According to the Financial Times, “Some of the world’s biggest banks have spent billions of dollars settling corruption allegations with justice authorities in recent years. HSBC paid nearly $2bn and BNP Paribas nearly $9bn to the US authorities over accusations of sanctions busting and facilitating money laundering.”
More recently, Britain’s Standard Chartered was fined $1.1 billion for violating money laundering laws and economic sanctions. Fines have yet to be announced for Denmark’s Danske Bank over money laundering at its Estonian branch, though they are expected to be substantial. And at Swedbank, CEO Birgitte Bonnesen was fired last month as details of money laundering at the Swedish bank emerged and Chairman Lars Idermark resigned.
As a consequence, many of the world’s biggest banks have severed ties with lenders in developing nations or withdrawn for correspondent banking relationships to limit the risk of being hit by massive fines — a sort of mindless de-risking that is damaging to smaller economies — and leading banks to miss legitimate and potentially lucrative banking opportunities.
Sigma was founded in 2016 by Stuart Jones, Jr., a former senior U.S. Treasury official, and Gabrielle Haddad, a lawyer with emerging markets expertise. They saw an information gap as well as a gap between perception and reality. The market was not differentiating between companies within countries and the credit ratings agencies were not measuring governance and compliance at all.
Based in New York, Sigma Ratings quantifies non-credit risk vulnerabilities such as weaknesses in governance and financial crime compliance in emerging and frontier markets. Sigma’s ratings —from AAA to C — serve as an indicator of sound risk management and signal of transparency (or the lack thereof).
Sigma produces two types of ratings – estimated and certified ratings. Estimated ratings are generated on countries and entities, using publicly available information. Certified ratings are generated when an entity “opts-in” private data to Sigma’s terminal allowing for a more comprehensive view.
Their timing looks good. Global regulators are increasingly focused on conduct risk. Fines have given banks a heightened recognition of the need to effectively manage counterparty compliance and regulatory risk. ESG investors are looking for deeper insight into governance, compliance and operational risk factors of publicly traded firms.
In 2018, Sigma closed a $2.4 million seed round led by FinTech Collective with participation by TechStars, Barclays, and several angel investors.
Q. Gabrielle, what are we talking about when we talk about non-credit risk? What specifically are you evaluating?
A. The term “non-credit risk” can encompass a lot of things, but at Sigma we’re looking specifically at financial crime and governance risk. We touch on cybersecurity risk but that is not our primary focus. To date, we’ve focused our ratings on financial institutions, but a lot of different types of financial institutions — banks, money services businesses, FinTechs, private equity firms, hedge funds. Financial crime and governance are the non-financial risks that are most critical to those types of firms and in their relationships. That’s why we focus on them.
Q. Are you producing ratings for developed markets in addition to emerging and frontier markets currently?
A. That’s an interesting question. Because when we started, we really wanted to focus on emerging and frontier markets because they’re the most opaque markets with the least amount of information available. But we are now moving into developed markets, as well.
Q. Which sources of data are you using? Do they vary as you move from developed to emerging to frontier markets?
A. The types of data we look at will vary based on whether we are doing what we call an estimated rating or a certified rating. We have a few different building blocks in our ratings process. We start with country risk ratings which are available as a standalone product or can feed into estimated entity risk ratings.
When we do an estimated entity risk rating, what we’re using in terms of data are things like annual reports, company web sites, and news. When we do a certified rating, we give the institution the opportunity to provide us with private data. When they do that, we are able to look more deeply at the risks present in the institution but also at what they are doing to mitigate that risk. We’ll look at policies and procedures, communications, including between the CEO and staff, and more.
In terms of how it varies from developed to emerging and frontier markets, one benefit that you have in developed markets is that regulation requires standardized reporting in public datasets like those in annual reports. It does become more challenging when you move into emerging markets.
For country ratings, we look at a number of different data sources including UN data, World Bank data, FATF data (that’s the Financial Action Task Force), and others. Then we layer on top of that what we call dynamic data sources that include things like news.
Q. How are you able to answers questions regarding who really owns or benefits from a particular entity? A lot of effort can go into obscuring these relationships.
A. On the estimated ratings side, we are relying on what we’re able to find in the public domain. That’s why we say you can only estimate the risk of doing business with a particular institution because it is challenging to figure that out.
There are a lot of other indicators beyond ownership, though, that we think are critical. So, while ownership is something that we look at, it isn’t the only factor. There are other things to look for.
When we do a certified rating, we obtain information directly from an institution. We’ll ask for an explanation of the ownership structure. It’s interesting because some of our global FI clients say to us that, in their own due diligence, they’ll ask for ultimate beneficial ownership information but not get it. We haven’t had the situation, yet, where institutions that request a certified rating refuse to give us the information required.
