Internal Audit Expands Horizon

The Institute’s inaugural Bank Audit Conference (BAC), themed ‘Future of Internal Audit – Embracing Change, Staying Relevant’, was held from 6–7 March 2024 in Kuala Lumpur. The conference convened over 500 bankers, regulators and internal audit experts from local and international financial institutions.

Co-organised with the Institute’s Chief Internal Auditors Networking Group, the BAC featured a pre-conference workshop on cybersecurity integration into the internal audit framework, plenaries on megatrends shaping the audit and risk management landscape, and networking sessions with industry experts.

Delivering the keynote address, Datuk Wan Suraya Wan Mohd Radzi, Auditor-General of Malaysia, emphasised the need for internal audit teams to stay ahead of the curve as “technology will be at the forefront of internal audit”.

“Artificial intelligence, machine learning, and data analytics will revolutionise the way audits are conducted. By harnessing the power of technology, internal auditors will be able to identify emerging risks in real-time and proactively mitigate them.”

The Institute’s Chairman, Tan Sri Azman Hashim, FCB, followed the Auditor-General’s message with a call for auditors to deftly navigate the ethical challenges posed by technologies such as artificial intelligence.

“In times of change, internal auditors continue to play a critical role in ensuring ‘checks and balances’ for sound corporate governance within banking institutions. The internal auditor of the future must be able to adapt to the sustainable and digital transformation landscape and be prepared to lead in a tech-centric audit landscape,” he said in his welcoming address. “Therefore, the continuous professional development of our members is of paramount importance to us.”

Over 1,700 internal bank auditors have been professionally certified since the Institute’s audit certification was first introduced in 1998.

Private Infra Investments Take a Cleaner Path

The World Bank posts a record according to its 2023 Private Participation in Infrastructure report. The renewable energy sector led the way, with a tripling of investments particularly in the Middle East and North Africa region, and East Asia and Pacific region. In a nutshell, the World Bank saw:

  • USD4.3 billion received in investment commitments, equivalent to an 18% increase in funds year-on-year.
  • Delivery in a record 53 global projects, most of which are in the world’s poorest countries.
  • In line with climate change targets,
  • 97% of electricity generation projects were renewable in 2023, compared to 93% in the previous five-year period.
  • Solar photovoltaic technology accounts for 41% of all power generation capacity in low- and middle-income countries, followed by wind technology (29%), and hydropower (17%).

Hot-house Finance

Bank Negara Malaysia’s (BNM) methodology paper on Climate Risk Stress Testing (CRST), issued on 29 February 2024, sets out its expectations for financial institutions. The paper outlines the refinements – qualitative and quantitative – which banks should be making to their existing risk management strategies and new stress testing approaches that should be explored as they incorporate climate-related risks into their assessments.

The document facilitates financial institutions’ learning and capacity building as they carry out the industry-wide CRST exercise this year in order to gain vital hands-on experience in measuring the impact of climate-related risks on their assets, insurance / takaful liabilities and business operations through the 2024 CRST exercise.

The central bank notes: “Although current risk measurement approaches may not yet be sufficiently comprehensive and accurate to produce robust estimates of climate-related risks impact, the 2024 CRST exercise will provide financial institutions an opportunity to refine their existing risk management strategy and explore new stress testing approaches that are relevant for assessing climate-related risks.”

As one of the cornerstones of sustainable finance, the 2024 CRST exercise aims to enhance financial institutions’ capabilities in the following areas

  • Improve the understanding and appreciation amongst board, senior management, and staff of financial institutions on how the business and operations of financial institutions could be impacted by climate-related risks
  • Explore novel approaches that could lead to better identification and measurement of financial institutions’ exposures at risk to climate change
  • Identify current gaps, specifically those related to data, measurement, methodology, technology, and capabilities, as well as potential solutions to these challenges.

The 2024 CRST models the impact of physical and transition risks arising from three long-term adverse climate scenarios:

  • Orderly – net zero 2050: An orderly transition to a low-carbon world, limiting global warming to 1.4°C in 2050.
  • Disorderly – divergent net zero 2050: Detect financial institutions’ vulnerabilities to a disorderly transition in the climate-policy pathway, while limiting global warming to 1.4°C by 2050.
  • Hot House World: Assess the vulnerability of current business models to inadequate climate policies, leading to an increase in global temperature of 2.6°C by 2050.

Although the CRST will not currently lead to additional capital requirements, this does not rule out the possibility that corporations which fail to demonstrate adequate resilience measures to counter climate risk may be subject to increased prudential measures in future.

Tips in Our Favour

Source: McKinsey & Co, Capturing the Full Value of Generative AI in Banking, Dec 2023.

The McKinsey Global Institute estimates that banking is expected to have one of the largest opportunities when it comes to generative artificial intelligence with an annual potential between USD200 billion and USD340 billion (9%–15% of operating profit) on the back of increased productivity. The greatest gains are the corporate and retail banking sectors, whose potential upside are pegged at USD56 billion and USD54 billion, respectively.

AMLA Gets More Bite

On 19 March this year, the European Parliament passed the EU’s Anti-Money-Laundering package, a historic set of measures to combat money laundering and terrorism financing at the Union level. First introduced in July 2021, the legislative package was part of a 2020 action plan for an integrated system that would empower both the Union authority and national jurisdictions as well as support EU financial intelligence units with a formal cooperation mechanism.

The two main elements of the EU AML package are:

A Single AML rulebook

Harmonising AML regulations is no mean feat. The newly approved ‘Single Rulebook’ Regulation will tighten the noose on financial crime as it closes the loopholes currently exploited by criminals throughout global finance.

An EU Anti-Money-Laundering Authority

Working as a decentralised agency with its seat held in Frankfurt, the EU AMLA will act as both a regulator and a supervisor. The body is entrusted with direct supervision over what it terms ‘selected obliged entities’, i.e. certain high-risk credit and financial institutions (including high-risk cryptoasset service providers) and operates in at least six member states. For ‘non-selected obliged entities’, AML/CFT supervision will remain at the national level overseen by national supervisors.

Sentiments have proven positive since consensus was reached for this historic legislation.

In her keynote address at the European Anti-Financial Crime Summit 2024, Derville Rowland, Deputy Governor at the Central Bank of Ireland said in Dublin: “The creation of AMLA is a significant step in the right direction to confront the challenges we face, today and tomorrow.”

“Most people do not think about designing regulation and supervisory architecture. Why would they?  It is only something that catches people’s attention when something goes wrong, either a micro issue involving a firm or a group of people, or a macro issue where the system no longer functions the way it should.

“We now have an opportunity to get the design right for AMLA so that it is set up in a way that when a shock or risk crystallises that it stands up to scrutiny. In recent years, there has been no shortage of risks and shocks in financial crime meaning getting the set-up of AMLA right is even more pronounced.

“AMLA will need to build in a way that allows it to be looking at the risks today but also be forward-looking and agile. This will allow it to pivot in its approach and focus when necessary to keep pace with change. Again, what aids this is not relying too heavily on prescription or process-driven approaches but more on flexible approaches that allow one to follow the risks, wherever they might lead.”