UNIVERSITY OF GHANA ANTI-MONEY LAUNDERING AND ENTERPRISE RISK MANAGEMENT BY JONATHAN NII OKAI WELBECK (10259262) THIS THESIS IS SUBMITTED TO UNIVERSITY OF GHANA, LEGON IN PARTIAL FULFILMENT OF THE REQUIREMENT FOR THE AWARD OF PHD FINANCE DEGREE MARCH, 2015 University of Ghana http://ugspace.ug.edu.gh i DECLARATION I, Jonathan Nii Okai Welbeck, declare that this work is the result of my own research and has not been presented by anyone for any academic award in this or any other university. All references used in the work have been fully acknowledged. ………………………………………........... …………………………… JONATHAN NII OKAI WELBECK DATE (10259262) University of Ghana http://ugspace.ug.edu.gh ii CERTIFICATION This is to certify that this thesis is the result of research undertaken by Jonathan Nii Okai Welbeck, towards the award of the Doctor of Philosophy in Finance Degree in the Department of Finance, University of Ghana, under the supervision of Dr. Godfred A. Bokpin, Dr. Albert Gemegah and Dr. Simon K. Harvey, all of the University of Ghana Business School, Ghana. In places where references of other works have been cited, full acknowledgement has been given. No part of this thesis has either been presented in whole or in part to any institution for any award. ………………………………….. ……………………. DR. GODFRED A. BOKPIN DATE (PRINCIPAL SUPERVISOR) …………………………………….. …………………….. DR. ALBERT GEMEGAH DATE (CO-SUPERVISOR) ……………………………………. …………………….. DR. SIMON K. HARVEY DATE (CO-SUPERVISOR) University of Ghana http://ugspace.ug.edu.gh iii DEDICATION This thesis is dedicated to my beloved wife, Edem Emerald Welbeck (Mrs.), my three (3) boys: Jefferson Reuben Nii Adama Welbeck; Jonathan Nii Ayitey-Adjin Welbeck; and Sedem Nii Ayisam Welbeck, and also to my parents – Mrs Victoria Nueki Welbeck and Edward Niifio Welbeck (deceased). University of Ghana http://ugspace.ug.edu.gh iv ACKNOWLEDGEMENTS I have been able to complete this thesis with the support and active co-operation of concerned bodies and authorities as well as several persons; I am really indebted to them. My God saw me through this journey and I would forever be grateful. I would like to express deep feelings of gratitude to my Head of Department (HOD), Department of Finance, University of Ghana Business School, Dr. Godfred A. Bokpin and Prof. A.Q.Q. Aboagye, Department of Finance, University of Ghana Business School, for their invaluable guidance at different stages of this thesis. I am intensely indebted to my thesis supervisors, Dr. Godfred A. Bokpin, Dr. Albert Gemegah and Dr. Simon K. Harvey, all of the Department of Finance, University of Ghana Business School, for their very useful guidance and counseling in overcoming various bottlenecks during the study and also for their commitment. My gratitude also goes to Prof. Joshua Abor, Dean, University of Ghana Business School, Prof. Charles Adjasi, University of Stellenbosch Business School, Stellenbosch University and Prof. Isaac Kwame Dontwi, Dean, Institute of Distance Learning, Kwame Nkrumah University of Science and Technology, Kumasi for their extraordinary support and encouragement to the whole process of this thesis. I am truly blessed to benefit from their invaluable contextual insights. I am equally grateful to Mr. Millison Narh, Deputy Governor, Bank of Ghana, Mr. Nicholas Okoe Sai, former Head Banking Supervision Department, Bank of Ghana and Mr. Madoc Quaye, Director, Bank of Ghana Training Center for their support. I am highly indebted to Mr. Essel Thompson, Chief Executive Officer, Financial Intelligence Centre (FIC) for his wonderful interpretation of the AML/CFT laws to me. University of Ghana http://ugspace.ug.edu.gh v I would similarly like to thank Ms. Kristel Grace Poh, Senior Financial Sector Expert, Financial Integrity Group, Legal Department, International Monetary Fund and Mrs. Rebecca Obare, Resident Advisor, Africa, International Monetary Fund, for their continuous interest in the outcome of this thesis. Furthermore, I also wish to express my profound gratitude to Mr. Jose Lewis, Association of Certified Anti-Money Laundering Specialists (ACAMS), Miami, USA for his AML/CFT brochures and Mrs. Milimo Moyo, Office of Technical Assistance (OTA), United States Department of Treasury for her invaluable material support. Again, I would take this opportunity to thank Prof. Kwame Adom Frimpong, Managing Director, Main Stream Re-insurance and Mrs. Frances Van-Hein Sackey, Deputy Head, AML/CFT Unit, Bank of Ghana whose significant contributions were evident in this thesis; they lifted my spirit when it was most needed. My sincere appreciation also goes to Mrs. Cecilia Adewale, and as well as my family for their immense contributions and support. Finally, my heartiest thanks go to my sweet wife, Mrs. Edem Emerald Welbeck, my lovely sons, Nii Adama Welbeck, Nii Ayitey-Adjin Welbeck, and Nii Ayisam Welbeck, whose proximity, love and affection provided me joy and relaxation. A special mention to Jefferson Reuben Nii Adama Welbeck who played a leadership role for his siblings within the period that I was writing this thesis, I am so grateful Jefferson. University of Ghana http://ugspace.ug.edu.gh vi ABSTRACT This thesis investigates the link between Anti-Money Laundering (AML) and Enterprise Risk Management (ERM) as well as firm performance and ERM in the Ghanaian banking industry. The study attempts to construct two barometers; AML and ERM barometers using PCA methodology to gauge levels of compliance and adoption. The global financial system continues to be plagued with uncertainties that need effective dynamic operational risk management programmes in order to ensure financial institutions stay in business. Though risk management in banks has improved over the years with the adoption of enterprise risk management (ERM) and anti-money laundering compliance frameworks, the association between the two has not been tested. This study therefore adopts a positivist management research philosophy, a deductive and quantitative approach to establish the relationship between AML and ERM within the Ghanaian banking space. Also, the drivers of AML and ERM in Ghanaian banking sector are also investigated. Results indicate that, the eight COSO ERM input variables are statistically significant and could drive ERM in Ghanaian banks. Also, money laundering risk assessment, records management, compliance programme and corporate governance significantly predict AML in Ghanaian banks. In addition, AML influences banks adoption of ERM. Surprisingly, there was no statistically significant relationship between firm performance and ERM. The study concludes that as banks devote resources to AML compliance, the ERM improves. The study recommends that banks invest in their AML systems in order to improve their ERM. Furthermore, the study provides policy support to the global AML standard setters/regulators. University of Ghana http://ugspace.ug.edu.gh vii TABLE OF CONTENTS CONTENT PAGE DECLARATION ................................................................................................................... i CERTIFICATION ................................................................................................................ ii DEDICATION .................................................................................................................... iii ACKNOWLEDGEMENTS ................................................................................................. iv ABSTRACT ......................................................................................................................... vi TABLE OF CONTENTS .................................................................................................... vii LIST OF TABLES .............................................................................................................. xii LIST OF FIGURES ........................................................................................................... xiv LIST OF EQUATIONS ...................................................................................................... xv LIST OF ACRONYMS AND ABBREVIATIONS ........................................................... xvi CHAPTER ONE – INTRODUCTION ............................................................................. 1 1.0 Overview of the thesis ..................................................................................................... 1 1.1 Background of the Study ................................................................................................. 5 1.2 Problem Statement ........................................................................................................ 10 1.2.1 The Cost Implications of adopting AML and ERM frameworks ........................................... 11 1.2.2 Implications for wider range of risks and emerging risks ..................................................... 12 1.2.3 Implications of AML and ERM indices for prudent corporate governance ..................... 13 1.2.4 Implications of adopting AML and firm performance on ERM ............................................. 13 1.2.5 Implications for developing an AML Index ................................................................................... 15 1.3 Research Objectives ...................................................................................................... 17 1.5 Research Hypotheses .................................................................................................... 17 1.6 Motivation for the Study ............................................................................................... 17 University of Ghana http://ugspace.ug.edu.gh viii 1.8 Scope of the Study ........................................................................................................ 21 1.9 Study Limitations .......................................................................................................... 22 1.10 Organisation of the study ............................................................................................ 22 CHAPTER TWO – LITERATURE REVIEW .............................................................. 24 2.0 Introduction ................................................................................................................... 24 2.1 Goal of this chapter ....................................................................................................... 24 2.2 Layout of this chapter.................................................................................................... 25 2.3 Theoretical background ................................................................................................. 25 2.4 Evolution of Enterprise Risk Management ................................................................... 28 2.4.1 The COSO ERM framework ...................................................................................... 29 2.4.1.1 Overview of COSO ERM components .......................................................................................... 32 2.5 Drivers of ERM ............................................................................................................. 43 2.5.1 Firm size ...................................................................................................................................................... 46 2.5.2 Firm industry ............................................................................................................................................ 46 2.5.3 Financial leverage ................................................................................................................................... 47 2.5.4 Earnings volatility ................................................................................................................................... 48 2.5.5 Stock price volatility............................................................................................................................... 48 2.5.6 Institutional ownership ........................................................................................................................ 49 2.5.7 Corporate governance ........................................................................................................................... 50 2.5.8 Firm complexity ....................................................................................................................................... 50 2.5.9 Presence of Chief Risk Officer (CRO) ............................................................................................... 52 2.5.10 Auditor type (Big four) ....................................................................................................................... 53 2.5.11 Management commitment ................................................................................................................ 53 2.6 ERM Effectiveness measures ........................................................................................ 54 2.7 General theoretical foundations of firm performance ................................................... 71 University of Ghana http://ugspace.ug.edu.gh ix 2.8 Definitions of money laundering .................................................................................. 84 2.8.1 Stages of money laundering ................................................................................................................ 86 2.8.2 Empirical review on money laundering (ML) ............................................................................. 87 2.9 Drivers of AML............................................................................................................. 92 2.10 Overview of Ghana’s AML/CFT & P environment ................................................. 108 2.11 Construction of Composite Indices (CIs) .................................................................. 114 2.12 The Structure of Ghana’s Financial and Banking Systems ....................................... 118 CHAPTER THREE – RESEARCH METHODOLOGY ............................................ 121 3.0 Introduction ................................................................................................................. 121 3.1 Construction on AML and ERM Indices Using PCA ................................................. 121 3.1.1 The ERM adoption components ...................................................................................................... 123 3.1.2 Anti-money laundering components ............................................................................................ 126 3.2 Percentile categorisation and interpretation of PCA scores ........................................ 129 3.3 The Basic model for AML, Firm performance, and ERM Nexus .............................. 130 3.4 Description of selected drivers of ERM ...................................................................... 135 i. Auditor type ......................................................................................................................................... 135 ii. Firm size ................................................................................................................................................ 136 iii. Chief Risk Officer (CRO) ............................................................................................................. 136 iv. Capital Adequacy Ratio (CAR) ...................................................................................................... 137 v. Firm performance (bank profitability) ..................................................................................... 137 vi. Risk Culture .......................................................................................................................................... 138 vii. Anti-Money Laundering index ................................................................................................. 138 3.5 The Study Research Design ........................................................................................ 139 University of Ghana http://ugspace.ug.edu.gh x CHAPTER FOUR ........................................................................................................... 140 EMPIRICAL RESULTS AND DISCUSSIONS ........................................................... 140 4.0 Introduction ................................................................................................................. 140 4.2 The AML drivers......................................................................................................... 141 1. Money laundering risk assessment (MLRA) ................................................................................ 141 2. Records Management (RMGT) ......................................................................................................... 143 3. Compliance Programme (CPROG) ................................................................................................... 145 4. Corporate governance (CGOV) .......................................................................................................... 147 4.3 The AML index ........................................................................................................... 149 4.4 The ERM components ................................................................................................ 151 1. Internal environment ............................................................................................................................ 151 2. Objective setting ...................................................................................................................................... 153 3. Event identification ................................................................................................................................ 155 4. Risk assessment ....................................................................................................................................... 157 5. Risk response ........................................................................................................................................... 159 6. Control activities ..................................................................................................................................... 161 7. Information and Communication ..................................................................................................... 163 8. Monitoring and evaluation .................................................................................................................. 164 9. Organisational culture .......................................................................................................................... 166 10 The ERM index ....................................................................................................................................... 167 4.5 Descriptive statistics.................................................................................................... 172 4.6 Association between AML and ERM ......................................................................... 174 4.7 Regression Results ...................................................................................................... 176 4.6.1 Firm performance (ROA) ................................................................................................................... 177 4.6.2 Anti-money laundering compliance index .................................................................................. 177 4.6.3 Firm size .................................................................................................................................................... 178 University of Ghana http://ugspace.ug.edu.gh xi 4.6.4 Auditor type ............................................................................................................................................. 179 4.6.5 Capital Adequacy Ratio ....................................................................................................................... 179 4.6.6 Risk Culture ............................................................................................................................................. 180 CHAPTER FIVE ............................................................................................................. 181 SUMMARY OF FINDINGS, CONCLUSIONS, CONTRIBUTIONS AND RECOMMENDATIONS ................................................................................................ 181 5.0 Introduction ................................................................................................................. 181 5.1 Summary of Findings .................................................................................................. 181 5.2 Conclusions ................................................................................................................. 183 5.1 Contributions to knowledge ........................................................................................ 184 5.3 Recommendations ....................................................................................................... 185 5.4 Areas of Further Research ........................................................................................... 186 BIBLIOGRAPHY ............................................................................................................. 187 Appendix A: Questionnaire on Enterprise Risk Management and Anti-Money Laundering in the Ghanaian banking sector ......................................................................................... 212 Appendix B: Rescaled scores: ERM Adoption and AML compliance ............................. 224 University of Ghana http://ugspace.ug.edu.gh xii LIST OF TABLES Table 1: Ghana AML/CFT compliance environment ........................................................ 110 Table 2: The ERM Adoption index variables .................................................................... 125 Table 3: AML index variables ........................................................................................... 128 Table 4: Scores interpretation ............................................................................................ 130 Table 5: Selected Drivers of ERM Adoption ..................................................................... 134 Table 6: Risk matrix of ML/TF vulnerabilities .................................................................. 140 Table 7: Results: Money Laundering Risk Assessment ..................................................... 142 Table 8: Results: Records Management Component ......................................................... 144 Table 9: Results: Compliance Programme ......................................................................... 146 Table 10: Results: Corporate Governance ......................................................................... 148 Table 11: Results: AML Index ........................................................................................... 150 Table 12: Results: Internal Environment ........................................................................... 152 Table 13: Results: Objective Settings Component............................................................. 154 Table 14: Results: Event Identification Component .......................................................... 156 Table 15: Results: Risk Assessment .................................................................................. 158 Table 16: Results: Risk Response Component .................................................................. 159 Table 17: Results: Control Activities ................................................................................. 162 Table 18: Results: Information & Communication Component ........................................ 163 University of Ghana http://ugspace.ug.edu.gh xiii Table 19: Results: Monitoring and evaluation ................................................................... 165 Table 20: Results: Organisational Culture ......................................................................... 166 Table 21: Results: ERM Index ........................................................................................... 169 Table 22: Summary statistics: AML Compliance and ERM Adoption ............................. 172 Table 23: Percentile distribution of scores ......................................................................... 172 Table 24: AML compliance and ERM adoption ................................................................ 174 Table 25: Top ten performers ............................................................................................. 175 Table 26: Multivariate results ............................................................................................ 176 University of Ghana http://ugspace.ug.edu.gh xiv LIST OF FIGURES Figure 1: COSO Framework (2004) .................................................................................... 30 Figure 2: Enterprise Risk Management (ERM) Adoption index variables (modified COSO ERM framework) ............................................................................................ 124 Figure 3:Anti-Money Laundering Index Variables........................................................... 127 University of Ghana http://ugspace.ug.edu.gh xv LIST OF EQUATIONS Equation 1: ERMi = b0 +b1AMLi +b2ROAi +BX +ei……………………………. 141 Equation 2: y = xb+ m ……………………………………………………………... 142 Equation 3: yi = ¢xib + ei …………………………………………………………… 142 University of Ghana http://ugspace.ug.edu.gh xvi LIST OF ACRONYMS AND ABBREVIATIONS ACAMS - Association of Certified Anti-money Laundering Specialists (CAMS) AG’s - Attorney Generals Department AIs - Accountable Institutions AML/CFT - Anti-Money Laundering/ Combating of the Financing of Terrorism BBG - Barclays Bank Ghana Limited BNI - Bureau of National Investigation BoG - Bank of Ghana BSC - Balance Score Card CDD - Customer Due Diligence CFA - Confirmatory Factor Analysis CIB - Chartered Institute of Bankers COSO - Committee of Sponsoring Organisations of the Treadway Commission CRO - Chief Risk Officer DIC - Direct Intellectual Capital methods DNFBPs - Designated Non-Financial Businesses and Professions EDD - Enhanced Due Diligence EIU - Economic Intelligence Unit EOCO - Economic and Organised Crime Office ERM - Enterprise Risk Management University of Ghana http://ugspace.ug.edu.gh xvii EVA - Economic Value Added FATF - Financial Action Task Force FEAR - Frontier Efficiency Analysis within R FIC - Financial Intelligence Centre FINSSP - Financial Sector Strategic Plan FSRBs - FATF- style regional bodies FATF G7 - Group of Seven Highly Industrialised Nations GAF - Ghana Armed Forces GBA - Ghana Bar Association GCB - Ghana Commercial Bank GDP - Gross Domestic Product GFI - Global Financial Integrity GhIPSS - Ghana Interbank Payment and Settlement System GIABA - Intergovernmental Action Group Against Money Laundering in West Africa GIS - Ghana Immigration Service GPS - Ghana Police Service GRA - Ghana Revenue Authority GREDA - Ghana Real Estate Developers Association GSS - Ghana Statistical Service ICA - Institute of Chartered Accountants University of Ghana http://ugspace.ug.edu.gh xviii IEV - Implied Equity Volatility IFAC - International Federation of Accountants IMF - International Monetary Fund IOSCO - International Organisation of Securities Commissions KPMG - Klynveld Peat Marwick Goerdeler (accounting firm) KRD - Key Risk Drivers KRIs - Key Risk Indicators KYC - Know Your Customer L.I. - Legislative Instrument LEA’s - Law Enforcement Agencies MCM - Market Capitalisation Methods ML - Money Laundering MoF - Ministry of Finance MOU - Memorandum of Understanding NACOB - Narcotics Control Board NGOs - Non-Governmental Organisations NIC - National Insurance Commission NPRA - National Pensions Regulatory Authority NSCS - National Security Council Secretariat OFISD - Other Financial Institutions Supervision Department PEPs - Politically Exposed Persons PESTEL - Political, Economic, Socio-Cultural, Technology, Ecology and Legal University of Ghana http://ugspace.ug.edu.gh xix PMMC - Precious Minerals Marketing Company PwC - PricewaterhouseCoopers RCBs - Rural Community Banks ROA - Return on Asset ROE - Return on Equity RV - Realised Volatility SCB - Standard Chartered Bank SEC - Securities and Exchange Commission SEM - Structural Equation Modeling SRB - Self-Regulatory Bodies SSB - Social Security Bank STR - Suspicious transactions reporting SWOT - Strengths, Weaknesses, Opportunities and Threats TF - Terrorists Financing TQM - Total Quality Management TRM - Traditional Risk Management TSE - Toronto Stock Exchange UNODC - United Nations Office on Drugs and Crime VBRM - Value-based ERM VCTA - Venture Capital Trust Authority University of Ghana http://ugspace.ug.edu.gh 1 CHAPTER ONE – INTRODUCTION This is the introductory chapter of the entire work which creates a general context for the study. The goal of this chapter is to provide a comprehensive background to the study on the need for financial institutions to adopt enterprise risk management and implement anti- money laundering practices, especially in the Ghanaian banking sector. Additionally, the chapter brings to the fore the research problem, the research objectives, research questions, hypotheses, the motivation for the study, the scope and limitation of the study, as well as the overall structure or the organization of the study. 