Q. They’re self-selecting at this point.
A. Of course. The institutions we’re working with today tend to be the most transparent. But global banks are now starting to ask their counterparties to get rated, as well. Assuming that we’re successful, these ratings will become more of a requirement for doing business. Then we’ll be helping weed out the ones who are trying to hide things. That’s our mission, to use the ratings as an incentive to make people more transparent. I think that’s one of the things that’s really unique and special about our rating process.
Q. In which countries are the risks of money laundering highest?
A. That’s a great question, and it depends on whom you talk to. We recently wrote something in our weekly newsletter about the fight that broke out between the United States and EU about the risk of Puerto Rico. There is a political angle to it that you need to be careful about.
We produce dynamic country risk ratings that are based on public datasets. We break down the risk into a number of different sub-categories. It would be rare that they change daily but it’s possible.
It’s tough to say where it’s highest. The most important thing you can do as you choose where to do business or try to stay on top of your risk exposure as it’s changing is to pay attention to factors that can cause those risks to increase or decrease which is exactly what we do with our approach.
That’s quite different than how it’s looked at today. Some financial institutions will put together a panel of people who sit down once a year to set risk ratings for countries and then they won’t change it for twelve months. But a lot can happen in a year. A lot can change in the geopolitical environment that increases risk exposure. Or there may be regulatory changes. That’s what we’re trying to solve for. How can you stay on top of that and be aware of the risks you are taking as they’re changing?
Q. Are autocratic countries or regions always associated with lower transparency and higher conduct risk?
A. It’s hard to answer. It depends on what you’re looking at. When it comes to transparency, for instance, if you go into our country risk tool to compare two countries, you’d be able to see that more data is available on one versus the other. A lack of information and a lack of transparency does create higher risk, but it’s difficult to make a blanket statement that a certain governmental structure is automatically going to lead to more transparency or less transparency. People tend to simplify when they think about risk, which is understandable because it’s complex.
That gets at why we started this company. People make decisions on where to do business and with whom based on very arbitrary reasons.
Q. Are family run entities more suspect, all other things being equal?
A. A concern with family-run businesses is centralized control. When you’re looking at a family-run business, you’re going to want to make sure there are controls in place around reporting lines, independent reviews, independent board members — things that from a basic governance perspective are important.
Q. Where is the delta between market perception of risk and reality the greatest?
A. One of the things we found interesting when we first started Sigma was that from a transparency perspective, the Middle East is much more open and transparent than Latin America, even though there’s a perception that the Middle East is really risky. That’s something that really stood out to us in our analysis. I would say that even some countries in Africa that are considered highest risk are more transparent than those in Latin America.
Q. The country ratings you issue are dynamic, and you mentioned they may update daily. What can possibly change that fast?
A. The news. If there’s a geopolitical event or an allegation against a major financial institution, or a critical person within a systemically important financial institution within a country, that could impact the risk rating for that country.
It’s rare that a country rating would change daily, but our models are updating daily.
A place where the rating was impacted by the news was Malta. A lot has happened in Malta over the last year. The European Central Bank revoked the license of Pilatus Bank in Malta after the chairman of the bank was arrested on charges of money laundering. Malta has also been very public about wanting to become a blockchain and crypto-currency hub. This type of news would likely impact the country rating, in almost real time.
Q. Will the biggest beneficiaries of Sigma Ratings be high-conduct entities operating in suspect jurisdictions (lower-rated parts of the world)?
A. Those are the institutions that see the greatest benefit in getting rated. We’ve done certified ratings in many of the higher-risk jurisdictions like Panama, the UAE, Latvia, and Malta — countries where there is a perception of high risk and where there have been recent issues.
But when we assess institutions there — yes, they’re in a high-risk jurisdiction, and yes, they have some high-risk business — but we’ve seen a number of instances where the institution we’re rating has very strong controls. Knowing where the institution operates, is not enough.
Q. I know it’s early, but can you quantify the saving an issuer or counterparty will realize from having a high rating vs. a low rating or none at all?
A. It isa little early, but there are multiple instances where an institution has gotten our rating, shared it with potential business partners and received positive responses and feedback.
FIMBank, which was the very first bank we rated back in 2017, was very public about having gotten this rating and stated that they think it enhanced their reputation as a business partner. They even included this in their annual report last year.
Q. The credit ratings industry received a lot of well-deserved criticism following the financial crisis because we learned that agencies had put their own financial interests ahead of the integrity of their ratings. Firms pay to have their securities rated, so financial incentives were misaligned. You’ve adopted that same approach to payment for ratings. Do you run the same risks?
