remain with the financial institution that uses the outsourcing service. However, especially where services are outsourced offshore, the supervision of those services is often lacking. Without commenting directly on the Citibank case, I am aware of a number of instances where outsourced services fall below the standard that the financial institution would, itself, maintain if the services were performed in-house. There is a particular problem in relation to the vetting of staff in outsourced, offshore environments particularly with regard to data security. Further, several countries where such services are provided do not have a robust counter-money laundering regime and therefore there is a vastly different culture to those where many banks are headquartered.

The suspension and dismissal of specified staff is an unusual punishment but it is one that regulators should use more often. However, the regulator should, also, review the involvement of individuals with a view to disciplinary action and possible sanctions including placing of restrictions on authorisations or - for the most serious cases - revocation of authorisation or a ban on those persons working in the financial sector. The Bank has no power to hold passports but can apply to the Court to do so. This is in line with the position in Australia but the opposite of the position in several middle eastern countries.

Bank Indonesia is moving towards a much more confrontational approach with banks, local and foreign. Historically, it has focussed on local banks and taken the view that foreign banks are supervised primarily by their own regulator. This is an approach that regulators such as the UK's FSA has encouraged as it has sent out teams to review the global operations of UK head-quartered banks. However, local regulators are at last coming to the conclusion that foreign banks are often less compliant with local laws and regulations than they should be and we can expect to see more reviews of foreign banks, not just in Indonesia but around the world. Also, BI has, generally, been more concerned with the financial state of banks rather than their management. That, too, is changing and we can expect to see more examination of banks of all types.

In the Citibank case, note the BI finding that there were breaches of internal bank regulations: this is a topic that Nigel Morris-Cotterill, Head, The Anti Money Laundering Network*, the ultimate owner of BankingInsuranceSecurities.Com has highlighted on many occasions but it's a message that financial institutions rarely pay much attention to. However, in recent months, several financial institutions in the USA have been disciplined on the basis not that their procedures were inadequate but that they were not followed and management failed to deal with that.

*The Anti Money Laundering Network