1.0 Overview of the thesis Money Laundering (ML) has become a topical issue and a global concern. AML measures are expected to minimize the ML risk affecting the global financial system and countries. COSO (2004) posits that with the adoption of ERM, firms effectively and efficiently manage both traditional risks and emerging risks such as credit, interest rate, market risk, money laundering, terrorist financing and cross border risks. Banks play unique role in economic development through the financial intermediation activities. According to FINSSP (2012) report, financial performance of Ghana’s banking sector has quadrupled in the last two decades. Gordon et al., (2009) argue that performing firms are likely to adopt ERM. This thesis investigates the link between AML and ERM as well as firm performance and ERM in the Ghanaian banking industry. The study constructs two barometers; AML barometer and ERM barometer using principal component analysis (PCA) methodology to gauge the level of AML compliance and ERM among banks in Ghana. The social and economic consequences of money laundering (ML) have been espoused in literature (FATF, 2012, IMF, 2010). Financial institutions have been called upon to be “gate-keepers” to ensure that the economic and financial systems do not University of Ghana http://ugspace.ug.edu.gh 2 collapse as results of money laundering activities. The cost of money laundering is estimated between USD 500m to USD 1.5 billion annually (IMF, 2012). In spite of the absence of a robust metric to give early warning signals, a lot of effort has been made financially and non-financially to ensure that there is global financial soundness and stability. Financial and insurance activities contributed about 5.2% of gross domestic product (GDP). Banking sector assets have tripled over the last two decades (FINSSP, 2012). Welbeck (2008) posits that the Ghana’s banking sector has become very competitive (HHI=0.015). As at 31st December, 2013,the Bank of Ghana regulates and supervises 26 universal banks,53 NBFIs, 333 forex bureau, 216 microfinance institutions,5 inward remittance Ghana’s financial sector reforms and banking sector liberalization have witnessed the influx of foreign banks including Nigerian banks. To date out of the 26 banks, foreign banks are 14. Though, there is no empirical evidence to establish terrorist financing through laundered funds in Ghana (Adu-Amankwa, 2015), the preconditions for money laundering, terrorism and terrorist financing are ripe in Ghana. These include but are not limited to: high volumes of cash-based transactions (approximately GH₵1.13trillion), pervasive corruption, wide spread poverty, high rate of unemployment, internet frauds, thriving shadow financial system, organized prostitution, booming real estate business and electronic payment systems such as mobile money. Welbeck (2013) argues that ML/TF risk assessment is key to an implementable AML/CFT compliance framework. He further argues that without assessing the ML/TF risks in business operations, banks compliance programmes may not achieve the intended goals or objectives. Ghana is a becoming interesting case to study with respect ML due to its unique role in the West Africa sub region and its blacklisting by FATF in 2012. In addition, recent developments in the banking sector reveals emergence of money laundering risks (Annor, University of Ghana http://ugspace.ug.edu.gh 3 2014). To ensure Ghana is not a safe haven for money launderers, Ghana has established the Law Enforcement Coordinating Bureau under Section 4(2) of the Executive Instrument 2012 (E.I.8), AML Act 2008 Sections 5(b), 28(2), 35 and 49 of Act 749 and is made up of BoG, SEC, NIC, GPS, GIS, NSCS, BNI, EOCO, FIC, GAF, GRA, AG’s Department., NACOB, Ghana Maritime Authority, Ghana Airports Company Limited and Ministry of Foreign Affairs and Regional Integration, It has also criminalized money laundering (punishment for ML offence is 10years) under. S.2 of AML Act, 2008 (Act 749), passed the AML (Amendment) Act 2014, (Act 874), AML Regulations, 2011 (L.I. 1987), Criminal Offences (Amendment) Act, 2012 (Act 849), Immigration (Amendment) Act, 2012 (Act 848); Economic and Organised Crime Office Act, 2010 (Act 804), Economic and Organised Crime Office (Operations) Regulations, 2012 (L.I. 2183), Anti-Terrorism Act, 2008 (Act762), Anti-Terrorism (Amendment) Act, 2012 (Act 842), The Anti- Terrorism Regulations, 2012 (L.I. 2181); BoG/FIC AML/CFT Guidelines (2011); SEC/FIC AML/CFT Guidelines (2011) and NIC/FIC AML/CFT Guidelines (2011). In spite of all these initiatives, the absence of a robust metric to gauge the level of AML compliance and ERM makes it difficult to justify the investments made so far. This study therefore attempts to develop an AML index to help measure the AML compliance level of Ghanaian banks and also appreciate the efforts made by the Financial Intelligence Centre, the Bank of Ghana and other international bodies. The main theoretical framework for this study is risk management. Risk management has evolved from “silo” risk management (RM) to “firm-wide” RM. Mixed results have been found in literature on the relationship between firm performance and ERM (Gordon et al., 2009; Pagach & Warr, 2008 & Liu et al., 2010). Purge (2008) argues that ERM University of Ghana http://ugspace.ug.edu.gh 4 implementation increases the cost of operation, thus reducing profits of firms. Razali et al., (2011) measured ERM by firms using the presence of a chief risk officer (CRO), where the presence of a CRO indicates adoption and non-presence, otherwise. Mcshane et al., (2011), using Standard and Poor’s (S&P’s) ERM index argues that ERM adoption positively influences firm performance. Gordon et al., (2009), based on the COSO ERM Framework (2004), developed an ERM adoption index based on the COSO output variables (strategic, operations, reporting and compliance) and concluded that the positive link between ERM and firm performance is dependent on contingencies. Several authors including (Golshan & Abdul-Rasid, 2012; Gordon et al., 2009; Beasley et al., 2005) identified a number of drivers for ERM adoption which include; firm size, firm complexity, chief risk officer (CRO), auditor type (Big four). Several studies abound in literature on the economic consequences of ML (Mackrell, 1997; McDowell, 2001 & Tanzi, 1997). Yepes (2011) argues that domestic compliance of AML standards is a key determinant of susceptibility of the financial sector to the risks posed by money laundering and terrorist financing activities. However, studies considering the link between AML and ERM are scarce in literature to the best of the author knowledge and this is the study’s contribution to knowledge. In order to meet the objectives outline earlier, an epistemological (positivist) research philosophy with a deductive research approach was adopted. This study applied quantitative research strategy to formulate hypotheses to test the empirical linkage between AML and ERM in the Ghanaian banking sector. Furthermore, a 2-stage approach was used to construct the ERM and AML indices. The first principal components were selected to represent the indices because they represent contribute to a larger proportion of the variability in the AML and ERM datasets University of Ghana http://ugspace.ug.edu.gh 5 PCA results show the eight (8) COSO ERM framework components (Internal environment, Objective setting, Event identification, Risk assessment, Risk response, Control activities, Information and Communication and Monitoring and evaluation) are statistically significant (p-values-0.0000). Also, money laundering risk assessment, records management, compliance programme and corporate governance with p-values of0.0000) are found to be predictors of AML in Ghana banking industry. Bank with good AML compliance systems have adopted ERM. Chi-square results show an association between AML and ERM. Furthermore, regression analysis shows that AML Compliance is a significant predictor of ERM at 1%. Risk culture is also a significant predictor of ERM at 5%. Prior studies (Gordon et al., 2009) show that profitability predicts ERM adoption; however this study reveals statistically insignificant relationship. Also, size of a bank influences the adoption of ERM at 10%. The major contribution to literature and industry is the development of continuous AML and ERM barometers. Also, the study established an association between AML and ERM. From the positive association between AML and ERM, banks should be encouraged to invest in their AML systems. The study also provides policy support to the global AML standard setters/regulators. However, this study did not explore the causality between AML and firm performance. 1.1 Background of the Study The global financial system has been plagued with varied risks and uncertainties, thus calling for an introduction of proactive measures to ensure global financial stability (White, 2009; Taylor, 2007; IMF, 2001; FATF, 2010). Financial crises have not only occurred in advanced economies, but have also been a feature of the recent economic scene in developing economies (World Bank, 2007; Mishkin, 1996). The prevalence of both traditional and emerging risks like money laundering (ML) and terrorists financing University of Ghana http://ugspace.ug.edu.gh 6 (TF) have forced academics, regulators and policy makers to rethink contours of the current financial system (Kroszner & Melick, 2009). Thus, developing economies have called for the maximum regulatory overhaul at both national and regional levels to mitigate the effect of varied risks on their economies, financial systems and ultimately, the citizenry (Acharrya et al., 2009; Rojas-Suarez & Weisbrod, 1994; Stiglitz & Diamond, 1984.). The holistic management of both traditional and emerging risks has been seen as a stronger way of managing risks at the corporate and national levels of an economy (COSO, 2004; ISO 31000, 2009). Financial institutions of which banks constitute about eighty (80) percent in Sub-Saharan Africa (FATF, 2010) have championed economic development by channeling funds from surplus units to deficit units, risk mitigation and transparency. These institutions have traditionally suffered from credit, interest rate, exchange rate, concentration, reputation and legal risks (Dionne et al., 2010). Money laundering and terrorist financing which have been recently identified as emerging risks facing the financial institutions of developing countries have been in existence for many years in the western world, and various laws and frameworks have been adopted to minimize their negative effects on economic systems. However, little seem to have been done by developing economies to curtail the financial system from being used by criminals to transfer their ill-gotten wealth, and Ghana is no exception (Basel, 2012). The threat to global financial stability, economic growth and the operations of financial institutions by money launderers led to the establishment of the Financial Action Task Force in 1989 by the G7 nations as the global standard-setter in the fight against money laundering and terrorist financing (IMF, 2001; FATF, 1996). Money laundering involves University of Ghana http://ugspace.ug.edu.gh 7 the placement, layering and integration of funds from illegal activities through the financial system to legitimize the sources of such funds (FATF, 2010). Financial institutions by coverage, nature, speed of transactions, ease of converting wealth to cash without significant loss of principal, routine adoption of computer systems in operations, operation within a competitive commission-driven environment and the performance of auxiliary functions like acting as correspondent and respondent banks, trustees and agents make them more susceptible to money laundering and other vulnerabilities. All entities face uncertainties, which influence their profitability, effectiveness, reputation and shareholder value. Traditionally, entities scan the environment through the strength, weakness, opportunities and threats (SWOT) analysis while the political, economic, socio- cultural, technology, environmental and legal (PESTEL) and other tools are used to detect and manage the varied risks they face (COSO, 2004; Bell et al., 1997). Until enterprise risk management (ERM) evolved in the year 2000, financial institutions including banking institutions have relied on the simplistic silo-based approach to detect, control, mitigate and manage risks. Abdullah et al., (2012) define risk management as the process by which entities analyze their risks and assign effective risk controls to check such exposures with the view to attain strategic objectives. Though there is no universally accepted definition for enterprise risk management (ERM), it is broadly viewed as a systematic, disciplined, holistic loss-prevention and control system that is strategically applied to identify potential enterprise-wide risks that tend to affect an entity’s operations, compliance, performance and reporting (Dionne, 2003; Razali et al., 2011; Gordon et. al, 2009; Standard & Poor, 2008; Havenga, 2006; COSO, 2004; Lam, 2003; Dickinson, 2001). University of Ghana http://ugspace.ug.edu.gh 8 Anti-money laundering (AML) compliance programmes by design and implementation manages firm-wide money laundering and terrorist financing risk. Thus, ERM and AML compliance frameworks primarily task entities to be proactive in identifying and addressing risks that hinder their operations and value creation abilities for stakeholders (Dionne et al., 2003). The growth in the banking sector coupled with increasing recognition for firm-wide risk management have fuelled increasing expectations of these institutions to comply with constantly evolving regulatory demands (Wu & Olson, 2008; FATF, 2010). This scrutiny has made AML and ERM a major requirement for many Banks in Sub Saharan Africa, especially the Ghanaian banking institutions. Consequently, banks in Ghana have been tasked by regulatory bodies to continually implement and comply with risk management policies and procedures, which include anti- money laundering laws to detect, prevent, mitigate and respond to the threat of money laundering and other risks, which may affect their activities (Reuter & Truman, 2004). Review of extant literature on ERM adoption and firm performance reveal that various studies conducted on advanced economies produced mixed results (Gordon et al., 2009; Pagach & Warr, 2006; Stulz, 2003; Vafeas, 1999; Yermack, 1996). Yepes (2011) looked at countries’ compliance with the Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) international standards during the period 2004 to 2011 and concluded that overall compliance is low; there is an adverse impact on financial transparency created by the cumulative effects of poor implementation of standards on customer identification. This therefore calls for a study of the effective compliance of financial institutions especially banking institutions to domestic and international AML standards. Additionally, money laundering as an evolving activity requiring banking institutions to have an anti-money laundering compliance barometer to help avert University of Ghana http://ugspace.ug.edu.gh 9 operational, legal, concentration and reputational risks that confront their operations (Jones & Kroll, 2011; IMF, 1996). It is evident that the level of awareness and understanding of ERM and AML concepts are still low in developing countries (Pagach & Warr, 2011; Zadeh, 2010; Gordon et al., 2009; Liebenberg & Hoyt, 2003). In addition, very little empirical research has been done on the drivers of ERM adoption in the developing world and this has influenced the pace at which ERM is adopted, in developing economies. Nonetheless, in a world of increasing globalization and information technology, it is imperative for banking institutions in developing economies to appreciate and adopt international best practices in risk management. Thus, the ambiguity in the empirical findings, the need to have a robust ERM adoption and AML compliance frameworks for timely risk mitigation and the implications these frameworks have on firm performance necessitated this research. The present study is therefore meant to fill the gap in the empirical literature on enterprise risk management adoption, anti-money laundering compliance and firm performance in developing economies. Clearly, this study is novel for investigating the hitherto unexamined association among anti-money laundering compliance measures, firm performance and the overall influence on enterprise risk management adoption in the Ghanaian financial sector. The methodology adopted for the study followed those used in similar research studies. This thesis aims at providing the drivers of enterprise risk management adoption, developing an ERM adoption and AML compliance indices and also establishing the linkages among anti-money laundering compliance, firm performance and enterprise risk management adoption in Ghanaian banking industry. The study is timely because it provides empirical analysis based on sound intellectual underpinnings for enterprise risk management and anti-money laundering policies to better manage University of Ghana http://ugspace.ug.edu.gh 10 emerging and traditional risks associated with the banking sectors of developing economies. 1.2 Problem Statement Financial institutions’ compliance with a country’s AML/CFT laws and guidelines plays an important role in ensuring a sound financial system. Ghana’s financial sector has undergone extensive reforms over the last two decades. The main financial institutions in Ghana’s economy are banks which are the main mobilizers of funds, providers of risk management services and financiers of medium and large scale enterprises and government. It is through them that finance makes its major contribution to sustained economic growth, development and stability in Ghana. Banks also play an important role in ensuring an efficient and effective payment system and transaction processing and in facilitating monetary and fiscal policies. The banking industry is dominated by banks and NBFIs whose share of the total banking assets is 90 percent. The industry has seen growth over the years; the number of banking institutions have increased from 16 to 79 (2000- 2013); total shareholders’ capital for the industry has almost tripled (2000-2013); the industry looks profitable coupled with better return on assets and equity (2000-2013. Also, introduction of e-payments systems such as the e-money,e-zwitch, mobile money services, credit and debit cards, internet banking etc. make Ghana’s banking system an interesting case to study. As money laundering and terrorist financing can occur through many different avenues in different sectors of the economy, the banking system has become the focus of regulators and the international community. In addition, the inadequate comprehensive risk management guidelines for the industry make the players in the industry to adopt different risk management models to mitigate risk in their internal and external environments. Risk management has evolved from silo risk management to University of Ghana http://ugspace.ug.edu.gh 11 holistic risk management where a residual risk is communicated across the entire firm and to stakeholders. Gordon et al., (2009) argue that ERM improves firm’s performance. A firm’s adoption of ERM has been proxied with appointment of a chief risk officer (CRO) which is given a value of one, and zero, otherwise. This measure is seen as a weak tool in assessing ERM adoption as it does not measure firms that have adopted ERM to some degree. Also, risk management is a process and not an event. Hence, risk management should be measured on a continuum at different times. This current study attempts to develop a robust barometer to gauge the ERM levels of Ghanaian banks as at 31st December, 2013. Also, due to the importance of AML in the financial service sector, a robust discrete variable is also developed to assess the level of AML in the Ghanaian banking sector. Furthermore, the association between AML and ERM is untested to the best of the authors’ knowledge. Attempt is also made in this thesis to evaluate Ghana’s technical compliance with FATF 40 recommendation after the delisting of Ghana from FATF Blacklist. Also, the study attempted to answer the following research questions: i. Do Ghanaian banks have high AML compliance levels? ii. Do Ghanaian banks have high ERM adoption levels? iii. Is there any association between anti-money laundering compliance and enterprise risk management adoption in the Ghanaian banking industry? 1.2.1 The Cost Implications of adopting AML and ERM frameworks According to the COSO framework (COSO, 2004), ERM is a holistic enterprise-wide management process that is linked with the overall strategy of the firm. Strategy requires management to strategically plan ahead in order to achieve set goals and targets. Thus, a risk management framework in place serves as a guide for firms to prudently manage their University of Ghana http://ugspace.ug.edu.gh 12 risks to achieve set objectives. Hypothetically and empirically, to some degree, ERM tends to be adopted by larger firms that are well resourced performers in an industry. Obviously, more financial and other inputs would only be committed to ERM adoption when it significantly impacts on firm performance. Since available empirical results (Hoyt & Liebenberg, 2009; Nocco & Stulz, 2006; COSO, 2004; Stulz, 2003, 1996; Lam, 2003; Barton et al., 2002) suggest that financial institutions have been frontrunners in ERM adoption, the current study seeks to echo to firms that huge cost is certainly involved in the implementation of ERM as well as AML compliance. Additionally, compliance with laws and conformity with high ethical standards, without compromising on international best practices oblige financial institutions to enact AML legislations, in order to prevent the financial system from being used as conduit for money laundering (ML). Furthermore, the mandatory nature to adopt an AML compliance framework coupled with its inherent non-compliance punitive measures, leave banking institutions no choice than to absorb the huge costs involved in ensuring compliance with AML policies and procedures. One of the objectives of the present study is the development of AML compliance index, which would serve as a barometer for banking institutions to rightly gauge their level of compliance to AML. Thus, it helps stakeholders to justify the costs incurred in assessing the effectiveness of compliance programmes and the return on investments made in AML implementation frameworks while being shielded from use as conduit for the disposal of criminal proceeds. 1.2.2 Implications for wider range of risks and emerging risks Until ERM was developed in the 2000s, firms had managed various risks with the help of the piece-meal silo-by-silo method. Firms at the time performed well because they operated in a business environment that was relatively stable and used no or few University of Ghana http://ugspace.ug.edu.gh 13 technologies. However, rapid development in information technology, a flurry of corporate governance scandals (Simkins & Samirez, 2008) and poor risk management in the past few decades have deepened the need to proactively identify, prioritize, and manage all possible risks that confront firms (COSO, 2004; CAS, 2003). To survive in a competitive business environment within the context of globalisation, firms have incorporated emerging risks such as money laundering (ML) and terrorists financing (TF) into their traditional risk areas in determining performance. It is also worthy to note that just as marketers advise that the marketing function should permeate the length and breadth of an entity, ERM adoption and AML compliance frameworks remind management to identify risks not only in the finance department, but also in the human resource, research and development as well as other departments. This implies that ERM adoption and AML compliance are designed to cut across all levels in the organization. This study, thus, profiles the varied risks that confront the banking sector in developing economies. 1.2.3 Implications of AML and ERM indices for prudent corporate governance Even though substantial empirical literature and survey results of service providers have affirmed inadequate corporate governance practices and poor risk management as causes of the global financial crisis, very little has been done empirically to ascertain the link among ERM, AML and corporate governance (Subhani & Osman, 2011). Both AML and ERM implementation requires board and management commitment. 1.2.4 Implications of adopting AML and firm performance on ERM The relationship among AML compliance, firm performance and ERM adoption, in real time is still a debatable issue. Theoretically, ERM adoption has both direct and indirect benefits to the firms that adopt it (Liebenberg et al., 2003; Hoyt & Liebenberg, 2006). University of Ghana http://ugspace.ug.edu.gh 14 COSO (2004) observed that the overall purpose of ERM adoption is to protect and enhance shareholder value. Furthermore, ERM adoption hypothetically reduces the marginal cost of risk as it eliminates duplication of costs of risk management programmes across departments (Eckles et al., 2011). Again, Gordon et al., (2009) explored the relation between a firm’s ERM adoption and performance as contingent on the proper match between a firm’s ERM adoption and five firm related variables: environmental uncertainty, industry competition, firm size, firm complexity and board of directors’ monitoring (Golshan & Abdul-Rasid, 2012; Hoyt & Liebenberg, 2006; Beasley et al., 2005). It is worth mentioning that the link between ERM adoption and firm performance signifies the holistic and strategic characteristic of ERM as a system theory paradigm of risk management. Since no empirical evidence exists in Ghana, this study seeks to establish the impact firm performance would have on ERM adoption. This study reflects the business environment of developing countries against the background of how performance impacts ERM adoption in the Ghanaian banking sector. University of Ghana http://ugspace.ug.edu.gh 15 1.2.5 Implications for developing an AML Index An effective AML framework captures the extent of money laundering control on the basis of a bank’s AML compliance. Meanwhile, banking institutions view AML compliance as a strategic advantage for competitiveness and thus invest heavily in the area to attain this objective. However, effective AML framework is not only limited to achieving a one-off AML compliance. This explains why there is the need for banks to institute continuous measurement strategies to signal them of the potential dips in real- time to enhance their compliance to AML framework. Furthermore, it is imperative to know which factors to focus on in committing scarce resources to achieve AML compliance because it is critical to business success. It is believed that developing an AML compliance index ensures an effective management of the ever evolving money laundering and then improves on the risk management framework of banking institutions. Thus, the research focuses on banking institutions for reasons such as: without due diligence, banking institutions can be subject to reputational, operational, legal and concentration risks, which ultimately can affect the integrity of financial systems. Additionally, following the liberalization of Ghana’s financial sector in 1989, the sector has witnessed consistent growth in terms of size, composition and sophistication as suggested by available data (GSS, 2013). It is therefore obvious that a more concerted effort is needed to provide feedback to track performance and contribute to improvement in the sector. Also, since 2001, the International Monetary Fund (IMF) and World Bank have made it a requirement for countries that benefit from their financial and structural assistance programmes to have in place an effective AML controls. Finally, banking institutions by coverage, product portfolio and globalised nature are more susceptible to money laundering. Thus, irrespective of the size of a bank, there should be some centralized aspect of control that has an organization-wide view of AML efforts University of Ghana http://ugspace.ug.edu.gh 16 within the entity. However, banks face risks that are dynamic and need to be continuously managed accurately and periodically to device practical steps to mitigate them. It is challenging to create an AML index and a standardized risk assessment because money laundering is a secret act on which data is hard to obtain. Thus, it is difficult to find a universally accepted methodology for measuring AML index due to the limited available data. Lack of clear concepts and methodological standards mean that compliance officers and researchers face considerable constraints and challenges when attempting to construct an AML compliance index for entities on the basis of their exposure to money laundering. Nonetheless, the banking sector nay consider the AML compliance barometer as a highly useful tool to fulfill regulatory requirements in relation to AML country risk rating, particularly, valuing its foundation in scientific research. In developing the AML compliance index, this study seeks to establish the credible and relevant sources to identify money laundering risks and methodology that can be used to develop a composite AML index for the banking sector. Developing an AML index would give banking institutions a barometer to continuously improve on the extent of their AML compliance and then validate their gains and identify key areas for improvement. The developed index can serve as an important tool for benchmarking and for motivating policy makers to ensure AML compliance. Thus, the index would help policy makers to prioritise reforms accordingly. Again, as future rounds of the data set become available, they could also track the success of those reforms. Therefore, the AML compliance is meant to be continuously reviewed to address its methodological challenges and monitor new trends as data becomes available. University of Ghana http://ugspace.ug.edu.gh 17 1.3 Research Objectives The broad objective of this study is to investigate the influence of AML compliance and enterprise risk management adoption in the Ghanaian banking industry. In this vein, the specific objectives of the study are to: 1. Construct a barometer to measure the level of Anti-Money Laundering compliance (AML) in the Ghanaian banking sector. 