Lehohla slams lack of metrics, transparency around closure of bank accounts on reputational risk

Customers queue to draw money from an ATM outside a branch of South Africa's Nedbank (right) and First National Bank (FNB) in Johannesburg. Photo: Reuters

Customers queue to draw money from an ATM outside a branch of South Africa's Nedbank (right) and First National Bank (FNB) in Johannesburg. Photo: Reuters

Published Apr 29, 2024


Pali Lehohla, the former Statistician-General of South Africa, on Friday slammed the lack of methodology and transparency around clients’ bank account closures.

“All institutions have standards that must be communicated up front to their clients, particularly the banks, which are highly regulated," he said in an interview with Business Report.

He said banks had to ensure that clients were aware of their rights, and banks could not apply standards based on their own free will and decisions.

Therefore, when it came to closing accounts, that had to be communicated up front as part of the regulatory environment and under what conditions bank account closures happened, and what the clients were entitled to by way of appeal.

“It is a highly-regulated issue and these standards are global and if anyone says that they can’t provide the methodology or standards as there is a protection of clients’ rights, that cannot be correct. That information must be available as a general rule, as a matter of governance.

“So when one asks under what conditions you are closing a bank account, the answer cannot be that we are protecting the clients. That does not serve as an answer. The answer should be these are the conditions under which this happens,” Lehohla said.

Lehohla said banks needed to be more specific about reputation risk. He agreed clients names can’t be disclosed. But said the statistics of the reasons for bank account closures must be in the public domain.

“It can’t just be public perception, it has to be backed by public standards. Allegations of corruption must be first ruled on in court. Following that the reason for closing the bank account by a perpetrator must be published due to public interest.The The Banking Association South Africa must audits if the reasons for the bank account closures are valid or not to protect the public,” Lehohla said.

Another way of ensuring that clients were protected was by providing regular reports on client accounts in aggregate form and running acid tests on closed accounts, he added.

This was in response to Business Report talking to Lehohla after sharing Nedbank’s refusal on Friday – in response to questions on the methodology of reputational risk – to say how this is being calculated, if its 7.3 million active clients are being monitored and if artificial intelligence algorithms are being used, among other questions.

The questions around reputational risk come in the wake of Nedbank’s 2023 annual report, which was released this month, that revealed that it has closed nearly 200 bank accounts on reputational risk.

Its Pillar 3 Risk and Capital Management Report for the year ended December 31, 2023, gave a brief but opaque description on reputational risk, but said that in 2023: “Within risk appetite at 31 December 2023, there was no material breach of risk appetite.”

Nedbank said in the report that among the top 10 risks identified for 2024 was reputational risk.

“Nedbank's reputational risk is informed by public perception. We have a zero tolerance for corruption, and we expect all our stakeholders, including our clients, service providers and employees, to conduct themselves ethically and with integrity,” it said.

The report said a model is a quantitative method, system or approach that applies statistical, economic, financial or mathematical theories, techniques and assumptions to process input data into quantitative estimates. A model also covers quantitative approaches, where inputs are partially or wholly qualitative or based on expert judgement, provided that the output is quantitative in nature.

Nedbank was asked by Business Report to explain this via these questions:

– When was reputational risk introduced as a risk metric and what prompted it?

– Nedbank has 7.3 million active clients. How is Nedbank identifying perceived reputational risk of 7.3m clients? Is it accessing all their information, or what raises a red flag to certain clients? Furthermore, according to the banking code in relation to Popia, how does Nedbank get around Popia to apply this methodology?

– How does Nedbank quantify the accuracy or verify public perception? Is public perception a reliable barometer of risk? Is it truthful, fair and transparent?

– Are other entities asking Nedbank to look at certain individuals banked by Nedbank? If so, what is the process and procedure of external players asking Nedbank to look at certain clients?

– Are you using artificial intelligence/tech algorithms on your client base to red flag potential reputational risk?