A. That is the model that we have right now and I think it’s important to understand why we have that model. One reason is that it is the model the ratings market understands. If I go to a global bank, and they ask to see a rating on a counterparty, they don’t expect to pay for that rating. They expect the counterparty to pay.
Also, our ratings, even more than credit ratings, are a tool that you can used to enhance your reputation. There’s a branding element to it.
We do think about this a lot and take this issue seriously. We are very clear with our clients that we don’t negotiate ratings. We call things as we see them, and that can make clients unhappy if they thought their rating would be better. We are prepared for that reaction. Our clients do have the option to keep it private, if they want.
We’ve also put in place an independent rating committee that vets and approves all of our ratings. We won’t release a rating unless the rating committee has assessed and understands how we came to the rating.
Q. Who’s on the committee?
A. Without naming names, I can tell you that, for example, we have the former global head of enhanced due diligence at HSBC (someone who spent his entire career in financial crime compliance) and the former head of sanctions at ING Bank.
Q. Are you selling any services (say, consulting services) to the entities you rate?
A. No. Maintaining our independence is very important to us and to the credibility of our ratings, so we do not sell services.
Q. Which market for Sigma’s ratings do you think will ultimately be biggest—ESG investors or emerging and frontier market financial institutions themselves?
A. We have two sides, both producers and consumers of ratings.
If you had asked me that six months ago, I would have given a different answer, but we’re seeing the market move in a different way. We aren’t just focused on emerging markets anymore. Anyone looking to get a handle on their non-credit risk exposure is interested in consuming our ratings. That could be a global bank. That could be an asset manager. That could be an ESG investor. They’re looking at using not just the certified ratings for the purpose of understanding a single counterparty. All of the data, the analytics, and the monitoring we’re able to do using public data sources really allows them to get a better understanding of how their risk exposure is changing.
So depending on whom you’re talking to, they’re interested for different reasons. There’s a whole universe of different financial institutions that are interested in this, as well as large global corporations. It’s not limited to people who want to understand the financial crime exposure of their FI portfolio in an emerging market.
Q. When do you plan to begin rating non-financial corporations?
A. It will certainly happen this year.
Q. Tell me about your relationship with the traditional credit rating industry.
A. The traditional credit rating agencies are doing some interesting stuff in the non-credit space. For instance, Moody’s invested in Security Scorecard, which is a cyber rating firm. Fitch invested in an ESG company. There is certainly an interest in non-credit risk from the credit rating agencies. We have data that can support their ratings and they have data that can support ours. Together, we can create a more holistic view. I think that they see that it’s important to incorporate these things to the extent possible.
Q. Can you eliminate the need for banks to do due diligence?
A. Their due diligence requirements are regulatory. We are looking at areas where our ratings can be used for parts of the due diligence process. With credit ratings, you’ll still have an internal credit analyst or credit team and do your own assessments, but you’ll take a credit rating into account as part of your credit decision. It’s going to be a similar thing with our ratings. We don’t think our rating will eliminate the need for an institution to do its own assessment.
Q. What made you select FinTech Collective to lead your seed round?
A. There were a number of reasons why we ultimately went with FTC. A big part of how you choose your investors comes down to chemistry. We really liked Brooks and Gareth and their whole team. They understood our business and shared our vision for it. We talked to a lot of investors who just don’t really get this space, so they weren’t the right investors for us. But Brooks and Gareth really understood it.
Something else that was really important to us is that they are former operators. They built and sold companies themselves. That was something that we really wanted because we can come to them with an issue and they’ll can tell us how they addressed it at their own companies. It’s real, practical advice.
The last thing is that we’re a global business and they have connections that are important to us.
Q. What was your experience like participating in the Barclays Accelerator, powered by Techstars? Do you recommend it to other FinTech startups?
A. It’s going to depend on the startup and what they want to get out of the accelerator.
Q. A contract with Barclays?
A. I don’t think that should necessarily be the only reason to join the accelerator.
Being able to navigate a global bank is very, very, very tough for a startup. It is really hard. It is still really hard when you’re on the inside as part of the accelerator.
But we learned so much — we were able to build relationships, we were able to see applications of our ratings that we hadn’t thought of. I recommend it to people who are very clear about what they are trying to get out of the program. I don’t think it’s going to be right for everyone, but for us it was great.
Q. What was your experience like with FinTech Sandbox?
A. I love FinTech Sandbox and I love Jean (Jean Donnelly, FinTech Sandbox Executive Director). The team there is great. It was very good for us in terms of getting connected to a number of institutions.
One of the biggest benefits for us is that we got to see that a lot of the existing data providers didn’t have the exact data that we needed, so we learned that we had to go out and build the data ourselves. If you need the kind of data we were looking for on a financial institution in, say, Chad, it’s just not there.
Q. Are you hiring?
# # #