2. Construct a barometer to measure the level of Enterprise Risk Management adoption (ERM) in the Ghanaian banking sector. 3. Investigate the association between AML compliance and ERM adoption in the Ghanaian banking sector. 1.5 Research Hypotheses Flowing from the objectives of the study, the following hypotheses were tested: 1. AML compliance levels are high in the Ghanaian banking industry 2. ERM adoption levels are high in the Ghanaian banking industry 3. AML compliance does not significantly affect ERM adoption in the Ghanaian banking industry. 1.6 Motivation for the Study Global Financial Integrity (GFI) estimates that in 2012, USD 991.2 billion left developing countries in illicit financial outflows. Illegal movements of money or capital from one country to another is usually referred to as illicit fund flow (IFF) and the Global Financial Integrity (GFI) classifies this movement as an illicit flow when the funds are illegally earned, transferred, and/or utilised. It is believed that most of these funds come from predicate offences, money laundering and terrorist financing. The West African sub region University of Ghana http://ugspace.ug.edu.gh 18 continues to witness activities of terrorist organizations causing instability in economic and social activities of countries in the sub region. For instance, recent developments in Ghana indicate that the environment in which banks operate is now turbulent. This is because Ghana is perceived as a country where corruption is on the rise. Also, developments in the financial sector, particularly in the banking sector including influx of foreign banks, well sequenced financial sector liberalization policies, mergers and acquisitions of banks; continuous integration of technology into financial transactions coupled with the increase in integration of world economies make Ghana’s financial system prone to illicit financial flows. It is important to note that Ghana’s banking system constitutes about 87.9% of the total assets of Ghana’s financial system (BoG,2013) and as such if not well insulated could be used as a conduit for proceeds of crime. It is against this background that this study seeks to develop indices for measuring ERM adoption and AML compliance among banking firms in Ghana. These metrics could serve as early warning systems for gauging the financial health of the country as well as a lead indicator for foreign inflow. It could also help to appreciate the performance of regulatory bodies such as Financial Intelligence Centre, Bank of Ghana and also AML/CFT support from the international community including the International Monetary Fund (IMF), United Nations Office of Drug Control (UNODC), the World Bank, Swiss government, etc. Banks and special depository institutions are unique, in that they alone are allowed to engage in the business of receiving deposits and providing direct access to those deposits through the payment systems. Banks contribute to the growth and development of economies but in the bid to raise loanable funds, they face varied default, operational, reputational, concentration and emerging risks that adversely affect their performance. University of Ghana http://ugspace.ug.edu.gh 19 Consequently, the unique role and nature of banking institutions make them the most preferred line for money launderers who have no physical geographic horizons, operate 24/7 in every time zone, and maintain the pace of the global electronic highway. This calls for effective, robust and operational anti-money laundering and combating the financing of terrorism framework to reduce the surge in predicate offences activities such as corruption, terrorism, tax invasion, child trafficking, etc. It is believed that most terrorist organisations finance their operations using laundered funds through the global financial systems. Ghana being a member of the Financial Action Task Force (FATF) is expected to ensure that its systems and accountable institutions are used not to channel proceeds of crime. Though Ghana has passed a lot of legislations on AML/CFT to protect its economy and institutions, media reports suggest high levels of fraudulent and unlawful financial transactions which mostly incur to the benefits of politicians, civil servants, etc. Ghana’s cash economy may be opened to the high levels of washing dirty money. This seems to destroy the hard earned reputation of the country. Financial gains from these unlawful and criminal acts are believed to be channelled into financial and or real assets which make its origin difficult to trace. Organizations impact their environment and are in turn shaped by their environment. It is the risk inherent in the environment that caused entities to abandon the silo-by-silo approach of risk management in favour of the more holistic enterprise risk management and anti-money laundering frameworks. Besides, the business environment varies in size, complexity and risk management culture (Golshan & Abdul-Rasid, 2012; Simkins & Ramirez, 2008; Beasley et al., 2005; Briers, 2000; Gordon et al., 2000). Review of available literature on risk management revealed that there is no universally accepted barometer for measuring enterprise risk management adoption and anti-money laundering University of Ghana http://ugspace.ug.edu.gh 20 compliance levels in Africa. It is against this background that the current study attempts to establish such measures for the Ghanaian banking sector. Also, banks mobilise financial resources from varied sources and depending on the type of capital structure chosen, the role of investors and shareholders cannot be underestimated in the process of financial input mobilisation. An entity that truly seeks to grow its shareholder value and build investor confidence has to demonstrate the application of ERM and compliance to AML frameworks (Meulbrock, 2002; Cumming & Hirtle, 2001; Lam, 2001; Miccolis & Shah, 2000). Thus, ERM adoption and compliance to AML frameworks are indicative of how secure shareholders’ funds are with an entity, which in turn determines the future investment trends in the firm and industry. In addition, available literature demonstrates that considerable research has been done in developed and emerging economies. While research on ERM adoption and AML compliance are still less in the Asian economies, there is even very little and in some cases no studies on ERM adoption and AML compliance in Africa. Some reasons often cited for low adoption of ERM and AML in Africa include difficulties in measurement, difficulty of identifying risks, fear of increased responsibilities, the financial commitment and low confidence in ERM implementation (Kleffner et al., 2003). Similarly, Gordon et al., (2009) observed that though ERM adoption improves firm performance in theory, available empirical evidence offers mixed results. The controversies obviously signify a gap in the empirical literature devoted to the studies of ERM adoption, AML compliance and firm performance, and this is the lacuna the novel study seeks to fill since it is evidence from the literature that no known empirical research exists for the Ghanaian banking sector. University of Ghana http://ugspace.ug.edu.gh 21 To survive competition, firms need to study trends in the market among other measures. ERM adoption and AML compliance indices are essential for the projection and prudent management of risks in the banking sector. Thus, this study’s focus is to develop ERM adoption and AML compliance indices to establish their effects on firm performance. This is likely to clear any doubts and misgivings that entrepreneurs and top level management have on ERM and AML policies and procedures. The apprehension with which some firms view ERM adoption is quite understandable because in Ghana for instance, apart from few policy papers in the area, there is no known rigorous academic research that clearly spells out best practices and the challenges of ERM adoption and AML compliance. Both ERM adoption and AML compliance are seen as risk management tools for banking firms, though AML has law enforceability. Intuitively, AML is expected to ensure a better risk management environment for banks as its implementation cuts across the whole firm. Lots of works have been done on ERM adoption; however, no one has investigated the association between the two. This study is the first to empirically test the existence of an association between ERM adoption and AML compliance. 1.8 Scope of the Study This study has mainly financial institutions (FIs) in mind. Anti-money laundering and terrorism financing is quite ubiquitous in many institutions such as charities, gambling centres and religious institutions, but this study could not cover all those institutions and thus limited its focus to financial institutions, particularly, banks. The study is expected to cover all financial institutions regulated by Bank of Ghana, Securities and Exchange Commission (SEC), National Pensions Regulatory Authority University of Ghana http://ugspace.ug.edu.gh 22 (NPRA), Venture Capital Trust Authority (VCTA) and National Insurance Commission (NIC) as well as AML/CFT accountable institutions. This would have given a clearer picture of ERM adoption and AML compliance levels within Ghana’s financial system. However, Ghana’s financial system is mainly dominated by banking institutions regulated and supervised by Bank of Ghana and constitutes about 90 percent of assets of Ghana’s financial system. 1.9 Study Limitations As with all empirical studies, there are limitations to this study. The most obvious limitations to this study are outlined. Firstly, this study did not explore the causality between AML compliance and firm performance. Secondly, the study could be affected by response bias hence the developed ERM adoption and AML compliance indices may have certain limitations that should be considered when interpreting the data. Thirdly, in terms of the methodology, there is no objective standard in creating composite indices, which is why in the development of the ERM adoption and AML compliance indices, the researcher made choices and judgments on variables, weightings and methods. There is also no benchmark for measuring the performance of firms over time hence bootstrapping scores may lead to different ranges for different groups at different times. 1.10 Organisation of the study The study is in five (5) chapters. This current chapter discusses the background, statement of the problem, objectives, research questions, hypotheses, study motivation, scope and limitation of the study. Chapter two focuses on the overview of evolution of risk management, drivers of enterprise risk management, firm performance, evolution of money laundering and efforts made globally and domestically to fight money laundering. University of Ghana http://ugspace.ug.edu.gh 23 Chapter three then presents the research methodology. The empirical results and findings are presented and discussed in chapter four, and lastly, chapter five concludes the study with general contribution of the thesis, conclusion policy implications and areas of further studies. University of Ghana http://ugspace.ug.edu.gh 24 CHAPTER TWO – LITERATURE REVIEW 2.0 Introduction This section provides relevant theoretical and empirical researches conducted on drivers of ERM adoption and their effects on performance. The section also explores the evolution of risk management, the broad determinants of enterprise risk management (ERM) and extracts the frequently cited determinants of ERM adoption. It further discusses the seminal works of Liebenberg & Hoyt (2003), Kleffner et al., (2003), and Briers (2000) on ERM. Additionally, in light of limited empirical research in this area, part of this section is devoted to discussion of the survey findings of service providers and interest groups like PwC, KPMG, and Deloitte & Touché. Furthermore, it discusses the various AML compliance frameworks and international best practices, the COSO ERM framework as well as performance of firms. It also examines various efforts to measure the ERM effectiveness on performance of firms. 2.1 Goal of this chapter The goal of this chapter is to identify and discuss the various theories, empirical research findings as well as the contributions of major service providers in the area of ERM adoption, AML compliance and firm performance. Using the research objectives as a guide, this chapter outlines the similarities between empirical research findings on the drivers of ERM implementation and the results of service providers. The chapter summarizes the relevant attempts previous research studies have made in deriving a metric to measure the impact of ERM implementation on firm performance. In addition, the major types of traditional and emerging risks are identified and discussed, as well as the origins and evolution of the principles and practices of money laundering. Last of all, efforts made by global anti-money laundering compliance institutions are made bare. University of Ghana http://ugspace.ug.edu.gh 25 2.2 Layout of this chapter The chapter is organized as follows: Section 2.3 provides theoretical background of the study. Section 2.4 presents evolution of enterprise risk management. Sections 2.5 and 2.6 looks at the drivers of ERM and ERM effectiveness. Section 2.7 looks at the relationship between firm performance and ERM. Sections 2.8 to 2.10 deals with origins of money laundering and anti-money laundering compliance measures. The construction of indices is discussed in section 2.11 and finally, section 2.12 presents the structure of Ghana’s financial and systems. 2.3 Theoretical background This section presents the theoretical background of the study. The theoretical underpinning of the study is risk management. Risk management is the process of identifying, measuring and quantifying risks or uncertainties associated with an event or a process in order to put in appropriate tools to minimize or maximize its effect on the objectives of a firm. D’Arcy (2001) traced the origin of risk management to the 1950s. In 1963, risk management was specifically focused on pure and speculative risks and was meant to maximise the productive efficiency of entities. In the 1970s, financial risk management was an issue highlighted by firms due to how the rise in oil price affected the stability of exchange and inflation rates. In the 1980s, political risks gained increasing recognition with growth in multinational corporations (Skipper & Kwon, 2007; D’Arcy, 2001). The scope of risk management was widened in the 1990s to deal with financial, operational, and strategic risks (Skipper & Kwon, 2007). This came about as a result of increased accountability demanded by shareholders from senior managers to take a more proactive approach in managing risks (D’Arcy, 2001; Jones, 2006; Holton, 1996). Additionally, a rise in corporate scandals in the 1990s coupled with the emergence of hazard, financial University of Ghana http://ugspace.ug.edu.gh 26 and strategic risks caused many to question the effectiveness of the silo-based risk management approach in dealing with the varied risks that confront entities (Weiser, 2009; Wolf, 2008; Mango, 2007; Jablonowski, 2006; Cassidy, 2005; CAS, 2003; Li & Liu, 2002; D’Arcy, 2001). These factors primarily led to the emergence of enterprise risk management (ERM) in the late 1990s (Woon et al., 2011; Lai & Samad, 2010; Gordon et al., 2009; Kucuk Yilmaz, 2009; Pagach & Warr, 2008; Calandro Jr. & Lane, 2006; COSO, 2004; CAS, 2003), though Cassidy (2005) had affirmed the existence of ERM in the planning, organisation and controlling activities of entities. ERM gained the interest of stakeholders in the early 2000s due to the complexity and nature of risks from sometimes noncore functions of firms (Lai & Samad, 2010). Review of the evolution of ERM also revealed that it is synonymous with enterprise-wide risk management (EWRM), holistic risk management (HRM), corporate risk management (CRM), business risk management (BRM), integrated risk management (IRM), strategic risk management (SRM), portfolio risk management, and value based enterprise risk management (D’Arcy, 2001; Meulbroek, 2002; Liebenberg & Hoyt, 2003; Kleffner et al., 2003; Hoyt & Liebenberg, 2006; Manab et al., 2007; Namwongse & Limpiyakorn, 2012; Yazid et al., 2009). In studies of transaction economies and management, the theories of perfect and imperfect markets have gained currency. Based on the capitalist notion of demand and supply, it is assumed that prices in a perfect market are determined by constant interaction between demand and supply. Delving further from this asymmetry, a perfect market is said to have a large number of sellers and buyers; buyers know the prices charged by the different sellers of the goods or services, and any one price prevails in the market due to the competition between sellers and buyers. Underlying all this, it has been assumed that firms University of Ghana http://ugspace.ug.edu.gh 27 were price takers and that there was free entry and exit into the market. Price taking implied that no one firm would influence the overall market price. Many studies including the famous capital structure as postulated by Modigliani & Miller (1958), assume perfect markets which does not exist in reality. Bonano (1990) argues that there is the need to have a coherent theory of general equilibrium with imperfect competition because the real-world economies are not captured by the assumptions of perfect markets. Furthermore, considerable research on other market structures from a partial equilibrium point of view stress on the fact that imperfect markets are more practical. Extending the notion of perfect and imperfect markets to enterprise risk management adoption and AML compliance is similar to assuming that in the former, firms operate in a totally risk free environment which is far from the reality. While a sizeable portion of the literature centres on whether ERM adoption positively or negatively affects firm performance, relatively smaller aspects espouse the view that the impact of ERM adoption on firm performance is neutral (Lai & Azizan, 2011). This stance is rooted in neo-classical financial and modern portfolio theories based on the seminal works of the capital asset pricing model (CAPM) by Modigliani & Miller (1963; 1958). The gist of the CAPM is that capital structure is irrelevant to firm value and so it is sheer waste of resources to try to manage risks as idiosyncratic risk is eliminated through diversification within an asset class (Lai & Azizan, 2011). The implication is that the entire concept of ERM does not appeal to the proponents of the CAPM (Lai & Azizan, 2011). However, the CAPM is often criticised for its inherent limitations (Fama & French, 2004; Chatterjee et al., 1999). The CAPM is built on simplistic assumptions such as firms operate in a perfect market void of information asymmetries and moral hazards, even though information asymmetries and moral hazards are real and have created agency University of Ghana http://ugspace.ug.edu.gh 28 problems, which need management (Stein, 1989, 1988 as cited in Lai & Azizan, 2011). Based on these limitations, the favourable outcomes of ERM adoption undoubtedly must reflect in a risk pricing formula that certainly affects the variable in the CAPM. This is of course based on the assumption that managing unsystematic risk can yield positive effects (Hoyt & Liebenberg, 2006; Gordon et al., 2009). The literature lists the main benefit for ERM adoption as an improved capability to boost earnings. Earnings can be improved through reduction or elimination of negative profit variation, reduction in cost of financial distress, lowering of the firm’s risk premium and tax burden, minimisation of agency problems as well as enhancing the corporate brand name (Lai & Azizan, 2011). 2.4 Evolution of Enterprise Risk Management The contribution of Briers to the evolution of ERM was his development of a theoretical basis for enterprise-wide risk management. Relying on critical analysis of theories of risk existing at that time, he pioneered the design of a model of risk management that offers a common theoretical framework upon which risk managers could base their work (Briers, 2000, as cited in Havenga, 2006). He tested the validity of his developed model of risk to affirm that enterprise-wide risk management was an evolving management principle, still in its infancy stage not only in South Africa, but globally (Havenga, 2006). Though, ERM has evolved over time, it is still developing – an observation which service providers have also made (ERM Survey Report [East Africa], 2012; EIU, 2007). The traditional approach of risk management tackled risk in fragmented fashion, by handling risks as individual units where departments with expertise managed risks in the areas of underwriting, finance, claims, reinsurance, pensions and marketing. However, modern risk management dates back to 1955 (Dionne, 2003; Harrington & Neihaus, 2003; University of Ghana http://ugspace.ug.edu.gh 29 Williams & Heins, 1995; Rockford, 1982; Hedges, 1963). Risk management (RM) helps to maximise a firm’s value and create value for stakeholders in accordance with strategic objectives (Georges, 2013; Bell et al., 1997). 2.4.1 The COSO ERM framework This study adopts the COSO (2004) ERM framework for measuring the ERM adoption levels of banking institutions in Ghana. Theoretically, the COSO ERM framework is designed primarily to assist firms to improve organizational performance and governance through effective internal controls, ERM and fraud deterrence in the four thematic areas of strategy, operations, reporting and compliance. While reporting and compliance are in the organization’s internal environment, the strategic and operations categories are subject to external events that are exogenously determined. COSO ERM objectives aid organizations to achieve specific organizational objectives by aligning their activities to mitigate risks. Closely related to the objectives of the COSO ERM framework are its eight (8) components that guide organizations to achieve key objectives – namely, internal environment, objective setting, event identification, risk assessment, risk response, control activities, information and communication, and monitoring (COSO, 2010). These input variables produce four (4) component outputs in the form of: compliance; operations; reporting; and strategic. University of Ghana http://ugspace.ug.edu.gh 30 Figure 1: COSO Framework (2004) The COSO ERM framework having been endorsed by highly reputable international professional bodies and having stimulated a lot of interest is considered a generic framework within which organizations can mitigate risk effectively. Far from being sacrosanct, the COSO ERM framework was formulated to strengthen already existing internal controls of organizations (COSO, 2004). Indeed, major audit service providers like KPMG, PwC, and Deloitte & Touché have indicated that the ERM framework is a work-in-progress. The observation by both COSO and the service providers underline the realistic, dynamic and flexible nature of approaching risk management. In addition, reliance on evolving technology and regulators’ higher expectations for governance oversight, risk management, detection and prevention of fraud have created the need for University of Ghana http://ugspace.ug.edu.gh 31 organizations to constantly keep pace with emerging risks in order to survive the turbulent, competitive and globalised business environment. Another area of relevance of the COSO ERM framework is the clear distinction, yet close interrelationship, between internal and external drivers of ERM adoption. Clearly, the link amongst the four major objectives determines the impact of ERM adoption on organizational performance. Globalization, the use of suppliers, service providers, the need to attract clients and improve service quality pose varied risks that appear simultaneously within an entity. Hence, the COSO ERM framework provides a general framework for firms to prioritize not only risks in the accounting, finance and insurance departments, but in the entire organization because what affects a sub system ultimately affects the entire system, according to systems theory. Service Providers (SP) have also relied on the COSO ERM framework to identify greater commitment from boards – greater complexity of organizations face in value chain due to advanced business practices; globalization and technological change; the need to contain events like product recall or fraud; maximization of shareholder value, reducing earnings volatility; improving capital efficiency; reducing costs of external capital and regulatory requirements as specific internal drivers of ERM adoption. Service providers are the institutions that perform professional task or deeds (Lovelock & Witz, 2007; Hinson, 2014). Additionally, service providers also cite increased focus on corporate practices by regulatory bodies, globalization, industry consolidation, regulations, technology, governance and demands from investors for greater disclosure and accountability as specific external drivers of ERM adoption (Subhani & Osman, 2011; 2008; Economist Intelligence Unit, 2008; Havenga, 2006; Cumming & Hirtle, 2001; Miccolis & Shah, 2000). University of Ghana http://ugspace.ug.edu.gh 32 Review of extant literature on the COSO ERM framework revealed that the few empirical studies by Hoyt & Liebenberg (2006), Acharrya (2008) and Gordon et al., (2009) produced mixed results and is also skewed towards developed economies at the expense of developing economies. Emerging risks such as money laundering and terrorist financing within the global economy especially, within the financial system have heightened the need for firms to handle risks in a very comprehensive and holistic manner. Implicit in these risks is the adoption of anti-money laundering and combatting of financing of terrorisms measures by firms, particularly the global financial system. Anti-money laundering compliance programmes ensure that firms, especially financial institutions, manage money laundering and terrorist financing risks from both internal and external environments. Vulnerabilities within a firm’s governance, operations, human capital, channels of distribution, etc. are holistically managed in order that the strategic, operational, compliance and reporting objectives of a firm are not compromised. Non- compliance to AML attracts sanctions from regulatory bodies which affect the economy of countries. It can be clearly seen that AML measures and COSO ERM framework seem to protect a firm from all sources of uncertainties in order to achieve its strategic, operational, compliance and reporting objectives. 