Andrea Enria, chair of the supervisory board of the European Central Bank, is in Malta visiting the Malta Financial Services Authority. Ivan Martin asked him about banking scandals, cybersecurity and money laundering.
Malta has been hit by a number of banking-related scandals in recent years; Pilatus Bank and Satabank come to mind. How do you feel the country has done when it comes to the supervision of banks? Could the situation with these two banks specifically have been easily avoided?
Money laundering and terrorist financing are significant risks for banks which can ultimately affect not only their viability but also the reputation of their country’s financial system.
For this reason, the European Central Bank, as prudential supervisor, and the national authorities, like the Malta Financial Services Authority, as anti-money laundering (AML) supervisors, have to take money laundering risks extremely seriously.
There needs to be a continuous exchange of information between the ECB and the relevant AML authorities. By further enhancing the respective supervisory frameworks, it will become even more difficult to launder money within the banking union.
It’s important to remember that the ECB does not have the legal powers to directly supervise and enforce AML legislation – this is a national responsibility. If requested by the national authorities, however, we can withdraw a banking licence on grounds of money laundering.
What is the main weakness of Malta’s banking sector today? How does the ECB feel that it should be addressed?
The Maltese banking sector is comparably large in relation to the country’s economy and is closely integrated into the global financial system. It comprises various banks, three of which are classified by the ECB as significant financial institutions and directly supervised by us.
The Maltese banking sector is, on average, well capitalised and the asset quality of most Maltese banks is sound.
However, the profitability of the core domestic banks weakened in 2018 and non-financial risks like conduct, compliance, reputational and IT risks need to be managed in a more stringent and coherent manner, especially in the light of Malta’s leading role in blockchain and crypto technology.
A lot has been said about the Bank of Valletta (BoV) in recent months, from its risk profile to its corporate governance, and from its weak IT infrastructure (as exposed by a successful hack) to the loss of its correspondent banking service. Given the importance of BoV locally, what do you think the bank should do? Is the ECB monitoring the situation?
In general, it is of utmost importance for us that all supervised banks have effective governance arrangements and risk management frameworks in place.
These are crucial to ensure that the decisions banks make remain within their own risk appetite and adhere to the legal requirements and internal checks and balances.
Non-financial risks like conduct, compliance, reputational and IT risks need to be managed in a more stringent and coherent manner
As today’s banking system relies heavily on technology, with almost all business processes being digital, all banks need to ensure that they have effective and state-of-the-art IT systems and cyber security risk controls.
Since you raised the issue of cyber security, let me say that, although managing cyber risk is mainly the responsibility of the banks themselves, this risk is a major priority for us and we have been addressing it from various angles.
We consider cyber risk to be part of IT risk and, therefore, proper risk management is crucial to minimise the impact of any cyber-related attack.
Drawing on guidelines from the European Banking Authority, we have developed comprehensive IT risk self-assessments for supervised banks, including an extensive section on IT and cyber security.
The results of these assessments feed into our supervisory review and evaluation process, in which we also challenge the information provided by banks.
Additionally, we conduct on-site inspections with a focus on IT and cyber security. Every bank should be committed to constantly reviewing, protecting and upgrading its IT systems.
Malta has just failed a Moneyval assessment of its AML regime and is faced with quite a tall order to rectify the situation. Are you confident Malta can turn things around, and what will the greatest challenge be?
It is not up to me to pass judgement on the effectiveness of the systems to prevent money laundering and terrorist financing in individual member states or on their compliance with international standards. But strong, well-resourced and effective AML controls at the national level are also essential for the ECB to pursue its objectives.
It is imperative that there is closer cooperation between prudential supervisors and AML authorities.
Personally, I am confident that the Maltese authorities will manage to deliver the desired results to the benefit of the country’s banking system.
And, finally, the ECB has the power to overrule local regulators if they fail to properly regulate their banks. Has the ECB ever considered doing this in Malta in recent years, especially given the situation with Pilatus Bank and Satabank?
If it is necessary to ensure the consistent application of high supervisory standards, we can indeed take over the direct supervision of a less significant institution. This has already happened in the past.
However, as I indicated previously, it is not our task to uncover AML deficiencies and breaches of the relevant rules by banks; this is something for the Maltese authorities and we rely on their commitment.