- Risk Queue
- Posts
- AML Nightmares, AI Hesitancy, Hidden Housing Risk, Regulators On the Move, & Interest Rate Risk Primer
AML Nightmares, AI Hesitancy, Hidden Housing Risk, Regulators On the Move, & Interest Rate Risk Primer
Naeem Qasim
March 13, 2025
Welcome back to the Risk Queue! This week we're diving into some explosive regulatory actions, mounting AML costs, the banking industry's cautious AI approach, and a potential housing market time bomb.
-From Naeem, CEO & Founder - Risk On Q
PICKS:
Headlines
Is This 2008 Again? The Hidden Housing Crisis
TD's $500M AML Nightmare: A Cautionary Tale
Why Banks Fear AI in Core Operations
AI & Risk Tech Developments
Accenture Findings on Cyber Risk
Bank of America's Document Breach
Regulatory Updates
PCAOB Hammers KPMG with $3.4M in Fines
CFTC's New Settlement Fast-Track for Minor Violations
Nasdaq Pays $22M to Settle CFTC Case Over Trader Payments
Risk Headlines
Another Subprime Housing Bubble WSJ Reports - source wsj.com
Key Points:
The WSJ opinion piece outlines a government-created market distortion where weakened underwriting standards combined with aggressive mortgage relief programs have fundamentally altered the relationship between borrower performance and housing market outcomes, creating artificial price support while potentially accumulating systemic risk. This intervention has transformed traditional market mechanisms where defaults lead to foreclosures and price corrections, instead perpetuating a cycle where increasingly leveraged borrowers receive government-subsidized assistance that maintains housing prices at elevated levels while creating significant moral hazard for both borrowers and servicers.
The data suggests that underwriting standards have progressively deteriorated within FHA-insured portfolios, with the percentage of borrowers exceeding the 43% debt-to-income threshold increasing from 35% in 2007 to 64% in 2024.
_________________________________
Why the Banking Industry is Still Nervous about AI - source dentons.com
Key Points:
Institutions recognize the technology's strategic importance yet remain cautious about deployment in core operations, creating an implementation paradox where banks simultaneously embrace AI in support functions while erecting barriers to its use in critical business areas. This hesitancy stems from a complex intersection of operational risk concerns, regulatory uncertainty, and talent implications, yet exists alongside the widespread acknowledgment that AI adoption is becoming an existential competitive necessity.
74% of financial services firms are using AI for IT and cybersecurity
72% have deployed AI for customer service and support functions
Only 29% of financial institutions have a formal AI roadmap or strategy
_________________________________
TD Racks Up AML Remediation Costs- $500 Million 👆️ - source bankingdive.com
Key Points:
TD Bank's ongoing AML remediation efforts are costing approximately $86 million quarterly toward an expected $500 million total for fiscal 2025, following over $3 billion in penalties and a $434 billion cap on U.S. retail assets stemming from compliance failures discovered during a fentanyl investigation. The bank has appointed Guidepost Solutions as its compliance monitor and is implementing a centralized case management system with machine-learning detection capabilities, while also making significant leadership changes including accelerating CEO transition and cutting compensation for 41 executives—demonstrating how compliance failures can create profound financial, regulatory, and strategic constraints on a major financial institution.
A.I. Risk / Technology Risk
Accenture Report Reveals Disconnect for Banks’ Cybersecurity Investments & Customers’ Perception of Security Across the Banking Ecosystem - source thetechpanda.com
Key Points:
Despite banks' substantial investment in cybersecurity (up 140% over two years), a critical trust gap exists where customers lack confidence in the broader banking ecosystem, particularly regarding third-party vendors and data sharing. This represents both a significant risk as 62% of customers lose confidence after a breach and a strategic opportunity, as institutions that effectively implement comprehensive security practices experience 58% fewer breaches and 1.5 times higher customer retention rates.
While 81% of customers trust their own bank with data security, this trust dramatically declines for the broader banking ecosystem—a critical vulnerability given the interconnected nature of modern financial services. The finding that only 10% of banks implement all recommended security practices highlights a significant gap between industry leaders and the average institution.