2.4.1.1 Overview of COSO ERM components Based on the COSO-ERM integrated framework the firm has to monitor, evaluate, and communicate its performance to stakeholders (COSO, 2004) as and when it progresses on the ladder of ERM implementation. The COSO-ERM integrated framework further defines ERM effectiveness by linking ERM adoption to a firm’s vision, mission, strategy and objectives (COSO, 2004). More specifically, the document outlines four major categories of objectives which encompass the internal and external environments that University of Ghana http://ugspace.ug.edu.gh 33 relate these categories to eight interrelating components. Specifically, the COSO-ERM integrated framework outlines objectives in reference to strategy, operations, reporting and compliance categories, while the eight components assist firms to achieve the specific objectives in the four key areas. The literature indicates that ERM implementation is increasing at a very fast pace (Havenga, 2006; Deloitte & Touché, 2009). Similarly, the positive link between ERM implementation and firm performance has been acknowledged in the literature (Namwongse & Limpiyakorn, 2012; Grace et al., 2013; Pagach & Warr, 2008). However, limited empirical evidence exists on the actual impact of ERM implementation on firm performance (Liu et al., 2010; Acharyya 2008; Gordon et al., 2009). Worse still, it has been very challenging to arrive at a common theoretical framework to allow the impact of ERM implementation to be measured holistically (Acharyya, 2007; Gordon et al., 2009). The issue has been how to devise common indices to quantify both financial and non-financial aspects of firm performance. Thus, providing a general model to be adapted to suit local conditions should be seen as pioneering the development of regional models to measure the effectiveness of ERM implementation. Enterprise risk management adoption allows firms to effectively and efficiently use scarce inputs to achieve performance targets. Also, it ensures reliable financial reporting and compliance with laws and regulations to insulate firms from incurring reporting, reputational, operational and strategic risks. Explicit in the COSO (2004) definition is that an entity’s enterprise risk management framework is hinged on eight inputs of: internal environment; objective setting; event identification; risk assessment; risk response; control activities; information and communication and monitoring. The study expanded upon the preceding eight inputs of enterprise risk management specified by COSO (2004) by incorporating a ninth element called organisational culture. University of Ghana http://ugspace.ug.edu.gh 34 This variable is included because in developing its enterprise risk management framework, COSO (2004) relied on a contingency perspective by recognising that the appropriate enterprise risk management system is dynamic and it is likely to vary from firm to firm. Additionally, the fact that there is no universally ideal enterprise risk management system means that COSO can be modified to suit the peculiarities of a firm and/or jurisdiction (Moeller, 2007; Beasley et al., 2005). Furthermore, the contingency view of enterprise risk management systems is consistent with the literature that examines the more generic notion of management control systems (Beasley et al., 2005). Each of the eight (8) input components of COSO ERM framework plus organisational culture is briefly discussed: Internal environment (IE) The COSO 2010 framework continues to make a strong case for internal environment which has been widely accepted by business communities and authorities in various industries and academic arenas around the globe respectively. The internal environment has five strategic fundamental elements which include ethical standards of the firm, the firm’s board oversight, firm’s structure, the firm’s human capital, and firm’s employees’ accountability (Beasley et al., 2005; COSO, 2013). These fundamental elements provide clarity for users in designing and implementing systems of internal control. Notwithstanding, the above firms’ enterprise risk management should embrace government’s controls, policies and guide to promote stable markets or grounds for fair competition. In a situation where, firms’ enterprise risk management strategies clashes with government’s oversight policies, the firm could face sanctions leading to serious stigmatisation. In Ghana, banking institutions are expected to conform to various laws, acts, and regulations to ensure that their policies on internal control activities are strong enough to mitigate any risk. University of Ghana http://ugspace.ug.edu.gh 35 Objective Setting (OS) Objective Setting is one of the COSO 2010 framework which captures Objective definition, risk appetite, resource allocation, strategic planning, objective communication, objective awareness and risk alignment (Kaplan & Mikes, 2012; Hammond et al., 2006; Tufano, 1996; Moeller, 2007). These objectives pave way for strategic and policy makers to enshrine and implement systems for internal controls. It must conform to the mission and vision of the firm in alignment with the firm’s risk appetite or tolerance rate, since every mission mad vision comes with its own peculiar risk which needs to be mitigated. Event identification (EI) Internal and external events affecting achievement of an entity’s objectives should be identified, distinguishing between risks and opportunities. Opportunities are channeled back to management’s strategy or objective-setting processes (COSO 2004). Event identification includes the detection of internal or external incidents or occurrences that affect the achievement of an entity’s objectives (Moeller, 2007). These events are often thought of as negative in consequence, but may also provide positive outcomes, or both. Events may be categorised among the types of influencing factors, such as external economic, natural environmental, social, internal process-related, and or technological, classifications that are critical to ensure comprehensive risks are considered (Moeller, 2007; Ballou & Heitger, 2005). Within this component, organisations should have processes established to monitor the environment for potentially significant risk events, via process flow analyses, interviews, questionnaires, and escalation triggers, among others (Moeller, 2007; COSO, 2004). This involves the identification of internal and external events that affect the achievement of its objectives and underscores the positive University of Ghana http://ugspace.ug.edu.gh 36 and negative aspects of events as opportunities and risks as explained in the COSO ERM framework (2010). Risk assessment (RA) Risk is said to be the uncertainty or the deviation from actual expectations. However, risk can also be an opportunity or threat. The COSO (2010) framework identifies risk assessment as a key indicator of identifying, measuring and developing corporate risk mitigating tools to minimise threat and take advantage of opportunities. These activities engineer the type of strategies and risk mitigating factors which a firm should implement as internal control mechanisms in pursuit to stand the test of survival. The process of risk management includes the identification, assessment, monitoring and treatment of risks. As the scope of risk management expands, firms are likely to cover a larger number of areas of an organisation’s activities as well as the variety of risks including credit risk, market risk, liquidity risk, operational risks, strategic or business risk, reputational risk, money laundering and terrorism financing risk, regulatory or compliance risk, country and cross border risk and governance risk (Beasley et al., 2006; Fatemi & Glaum, 2000) highlight the importance of having an enterprise wide approach to risk management and argue that as organisations invest in a wider set of risk management processes, the organisational objectives can be more easily met. Risk assessment includes the following variables: risk identification; risk analysis; fraud alert; and risk response. Risk are analysed considering the likelihood of its occurrence and the potential impact on the organisation as the basis for determining how they should be managed (Moeller, 2007; Ballou & Heitger, 2005). The internal and external risks are assessed on an inherent and residual basis (COSO, 2004). The Risk assessment component “represents the core of COSO ERM,” enabling an organisation to evaluate the extent to which a risk may inhibit or enhance its ability to University of Ghana http://ugspace.ug.edu.gh 37 meet objectives (Moeller & Ballou 2007). Accurate risk assessment offer firms competitive advantages to lower their overall risk of failure, and thus increase their performance and value (Hoyt & Liebenberg, 2009; Nocco & Stulz, 2006; Tufano, 1996). In summary, risk assessment is the engine of any risk management programmes. Risk response (RR) Risk response is the appropriate risk management options that are considered for significant risk including risk avoidance (avoid), pricing for risk retained (price), risk transfer – e.g. insure, hedge, strategic alliances, joint ventures, contractual risk sharing provisions, etc. (transfer), risk reduction to an acceptable level (accept/control) or risk acceptance at present level (self-insured) (accept). Within the risk response of the COSO Framework (2010) an organisation should continuously assess the effect of changes in the environment and significantly process risks on the entity’s existing risk management strategies, formulate updated strategies to respond to changes in risks by aligning the entity’s strategies through resource allocation and performance measurement process. Emerging risks such as money laundering and terrorism financing are defined or changes in risks significant to an entity are responded to on timely basis. Moeller (2007) asserts that risk avoidance involves disengaging from the risk completely, possibly by divesting a line of business, while risk reduction may be accomplished through a wide range of strategic business decisions. Meanwhile, risk sharing is commonly achieved through the purchase of insurance and other hedging means. Risk acceptance is then, simply, taking no action, which may be appropriate depending on a risk’s likelihood and impact. Appraisal of literature shows that risk response refers to the appropriate actions which are selected to align risks with risk tolerance and risk appetite and it includes inherent risk, risk alert, risk mitigation strategies, risk standard setting, risk management policy approval University of Ghana http://ugspace.ug.edu.gh 38 and monitoring, identifying emerging risks, risk policies, risk management strategy and risk ownership, risk champion approval, performance appraisal, risk management oversight, and risk reporting. Control activities (CA) Control activities are the policies, procedures, and practices that ensure management objectives are achieved and risk mitigation strategies are effectively carried out (COSO, 2004). These activities occur throughout the organisation, at all levels and in all functions. Segregation of duties, performance reviews, physical controls, authorisations and verifications are examples of control activities (COSO, 2004). The verification activities may be completed through performance indicators, physical controls, and reviews by both top level and line level management (Moeller, 2004). COSO (2004) indicates that internal controls are to promote operational effectiveness and efficiency, provide reliable financial and administrative information, safeguard assets and records, encourage adherence to prescribed policies and compliance with regulatory agencies. Control activities look at manual and automated activities diverse as approvals, authorisations, verifications, reconciliations, reviews of business performance, security of assets and segregation of duties. The board of directors and senior management define and codify internal control mechanisms and expected standards of conduct. COSO (2004) identifies a seven (7) factor framework relating to effective control activities which are integrity and ethical values; commitment to competence; board of directors or audit committee; management’s philosophy and operating style; organisational structure; assignment of authority and responsibility; and human resource policies. University of Ghana http://ugspace.ug.edu.gh 39 However, a careful review of existing literature puts these seven into four broad thematic areas namely; Business philosophy, corporate governance, ethical standards, and human capital management. Management judgment is a key element in selecting the best controls and ensuring they operate as designed. Controls are selected considering many factors, including the assessed risk of material omission and misstatement, evaluation of benefits and costs of designing and conducting effective controls (including segregation of duties and considering alternative preventive or detective controls), technology versus manual controls, and the competency of personnel performing the controls. In summary, as the board approves, the management has oversight responsibility to implement and monitor the internal control activities which are key to managing risks such as operational risk. Information and communication (IC) Information is an integral part in daily business activities as accounting, finance, operations management, marketing, human capital management or any other major business function. Imperative information is identified, captured, stored and disseminated timely across the organisation to ensure that management and employees understand their internal control responsibilities and their importance to the achievement of firm’s objectives. Enterprise wide risk technology applications may assist to correct the complexities of the web of disjointed information systems across firms (Bamberger, 2010; Moeller, 2007). Effective communication also occurs in a broader sense, flowing down, across, and up the entity (COSO, 2004). Establishing and communicating a whistle blower programme often is an essential part of an entity’s oversight of internal control activities and supports the control environment component. The Information and communication component is highly integrated with the other four COSO 2010 components. For example, internally generated or externally gathered University of Ghana http://ugspace.ug.edu.gh 40 information supports the Risk assessment component. Communication occurs both internally and externally and provides the organisation with the information needed to carry out day to day internal control activities. Information also flows through the rumor mill or the grape vine, which make adulterated information more risky to the firm. Therefore, it is apparent to do verifications, to authenticate and ensure the credibility of the source of information before acting on it. Information and communication also goes the other way and includes gathering pertinent information from external regulatory bodies and other sources to prepare. Information systems produce both internally and externally generated data on operations, finances and compliance to help run, control and report on firms on an efficient basis. Further, effective communication at all levels helps personnel to receive clear directives from management. Indeed, this study identifies that generating quality information, internally or externally disseminating it to the right parties at the right time and place, is a prerequisite to support the function of internal controls and risk management process. Monitoring and evaluation (M) Some form of independence from the daily process is necessary to ensure that monitoring serves as an effective control. Monitoring covers the external oversight of internal controls by management or other parties outside the process; or the application of independent methodologies, like customised procedures or standard checklists, by employees within a process. Monitoring ensures that control deficiencies are reported upstream to top management and the board (COSO, 2004). Continuous monitoring processes are needed to identify deviations from an installed ERM plan. Effective monitoring also enables an organisation to refine its assessments and expand its ERM framework, further solidifying the entity’s risk philosophy and culture (Ballou & Heitger, 2005). COSO (2010) always University of Ghana http://ugspace.ug.edu.gh 41 intends that monitoring activities address how all of the components of internal control are applied and whether the overall system of internal control operates effectively. In the quest to monitor and control activities, a management review control is designed to detect and correct errors. However, a management review control that is a monitoring activity would ask why the errors exist, and then assign the responsibility of fixing the process to the appropriate personnel. A monitoring activity assesses whether the controls in each of the five components are operating as intended (KPMG, 2013; COSO, 2004). The controls within other components of the COSO framework require continuous monitoring either as ongoing evaluations, separate evaluations or a combination of the two. Monitoring is attained through ongoing monitoring activities, separate evaluations or a combination of the two. However, ongoing monitoring calls for regular management and supervision of operations and pursuit of other actions on a timely basis to ensure that controls instituted are working as they were designed to work. Again, ongoing evaluations are built into the routine operations and are performed on a real time basis. The scope and frequency of evaluations is determined by risks assessment, the effectiveness of ongoing monitoring procedures, and judgment of management on the workings of internal controls. In summary, the firm demonstrates homogeneity, demonstrates job performance as against employee welfare, espouses rigid control structures, and employee espouse long term orientation. Organisational culture (OC) Enterprise risk management is an integral part of the culture of a firm and this includes risk appetite culture of the firm, risk response culture of the firm, risk treatment culture of the firm and employees and management ethical values, etc. Activities at each level of the firm have work culture revolving around it and this has significant effect on the firm’s risk University of Ghana http://ugspace.ug.edu.gh 42 strategies. Achieving a good risk awareness culture is to establish an appropriate risk architecture, strategy and protocols by the board to check the various types of risk associated with the firm. Literature appraisals claim that the ethical environment within which the firm is situated is likely to influence employee behaviours in two ways. First, through organisational socialisation processes, employees will learn to behave according to the level of ethical standards and the higher the ethical values, the greater the ethical outcomes (Ardts, et al., 2001). Empirical evidence also indicates that enterprise risk management involves management’s attitude to corporate ethical environment, and for that matter, it has a positive impact on overall employee behaviour (Weaver et al., 1999a). The ethical environment of an organisation is seen to encompass aspects of upper management in achieving organisational objectives, their value judgments and management styles (either the boss type or the leader type). In other words personal traits of managers influence employees’ attitudes toward culture (COSO, 1992). It also opines that when morally acceptable behaviours based on honesty and integrity are actively promoted and become part of an organisation’s culture (shared system of values), a more highly ethical environment is created and adopted, pruning off any ethical risk which the firm may be exposed to. In a scientific study by Valentine et al., (2002), they assert that a positive correlation exists between ethical environment and employee organisational commitment. Based on a sample of 304 young working adults, Valentine et al., (2002) found that ethical environment was positively and significantly correlated with the level of employees’ organisational commitment and the level of risk the firm is associated with. The more ethical the environment, employees will be more willing to adhere to the organisation’s internal control procedures. Valentine et al., (2002) identified six independent dimensions University of Ghana http://ugspace.ug.edu.gh 43 of organisational cultures which are linked to enterprise risk management. These dimensions include: process orientated versus results-orientated; job orientated versus employee orientated; professional versus parochial; open systems versus closed systems; tightly versus loosely controlled; and pragmatic versus normative. The position of an organisation on these dimensions is determined in part by the business or industry the organisation is in. These lead to conclusions about how organisation cultures can either be viewed as systemic or un-systemic risk. Indeed, organisation culture is also viewed as homogenous depicting how organisation culture favours internal processes, demonstrates job performance as against employee welfare, how the firm promotes rigid control structures, the reporting styles, employees embracing long term orientation, firm’s adaptation to environmental changes, and how the firm’s employees demonstrate loyalty to the firm. 2.5 Drivers of ERM Entities in one way or the other have proactively or reactively practised aspects of ERM. Treating risks by transfer, insurance or other means are common practices; so are contingency planning and crisis management. Prior to discussing the entire empirical literature on ERM adoption, it is worthy to discuss briefly the seminal works of Briers (2000), Liebenberg & Hoyt (2003) and Kleffner et al., (2003). The study considered these three seminal works as paramount because they were conducted few years prior to the formulation of the COSO ERM framework and thus marked the beginning of empirical research on ERM adoption (Golshan & Abdul-Rasid, 2012; Pagach & Warr, 2010; Beasley et al., 2005). Kleffner et al., (2003) sampled 336 public listed Canadian firms in 2001 to ascertain the drivers of ERM adoption, features and challenges of firms that adopt ERM and the influence of corporate governance in adopting ERM. The study affirmed that University of Ghana http://ugspace.ug.edu.gh 44 31 percent of the firms had adopted ERM with an increasing number still in the process of adoption. The study also revealed that thirteen (13) chief risk officers (CRO) in the firms had adopted ERM. Interestingly, the study established no significant difference between listed firms on the Toronto Stock Exchange (TSE) and those not listed in terms of the tendency to adopt ERM (Havenga, 2006). Finally, consistent with the findings of Liebenberg & Hoyt (2003), the study confirmed that firms which are motivated to adopt ERM as a result of the influence of the risk manager is (61%); encouragement from board of directors takes (51%); and compliance with the Toronto Stock Exchange (TSE) guidelines is (37%). Other factors identified in the study as drivers of ERM adoption were regulatory bodies’ requirement; firm size and industry; leverage; institutional ownership; stability of earnings and profitability. The seminal works of Liebenberg and Hoyt, Kleffner et al., (2003), and Briers (2000), opened the floodgates for empirical research studies on the drivers of ERM adoption. Ever since they published their findings and consequently, upon the introduction of the COSO ERM framework, several empirical studies have been done in the area of ERM adoption. In the space of eight years, there have been about twelve (12) empirical studies on ERM adoption across the world – all in the attempt to add to previous research knowledge and to confirm prior empirical findings. Among these are the works of Golshan & Abdul-Rasid (2012a), Golshan & Abdul-Rasid (2012b), Pagach & Warr (2010), Liu, Weng & Yu (2010), Gordon, Loeb & Tseng (2009), Pagach & Warr (2008), Hoyt & Liebenberg (2006), Havenga (2006) as well as Beasley et al., (2005). Again, Hoyt & Liebenberg (2006) studied the drivers of ERM for 275 US insurance firms for the period 1995 to 2004. With the aid of probit regression, this study determined the factors that influence insurance firms to practice ERM and estimated the link between University of Ghana http://ugspace.ug.edu.gh 45 ERM and firm value. The results of the study revealed size, institutional ownership and international diversification as significant drivers of ERM adoption. Pagach & Warr (2007) examined the factors that influence firms to adopt ERM using the Cox Proportional hazard model, which is an improved methodology over the probit regression used by Hoyt & Liebenberg (2006). The study employed data from 1992 to 2004 and established that an increase in leverage, size and earnings were significant factors for firms to hire a CRO. Hoyt & Liebenberg (2008) extended their previous study in 2006 by improving on the probit regression to maximum-likelihood treatment effect to establish the drivers of ERM adoption. Still with the sample insurance firms, the study found out that 19.2 percent of the study’s respondents were engaged in ERM adoption. In addition, it came to light from the findings of the study that 15 companies had a CRO, where eight (8) of these companies announced the appointment of CRO. Finally, the results of the determinants of ERM adoption found that larger firms were more likely to engage in ERM adoption than smaller firms. Other factors identified to be negatively and significantly related to ERM adoption were leverage and reinsurance. Review of relevant available empirical research revealed that seven (7) major studies have been done on determinants of ERM adoption between 2004 and 2012. It is worthy to mention that a sizeable percentage of the drivers reflect the initial seminal work of Liebenberg & Hoyt (2003) as well as Kleffner et al., (2003). On the average, 20 drivers were indicated in the studies, out of which fifteen ran through all the related studies. It is also worthy to note that the study sample size, type of industry, assumptions and limitations affected the results which were observed by the researchers. The underlying factors of the drivers which make firms adopt ERM are discussed in detail. University of Ghana http://ugspace.ug.edu.gh 46 2.5.1 Firm size It is generally known that bigger organisations are more complex hence, are more difficult to manage as a result of greater scope of threats and opportunities (Thompson et al., 2010). While a large organisation that enjoys a huge market makes high turnover, it is also equally possible it may face a lot of risks (Golshan & Abdul-Rashid, 2012; Beasley et al., 2005). In view of the volume of resources that are needed to manage large organisations, it is rational for them to adopt ERM to mitigate risks. Gordon et al., (2009), in a study of 112 firms revealed that ERM adoption depends upon firm size. Furthermore, Pagach & Warr (2008) investigated the features of firms who adopted ERM and concluded that larger firms who have greater risk of financial distress and more volatile operating cash flows tend to adopt ERM. Hoyt & Liebenberg (2006) also concluded that firm size was significantly and positively related to ERM adoption when they studied 166 publicly listed insurance firms. The influence of firm size as a driver of ERM adoption is also consistent with strategic management principles and evolution of management practice and theory because as a firm’s size increases in tandem with an expansion in responsibilities for the respective departments (functional) area. Thus, it is irrational to continue managing risks in silos. The COSO ERM framework also indicated that firm size is important in the decision to implement ERM. 2.5.2 Firm industry Industry presents a wider environment which presents industry-level threats and opportunities (Kotler, 2010; Porter, 2006). Industry parameters shape the nature and dimensions of competition. Coupled with regulations and the quest to be a leader, a firm may face various types of risks especially in an industry where competition is very intense, such as pertains in the banking and insurance industry. As early as 2003, Liebenberg & University of Ghana http://ugspace.ug.edu.gh 47 Hoyt (2003) made this observation that industry type is a major driver of ERM adoption, when they investigated 26 firms in the US. Similarly, Beasley et al., (2005) as well as Havenga (2006) observed the importance of firm industry as a determinant of ERM adoption. Gordon et al., (2009) also observed that adoption of ERM depends on environmental uncertainty and industry competition. In an industry of high performers, the adoption of ERM is a sine qua non for continuous survival. The observation made in a study conducted by Beasley et al., (2008) was that firms in the banking, education, and insurance industries in the US were more likely to adopt ERM. In a related study, Golshan & Abdul-Rashid (2012a) confirmed that firms in Malaysia operating in the banking, insurance, utilities, and telecommunication industries had the propensity to adopt ERM. 2.5.3 Financial leverage In finance terms, leverage refers to borrowing, usually by a firm as a way of acquiring part of its capital to support operations (Keown et al., 2010). Thus, leverage reflects the capital structure of a firm. This, therefore, implies that a firm has several sources of leverage including options and futures which ultimately helps in the firm’s future growth. On another hand, the firm could face financial distress and the risk of bankruptcy if its borrowing becomes too much. Consequently, firms that carry higher leverage are more likely to adopt ERM in order to be better able to mitigate resultant risks. In a study of 77 firms, Pagach & Warr (2008) observed that firms with a relatively higher level of leverage were more likely to adopt ERM than those with low average leverage. This was corroborated by Golshan & Abdul-Rashid (2012), in a study of 90 firms listed on the Malaysia Stock Exchange. The researchers found that financial leverage was positively related to ERM adoption.. The principal limitation in their study was their use of University of Ghana http://ugspace.ug.edu.gh 48 secondary data which may not be very accurate. In another study by Pagach & Warr (2010), another weak, yet positive relationship between leverage and ERM adoption was identified. It was noted that the relationship was borne out of the appointment of a chief risk officer (CRO). This same conclusion was also drawn by Beasley et al., (2006) as well as Pagach & Warr (2007) who in a study initially observed a statistically weak relationship between stock market response and leverage on one hand and ERM adoption on the other. When the variations in Pagach & Warr (2010) were correlated with the variables in Beasley et al., (2006), it indicated a strong positive relationship between leverage and ERM adoption. 