Documents leaked to investigative journalist Clare Rewcastle Brown’s website Sarawak Report in 2015 revealed how money appeared to have been funnelled out of the fund via a close friend of the prime minister, Malaysian tycoon Jho Low. He has denied any wrongdoing, but is currently facing an Interpol warrant for his arrest. The Wall Street Journal then published serious allegations of financial fraud, including the transfer of US$681m into Najib’s personal account. Funds were alleged to have been siphoned off through a web of shell companies and bank accounts and lavishly spent on items including a luxury property, a private yacht, and even funding for a Hollywood film. Investigations into these and other activities continue; Najib and Low deny any wrongdoing.
While Najib was initially cleared of any criminal offence in 2016 (the report was classified under Malaysia’s Official Secrets Act), and Malaysia’s central bank’s investigations led to 1MDB being fined (an undisclosed amount) for irregularities, the scandal attracted the attention of authorities in Singapore, Switzerland and the US – and it was these regulators that claimed the scandal’s first victim, the venerable Swiss bank BSI.
End of a bank’s bull run
The 143-year-old bank was one of the oldest in Switzerland and the sixth largest, having expanded overseas during the 2000s into the high-growth markets of Asia, Eastern Europe, the Middle East and Latin America. As a strategically important financial centre, the bank opened a Singapore subsidiary in 2005. Under chief executive Hanspeter Brunner it grew rapidly. Among its clients were high net-worth individuals, family-owned companies, and several state-owned wealth and development funds – including 1MDB.
Storm clouds were gathering. In 2011, the Monetary Authority of Singapore, the state bank and financial regulator, inspected the bank for the first time, finding policy and process lapses and weak enforcement and control. A second inspection in 2014 uncovered serious shortcomings in BSI Singapore’s due diligence conducted on assets supposedly underlying the investment funds. The bank became embroiled in regulatory investigations related to 1MDB – now BSI Singapore’s largest and most profitable client.
A subsequent intensive on-site inspection of BSI Singapore revealed multiple breaches of anti-money laundering regulations, a pervasive pattern of non-compliance, poor and ineffective oversight from senior management and numerous acts of gross misconduct. The bank’s licence was withdrawn in May 2016, and the names of BSI Singapore employees, including Brunner’s, were passed to authorities to determine whether they had committed any criminal offence. Investigations into Brunner and other executives continue, although Brunner recently won back a confiscated passport.
On the same day, the Swiss Financial Market Supervisory Authority (Finma) started criminal proceedings against the BSI group for failing to prevent suspected money laundering and bribery in its dealings with 1MDB. The BSI group was fined 95m Swiss francs (US$96m), the amount the bank had generated in illegal profits. The group’s chief executive Stefano Coduri stepped down, and subsequently BSI was taken over by private banking group Zurich-based EFG International, on Finma’s condition that the BSI group would be dissolved within the next 12 months.
The US Department of Justice also filed civil forfeiture complaints in 2016 and 2017 seeking to recover about US$1.7 billion tied to 1MDB – the largest action brought under the US Kleptocracy Asset Recovery Initiative.
Three lessons from BSI’s demise
There will always be tension between the demands of business and regulations controlling a bank’s exposure to risk, especially when directives are given to achieve high growth targets. This scenario plays out in banks all over the world – but which should prevail? BSI appears to have prioritised customer demands in its pursuit of growth and profit, at the expense of compliance and internal controls. The outcome, as it was during the financial crash of 2007-08, is plain to see.
The failure of senior management to provide any effective oversight of non-compliance or misconduct of bank employees ultimately points to a dereliction of duty. Did BSI staff not notice that 1MDB had 100 accounts at the same bank? Such high numbers of accounts are considered a sign of “layering”, a method that makes it more difficult to detect money laundering activity. While precisely what happened has yet to be established, it seems clear that BSI failed to perform its due diligence or to monitor transactions.
In a globalised world economy, the risks associated with compliance breaches and management failures in one region can have far-reaching implications in others. All chief officers in banks like to say that compliance and risk management is their key priority. But most participate only at the strategic level, and other departments such as legal, IT and project management must implement it. A common vision of strategy and compliance across all levels of all departments of a company’s global operations is required to ensure that management oversight is consistent throughout the company.
Ultimately, the result of failing to pay attention can be catastrophic for the company involved – and others too, if struck by the domino effect.
Salvatore Cantale is Professor of Finance, IMD Business School
Ivy Buche is Business Transformation Project Manager at IMD.
This article was first published in The Conversation.