_________________________________
Bank of America Sounds Alarm on Massive Data Breach - source benzinga.com
Key Points:
Bank of America has disclosed a data breach stemming from a third-party document destruction vendor's failure to properly secure physical documents during transport, potentially exposing comprehensive customer personal and financial information. This incident, following closely behind a January breach affecting hundreds of customers, highlights critical vulnerabilities in vendor risk management and physical document handling protocols that could significantly impact customer trust, trigger regulatory scrutiny, and require substantial investment in security enhancements to prevent similar occurrences in the future.
Bank of America experienced a data breach on December 30 due to improper handling by a third-party document destruction vendor
Sensitive data potentially exposed includes names, financial account details, addresses, phone numbers, email addresses, gender, birth dates, SSNs, and government IDs
At least two customers in Massachusetts were confirmed affected, but full scope is undisclosed
This follows a January breach that affected at least 414 customers
Bank is offering affected customers complimentary identity-theft protection for two years
Regulatory News - Fines, Losses, & Rules
Nasdaq Pays $22 Million to Settle CFTC Case Over Payments to Traders - source wsj.com
Key Points:
Nasdaq's $22 million CFTC settlement over undisclosed volume-based payments to market makers on their failed energy futures exchange highlights significant regulatory scrutiny around market structure incentives, particularly when communication with regulators lacks full transparency.
Nasdaq paid $22 million to settle CFTC case related to their now-defunct energy futures exchange (NFX)
CFTC alleged Nasdaq made "false and misleading statements" about payments to market makers between 2015-2018
Nasdaq disclosed fixed monthly payments but didn't disclose (and sometimes explicitly denied) volume-based payouts
Nasdaq didn't admit wrongdoing as part of the settlement
_________________________________
CFTC Acting Chairman Pham Announces Effort to Quickly Resolve Recordkeeping & Reporting Investigations & Pledges Additional Guidance on Self-Reporting & Cooperation US - source benzinga.com
Key Points:
CFTC Acting Chairman Pham has announced a two-week window for financial institutions to expedite the resolution of self-reported recordkeeping and reporting violations that don't involve customer harm or market abuse, with penalties based on historical precedent. This represents both an immediate opportunity to efficiently resolve pending regulatory matters and a significant shift in the CFTC's enforcement priorities back toward fraud and market manipulation rather than technical compliance, suggesting financial institutions should reallocate compliance resources accordingly while remaining vigilant about forthcoming guidance on CFTC's referral processes.
_________________________________
PCAOB Sanctions Nine KPMG Global Network Fimrs for Violations of PCAOB Rules & Standards, Including Quality Control - source pcaobus.org
Key Points:
The PCAOB has sanctioned nine KPMG global network firms for failing to properly disclose which firms performed audit work and how much work was done by entities other than the signing firm, imposing $3.375 million in fines along with remedial requirements. This action highlights significant transparency issues in multi-country audits that could impact investor confidence and audit committee effectiveness at financial institutions.
Nine KPMG global network firms were sanctioned with censures, $3.375 million in fines, and remedial requirements
Violations include failure to accurately disclose audit participants on Form AP
Four firms failed to properly communicate with audit committees about other accounting firms involved
Quality control standards violations across all firms
Particular significance in multi-country audits
Risk Data to Geek Out On
Define Interest Rate Risk - Managing Financial Risk Management - riskonq .com
This week we will continue to focus on a key risk program impacting financial risk management, moving to Interest Rate Risk, last week we covered Liquidity Risk. Over the coming weeks, we will define these concepts to enhance understanding and gain an appreciation of the vast risk management ecosystem existing in the financial sector. Interest Rate Risk Management (IRRM) is a critical component of financial risk management for financial institutions, aiming to mitigate the impact of interest rate fluctuations on earnings and asset values.
Interest Rate Risk Management is the process of measuring and controlling organizational risks arising from changes in interest rates. Its primary objectives include ensuring financial stability, protecting net interest margins (NIM), reducing earnings volatility, ensuring regulatory compliance, and enhancing shareholder value.