2.5.4 Earnings volatility Pagach & Warr (2008, 2010) found that firms which previously experienced declines in their earnings were more likely to adopt ERM practice than those whose earnings were more stable (Altuntas et al., 2011). Gordon et al., (2009) conducted a study based on the contingency view of ERM and observed that the sub-factors under firm specific condition were justifications for adopting ERM. In Pagach & Warr’s first study (2008), the announcement of the appointment of the CRO generally stabilised the earnings of the firms that had initiated ERM programs. 2.5.5 Stock price volatility Stock price volatility is another major determinant of ERM adoption. Apart from information asymmetry, several factors affect the prices of stock on the market. When stock prices tend to be stable or increase gradually, there is generally a feeling of ease among the firm’s management and board of directors. However, when stock prices are unstable and tend to fall over a period, chief executive officers (CEOs) tend to take steps University of Ghana http://ugspace.ug.edu.gh 49 to mitigate the decline. Pagach & Warr (2010) observed that firms which had volatile stock prices were more likely to adopt ERM (by announcing the appointment of a CRO), thus, confirming the result of Liebenberg & Hoyt’s seminal study (2003). Similarly, Golshan & Abdul-Rasid (2012) found that a high level of stock price volatility stimulated a greater possibility of adopting ERM. 2.5.6 Institutional ownership Institutional ownership which derives from stakeholder theory, considers the organisation as multilateral agreements between the enterprise and its stake holders (Clarke, 2007). It is the interaction of the firm with both its internal and external stakeholders that offers bundles of opportunities and threats, which the firm should well position it, to mitigate effectively. To govern this institutional relationship, firms are required to be guided by good corporate governance (Clarke, 2007). This is why a considerable portion of the literature point to the need for better corporate governance to better entrench ERM practice (Simkins & Ramirez, 2008; Havenga, 2006; Kleffner et al., 2003). Institutional ownership refers to shareholders, investors and other parties with a stake in the firm’s operations and desire to realise stable and increasing earnings over time. This represents some form of pressure which is directly brought to bear on the CEO through the board of directors. It is interesting to note that institutional ownership as a key driver of ERM adoption is actually a corporate governance element. Institutional ownership which is often referred to as majority shareholdership has been found to be an instrumental driver for ERM adoption as a result of the pressure shareholders bring to bear on the need to better control operations of the firm (Pagach & Warr, 2008). Hoyt & Liebenberg (2006) reveal that institutional ownership was positively related to ERM adoption. This finding appears logical because external stakeholders act as another level of regulatory bodies that University of Ghana http://ugspace.ug.edu.gh 50 request more information about the nature and amount of risk a firm would realistically undertake (Golshan & Abdul-Rasid, 2012). 2.5.7 Corporate governance Board independence is another core element of corporate governance. An independent board of directors looks at issues objectively and seeks the best for stakeholders through close scrutiny of management’s major decisions (Clarke, 2007). If management adheres to the board’s directives and counsel based on full disclosure to the board, there is a greater likelihood of adopting ERM to achieve set goals (Beasley et al., 2005). In his study of the South African business environment, Havenga (2006) observed that the most important driver of ERM adoption in South Africa was the encouragement from the board of directors. In a study on the determinants of ERM adoption by Malaysian firms, Golshan and Abdul-Rasid (2012) found board independence as a significant and positive driver of ERM adoption. The role of board independence can better be understood in terms of the evolution of its role. Decades ago, most members of the board did not have the required expertise – this was worsened by the presence of a large number of members who were related in one way or the other, thus obscuring the objective role of the Board (Clarke, 2007). This was worsened further by poor disclosure. However, the situation improved considerably after the series of financial scandals that culminated in the global financial crises (Monks & Minnow, 2001; Clarke, 2007). In recent times, the independence of the risk and audit committees have been stressed as an additional check for controlling risk in firms. 2.5.8 Firm complexity For simplicity, both international diversification and industrial diversification were discussed under firm complexity (Golshan & Abdul-Rasid, 2012; Gordon et al., 2009; University of Ghana http://ugspace.ug.edu.gh 51 Hoyt & Liebenberg, 2006). As the term implies, industrial diversification is the practice whereby a firm operates in different related or unrelated industries. Industrial diversification does not necessarily imply a large size, though the two may be present in an entity. International diversification on the other hand is the practice whereby firms have wider and various geographic business segments. Both terms involve certain costs that stem from unresolved agency conflicts and benefits that derive from scope, economies of scale, larger internal capital markets, and risk-reduction. In logical terms, firms with the capacity to diversify into related or unrelated industries as well as established business segments and subsidiaries in other counties spread their risks as well as widen the scope of risks. Hence, complex firms are more likely to adopt ERM (Golshan & Abdul-Rasid, 2012; Liu, Weng & Yu, 2010; Gordon et al., 2009; Hoyt & Liebenberg, 2006). Prior to the formulation of the COSO ERM framework, countries like United Kingdom, Australia, New Zealand, Canada and South Africa, through professional bodies (the big four audit firms) had initiated moves to deepen risk management practices and improve performance in the business environment (Golshan & Abdul-Rasid, 2012). Though the United States was very much involved in setting the tone of ERM principles, it actually started its implementation long after European countries had blazed the trail (Golshan & Abdul-Rasid, 2012; Beasley et al., 2005). Like the geographical or international diversification, the diffusion theory posits that firms are headquartered or have subsidiaries in countries seen as front runners in risk management are more likely to adopt ERM (Golshan & Abdul-Rasid, 2012; Beasley et al., 2005; Liebenberg & Hoyt, 2003). The rationale for this practice can be attributed to pressure of regulatory bodies in the specific countries for firms to adopt ERM (Golshan & Abdul-Rasid, 2012; SOX, 2002). University of Ghana http://ugspace.ug.edu.gh 52 2.5.9 Presence of Chief Risk Officer (CRO) On the basis of 26 firms for the period 1997 - 2001, Liebenberg and Hoyt (2003) pioneered a quantitative study through logistic regression to ascertain the drivers of ERM implementation. The study revealed internal factors like maximisation of shareholders value and external factors like globalisation, corporate governance and technological progress as significant drivers for ERM implementation. By relying on eight independent variables of firm size, firm industry, earnings volatility, stock price volatility, average leverage, average market-book value ratios, financial opacity, average institutional ownership and subsidiaries’ countries, the study argued that the declaration of a CRO shows a firm’s adoption of ERM as firms ordinarily do not announce when they adopt ERM (Golshan & Abdul-Rasid, 2012; Pagach & Warr, 2008; Hoyt & Liebenberg, 2006). The results also indicated that firms with greater financial leverage were more likely to appoint a CRO than other firms of similar size in the same industry and size was also a significant driver for ERM adoption (Havenga, 2006). An organisation has both soft and hard aspects as illustrated by its adoption of new titles, new designations and restructuring of personnel. Though a sizeable portion of the literature on ERM adoption does not make reference to the presence of the CRO directly, virtually all imply it. Subsequently, it is observed that the use of the presence of the CRO through an announcement/appointment is premised on the fact that firms do not usually inform the public when they formally adopt ERM (Golshan & Abdul-Rasid, 2012; Liu, Weng & Yu, 2010; Pagach & Warr, 2008, 2010; Hoyt & Liebenberg, 2006; Beasley et al., 2005) unlike previous research that had proxy ERM adoption with the existence of a CRO. Altuntas et al., (2011) conducted a comprehensive survey to deduce a direct measure of ERM adoption. They argued that management adopts ERM due to career concerns, to demonstrate to the board and stakeholders that they could get the firm back on track to enjoy stable earnings, stock University of Ghana http://ugspace.ug.edu.gh 53 prices, and ensure high turnover (Altuntas et al., 2011). Hence, based on past poor performance, CEOs were more likely to adopt ERM practice than those who experienced previous good performance. However, an examination of their methodology does not reveal any innovation in the measurement of ERM adoption. 2.5.10 Auditor type (Big four) Another driver of ERM adoption which is related to the role of regulatory bodies is auditor type. In a study of Malaysian public listed firms, Golshan & Abdul-Rasid (2012) found that the presence of the big four auditors underpinned the adoption of ERM. Beasley et al., (2005) have also concluded that the stage of ERM adoption is positively affected by the firm’s auditor type. In other words, if the firms auditor happens to be one of the big four (KPMG, LLP, Ernest and Young LLP, PricewaterhouseCoopers LLP and Deloitte Touché Tohmatsu Ltd), the firm was more likely to have adopted ERM. This argument is based on the fact that the big four will always protect their own reputation as competent auditors by ensuring that annual reports and relevant documents are transparent and free from errors (Beasley et al., 2005; Golshan & Abdul-Rasid, 2012). 2.5.11 Management commitment It is logical that the appointment of a CRO strengthens management position to have a steady control of the firm’s risks. (Golshan & Abdul-Rasid, 2012; Gordon et al., 2009; Simkins & Ramirez, 2008; Hoyt & Liebenberg 2006; Beasley et al., 2005). Closely related to the appointment of a CRO, is the crucial role played by an independent internal auditor or body in helping the board of directors to exercise its oversight functions over senior management. The appointment of a CRO and the presence of a risk sub-committee tend to deepen corporate governance that gives strategic direction to ERM implementation University of Ghana http://ugspace.ug.edu.gh 54 in firms (Gordon et al., 2009; Walker, 2002; Havenga, 2006 as cited in Beasley et al., 2005). 2.6 ERM Effectiveness measures This part of the study explores measures that have been used to measure firm performance till date. This is done by reviewing the attempts by Standard and Poor’s 500 rating system; Gordon et al., (2009) ERM index; Acharyya’s pioneering work in suggesting a broad theoretical framework for measuring ERM performance; and the application of confirmatory factor analysis (CFA) by Namwongse & Limpiyakorn (2012). The various empirical studies which measured firm performance using Tobin’s Q are also considered (Tahir & Razali, 2011; Dybvig & Warachka, 2010; Liu et al., 2010; Hoyt & Liebenberg, 2006). Before various specific performance measures are discussed, it is paramount to have a realistic measure of how effective the previous implementation has been in order to precede to the next stage on the ladder. Since ERM adoption involves everybody in the organisation (COSO, 2004), its measurement must be holistic to adequately capture performance in the finance, accounting and procurement departments as well as department of the human resource, marketing and other units. In order to have a realistic holistic measure, it is appropriate to think of a measure long before the effects of ERM adoption are measured. Indeed, some have termed ERM as a kind of performance measurement system while others have spoken of the combination of existing measurement tools like benchmarking, EVA, BSC, and TQM (Acharyya, 2008). While some rating agencies such as Standard and Poor’s have designed indices to measure how effective ERM adoption worked for mainly insurance and finance industries, globally, it is debatable whether these ratings are holistic. The application of Tobin’s Q to measure the impact of ERM implementation on firm performance has formed a University of Ghana http://ugspace.ug.edu.gh 55 considerable proportion of the literature (Tahir & Razali, 2011; Hoyt & Liebenberg 2006; Smith & Simkins, 2005; Liu et al., 2000). In most cases, there is limited empirical evidence that the implementation of ERM caused an increase in Tobin’s Q (Liu et al., 2010; Hoyt & Liebenberg, 2006). Secondly, the choice of Tobin’s Q as a measure revealed the challenge of endogeneity of ERM (Dybvig & Warachka, 2010). Tobin’s Q as a measure for the performance is based on several reasons. It is believed that Tobin’s Q dominates other performance measures (Dybvig & Warachka, 2010; Lang & Stulz, 1994, as cited in Hoyt & Liebenberg, 2006). Unlike other performance measures, Tobin’s Q does not require risk-adjustment or normalisation. Thirdly, since Tobin’s Q reflects market expectations, it is relatively free from managerial manipulation (Lindberg & Ross, 1981, as cited in Hoyt & Liebenberg, 2006). Furthermore, Smithson & Simkins (2005) observe that most empirical studies on the value-relevance of ERM use Tobin’s Q to proxy firm performance. Also, performance measurement by Tobin’s Q measures financial aspects of the firm, excluding the non-financial components. Additionally, unlike historical accounting performance measures such as ROA or ROE, Tobin’s Q reflects future expectations of investors consequent upon ERM implementation as there is a lag between ERM implementation and ERM benefits realisation (Hoyt & Liebenberg, 2006). However, the use of Tobin’s Q as a performance measure has been seriously contested by Dybvig & Warachka (2010). They argue that due to the endogeneity of Tobin’s Q which arises from its ambiguous nature, it rather decreases with an increase in the firm’s value. Though in their analysis, Dybvig & Warachka (2010) relate the effect of corporate governance on firm performance, it is believed at least in theory that the effect of ERM on firm performance is in the same direction. The assertion that Tobin’s Q does not reflect a University of Ghana http://ugspace.ug.edu.gh 56 true relationship between firm performance and corporate governance is consistent with the findings of Liu et al., (2010) who conclude that ERM implementation rather leads to a fall in Tobin’s Q. Similarly, Dybvig & Warachka (2010) argue that ROA and ROE are not good measures for performance and concluded that in general, any capital-adjusted profitability metric is an ambiguous measure of firm performance. Thus, they suggest an alternative measure based on revenue and cost efficiency deriving from the examination of managerial decisions on cost and discipline. This measure is similar to the measure adopted by Namwongse & Limpiyakorn (2012) as well as Grace et al., (2013) to capture the impact of ERM on firm performance. Based on a contingency perspective of ERM and firm performance, Gordon et al., (2009) investigate the impact of ERM implementation on firm performance using an ERM index (ERMI) that they modeled around COSO’s four objectives of ERM. In developing its framework, COSO (2004) recognises that the appropriate ERM system will possibly vary from firm to firm. Based on extant literature and acknowledging that there is no general theoretical framework or model that can predict the key factors that influence the relation between ERM implementation and firm performance; Gordon et al., (2009) allotted operational definitions to the four objectives in the COSO–ERM framework. The researchers used two indicators to measure the achievements of each objective and then constructed the ultimate ERM index by summing up the above eight indicators of the four objectives in the COSO- ERM integrated framework. Though, Gordon et al., (2009) blazed the trail in developing a common theoretical framework for measuring the impact of ERM implementation on firm performance, their work is often criticised for its weak theoretical foundations. Critics say first, there is the need to examine whether the two indicators used by Gordon et al., (2009) for each of the four objectives are adequate to capture the performance of firms. University of Ghana http://ugspace.ug.edu.gh 57 Granted that there are several ways of measuring the strategic objectives, Gordon et al. (2009) oversimplified the essential elements of their index and thus render it simplistic. Gordon et al., (2009) did not mention the role of the eight components which complements the four key objective categories. Apart from the fact that the four key objective areas included several firm-specific objectives, it cannot be said that these four broad areas covered the eight components within the ERM framework (COSO, 2004). Furthermore, the ERM index of Gordon et al., (2009) fails to measure performance holistically due to its inherent deficiency of not capturing performance from both the financial and non-financial perspectives. As deduced from the literature on service providers, the performance of a firm after ERM implementation may not be immediately seen in real tangible terms (McShane et al., 2011; Nocco & Stulz, 2006). For instance, there have been cases where initiation of ERM implementation by way of the announcement of the appointment of a CRO has led to a rise in stock prices of the firm. This may be explained in terms of how fast information flows between top executives, the board, and shareholders. Literature on ERM implementation and firm performance has always covered both the academia and industry. The two areas have moved in tandem, though empirical research is yet to fully incorporate certain trends into a common theoretical framework to measure ERM effectiveness. The attempts of rating agencies such as Standard and Poor’s and the contribution of McShane et al., (2011) are some attempts at harmonising theory and practice (Acharyya, 2008; 2007). Based on the assumption that risk management is a continuum which has traditional risk management and ERM at either ends, Mcshane et al., (2011) adopt Standard and Poor’s (S&P’s) ERM index to verify if ERM adoption really affects the performance of a firm. Using S&P’s newly available risk management rating, University of Ghana http://ugspace.ug.edu.gh 58 McShane et al., (2011) find a positive relationship between levels of traditional risk management (TRM) capability and firm value. However, they do not find an additional increase in value for firms that had adopted and fully implemented ERM. McShane et al., (2011) partially base their index on a major study done by Beasley et al., (2008) and observe that S&P rates the financial strength of insurers based on eight components and later included the latest component which is ERM. The eight components include risk management culture, risk control processes, emerging risks management, risk and economic capital models, and strategic management. S&P places each insurance firm under one of five ‘ERM rating’ categories. A ‘weak’ ERM programme lacks reliable loss control systems for one or more major risks. An ‘adequate’ ERM programme has reliable loss control systems, but may still be managing risks in silos instead of coordinating risks across the firm. The ERM programme is rated ‘adequate’ with a positive trend if it exhibits strong/excellent risk control systems, however, it still lacks a well-developed process for making coordinated risk/reward decisions that are necessary for effective strategic risk management. A ‘strong’ ERM programme has moved beyond silo risk management to deal with risks in a coordinated approach. An ‘excellent’ ERM programme has the same characteristics as a strong ERM programme, nonetheless, it is run further into the implementation, effectiveness, and execution of the ERM program (Mcshane et al., 2011). The contribution of this study to the literature is that McShane et al., (2011) translate S&P ERM ratings into numerical scores suitable for statistical analysis. In addition, McShane et al., (2001) appreciate the need to have a performance measure which was comprehensive and holistic and thus includes some non-financial characteristics of the firm based on the S&P framework (Mcshane et al., 2011; Acharyya, 2007, 2008; Nocco & University of Ghana http://ugspace.ug.edu.gh 59 Stulz, 2006). Besides, the researchers adopted a measure from a rating agency (service provider) whose contribution in the finance and insurance sector was authoritative. However, their measure has some weaknesses – for instance, while it is rational to adduce numerical scores to the S&P ERM ratings to allow for statistical analysis, the limitation is, what was the criterion for choosing the numbers for the various categories? Since ERM implementation is done in stages, what score would be given to a firm which has taken steps to appoint a CRO to manage its risk function? What score would be given to a firm where risk is very well managed by a person who is not a CRO? Therefore, the theoretical and practical underpinnings of the choice of scores are debatable. Secondly, what exactly goes into the major categories which guide the achievement of objectives is questionable as S&P’s criteria do not clearly spell out the elements that go into determining the numerical scores. Another limitation of the adoption of S&P’s rating index is that Mcshane et al., (2011) reduce their measure to a finance performance measure essentially as S&P’s rating confirms a firm’s credit worthiness. Moreover, their index could be good for the insurance industry, but what of other industries? Also, even in the insurance industry how can the role of other departments like transportation and legal be captured in financial terms. A prominent feature of S&P’s rating criteria is that it is continually updated to be more robust and inclusive. The implication is that to adopt another institution or person’s index, measure or methodology, one must do that comprehensively and meaningfully to be tested in similar conditions to obtain similar results. The need to discuss S&P’s rating criteria was based on several reasons. S&P is one of the most important and authoritative global credit rating agencies just like the presence of one of the big four auditor firms served as a driver of ERM adoption (Beasley et al., 2005). Several academic studies have cited the University of Ghana http://ugspace.ug.edu.gh 60 contribution of S&P’s rating system in the financial and insurance industry worldwide (McShane et al., 2011; Acharyya, 2007, 2008). Furthermore, an increasing number of firms have tried to satisfy regulatory requirements of ERM and corporate governance to be part of the firms rated by S&P. This has implications for future investments and stock prices and ultimately stability in earnings volatility (Pagach & Warr, 2010; Hoyt & Liebenberg, 2006). The scoring methodology of S&P is done in four primary categories: weak, adequate, strong, and excellent. The scoring is allotted weights which factor in the relative significance of ERM in the industry under assessment. S&P arrives at the ultimate scores of firms through analysis of routine corporate decision-making, risk control, emerging risk preparedness, and strategic risk management. An examination of the four major analytic components of S&P indicates that they reflect the eight components within the COSO– ERM integrated framework. This stresses the notion that ERM implementation is strategic because if the ERM is well blended with corporate strategy, almost all major risks are identified and non-financial service organisations are assessed based on the efficacy of how management executes the risk of the company and builds shareholder value (www.metricstream.com). An analysis of the four major factors also helps to describe the risk appetite and risk profile of the firms within a particular industry, thus enabling S&P to arrive at a single classification of a firm’s ERM standing or profile. This could be expressed in terms of earnings loss, enterprise value or other important financial metrics for various risks or for each firm (www.metricstream.com). On the whole S&P’s rating is designed to provide relative ratings among issues and obligation of overall credit worthiness (www.standardandpoors.com). Credit worthiness includes likelihood of default, payment priority, recovery and credit stability. To promote University of Ghana http://ugspace.ug.edu.gh 61 comparability of ratings across sectors, geographies and over time, S&P has recently introduced stress scenarios which are associated with each rating category. The stress scenarios are important tools for calibrating S&P’s criteria to help maintain comparability. However, the scenarios do not form part of the rating definition. While it is true that the benchmark of every organisation is ‘financial’, it cannot be denied that S&P’s rating criteria is predominantly finance-focused. S&P has made bold improvements on its rating criteria; in 2007, it announced using different scoring definitions for non-financial firms. This is because while risks are fundamental for the existence of financial institutions, the non-financial organisations accumulate risk as a result of making some other product or providing some other service. Ultimately, S&P used the same four broad categories, but altered the definitions slightly. Accordingly, the weight of the score in the credit rating varies on the basis of the importance of ERM for a particular company or sector. An examination of the definitions of the four major rating criteria demonstrate the presence of control processes as well as the degree to which non-financial firms incorporate risk and risk management into their corporate judgment. These may be considered as the non-financial aspects of the measurement criteria. However, these may not be adequate enough to reflect for instance, the reputation of the firm. Segal (2006) has observed that credit ratings may not be reliable and could be abused by top management. He, therefore, suggests that firms should use internal performance measures and compare them to the ratings of rating agencies. However, on the whole, S&P’s ratings hold a lot of promise because they are realistic, based on sound philosophy and they are being continually updated. Although Acharyya (2007) attempted constructing a common theoretical framework to guide the holistic measurement of the impact of ERM implementation on firm University of Ghana http://ugspace.ug.edu.gh 62 performance, he fell short of reducing the details to a common denominator which could be used to measure firm performance. Acharyya appreciated the complex and multidisciplinary nature of ERM and observed the challenge of linking the financial and operating aspects of performance into a single metric (Gordon et al., 2009). Acharyya (2008; 2007) observed that the role of S&P’s and other rating agencies as well as the application of existing