– Nedbank says it closed 200 clients’ accounts based on their reputational risk. What is Nedbank's score card for reputational risk?

Nedbank’s answer failed to disclose the modelling methods.

It said: “Nedbank is bound by client confidentiality and is unable to discuss clients with third parties. It bears noting, however, that decisions to terminate banking relationships with clients are neither arbitrary nor discriminatory and are taken extremely seriously as clients are the essence of Nedbank’s business.

“Such decisions are taken only after a rigorous assessment and internal independent governance process has been followed by Nedbank with reference to all the relevant information, facts and a comprehensive due diligence process,” it said.

Nedbank said it was governed by strict and robust internal policies as well as statutory/regulatory guidelines that inform and/or govern the day-to-day operations of the bank. This included a comprehensive risk management and compliance programme, which is aligned with international standards.

In terms of the Nedbank agreements with its clients, Nedbank said it might freeze, suspend, modify, restrict or terminate a client’s transactional accounts or service under the following circumstances:

– If the client terminates the agreement with Nedbank.

– If we are compelled to do so by law.

– If we have a reasonable suspicion that a service or account is being used for illegal, unlawful or fraudulent purposes.

– If a client’s conduct results in a breach of our regulatory obligations.

– For reputational risks or operational/business reasons.

– If the client no longer qualifies for the service according to our product specifications.

– If the client breaches its agreement with Nedbank.

“All our client relationships are subject to a myriad of laws, including the Financial Intelligence Centre Act 2001 and the Money Laundering And Financing Of Terrorism (Prevention) Act, 2011, as well as governance and regulatory reporting requirements, to which we strictly adhere,” it said.

Lehohla was also commenting after the Financial Sector Conduct Authority (FSCA) this month took banks to task for bank account closures over reputational risk.

FSCA commissioner Unathi Kamlana said some of the actions of the banks which have been particularly contentious in the area of Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) recently pertained to the closure of bank accounts for reputational risk reasons.

This was an issue that related directly to the principles of ethics, fairness and inclusion, he said.

“While we understand that banks possess the legal right under contract law to terminate client relationships, questions have been raised as to whether the prevailing common law position is fair to customers, particularly in a context where access to banking is a gateway to broader economic participation,” Kamlana said.

“Even for AML/CFT compliance purposes, the practice of wide-scale de-risking is considered an undesirable risk management approach,” he said.

Kamlana said: “Banks should not simply cite reputational risk; reasons must be concrete and consistently applied to prevent what might appear as arbitrary account closures. Customers must also have the right to appeal or seek redress to ensure the process remains just and equitable.

“The mechanism for appeal and redress should be straightforward and accessible, enabling affected parties to challenge decisions they believe are unfounded or have been applied unfairly.”

A banking expert, who declined to be named, said: “The issue of reputational risk has cropped up. I think it is an invention. I think it is murky and it has been abused, in my view, by banks. It looks like it has been politically motivated. If there is a metric, it must be public. The metric must not violate the common laws of the country that citizens, firms, households have the right to have a bank account.”

The source said the issue of reputational risk had a lot of challenges.

“KPMG, McKinsey, the banks and so on, have been caught up in fraudulent activities and reputational issues, which, therefore, should mean that their businesses ought to be suspended.

“I think what the government has not fully outlined is the conditions under which a bank account can be closed. This should have come from the Treasury, the Department of Trade and Industry, etc, to spell out the reasons and circumstances of bank closures. It is not up for a bank to decide. Banks are licensed by the state,” the expert said.

The expert said the metrics on reputational risk must be transparent as to how subjective or non-subjective it was.

“Banks have always been selective in their application as it suits their agenda. The primary issue is when a person crosses a line drawn by law that bank account ought to be suspended, pending the law itself saying yes or no, meaning the court system. It can’t be based on the whims of the bank based on subjective metrics they have drawn that may be inconsistent with the law,” the expert said.