1. Types of Interest Rate Risk
Repricing Risk: Arises when assets and liabilities have different repricing dates, affecting net interest income.
Yield Curve Risk: Changes in the yield curve can impact the value of fixed-rate assets and liabilities.
Basis Risk: Differences in interest rates between two related financial instruments.
Option Risk: Embedded options in financial instruments can increase interest rate risk.
1.2 Interconnection with Other Risks
Interest rate risk is interconnected with other risk types:
Credit Risk: Changes in interest rates can affect collateral values and borrower repayment capacity.
Market Risk: Fluctuations in interest rates impact asset prices.
Operational Risk: Inadequate processes can lead to flawed risk assessments.
Liquidity Risk: Interest rate changes can affect liquidity and capital adequacy.
2. Implementation in Financial Institutions
Financial institutions, such as banks and credit unions, manage interest rate risk through:
Asset-Liability Management (ALM): Matching the repricing of assets and liabilities.
Derivatives: Using interest rate swaps and options to hedge risks.
2.2 Regulatory Landscape
Regulatory frameworks like the Basel Accords emphasize the importance of effective risk management. Basel III requires banks to maintain enhanced liquidity coverage ratios and leverage ratio buffers.
2.3 Impact of Financial Products
Loans: Floating-rate loans can mitigate interest rate risk.
Bonds: Fixed-rate bonds are sensitive to interest rate changes.
Derivatives: Used for hedging interest rate risks.
2.4 Macroeconomic Factors
Macroeconomic conditions, such as recessions, can increase interest rate volatility and impact credit risk profiles.
3. Interest Rate Risk Management Strategies
3.1 Risk Scoring and Rating Models
Internal Models: Utilize historical data to predict interest rate movements.
External Ratings: Use benchmarks to assess risk exposure.
3.2 Loan Origination and Underwriting
Interest Rate Sensitivity Analysis: Assessing how changes in interest rates affect loan profitability.
Collateral Management: Ensuring adequate collateral to mitigate potential losses.
3.3 Monitoring and Reporting
Key Risk Indicators (KRIs): Tracking metrics like net interest income sensitivity.
Stress Testing: Simulating extreme interest rate scenarios to assess resilience.
3.4 Portfolio Diversification and Hedging
Diversification: Spreading investments across different asset classes.
Hedging Strategies: Using derivatives to mitigate interest rate risks.
4. Measurement and Metrics Framework
4.1 Key Risk Indicators (KRIs) and Thresholds
Net Interest Income Sensitivity: Measuring the impact of interest rate changes on earnings.
Economic Value of Equity (EVE) Sensitivity: Assessing the impact on capital.
4.2 Performance Metrics and Scorecards
Return on Assets (ROA): Evaluating profitability.
Risk-Adjusted Return on Capital (RAROC): Assessing risk-adjusted performance.
4.3 Risk Appetite Frameworks and Limits
Interest Rate Risk Tolerance: Setting limits on acceptable risk exposure.
Capital Adequacy Ratios: Ensuring sufficient capital to cover potential losses.
4.4 Stress Testing Methodologies
Scenario-Based Stress Testing: Simulating extreme interest rate scenarios.
Sensitivity Analysis: Assessing the impact of small changes in interest rates.
5. Best Practices and Recommendations
Regular Risk Assessments: Continuously monitor and update risk management strategies.
Diversification and Hedging: Implement diversified portfolios and hedging strategies.
Technology Integration: Leverage AI/ML and data analytics for enhanced risk management.
6. Real-World Examples and Case Studies
Silicon Valley Bank: Highlighting the importance of effective interest rate risk management.
Basel III Compliance: Ensuring regulatory alignment to maintain financial stability.
6.1 Lessons Learned and Common Pitfalls
Inadequate Risk Assessment: Failing to anticipate interest rate changes.
Insufficient Diversification: Overexposure to specific asset classes.
_________________________________
Thank you for reading,
Naeem
p.s. If you find the Risk Queue newsletter helpful please subscribe and share it with a friend or colleagues, you can find it here!