performance measures such as EVA, BSC, and TQM could be combined to design a common theoretical framework. However, crucial observation Acharyya made to ERM effectiveness as a whole is that the impact of ERM adoption on firm performance hinged on the management of information systems in organisations (Acharyya, 2008; 2007). Thus, in order to manage risk holistically as well as measure its performance, there was the need for swift, reliable and accurate information and communication flow in organisations. It is, therefore, worth mentioning that the COSO- ERM integrated framework has listed information and communication as well as monitoring in organisations as part of the eight components designed to help achieve the four key objective areas (COSO, 2004). However, upon examination, it is realised that the two parties iterated the same thing in different languages because both the process and the outcome of ERM are important to stakeholders as a whole. Acharyya (2007) provided the requirements for constructing a common theoretical framework, but did not provide the necessary tools and techniques to meet stakeholder expectations. He reviewed the application and limitations of available performance tools like EVA, BSC, Benchmarking and TQM. Acharyya (2008) demonstrated this to a large extent when he combined EVA and BSC in the study of ERM effectiveness in four major insurance firms in Europe. Acharyya chose to combine EVA and BSC because the two share basic philosophies and complement each other to measure both the financial and University of Ghana http://ugspace.ug.edu.gh 63 operational aspects of an organisation (Acharyya, 2008). Another major contribution Acharyya made to existing literature on performance measurement of ERM was outlining the key characteristics of the performance index developed from the common theoretical framework (Acharyya, 2007). These characteristics include inclusiveness, universality, measurability and consistency (Beamon, 1996). Similarly, Caplice and Sheffi (1994), as cited in Hansen (2009) mentioned eight evaluation criteria which should govern frameworks for assessing performance metrics. These include validity, robustness, usefulness, integration, economy, compatibility, level of detail, and behaviour soundness. Hansen (2009) stresses that the appropriateness of the eight criteria for evaluating measures of ERM effectiveness is based on the fact that it was originally created with performance management in mind and with the conviction that ERM is essentially a performance management system (Hansen, 2009). In a related study, Hansen (2009) extensively reviewed the existing literature on ERM metrics and indicators of financial distress for banks (Bongini et al., 2002 as cited in Hansen, 2009). Another section of the literature that has used risk management widely is accounting research, where the relationship between accounting and market based measures of total risk are explored (Agusman et al., 2006, as cited in Hansen, 2009; Ball & Brown, 1969 as cited in Hansen, 1969). Furthermore, some aspects of the literature gradually expand the set of measures that were used as proxies for risk in order to overcome the drawbacks of the general CAPM based Beta measure (Kallunki, 2000 as cited in Hansen, 2009; Gordon, 1993 as cited in Hansen, 2009). Miller &Bromily (1990), as cited in Hansen (2005), surveyed the use of ERM measures within the strategic management literature and found nine metrics which include systematic risk (CAPM beta,) unsystematic or idiosyncratic risk, debt-to-risk equity ratio, research and development intensity, return on asset (ROA), University of Ghana http://ugspace.ug.edu.gh 64 return on equity (ROE), capital intensity, stock analysts’ earnings forecast and the coefficient of variation of stock analyst earning forecast. The fifth literature stream which was used to construct potential metrics deals with the information content of stock return volatility forecasts. The two general types of measures under stock return volatility forecasts are implied equity volatility (IEV) and equity volatility forecasts based on realised volatility (RV). While the former is derived from implied volatilities of option prices, the latter is derived from historical stock returns. Based on the literature review of ERM metrics, Hansen (2009) selected thirteen (13) metrics for further evaluation. It is interesting to note that some of the metrics Hansen selected include probability of default swap, volatility of return on assets, volatility of return on equity, earnings volatility, total value-at-risk and CAPM beta. Some of the metrics are considered as drivers of ERM adoption, but could serve to measure the impact of ERM adoption on firm performance. After a thorough evaluation of the thirteen metrics, Hansen concludes that ERM measures based on IEV and RV are the most promising in the light of their high information content, high measurement frequency and continuous updating (Hansen 2009). He said that the other measures have serious fundamental weaknesses which limited the results they generate. Besides, the accounting measures suffer from significant drawbacks with respect to their usefulness due to the low frequency at which they are updated (Hansen, 2009). Finally, while IEV and RV are forward looking, the accounting measures are not forward looking and are affected by accounting conventions (Hansen, 2009; Acharyya, 2008; 2007). However, IEV and RV can only be applied to large organisations that are listed on a stock exchange. Furthermore, their usefulness reduces as the size of the firm reduces because smaller stocks are usually not traded in frequently (Pastor & Stambaugh, 2001 as University of Ghana http://ugspace.ug.edu.gh 65 cited in Hansen, 2009). In a study of available methods for measuring intangible assets, Sveiby (2001) observes that the four major methods are direct intellectual capital methods (DIC), market capitalisation methods (MCM), the return on asset methods (ROA) and the scorecard methods (SC). The DIC methods estimate the dollar value of intangible assets by identifying their components while the MCM methods calculate the difference between a firm’s market capitalisation and its stockholders’ equity as the value of its intellectual capital or intangible assets. In the case of the ROA methods, average pre-tax earnings of a company over a period of time are divided by the average tangible assets of the company. The result obtained is then compared with its industry average. The difference is then multiplied by the company’s average tangible assets to obtain average annual earnings from the intangible. Finally, dividing the above average earnings by the company’s average cost of capital or interest rate gives an estimate of the value of the firm’s intangible assets. Comparatively with the scorecard methods, the various components of intangible assets are identified while indicators and indices are generated and reported in scorecards or on graphs. SC methods are similar to DIC methods except that no estimate is made of the dollar-value of the intangible assets. Hence, a composite index may or may not be produced. Such an index may come close to what Acharyya (2007) proposed in his preliminary requirements of a theoretical framework for measuring ERM effectiveness. Sveiby (2001) argues that the ultimate question which a measurement effort should seek to answer is ‘what is the purpose of our measuring initiative?’ He argued that it is not possible to measure social phenomena with anything close to scientific accuracy and the inconsistency between what measurement systems can achieve and what stakeholders expect from them often makes the systems fragile and open to manipulation. To University of Ghana http://ugspace.ug.edu.gh 66 corroborate his argument, there have been instances where some non-financial service firms have asked why they should be allowed to be rated by S&P when that very rating agency has been rating some financial institutions for decades, but could not help them improve performance and prevent manipulation of achievements through the doctoring of records. Therefore, Sveiby (2001) concluded that no one method can fulfill all purposes and there is the need to select a method depending on purpose, situation and audience. Sveiby outlines the merits and demerits of the four major methods. The author’s analysis has contributed to the literature on measurement of firm performance by way of putting together the numerous financial and non-financial metrics used to measure intangible assets. However, Sveiby fell short of suggesting a universal model that could meet some of the requirements in Acharyya’s proposal (Namwongse & Limpiyakorn, 2012; Grace et al., 2013). Notwithstanding, Jafari et al., (2011) investigate the effect of research and development, innovations, intellectual capital and rapid knowledge growth (as part of ERM programmes) on firm performance. Though these factors form part of the non-financial aspects of the firms, the final results as well as the individual variables were captured in financial terms. They explained the ultimate impact of innovations, research and development (R&D), knowledge growth in terms of increasing confidence in investment and reduced average capital expenditures. The approach of Jafari et al., (2011) highlights applications of aspects of the method in Sveiby’s overview of methods of measuring intangible assets. Jafari et al., (2011) clearly expose the intricate relationship between intangible assets and financial metrics by demonstrating how quality management University of Ghana http://ugspace.ug.edu.gh 67 decisions would increase investor confidence, reduce average cost of capital and enable the organisation to invest in specific assets. This also demonstrates the argument of Sveiby that the purpose of the measurement determines the type of metric to be used. Though Jafari et al., (2011) prove that non-financial variables or factors could be captured and measured in financial terms, the questions remains as to whether it is every conceivable intangible asset of the organisation that can be captured in financial terms. If this is done internally, it may be prone to self-selection and considerable subjectivity and should thus be comparable to the results of a rating agency or some other form of measurement by an independent body. Grace et al., (2013), having acknowledged the absence of a common theoretical model to govern the measurement of firm performance due to ERM implementation decided to use revenue and cost efficiency as pertained in the banking and insurance industries. Grace et al., (2013) confirm that Berger and Humphrey (1997 as cited in Grace et al., 2013) had identified over 130 efficiency articles published between 1992 and 1997. Besides, Eling & Luhen (2009 as cited in Grace et al., 2010) had surveyed more than 90 studies in the insurance industry alone between 1998 and 2008. The articles confirm frontier efficiency as appropriate because they directly derive from micro- economic theory and provide meaningful and reliable measures of performance in a simple statistic that controls for differences in input usage and output production in multi-input, multi-output firms (Leverty & Grace, 2009 as cited in Grace et al., 2013). The merit of using the frontier efficiency method is that it enabled some benchmarking to be done within the industry. The respective shortfalls of firms form the best-practice frontier (benchmark) form a measure of inefficiency. Besides, Grace et al., (2013) used cost and revenue efficiency to capture the total efficiency of the firm (Wilson, 2007 as cited in Grace et al., 2009). Grace University of Ghana http://ugspace.ug.edu.gh 68 et al. used the Frontier Efficiency Analysis within R (FEAR) to identify the outputs and inputs of the firms using the value-added approach which was consistent with the economic realities of the insurance market. Output prices were defined as the difference of premiums earned and the present value of losses incurred divided by the present value of losses incurred. The inputs of the firm were grouped into five; administrative, labour, agent labour, business services and materials (including physical capital, financial equity capital and policy holder- supplied debt capital). Mathematically, the quantity of an input is defined as the current dollar expenditure associated with the particular input from the regulatory annual statement divided by its current price. Since previous research stressed the impact of organisational structure on the success of information sharing between business segments and top management (Stein, 2002, as cited in Grace et al., 2013), Grace et al., (2013) created indicators for a number of variables in their study. Firstly, they capture whether the firm has a CRO or a significant risk management entity to ascertain how effectively the risk management function is organised within (Nocco & Stulz, 2006). Secondly, they create indicators for reporting relationships and whether the firm uses output from risk management to influence executive compensation to confirm the stress Acharyya (2008) placed on information management in an entity. However, the cost and revenue efficiency aspects (financial aspects) were investigated using multi-variant weighted least squares regressions - these weights were based on total assets. Namwongse & Limpiyakorn (2012) developed a portfolio risk index system to investigate the impact of ERM adoption among transportation network service providers. Though their research was conducted in an entirely different sector that was responsible for managing toll collection on an expressway in Thailand, their measurement technique is University of Ghana http://ugspace.ug.edu.gh 69 considered to have moved much more closely to measuring non-financial characteristics of firms. Using value-based risk management, Namwongse and Limpiyakorn identified key risk drivers (KRDs) using Porter’s competitive strategy model and Ansoff’s product- market expansion strategy to establish the causal links between inputs and organisation value creation. Just as Sveiby (2009) stressed that the choice of the metric (measurement method) depends on the purpose, Namwongse and Limpiyakorn applied the strategy map per Kaplan and Norton (2003) to identify key drivers and key risk indicators (KRIs) (Namwongse & Limpiyakorn, 2012). The KRIs identified by Namwongse and Limpiyakorn covered five categories of risks in the areas of: environment, resource, strategy, capacity and market and company-specific risks. These five categories define the external and internal environments of the firm (Tan & Xu, 2011; Zhang et al., 2010; Shang & Bao, 2010; Yongsheng & Li, 2009; Guohua & Jin, 2008). In determining the value drivers and risk indicators, Namwongse and Limpiyakorn, like Jafari et al., (2011) were guided by the peculiar characteristics of the internal and external environments that firms face. To create the index for measuring ERM effectiveness, Namwongse & Limpiyakorn (2012) reduced the broad five categories of risk into four broad risk dimensions: external environmental risk; enterprise resource risk; enterprise capacity risk; and strategy implementation risk. Notably, the index was selected based on twelve principles which are similar to the ones cited by Acharyya (2007; 2008). Finally, Namwongse and Limpiyakorn used confirmatory factor analysis (CFA) to test the construct validity of the model. Accordingly, they created twenty six KRIs and eight indices covering the broad five risk categories and then gave weights to the eight indices (Namwongse & Limpiyakorn, 2012). University of Ghana http://ugspace.ug.edu.gh 70 Confirmatory factor analysis (CFA) is a type of structural equation modeling (SEM) in statistics which specifically deals with a proposed measurement model. A fundamental characteristic of CFA is its hypothesis-driven nature. Furthermore, it is an indispensable analytic tool for construct validity in social sciences. The advantage CFA has over traditional methods is that it provides a stronger analytic framework and accounts for measurement errors (Namwongse & Limpiyakorn, 2012; Suhr, 2010). More specifically, CFA enables resulting estimates of convergent and discriminant validity to be adjusted for measurement error. On the whole, Namwongse and Limpiyakorn demonstrated that the achievement of the non-financial aspect of a firm could lead to improved financial performance. This implies that even if non-financial aspects of a firm cannot be measured in financial terms, the achievement of the former should serve as a catalyst for the achievement of the latter. Unlike the case of Liu et al., (2010), this is not the case of individual risk management (IRMs) being mutually interdependent on ERM. Where the construct validity is strong and the basic principles of index creation are satisfied, then a method like the one used by Namwongse & Limpiyakorn (2012) and to some extent that of Grace et al., (2013) should reflect ERM effectiveness in a particular industry or related industry. However, where non-financials like human capital, innovativeness, and corporate governance do not lead to better competitiveness, how can this be empirically explained if non-financials were measured by means of non-financial metrics? This, therefore, makes it impossible to improve future performance as aspects of the literature argue that firm performance measurement should help to improve performance (Hansen, 2009). This is because the failure of ERM adoption to improve firm performance may be due to non-financial aspects which because they were not measured in non-financial terms could not be explained. University of Ghana http://ugspace.ug.edu.gh 71 Thus, many have stressed on the use of a composite index that combines both financial and non-financial aspects of the organisation to examine how the two impact one another to affect firm performance. Since value drivers, key risk indicators as well as key performance indicators and the risk appetite may differ from one industry to another, there is the need to construct a common theoretical framework that can be applied across industries given a few modifications against the background of best practices for bench- marking (Grace et al., 2013). Indeed, since ERM adoption is done in stages, it is logical and possible that some intangible benefits would be enjoyed by the firm almost immediately as aspects of the literature have indicated (Meulbroek, 2002). However, it is possible that even before a firm reaches an advanced level of ERM adoption; it may have started experiencing benefits in real terms. 2.7 General theoretical foundations of firm performance The ultimate goal of a firm is to perform well over time in order to grow stakeholders’ value and continue to meet societal needs. In the literature on firm performance, two major schools of economic and organisational models of measuring performance are identified (Acharyya, 2007). The organisational performance or non-financial or operational dimension of a firm is based on behavioural and sociological factors which are difficult to assess (Hansen & Wernerfelt, 1989). While there are several ways of measuring both the economic and organisational performance of firms, it has been difficult to have a combined framework to assess both (Acharyya, 2008; Nocco & Stulz, 2006). Thus, for the firm to have a holistic idea about how it is performing, it must have both realistic economic and organisational indicators within a unified framework. University of Ghana http://ugspace.ug.edu.gh 72 The COSO ERM framework (COSO 2004) has outlined the potential benefits of adopting ERM, using a common language for risk management. Various theories have been formulated on the potential benefits of adopting ERM (McShane et al., 2011; Liu et al., 2010; Gordon et al., 2009; Acharyya, 2007; Nocco & Stulz, 2006;). Gordon et al., (2009) employed the contingency theory perspective to establish that the link between ERM and firm performance is dependent on key firm specific factors; environmental uncertainty, industry competition, firm complexity, firm size and board monitoring. However, an examination of their argument indicates a weakness of the contingency theory because contingency forms the basis why risks should be holistically managed (COSO, 2004). Hence, employing an underlying assumption as an argument readily defeats the basis of the argument. Liu et al., (2010), drawing on the strategic determinants of risk and integration and value creation of firms argue that individual risk management (IRM) and ERM are mutually interdependent because the latter was proposed to create synergies for the former. However, it is interesting to note that they conceive of individual risk management (IRMs) as being implemented on a silo-by-silo basis which defeats the very essence of ERM (COSO 2004). If the firm continues to handle risks at the level of departments, then in theory, it cannot reduce cost of mitigating risks and neither can it appreciate the interrelationship of one risk to another. Therefore, the perspective of Liu et al., (2010) appears to be a simplistic portrait of what they might have considered as a systems theory perspective of the relationship between enterprise risk management and firm performance. Nocco & Stulz (2006) argue that firms that adopt ERM effectively enjoy a long-run competitive advantage over those that manage risk via the traditional approach. The authors’ argument was based on the fact that measurement and management of risk University of Ghana http://ugspace.ug.edu.gh 73 consistently and systematically to optimise the trade-off between risks and returns, put the firm in a stronger position to execute its strategic plan. Thus, Nocco & Stulz (2006) hinted on the essence of information management systems to ERM in order to quantify organisational performance. They then advised firms to be modest and realistic in their choice of measurement tools to reflect their needs and the environment in which they operate (COSO, 2004). McShane et al., (2011) contributed to the theoretical foundations on the relationship between ERM and firm performance by stressing on the complexity of ERM implementation and lack of a suitable proxy to determine the degree of implementation (adoption). They based their theory on the assumption that risk management is a continuum along which certain firms and industries move at varying speed. Thus, they used IRM and ERM to capture the state of a firm prior to ERM implementation to when it adopts ERM respectively. Appraisal of the theory indicates that they compare the adoption of ERM and its effectiveness to a triangle. Additionally, they take the argument of Liu et al., (2011) to another level by taking a more realistic approach to ERM adoption. Furthermore, like Nocco & Stulz (2006), and McShane et al., (2011) advise firms to concentrate more on risk areas where they have comparative cost advantage (Schrand & Ural, 1998) because ERM adoption varies from one firm and industry to the other (Gordon et al., 2009; COSO, 2004). Finally, Mcshane et al., (2011) adopted Standard and Poor’s (S &P) ERM index to establish if ERM adoption affects a firm’s performance thus, showing their deep appreciation of the comprehensive and holistic nature of ERM (Mcshane et al., 2011; Acharyya, 2008; Acharyya, 2007; Nocco & Stulz, 2006). Nocco & Stulz (2006), Mcshane et al., (2011), and Acharyya (2007) extensively built on existing theory by proposing a conceptual framework to measure the complex link University of Ghana http://ugspace.ug.edu.gh 74 between ERM and firm performance. Acharyya (2007) observed that using a single numerical performance measure to assess the effectiveness of ERM is inadequate due to the challenge of linking financial and operational (organisational) aspects of performance into a single whole. Review of Acharyya’s work suggests that though previous studies acknowledge the multifaceted nature of the interplay between ERM and firm performance, it was Acharyya (2007) who really projected this aspect. Also, consistent with the thinking of Nocco and Stulz (2006) and McShane et al., (2011), and Acharyya (2007) project the role of ERM performance as an information system, which allows firms, regulators and rating agencies to measure the strength and success of the entire business. Additionally, he affirmed that the immediate benefits of ERM adoption may not necessarily be tangible but may be almost immediately intangible. Finally, Acharyya (2007) observes that attempts of regulators and rating agencies to explore how ERM adoption affects certain key industries were crucial to developing an all-inclusive theory on the link between ERM adoption and firm performance (McShane et al., 2011). Though a lot has been done to shape the theoretical basis of the effect of ERM adoption on firm performance, inadequate attention has been given to empirical studies in the area. The major studies that were done in this area include the works of Hoyt & Liebenberg (2006), Namwongse & Limpiyakorn (2012), Tahir & Razali (2011); Jafari et al., (2011), Pagach & Warr, (2010); Soileau (2010), Liu et al., (2010); Grace et al., (2013), Gordon et al., (2009) as well as Acharyya (2008). Out of this number, only four (4) actually investigate the impact of ERM adoption on firm performance. The others based their empirical studies on theoretical perspectives of ERM which affect the essence and outcome of their findings, thus limiting the extent to which they could be applied (Liu et al., 2010; Gordon et al., 2009). The table below show attempts to measure ERM and firm performance University of Ghana http://ugspace.ug.edu.gh 75 This section discusses the various empirical findings to identify trends and differences and their implications for the study. Long before the major empirical studies were done to confirm the positive effects of ERM implementation on firm performance, Kleffner et al., (2003) had observed in a study that stability in earnings, profitability, turnover, and leverage were among the key motivations (drivers) for firms in Canada to practice ERM. Prior to the major qualitative studies, which were carried out to investigate the impact of ERM adoption on firm performance, some empirical works had been done. Though these empirical studies indicated a positive link between ERM and firm performance, they could not contribute considerably to the study area because they were partial studies (Smithson & Simkins, 2005; Guay & Kothan, 2003; Weston, 2001). Hoyt & Liebenberg (2006) studied the impact of the insurance industry on the value of ERM using Tobin’s Q as a proxy for firm performance and found that Tobin’s Q was significantly higher for firms that adopted ERM programmes. Both the mean and median variables of Tobin’s Q were significantly higher for firms who had adopted ERM programmes. They further tested how specific ERM drivers relate to firm value and found a positive correlation between international diversification and Tobin’s Q (Hoyt & Liebenberg, 2006). Some empirical studies which sought to investigate the impact of ERM adoption on firm value used Tobin’s Q as a measure of performance (Tahir & Razali, 2011; Liu et al., 2010; Hoyt & Liebenberg, 2006). However, these studies are criticised for their reliance on the narrow financial perspective as a proxy for performance. Following deep theoretical insights and revelations, Acharyya (2007) blazed the trail to investigate the link between ERM adoption and firm performance in the insurance industry over the period 1994–2003. The researcher adopted a combined shareholder and stakeholder approach to measuring ERM. Acharyya stressed the multi-disciplinary nature University of Ghana http://ugspace.ug.edu.gh 76 of ERM and espoused the need for a corporate harmonised conceptual framework that considers both the financial and non-financial components of a firm’s success (Acharyya, 2008). The researcher noted that previous studies had captured a firm’s performance upon ERM adoption using financial aspects only. It is worthy to note that Acharyya appreciated and cited the existence and application of existing measurement instruments which could be combined in a common framework to measure a firm’s performance holistically. The researcher cited measurement tools like Total Quality Management (TQM), economic valued added (EVA) and the balanced score card (BSC). Results of the survey he conducted indicated that no technique has been developed to evaluate the benefits of ERM in the cases he studied (Acharyya, 2008). Besides, the performance initiatives taken by key stakeholders, credit rating agencies, financial analysts, regulators were considered as meaningful, but crude benchmarking criteria. Consistent with Altuntas et al., (2011) who based their argument on career concerns theory, Acharyya found that firms with less volatile profits streams tend to invest less in ERM implementation (Acharyya, 2008). On the whole, he found out that poorly performing firms seek risky investments and thus, would implement ERM by way of having the assurance that risks would be more targeted. Using EVA and BSC, Acharyya