The Tribune

By NEIL HARTNELL

Tribune Business Editor

nhartnell@tribunemedia.net

Bahamian financial institutions recently fell short of global standards for detecting clients and transactions subject to international sanctions, the Central Bank has revealed.

The regulator for banks, trust companies, credit unions and money transmission/payment providers disclosed in its just-released 2024 third quarter update that a recent review, involving “live testing”, saw 61 Bahamian financial institutions achieve a collective 87.7 percent and 89.9 percent success rate, respectively, for detecting sanctioned individuals/companies and transactions related to them.

These scores, the Central Bank revealed, were below the 96.4 percent and 96 percent marks deemed to be the global benchmark for “effectiveness” in preventing such individuals and entities from accessing the global financial system. Sanctions are typically applied to groups deemed to be terrorist organisations, such as Hamas, and those affiliated with ‘rogue’ regimes such as North Korea.

“The Central Bank engaged AML Analytics in May 2024 to conduct an independent review to assess the effectiveness and efficiency of sanctions-screening solutions used by supervised financial institutions,” it said. 

“Sixty-one supervised financial institutions participated in the live screening tests held in July 2024. The consolidated assessment results reflected 87.7 percent effectiveness for client screening (the global benchmark is 96.4 percent) and 89.9 percent effectiveness for transaction screening (the global benchmark is 96 percent)”.

John Rolle, the Central Bank’s governor, could not be reached for comment before press time last night despite Tribune Business efforts to do so. But, in response to the results, the Central Bank added: “Virtual feedback sessions were conducted with individual supervised financial institutions in late August 2024, with formal feedback letters detailing necessary improvements set to be issued by mid-October 2024.

“Supervised financial institutions should expect to receive letters indicating whether their systems were considered satisfactory, needing improvement or deficient. An industry re-testing to evidence improvements were made is planned for the third quarter of 2025.”

The Central Bank also plans “to enhance its sanctions supervisory framework through the publication of ‘targeted financial sanctions reporting forms’ and guidance notes for licensees, which will be created in conjunction with other Bahamian financial services regulators and are expected to be issued in the 2024 fourth quarter. Further guidance notes on sanctions will be released in the 2025 first quarter.

Elsewhere, the Central Bank said it will this month hold a consultation and briefing with the Bahamas Cooperative League’s directors to discuss plans to strengthen the regulatory regime for local credit unions via the Bahamas Cooperative Credit Union Bill 2024. “A wider engagement with the credit union sector will ensue afterwards, followed by a 60-day industry/public consultation period,” it added.

“These proposed amendments to the legislation will seek to expand and strengthen the supervisory oversight of the Central Bank, provide firmer deterrence safeguards against misconduct and instructional provisions that outline the minimum standards for operations in varying circumstances.

“The amended legislation will also seek to enhance fit and proper criteria for directors and senior management, and establish a resolution framework that strengthens regulatory intervention.” The Central Bank then added that the global information technology (IT) outage caused by CrowdStrike, the cyber security firm, implementing a faulty upgrade, had reinforced the importance of business continuity planning.

“Following the global IT outage that occurred on 19 July, 2024, the Central Bank issued a survey to supervised financial institutions to assess the extent that the outage may have had on their operations,” the regulator added. “Most supervised financial institutions reported no to little impact from the outage.

“Those reporting some impact outlined a range of technical issues such as loss of access to Microsoft products, servers and workstations; interruptions in internal monitoring systems which necessitated manual oversight; and disturbances to endpoint detection and response (EDR) services. In all cases, however, supervised financial institutions reported that issues were remedied shortly after the date of the initial events.

“The occurrence of such systemic events underscore the importance within the industry of maintaining resilient up-to-date business continuity plans (BCP),” the Central Bank added. “Additionally, we emphasise the need to maintain robust patch management policies and procedures, including the testing of updates pre-deployment and adopting the phased deployment of updates.

“Third-party risks also need to be closely managed so that these do not expose gaps in supervised financial institutions’ policies around patch management.” The Central Bank also warned that its approval must be obtained when licensees declare, and payout, dividends that are either greater than the prior year’s profit or reduce their capital position to one “less than that required” by regulation.

And the regulator also said that, while not mandatory, its recent transparency directive on Bahamian commercial bank fees “may also allow supervised financial institutions to articulate how the costs of providing fee-based services are also varying”.