Assessing Financial Crime risk in the Energy Trading & Supply Sector

Following on from our first blog on financial crime in the energy trading & supply sector, we’re going to explore how using an effective financial crime risk assessment can help your organisation combat financial crime. We’ll also highlight some of the key challenges you may face when doing so.

Risk assessments have long been a key requirement of global financial crime regulation and guidance. Whilst these requirements have historically focussed on the assessment of Money Laundering (ML) and Terrorist Financing (TF) risks, regulators increasingly expect organisations to broaden their domain coverage beyond just ML and TF. In some instances regulators such as the US Office of Foreign Assets Control (OFAC), have highlighted that they will look favourably on firms that have implemented an effective compliance framework, as part of their enforcement actions. This further highlights the importance regulators are placing on the implementation of an effective risk assessment in combatting financial crime.

The array of operational activities undertaken by energy trading & supply organisations makes them particularly prone to a number of financial crime risks. These include the bribery and corruption risks encountered during negotiations with agents and government intermediaries, the sanctions risks associated with operations in high risk and emerging markets, and the money laundering risks that accompany trading on exchanges. It is therefore crucial that organisations deploy a financial crime risk assessment that is sufficiently broad in coverage and suitably tailored to their business, in order to effectively identify and mitigate the financial crime risks to which they are exposed. Despite this, many organisations are still struggling to execute financial crime risk assessments effectively.

Benefits of an effective risk assessment in the short-term:

When deployed well, a financial crime risk assessment should provide a business with a comprehensive understanding of all the key financial crime risks to which their business is exposed. This includes how and where those risks may emerge and their relative materiality. In addition, it should provide the organisation with an initial view of the effectiveness of their financial crime controls environment and enable the development of a clear, prioritised action plan that will guide remedial activity. The action plan should provide clarity on the size and impact of the findings, including an estimate of time and resources required to address the issues. This in turn will help guide the organisation as to whether it should formalise any remedial activity under a stand-alone change programme or incorporate it into business as usual activities.

The strategic benefits of an effective risk assessment:

Over time, an organisation should try to move from simply using the risk assessment as a guide for short term remedial activity and instead use it to define and proactively monitor risk appetite and allow for corrective actions to be taken, where needed, in real time. The implementation of technology to automate the delivery of a financial crime risk assessment can help an organisation transition from static, point-in-time assessments of risk, to the real-time identification, assessment and mitigation of risks as they arise for a business. Not only this, but real-time access to an up-to-date risk profile of the organisation’s financial crime risk exposures can help senior management identify areas of lower and/or well-controlled risk and better explore the commercial opportunities associated with these areas.

Challenges faced by clients when undertaking a financial crime risk assessment:

1. Compliance and the business often operate in silos meaning that compliance does not sufficiently understand how the business operates. The business in turn does not truly understand how their operations are exposed to financial crime risk. This disconnect can lead to the development of controls that are not tailored to business activity and are often overly burdensome or ad hoc in nature and misaligned to financial crime risks.

2. The lack of a documented and clear methodology for assessing risk means a consistent approach is not adopted across different business areas and compliance, in it turn makes it challenging to compare and contrast different assessments. This can result in a lack of comprehension of risks across the organisation.

3. The lack of defined risk taxonomies means that an organisation is unable to identify and effectively map key financial crime risks across their physical and financial trading activities and operations, including supply and distribution activities. This in turn makes it difficult to effectively manage financial crime risks in a granular manner.

4. The lack of a clearly defined controls library, including associated procedural documents, means that it is unclear which controls are being employed by the business and whether these are effectively mitigating risk. This often leads to the development of onerous controls that do not enable effective and timely management of risk.

5. The use of manual tools (e.g. Excel) for the execution of risk assessments often means that assessments are, amongst other things, inefficient and prone to human error, with limited governance surrounding the management of outcomes. This can lead to inaccurate results and the disjointed management of risks.

6. Poor quality data raises challenges in effectively identifying and quantifying where and how risks crystalize. This in turn often leads to an organisation having to be reactive (rather than proactive) with conservative risk-based decisions and assume a worst-case scenario, which can in turn affect commercial decisions and business opportunities.

At Deloitte we have supported energy trading & supply clients, both in the design and execution of financial crime Risk Assessments, leveraging our broad understanding of this sector and the financial crime landscape to tailor and scale risk assessments to client’s needs. Our team has supported clients in enhancing their risk assessment capabilities in order to meet both their tactical and strategic requirements. If you would like to discuss this area in detail, please reach out to a member of our team: Katie Jackson, Rawad Halawi, Angela Molloy and George Cunnington.

References:

[1] Office of Financial Assets Control (“OFAC”) – Sanctions Compliance Framework https://home.treasury.gov/system/files/126/framework_ofac_cc.pdf