discovered that the benefits managers derive from practising ERM are general in nature because the ability to withstand industry competition, to reduce cost of capital and improve risk assessment were benefits which if sustained will produce tangible benefits (Acharyya, 2008). Again, Acharyya’s study confirmed previous literature which noted that ERM works best when business activities are at their worst and thus reminded researchers on the need to conduct empirical studies on the link between ERM and firm performance in both good and bad times for the strength of risk management techniques to University of Ghana http://ugspace.ug.edu.gh 77 be better appreciated (Acharyya, 2008). By way of conclusion, Acharyya observed that added shareholder value is the ultimate measure of the success of ERM, though aspects of the literature still debate the value- adding capability of ERM. In a study of 112 US firms, Gordon et al., (2009) measured the effectiveness of ERM adoption with a created index and concluded that such an index (ERMI) was a fair, but not a perfect measure of the effectiveness of ERM. Drawing on the contingency theory, they postulated that the impact of ERM on firm performance is based on environmental uncertainty, industry competition, firm complexity, firm size and board monitoring. They established that for high performing firms, all firm specific factors had a significant effect on the effectiveness of the ERM index except environmental uncertainty. The implication is that contingency is the exact reason why ERM has become popular as firms operate under unstable environments. Additionally, it means high performing firms take contingency variables more seriously than low performing firms in the implementation of enterprise risk management (Gordon et al., 2009). Consistent with the findings of previous researchers, Gordon et al., (2009) reveal that ERM improves firm performance (Barton et al., 2002 as cited in Gordon et al., 2009; Hoyt & Liebenberg, 2006; Nocco & Stulz, 2006). Further, they affirm ERM as a means-end system tied to the endogenous nature of variables that determine it at one level and become its effect at another level. Finally, the measurement of performance is critical to deduce the link between ERM and firm performance and Gordon et al., (2009) contribution in this regard was capturing the effect of ERM adoption on firm performance based on a created index from the four key objectives of the COSO ERM framework (strategy, operations reporting and compliance). However, Gordon et al., (2009) proceeded with a theory which affects the very essence of their study because to them, without contingency variables, no link exists between ERM University of Ghana http://ugspace.ug.edu.gh 78 and firm performance. Though they argued that no general theoretical framework could predict the key factors that influence the link between ERM and firm performance, their argument was in line with the COSO observation that the ERM system varies from one firm to another. In conclusion, the study is reduced to an argument at the expense of a hypothesis especially, when their approach was heavily quantitative (Archaryya 2007; 2008). Pagach & Warr (2010) examine the effect of ERM adoption on long term firm performance and found little evidence that ERM adoption significantly affects firm performance. However, in the examination of the subset of firms for whom the market considered ERM to be most beneficial, there was some evidence of risk reduction, a finding which was consistent with their findings in 2008 (Pagach & Warr, 2008). The key finding of this study was that firms which had initiated ERM implementation experienced some reduction in earnings volatility (Pagach & Warr, 2010). The study captured earnings volatility as the standard deviation of the error term from a regression of the firm’s quarterly earnings on the prior quarter’s earnings (Pagach & Warr, 2010). Additionally, the study established a statistically significant increase in leverage and return on equity (ROE). The contribution of this study to the empirical literature devoted to ERM adoption was that it is credited as the first to examine how financial performance changes after the initiation of ERM implementation. Liu et al., (2010), in their study of the property and casualty industry in the US, confirm the findings of Pagach & Warr (2010). Using Tobin’s Q, Liu et al., (2010) reveal that ERM implementation in the insurance industry has a negative correlation with firm performance (Beasley et al., 2008; Liu et al., 2010). Like Pagach & Warr (2010) observe, Liu et al., (2010) address the endogeneity of ERM adoption when they test the effects of University of Ghana http://ugspace.ug.edu.gh 79 ERM implementation on firm value. It is interesting to note that unlike Nocco & Stulz (2006) and Pagach & Warr (2007; 2008) who examined the holistic effects of ERM on firm value. Liu et al. (2010), like Hoyt and Liebenberg (2006), extended their line of research by controlling the effects of individual risk management programmes (IRMs). Consequently, the study found that ERM adoption rather decreases Tobin’s Q by 0.111 (Liu et al., 2010), a finding which is consistent with that of Pagach & Warr (2007; 2008). Though the IRM-ERM continuum approach adopted by Liu et al. (2010) was innovative to absorb reduction in the error term, it was not identical to the Hoyt and Liebenberg (2000) approach that tested the effect of respective ERM drivers on firm performance and concluded that international diversification increases Tobin Q (Hoyt & Liebenberg, 2006). Interestingly, the study of Liu et al., (2010) covered a period equal to that of Gordon et al., (2009). An appraisal of the study of Liu et al., (2010) suggests that their approach makes it possible to have an ex ante and post ante view on the effects of ERM adoption on firm performance. In addition, the key limitation to the study was its basic assumption that ERM adoption and the various IRMs were mutually interdependent. This assumption basically destroys the essence of the holistic nature of ERM and raises a question of how previous positive correlations between IRMs and firm value should be interpreted. Though the basis of their theory confirms the COSO assertion that ERM implementation is done in stages, the study was unable to explain how exactly IRMs can stimulate firms to adopt ERM (Liu et al., 2010). Again, Liu et al., (2010) contribute to the literature by way of identifying how costly it is to implement ERM, a fact confirmed by service providers. Secondly, they confirm how complex ERM implementation is in practice and thus suggest future comprehensive and longitudinal assessment of all dimensions of firm risks and corresponding risk management practices. Interestingly, there is a stage in ERM which University of Ghana http://ugspace.ug.edu.gh 80 caters for prioritisation of all risks within a firm and this would make it a herculean task to integrate IRMs instead of implementing ERM using the COSO ERM framework. Though Liu et al., (2010) underscore and appreciate the need to integrate and create synergies of all the risks in an organisation in the early stages of their study, their results and further discussion point to totally different conclusions. Moreover, it is clear that there is no need to study an IRM in order to appreciate ERM adoption as accurate information on certain performance indicators prior to ERM adoption can be compared to the same performance indicators after ERM adoption. Soileau (2010) examined the relationship between ERM adoption, performance benefits and disclosure effect and asserted that controlling for other factors, there was limited evidence of an association between assessed maturity of adopted ERM processes and firm performance (ROA). He also found a negative association between the market value of equity (MVE) and the assessed level of ERM while controlling for other variables. Soileau’s results were consistent with the findings of Hoyt & Liebenberg (2006), Liu et al., (2010) as well as Pagach & Warr (2010). Finally, Soileau (2010) followed the COSO ERM framework religiously without suggesting the assessment of IRMs in silos, as was proposed by Liu et al., (2010). Following Hoyt & Liebenberg (2006) and Liu et al., (2010), Tahir & Razali (2011) explore the relationship between ERM and firm value of Malaysian public listed companies with the aid of Tobin’s Q. The study confirmed that ERM implementation is positively related to firm value, though it was not significant. The implication was that there was no support that Malaysian firms which practise ERM perform better than firms which did not practice ERM. This observation was inconsistent with findings of Liu et al., (2010), Hoyt & Liebenberg, (2006; 2008), as well as Pagach & Warr (2008). Evidently, the study confirms that while size and profitability (ROA) indicate a negative and University of Ghana http://ugspace.ug.edu.gh 81 significant relationship with firm value, leverage and firms that do not diversify internationally have a positive and significant relationship (Goshlan & Abdul-Rasid; 2012; Beasley et al., 2005). The relationship between majority ownership and firm value was positive, but insignificant. Interestingly, Tahir & Razali’s negative link between international diversifications and firm value contradicted the Hoyt & Liebenberg (2006) assertion that a positive correlation exists between international diversification and firm value. Tahir & Razali’s study is important for various reasons. The study revealed the level of knowledge and acceptance of ERM practices in Malaysia which is an emerging market in Asia. Also, the study refutes previous studies in the light of the economic climate of Malaysia. Furthermore, the study spanned just a year (Liu et al., 2010; Gordon et al., 2009). However, like previous studies, this study also focused on only the financial aspects of firm performance. Jafari et al., (2011) investigate the link between total risk management (ERM) and firm performance in Malaysian firms that had invested in research, development and innovations as well as in intellectual capital and rapid knowledge growth. The results indicated a positive and significant relationship between total risk management and firm performance. Like Acharyya (2007, 2008), and Jafari et al., (2011) underscored the need to have a comprehensive and integrated framework for measuring the impact of ERM implementation on firm performance. Compared to previous research, this study is germane because it was conducted in the knowledge and intellectual human capital domain as against the norm to cover banking, insurance and utility industries. The reality is because it was even more difficult to identify, prioritise and manage risk for innovations, resource use and knowledge management. Again, the study acknowledges how difficult it is to implement ERM, and observes the need to measure non-financial or University of Ghana http://ugspace.ug.edu.gh 82 behavioural changes of management on performance (Acharyya, 2008; Nocco & Stulz, 2006). Following Mackay & Moeller (2007), Grace et al., (2013) examine the impact of ERM adoption on firm performance in the insurance industry and concluded that ERM improves firm performance. More specifically, they found that firms which hire CROs have dedicated risk committees and risk management entities that report to CFO experience higher cost efficiency and return on assets (ROA). Furthermore, they found that life insurers benefit from the application of economic capital models to a greater extent than property casualty (PC) insurers. Grace et al., (2013) like Nocco & Stulz (2006), McShane et al., (1998), and Acharyya (2008) realised the need to assess firm performance based on financial and non-financial perspectives. The study acknowledges the absence of a common theoretical framework to capture the total measurement of firm performance (Cumming & Hirtle, 2001). Unlike previous studies that proxy ERM adoption with the appointment of the CRO (Liebenberg & Hoyt, 2003, 2006, 2009; Beasley et al., 2005; Hoyt & Liebenberg, 2006 and Pagach & Warr, 2010). Grace et al., (2013) employed data envelopment analysis (DEA) to look for detailed information on ERM initiatives that aid firms to identity the specific aspects of ERM that create value (Grace et al., 2013). Also, the study combined data envelopment analysis (DEA) with a modification of the VAA, to identify the important outputs of life and property liability insurers (Grace et al., 2013). Further, the study corroborated the call for a common theoretical framework of measuring the impact of ERM adoption on firm performance. In addition, by measuring the level of confidence which is a non-financial factor, the study demonstrates how other non-financial factors could be measured when an appropriate theoretical model is established for the purpose. Finally, their longitudinal study offers multiple scenarios of University of Ghana http://ugspace.ug.edu.gh 83 ERM adoption over a period, thus making one to appreciate how the various ERM drivers are affected by exogenous variables. Namwongse & Limpiyakorn (2012) employed the value-based ERM (VBRM) to construct a portfolio risk index using confirmatory factor analysis (CFA) to measure the holistic impact of ERM adoption on firm value in Thailand. Appraisal of the literature revealed VBRM as ERM that essentially exists to create value through various performance measures. An innovative approach deduced in this study was that the eight indices created contained both financial and non-financial factors (Acharyya, 2008). The non-financials encompassed brand image risk, socio-economic risk, process value risk and service quality risk. Again, the portfolio risk index system based on confirmatory factor analysis (CFA) served as a valid and robust substitute for the common theoretical framework that has eluded both academics and practitioners. Furthermore, this study pioneered the use of a composite theoretical framework that encapsulates both financial and non-financial performances (Gordon et al., 2009). An appraisal of the study suggests that like Jafari et al., (2011), this study also recognised the concept of intellectual capital as a key resource and driver of organisational performance. Likewise, it relates its modified model to Kaplan and Norton’s BSC in order to create value. Additionally, consistent with the study of Grace et al., (2013), this study also combined the various levels of inputs to produce expected output value that is measurable. Essentially, Namwongse & Limpiyakorn considered ERM from a systems theory perspective by viewing VBRM as a subset of strategic management. Thus, the study was driven by an ever increasing need to look at risks holistically and measure them holistically to ensure continuous total improvement. The subsequent sections review literature on money laundering. University of Ghana http://ugspace.ug.edu.gh 84 2.8 Definitions of money laundering “Money laundering” was first derived from the habit of the gangster Al Capone who used launderettes to legitimise his ill-gotten gains (Walker, 1995; FATF, 2010; Savona, 1997; IFAC, 2001; Cuéllar, 2003). Though the definition of money laundering is more ambiguous, it generally means ‘making dirty money and assets look clean’ to ensure that criminals enjoy their proceeds, by conserving or investing them in the legal economy. The modern term of money laundering first occurred in US legal context in 1982. However, the concept of money laundering was originally used by the American enforcement officers in the 1920s. To construct a unified definition of money laundering, the researcher reviewed various definitions by researchers, entities and legislations and compared them with one another. The researcher explored the definitions by the Financial Action Task Force (FATF), International Monetary Fund and World Bank, International Organisation of Securities Commissions (IOSCO), International Federation of Accountants (IFAC); United Nations Office on Drugs and Crime (UNODC); definition of Walker (1995); Savona (1997) and Cuéllar (2003) were also explored. FATF (2010) defined money laundering as the processing of criminal proceeds to disguise their illegal origin. IMF in collaboration with the World Bank defined money laundering as a process in which assets obtained or generated by criminal activity are moved or concealed to obscure their link with the crime. IOSCO also defined money laundering as a wide range of activities and processes intended to obscure the source of illegally acquired money to create the look that it has emanated from a legitimate source. Further, IFAC defined money laundering as the process by which criminals attempt to conceal the true origin and ownership of their criminal activities. UNODC posits that a person commits the offence of money laundering when he/she acquires, possesses or renders University of Ghana http://ugspace.ug.edu.gh 85 assistance to another person for the conversion or transfer of property derived directly or indirectly from acts or omissions that form an offence against any law punishable by imprisonment for not less than a year. Walker (1995) defines money laundering as the process by which illicit source moneys are introduced into an economy and used for legitimate purposes. Savona (1997) defined money laundering as an activity aimed at concealing the unlawful source of sums of money. Cuéllar (2003) defines money laundering as a process whereby proceeds from crime are rendered more useful by either converting it into a desirable medium or erasing its more obvious links to crimes. Appraisal of the definitions of money laundering reveals that money laundering has been severally defined (Unger et al., 2006), however, it depends on how law considers the laundered money (stock or flow), the feeder activities (illegal or criminal), and the goal of money laundering (hiding the source of the money or making it appear legal). Again, money laundering is elusive for it affects simultaneously many aspects of economic life. For instance, it starts from the illegal side of the economy, but its adverse effects are felt in the legal side of the economy. Also, it is linked with crimes that are difficult to disentangle. Thus, the effectiveness and efficiency of the AML law depends on how the regulatory framework is able to balance benefits and costs of money laundering. Furthermore, AML regulations can be assessed by looking at the relevant variables affected, starting from the choices that the launderer, the intermediaries and the authorities have to face. Finally, it is the stance of the researcher that each definition signifies a push for an expansion of the scope of ML as the wide consensus is that ML signifies the transformation of a potential purchasing power from criminals to criminals in an effective manner to outwit law enforcement agencies. University of Ghana http://ugspace.ug.edu.gh 86 2.8.1 Stages of money laundering Money laundering involves a highly complex process, which can be broadly classed into three sequential elements of placement, layering and integration (Federal Reserve System, 2002; UNDCP, 1996). The pre-wash/placement stage involves the physical movement of the proceeds obtained directly from illegal activities to a more convenient place for launderers or into a form that is hidden from authority inquiries. Various techniques like smurfing or structuring, camouflage, currency smuggling, buying travelers’ cheques, gambling in the casino, horse racing, betting and lotteries, legitimate business ownership, and informal value transfer systems are used to place laundered funds into traditional or nontraditional financial institutions or the retail economy (FATF, 2002). At the main wash/layering stage, launderers conceal or disguise the source of the ownership of their funds, by using correspondent banking, bank cheques, collective accounts, payable- through accounts, loans at low or no interest rates, back-to-back loans, fake invoices and insurances, fictitious sales and purchases, shell companies, trust offices or special purposes entities, wire transfers and monetary instruments. The stage involves multiple and complex financial transactions to circulate ill-gotten funds through accounts, banks, countries or mixture of the three around the world to hide its origin. Globalisation of financial systems coupled with technological advancement has made movement of laundered funds across the globe an easy task. Finally, the integration/after-wash phase, entails converting illegal proceeds into apparently legitimate business earnings via normal financial operations or economic activities (Van Duyne, 2003). Appraisal of the stages of money laundering suggests that the three-stage grouping is a useful decomposition of what can sometimes be a complex process. Also, it is clear that the three stages are often discernible in some cases where the basic steps occur simultaneously or overlap with each other. University of Ghana http://ugspace.ug.edu.gh 87 2.8.2 Empirical review on money laundering (ML) Walker (1995) estimates the economic effects of money laundering on output, income, imports and employment by using input-output data to generate multipliers per sector. He found out that ML adversely affects imports and employment, but its effects on output and income depend on how criminals spend laundered money. Like Quirk’s elasticity approach, Walker’s input-output multipliers are applicable to only closed economies. The input-output multipliers are not substitutes for a model for economic effects because they fail to capture the effects of changed behaviour on the amounts of demand in other sectors that are generated by an original stimulus of demand in one sector. Quirk (1997) extended Barro’s work in 1991 in estimating the effect of ML on economic growth in the Euro-zone over the period 1983-1993. Using regression with two control variables, he established that ML was closely and positively related to economic growth. This finding contradicts Barro’s result that ML dampens economic growth. However, Quirk’s result like Tanzi’s approach has been criticised for being outdated due to their elasticity approach that lacks universal application. Also, ML has increased substantially in size and complexity since the 1980s, and has thus rendered the elasticity approach ineffective as elasticity depends on the absolute size of ML. Building on Becker’s (1968) approach, Masciandaro (1998) studied the microeconomic drivers of ML focusing on the criminal’s demand for ML, and showed that the optimal amount of proceeds to be laundered decreases with the probability of detection of the crime and the severity of the sanction, but increases as the expected average return on the laundered cash rises. These drivers are in turn affected by a set of factors that contribute to shape the AML regulation and the context it operates in. Firstly, the profitability of reinvesting laundered money is determined by the general investment opportunities and the financial University of Ghana http://ugspace.ug.edu.gh 88 system of a country (Unger et al., 2006). Secondly, the severity of the sanction is influenced by the law and the rapidity of the prosecution by the judicial system. Finally, the probability of detecting ML is dependent on the preventive measures of AML regulation and precisely by the function of “gate-keeping” that intermediaries is required to ensure. Masciandaro (1999) analysed the effects of AML policy on the criminal and financial markets. His major contribution to the literature was his realisation that financial activities include both legal and illegal transactions. Also, he found out that money laundering tends to make financial flows to be larger in economies with much organised crime than in comparable countries with less crime. Further, he found a significant impact of the illegal economy and an increasing link between the growth of illegal activities and the involvement of banks in the ML business. Finally, he asserted that the higher the diffusion of ML activities, the less effective are AML regulations. A review of Masciandaro’s study revealed that he did not apply his model to Italy. After explaining the multiplier model, he skipped to doing a cross-section analysis on the ties between bank deposits, the legal economy and illegal markets, instead of calculating the multiplier for Italy. He backed his stance by claiming that bank deposits depict an outstanding feature of the Italian financial system. Gillmore (2004) like Bossard (1990) studied ML and globalisation and asserted that only highly coordinated responses at the international level can suitably tackle ML. He said globalisation due to removal of borders, technological improvements, and ease of communication and trade has made it difficult to deal with the definition of laundering, the design of a proper regime for sanctioning legal entities, and the need to address territorial issues posed by the transnational dynamics of money laundering (ML). He iterated that University of Ghana http://ugspace.ug.edu.gh 89 ML practices constitute paradigmatic transnational crimes and should be systemically addressed by specific international instruments. Again, he recalled Nilsson’s “know-your- customer” (KYC) rule, as a pillar for devising any ML counter measure in recent times. Furthermore, Gilmore (2004) noted that legislators never created a system of “complete uniformity” as further harmonisation was unlikely in the case where AML measures are concerned. Hence, Gillmore’s dirty money was a pioneering work in the new international world of ML. It specifically offers an interesting and accurate overview of the most vital global methods and mechanisms enacted and implemented over the last two decades to deal with ML. Masciandaro (2005) made the first theoretical and empirical discussion of the stigma effect of ML. The study highlighted the fact that in the aftermath of September 11, 2001, growing attention was focused on the role of the lax financial regulations in facilitating ML and TF. He said the two interacting principles that have commonly featured in the debate on the link between ML and regulations have been whether lax financial regulation promotes illegal financial flows and whether jurisdictions with lax financial regulation do not cooperate in the international effort aimed at combating criminal finance (Yepes, 2011; Masciandaro, 2005; Holder, 2003). In a related argument, it was established that the effectiveness of an international AML regime largely depends on the effectiveness of its constituents and vice versa. This argument was premised on the fact that due to the global nature of ML, the compliance of domestic regimes with the AML international standard is seen as the first mechanism for achieving the global effectiveness of the AML regime against a global phenomenon (Yepes, 2011; Putnam, 1988; Young, 2000). It reiterated that a typical explanation often cited for the absence of countries’ convergence in international rules is that domestic differences persist. Finally, it agrees that at the root of the problem of ML are University of Ghana http://ugspace.ug.edu.gh 90 governments’ attitudes towards ML, which dictate its level of acceptance and the extent of the involvement of the banking sector in this activity (Johnson et al., 2002). Masciandaro et al., (2007) indicate that the compliance costs of ML have both material and immaterial components. They trace the material component to the investment required to execute the tasks imposed by AML regulation and the immaterial component to the context within which agents operates in, mainly in terms of changes in reputation. It is certain that in all activities where there is ML risk, secrecy is an asset and comparative advantage. Thus, immaterial costs are deeply affected, in cases where there are reputation matters, the more “costly” the AML tasks are, and the stronger the incentives agents need to have an effective AML regulation. Yepes (2011) employed econometric analysis to assess what factors explain countries compliance with AML/CFT standard during 2004–2011. The paper established that overall compliance by countries was low. Again, the paper reveals that the quality of the domestic regulatory framework helps boost compliance while high net interest margin and prevalence of corruption adversely affect countries’ compliance with the AML and CFT international standard. However, financial depth, country openness and illegal activities were found not to have an impact on compliance. These findings showed geographical disparities particularly in developed economies that complied with the AML/CFT standard for the period 2004 to 2011. Another school of thought has explored how institutional factors create both avenues for and barriers to ML (Johnson et al., 2002). This stance posits that an effective domestic AML regime requires certain structural elements like a good regulatory framework, appropriate measures to prevent corruption, rule of law, government effectiveness, culture University of Ghana http://ugspace.ug.edu.gh 91 of compliance and an effective judicial system to be in place. It argues that lack of such elements or shortcomings in the general framework can significantly impair the implementation of an effective AML framework. Another strand of the literature on ML has focused on the effects of ML on stakeholders. It asserts that ML has been criminalised for its legitimate economic, social and public effects (Quirk, 1997). The stigma effects of ML have been confirmed and limited efforts to capture the sizeable phenomenon of ML around the world is available (Schneider & Enste, 2000; Tanzi, 2000; Walker, 1999; Quirk, 1996) Walker (1995) assumed that the social effect of ML stems from the consolidation of economic power by criminals to ultimately corrupt the political system (MacKrell, 1997; Masciandaro et al., 2007; Camdessus; 1998). Proponents for the criminalisation of ML have revealed that the costs associated with ML to victims and societies are often direct, though most of the effects of ML are indirect (Meloen et al., 2003). They argue that as launderers use front entities to effect their illegal activities, ML often leads to loss of control on economic policy in areas like exchange and interest controls (Chinn & Frankel, 2005; Bayoumi, 2004; FATF, 2002; Boorman & Ingves, 2001; Camdessus, 1998; McDonell, 1998; Tanzi, 1996) that adversely affects prudential banking supervision (Bagella et al., 2003; Baldwin, 2002; FATF, 2002), tax evasion (Fullerton & Karayannis, 1993), statistical reporting and legislation (Alldridge, 2002; Tanzi, 1997), threats of monetary instability (Alldridge, 2002; McDowell, 2001; Tanzi, 1997), distortion on one country's import and export volumes (Barlett 2002; McDonell, 2001,1998; Baker, 1999; Keh, 1996), losses of income of the public sector and distortion in the demand for money (Powell, 2013; KPMG, 2011; Freeman, 2010; Levi, 2002; Masciandaro et al., 2007; Unger, 2006; Sullivan, 2004; Alldridge 2002; McDonell, 1998; Quirk, 1996). University of Ghana http://ugspace.ug.edu.gh 92 Again, ML affects financial institutions (FIs) for two main reasons. First, ML erodes FIs due to the operational and reputational risks it poses to them (Rawlings & Unger, 2005). Second, customer trust is adversely affected by the perpetuation of ML and its associated institutional fraud and corruption (Powell, 2013; Masciandaro et al., 2007; Kleemans 2004; Lankhorst & Nelen, 2003; Barlett, 2002; FATF 2002; Schroeder, 2001). Another lock of the literature stresses on the forms of ML as capital market investments, bank transactions (Thony, 2002), corresponding banking (FATF, 2002; Nawaz, 2002; Johnson, 2001) loan at low or no interest rates, insurance markets, travelers’ cheques, bank cheques and drafts, collective accounts, payable through account, on-line banking, black market for forex; exchange bureau, international money transfers (Nawaz, 2002; Kleemans, 2002), derivatives; gambling and casinos (Paauw, 2005; Kaspersen, 2005), real estate acquisition (Eichholtz, 2004; Alldridge, 2002; McDowell, 2001), catering and hospitality business, false contracts and documents (Robinson, 1996), fictitious sales and purchase (FATF, 2002), gold and diamond markets (Cuellar, 2003), purchase of consumer goods for exports (Masciandaro & Portlano, 2004), acquisition of luxurious goods, currency smuggling (Kleemans et al., 2002), underground banking and informal money transfer networks (Masciandaro 2004; Passas, 2004; Nawaz, 2002). Clearly, launderers use a variegated set of markets to perpetuate ML. This means that the effectiveness of an anti-money laundering regime depends on how it individually tracks these channels used by launderers. 2.9 Drivers of AML Sham's reconstruction has grouped AML framework into four main phases. The first or incipient stage spanned the 1970s and focused mainly on regulatory and preventive measures. The second stage begun in 1980s, with the aim to criminalise and make ML an University of Ghana http://ugspace.ug.edu.gh 93 international issue, however, In 1989, the AML regime entered its third phase with the establishment of the FATF in 1989. FATF was established as an institutional centre to develop and coordinate efforts of AML. Following 2001, a new phase emerged when FATF’s mandate was extended to cover Terrorist financing (TF). Undoubtedly, AML measures have evolved along two tracks where one track deals with measures expected at repressing ML with the other track designed to prevent proceeds of ML from ultimately entering into the lawful financial system. Globally, financial institutions are mandated by the FATF to comply with AML directives. It is important that a compliance programme is put in place to monitor the establishment, undertaking and update of AML directives. In Ghana, the passage of the Anti-money Laundering Act, 2008, (Act 749), Anti-money Laundering Regulations, 2011 (L.I. 1987), Anti-Terrorism Act, 2008 (Act 762), Anti-Terrorism (Amendment Act), 2012 (Act, 842), Anti-Terrorism Regulations, 2012 (L.I. 2181) makes AML compliance mandatory for all accountable institutions. The various sanctions and fines are enshrined in the anti-money laundering amendment Act 2014, Act 874 for non-compliance with the provisions of the Acts. Similarly global sanctions by FATF exist for non-compliant countries. The world, from a financial perspective, has experienced phenomenal evolution of its financial systems and structures, and the corresponding positive impact on the provision of financial services. This progress has transcended financial barriers and created worldwide economic machinery which has facilitated effective global financial intermediation. Regrettably, this growth has seen the development of an equally globalised drawback in the form of money laundering, which allows for the concealment of illegitimately obtained money, and to a more distressing extent, aids the funding of terrorist activities. From the University of Ghana http://ugspace.ug.edu.gh 94 exploits of Al Capone in the 1930s, to the illicit monies of the Watergate scandal of the 1970s, money laundering has gained prominence within the international financial community. As a 1993 UN report noted ML’s global nature, the flexibility and adaptability of its operations, the use of the latest technological means and professional assistance, the ingenuity of its operators and the vast resources at their disposal. Illegal arms sales, smuggling, and the activities of organised crime, including for example drug trafficking and prostitution rings, have become generators of huge funds (FATF, 2010). Embezzlement, insider trading, bribery and computer fraud schemes have also produced large profits and created the incentive to legitimise the ill-gotten gains through money laundering. By its very nature, money laundering is an illegal activity carried out by criminals and it occurs outside of the normal range of economic and financial structures. Along with some other aspects of underground economic activity, rough estimates have been put forward to give some sense of the scale of the problem. The United Nations Office on Drugs and Crime (UNODC) conducted a study to determine the magnitude of illicit funds generated by drug trafficking and organised crime, and to investigate to what extent these funds are laundered. The report estimates that in 2009, criminal proceeds amounted to 3.6% of global GDP, with 2.7% (or USD 1.6 trillion) being laundered. However, due to the illegal and intricate nature of the transactions, it is difficult to provide precise statistics and therefore, impossible to produce a definitive estimate of the amount of money that is globally laundered every year. The integrity of the banking and financial services market place heavily depends on the perception that it functions within a framework of high legal, professional and ethical standards. A reputation for integrity is the one of the most valuable assets of a financial institution. If for instance, funds from criminal activity can be easily processed through a particular institution – either because University of Ghana http://ugspace.ug.edu.gh 95 its employees or top management have been bribed, or because the institution turns a blind eye to the criminal nature of such funds, the institution could be drawn into active involvement with criminals and become part of the criminal network itself. Evidence of such complicity will have a damaging effect on the attitudes of other financial intermediaries and of regulatory authorities as well as ordinary customers (FATF, 2013). As for the potential negative macroeconomic consequences of unchecked money laundering, one can cite bizarre changes in money demand, high risks of damaging bank soundness, contamination effects on legal financial transactions, and increased volatility of risk, international capital flows and exchange rates, due to unanticipated cross-border asset transfers. Also, as it rewards corruption and crime, successful money laundering damages the integrity of the entire society and undermines democracy and the rule of the law (FATF, 2013). There is also the effect of money laundering on overall economic development of countries. As with the damaged integrity of an individual financial institution, there is a dampening effect on foreign direct investment when a country’s commercial and financial sectors are perceived to be subject to the control and influence of organised crime. Fighting money laundering and terrorist financing is therefore, a part of creating a business friendly environment which is a precondition for lasting economic development. Therefore, money laundering has proven to be a multidimensional problem that manipulates and exploits financial systems the world over, leaving ominous effects in its wake. Countries and financial institutions are mandated to institute AML/CFT compliance regimes to protect the global financial system. These anti-money laundering frameworks to be adopted by banks should include but not limited to the following: University of Ghana http://ugspace.ug.edu.gh 96 a. Compliance Programme The two pillars of the AML regime: prevention – which is undertaken by supervisors; and enforcement – for which law enforcement bodies are responsible. Supervisors play an important role in addressing market confidence, and after the recent crisis, some authors vouched for stauncher oversight (Bradley, 2009). Indeed, AML programmes encompass the three main areas of deterrent policies against crime: investigating; increasing the probability of criminal detection; and regulating. These functions are imperative, given that they affect the variables which ensure that crime does not pay. AML frameworks may either be risk-based or rule-based. The risk-based approach involves law-makers giving freedom to supervisors regarding their behaviours and obligations. The risk-based approach is in alignment with the Third Directive of EU (ACAMS, 2010), whereby every financial institution is mandated to develop a risk management department in order to judge and process information. The rule-based approach involves laws and regulations as established by government policy. In countries where the rule-based approach is solely pursued, money laundering prosecutions are low (Reuter & Truman, 2004) because laws are too ambiguous and financial institutions are not able to distinguish suspicious activities from normal ones. Furthermore, the rule-based approach can be described as passive, because agents passively follow the rules. Thus, a perception surfaced that AML frameworks are ineffective in fighting organised crime (Naylor, 2002). Nonetheless, some authors argue that the rule-based approach ensures that rules are clear, concise and provide legal certainty and equality to the system (Unger & Waarden, 2009). The risk-based approach relies on the principle that regulations should be strong only when the risks are greater (Hutter, 2005). This, however, requires expert appraisal and University of Ghana http://ugspace.ug.edu.gh 97 evaluation of the risks that various customers pose, and thus comes across as more arduous than the rule-based approach. Other voices on the subject observed that the risk-based approach “makes the obligation of public authorities passive. In this model, they await reports from bank managers, accountants, lawyers and other professionals, rather than taking active steps to deploy crime-fighters to identify, pursue and indict criminals” (Mather, 2001). b. Risk assessment and risk based approach (RBA) The Financial Action Task Force (FATF), through its recommendations has recognised the principle of a risk-based approach (RBA) to combating money laundering / terrorist financing (ML/TF). In the past few years, the FATF has extensively discussed the issue of the risk-based approach (RBA) with the private sector. The FATF recommendation one (1) requires countries and financial institutions to adopt a risk-based approach to combating money laundering and terrorist financing (FATF, 2012). The general principle of a risk based approach is that where there are higher risks, countries should require financial institutions to take enhanced measures to manage and mitigate those risks, and that correspondingly where the risks are lower (and there is no suspicion of money laundering or terrorist financing) simplified measures may be permitted. The application of a risk-based approach requires countries to take appropriate steps to identify and assess the ML/TF risks for different market segments, intermediaries, and products on an ongoing basis. The principle of a RBA applied to AML/CFT matters is very relevant for countries that wish to build a more inclusive financial system that can respond to the need of bringing the financially excluded (who may present a lower ML/TF risk) into the formal financial sector. It is broadly recognised that this approach requires significant domestic consultation and strong cross-sector dialogue. Risk assessment is the first step a University of Ghana http://ugspace.ug.edu.gh 98 business or organisation should take before developing an AML/CFT programme. It involves identifying and assessing the risks the business or organisation reasonably expects to face from ML and TF. Once a risk assessment is completed, a business can put in place a programme that minimises or mitigates these risks. Regulators and other stakeholders also conduct risk assessments based on their own methodologies and objectives to determine the best way to minimise or mitigate ML/TF risks in their jurisdictions. Carvalho (2011) asserts that AML risk management frameworks represent the structures that countries use in combating money laundering. Risk assessments facilitate the prevention, detection and repression of the incidence of money laundering (Rocha, 2011). c. Support from board and management The foremost and a core issue in dealing with AML/CFT regimes and compliance is the support that emanates from the corporate governance structure. In Ghana, a bank should be a body corporate. Therefore, AML/CFT compliance among banks assumes corporate governance issue. Board of directors represents shareholder interest in the company and plays a supervisory role on management. Management on the other hand owes certain responsibility to the board. Strategic decisions and commitments are made at the board and management level. The management and board of directors face the dilemma of profitability or compliance, whether to seek profit and shareholder interest or to comply fully and likely lose money. Especially, in current situations where banks face increasing pressure from a number of sources to improve their compliance with AML/CFT and integrity related standards. Johnston & Carrington (2006) assert that although a number of institutions are responding positively to establish robust AML/CFT regimes, attention University of Ghana http://ugspace.ug.edu.gh 99 must be brought to the fact that there is a risk of disrupting legitimate business lines thereby reducing profitability. For any AML/CFT compliance programme to be successful in any financial regime, the role or support of the board and management is very crucial. In the 2012 KPMG AML survey, it was mentioned that globally, regulators have been emphasising the critical role of senior management for many years. It was further revealed that AML is a high profile issue for banks’ senior management within the African region; about 66% of the boards of directors take active interest in AML issues slightly higher than the global response in the 2011 world survey. According to the survey, the rate of engagement in West Africa was the lowest compared to South Africa and East Africa. Simwayi & Wang (2011) found that compliance with the Bank of Zambia AML directives of 2004 by commercial banks in Zambia was generally successful due to the overwhelming support from senior management and board of directors. According to the FIC/BoG guidelines (2011), the ultimate responsibility for AML/CFT compliance is placed on the board/executive management of every financial institution in Ghana. It is therefore, required that the Board ensures that a comprehensive operational AML/CFT compliance manual is formulated by management and presented to the Board for consideration and formal approval. In other words, the board and executive management have the responsibility of ensuring that resources are channeled to develop well defined and comprehensive AML/CFT policies and procedures for the company. d. AML/CFT policies and procedures Most multinational banks operating across countries benchmark their policies and procedures to the international best practices; they however, take into account domestic guidelines. KPMG (2012) attributes this to the challenge that comes with operating across University of Ghana http://ugspace.ug.edu.gh 100 different jurisdictions. In putting down guidelines and procedures for AML/CFT, one of the important factors to watch out is not to financially excluded people because of basic things they do not have especially, in sub Saharan Africa. For instance, FATF’s attention to financial inclusion matters has been long awaited. Countries and institutions have struggled to ensure that their AML/CFT controls do not unnecessarily bar socially vulnerable persons from accessing formal financial services (Bester et al., 2008). De Koker (2009) found that when the South African anti-money laundering (AML) regulations were drafted in 2002, an exemption was made under the Financial Intelligence Centre Act 38 of 2001 (FICA) to ensure that the lack of a verifiable residential address did not bar low-income persons from access to appropriate financial services. This was amended in 2004 to facilitate the launch of a basic bank account, the Mzansi account. This account was designed to meet the needs of the majority of South Africans who did not have access to financial services. This consequently lifted the percentage of banked adults in South Africa from 46% to 63%. According to the FIC/BoG guidelines, every financial institution is mandated to adopt policies indicating its commitment to comply with AML/CFT obligations under the relevant Acts and regulations to prevent any transaction that facilitates ML/TF activities. They shall formulate and implement internal rules, procedures and other controls that will deter criminals from using its facilities for money laundering and terrorist financing and to ensure that its obligations under the relevant laws and regulations are always met. All financial institutions are to develop their own policies, procedures, processes and controls to prevent them from being used as a channel to facilitate money laundering and terrorist financing. Another important factor is the periodic and constant review of the policies and procedures. It is one thing to establish procedures and another thing reviewing to adjust University of Ghana http://ugspace.ug.edu.gh 101 procedures to current needs. KPMG survey found that, a slight majority, about 56%, of banks in Africa review their policies yearly while 10% had not reviewed since incorporation. AML reporting officer (AMLRO) Although literature on financial crimes particularly money laundering is voluminous and growing, the vital role that AMLROs play in combating these crimes has unfortunately, eluded academic attention. Several aspects about the functions of AMLRO are amenable to academic research. The extent of seriousness with which any organisation takes its anti- money laundering activities can be measured by the level of the seniority of the AMLRO within its ranks. The number of other roles they have is crucial in assessing how effective they are and how important money laundering compliance is to the institution. In Zambia, Simwayi and Wang (2011) found that, out of 14 AMLROs interviewed, only two (14 percent) said that the position of AMLRO was their only job while the rest (86 percent) responded that they have other responsibilities within their respective banks. Another factor is the average time spent on performing anti-money laundering functions in cases where they have other roles to play in their respective institutions. The FIC/BoG guideline (2011) directs every financial institution to appoint a person of senior status as an anti-money laundering reporting officer (AMLRO). In accordance with Regulation 5(1) of L.I.1987, such an officer shall receive suspicious or unusual transaction reports from persons handling transactions for the financial institution. Each anti-money laundering reporting officer shall be equipped with the relevant competence, authority, and independence to implement the institution’s AML/CFT compliance programme. The University of Ghana http://ugspace.ug.edu.gh 102 duties of the AML reporting officer shall include but not limited to developing an AML/CFT compliance programme; receiving and vetting suspicious transaction reports from staff; filing suspicious transaction reports with the FIC; ensuring that the financial institution’s compliance programme is implemented; coordinating the training of staff in AML/CFT awareness, detection methods and reporting requirements; and serving both as a liaison officer with the BoG and the FIC and a point-of-contact for all employees on issues relating to money laundering and terrorist financing (FIC/BoG, 2011). e. Transactions monitoring (TM) & suspicious transaction reporting (STR) It is not enough to try to obtain knowledge about customers, prior to starting the business relationship. The process of knowing the customer must be an on-going one throughout the existence of the business relationship. This makes any changes in behaviour of the customers easily detectable by the financial institutions. A system should be put in place to update any changes in customer details or particulars. The FIC/BoG guideline (2011) on anti-money laundering and combating the financing of terrorism (AML/CFT) state that, “Financial institutions shall pay special attention to all complex, unusually large transactions or unusual patterns of transactions that have no apparent or visible economic or lawful purpose”. Even though all transactions relating to customers are to be monitored diligently, financial institutions have the duty of detecting and reporting any suspicious activities that customers might engage in. A transaction is most likely suspicious if it falls out of the normal transactional activities of a customer and is not accompanied by a satisfactory explanation. For example a voluminous deposit made by a customer far above his usual deposits can be deemed suspicious. According to the National Commission on University of Ghana http://ugspace.ug.edu.gh 103 Terrorist Attack upon USA (n.d), smaller transactions may also be seen as suspicious if they meet certain criteria. Suspicious transactions reporting (STR) regime is a fundamental element of AML measures. It refers to a piece of information which alerts law enforcement agencies that certain activity is in some way suspicious and might indicate money laundering or terrorism financing (Fleming, 2005). STR obligation arises regardless of the amount of money involved, the nature and seriousness of the criminal offence, or whether the reporting entity accepts the business or transactions of the customers (Chaikin, 2009b). In Ghana, the obligation to report suspicious transaction was introduced in 2011. The FIC/BoG guideline requires banks to have written policy framework that would guide and enable its staff to monitor, recognise and respond appropriately to suspicious transactions. Every banking institution shall designate an officer appropriately as the AML/CFT reporting officer to inter alia supervise the monitoring and reporting of suspicious transactions. These institutions should be alert to the various patterns of conduct that have been known to be suggestive of money laundering and maintain a checklist of such transactions which should be disseminated to the relevant staff. Furthermore, directors and employees of banking institutions (permanent and temporary) are prohibited from disclosing the fact that a report is required to be filed or has been filed with the competent authorities. It must be borne in mind that an ineffective STR regime will lead to mistaken reporting and defensive reporting. This would result in a flood of reporting and resources spent on irrelevant files may jeopardise the effectiveness of the STR regime. Therefore, to mitigate these problems, banks need to clearly specify the channels for reporting of suspicious transactions. The guideline again requires financial institutions to report to the FIC all cash transactions within Ghana in any currency and with a threshold of GH¢20,000 University of Ghana http://ugspace.ug.edu.gh 104 and above (or its foreign currency equivalent) for both individuals and business entities or amounts as may be determined by the BoG from time to time. f. Customer due diligence (CDD) The requirement to know your customer (KYC) forms the basis of AML/CFT and as the first line of defense in combating both of these. Customer due diligence (CDD) is the identification and verification of both the client and beneficiary, but not limited to continuous monitoring of the business relationship with the financial institution. Financial institutions are not permitted to operate anonymous accounts or accounts in fictitious names. Simonova (2011) argues that not only is the customer due diligence requirements imposed by the AML regime useful for preventing and detecting fraud, identity theft, etc., but is also beneficial from an economic point of view by gathering data about customers. The FIC/BoG guideline (2011) clearly states that financial institutions shall undertake customer due diligence (CDD) anytime they are establishing business relationships with clients, when they are carrying out transactions which are beyond the designated threshold of GH¢20,000.00 (or its foreign currency equivalent) or in other situations that may be determined by Bank of Ghana from time to time. This includes where the transaction is carried out in a single operation or several operations that appear to be linked; and carrying out occasional transactions such as money transfers, and whenever the financial institution is suspicious of money laundering or terrorist financing or when there are doubts about the authenticity and adequacy of the data and information about the client or customer. University of Ghana http://ugspace.ug.edu.gh 105 Banking institutions shall always undertake CDD on every customer they deal with to ensure they deal with authentic persons and to reduce the probability of anonymous persons using these institutions as a channel for laundering money or financing terrorism. Banks that do not conduct robust due diligence procedures expose themselves to reputational risk as well as the risk of possible legal, financial or regulatory sanction. Banks are encouraged to conduct and enhance customer due diligence (CDD) on their high risk customers. This principle encourages the continuous monitoring of clients’ accounts to identify transactions that seem out of the ordinary. Due to the ‘know your customer’ rule, banks have information regarding the expected cash flows and sources of funds of clients. When extraordinary transactions occur on an account, a bank is within its rights to inquire about the transaction from its client. Banks are also required to report such transactions to regulating bodies. However, there is often a conflict between client confidentiality and the bank’s duty to report any suspicious transaction. In addition, banks are required by law to also assess their new as well as old employees. Money laundering occurs in banking institutions sometimes with the help of employees or at least in the presence of employee ignorance. When employing personnel, banks ought to take measures to ensure that only trustworthy and highly qualified people are employed. Banks can do credit checks, reference checks, criminal records checks, and even internet checks to ascertain the personality of the prospective employee and his/her propensity for wrong doing. Once the individual has been hired, random checks may also be carried out occasionally to check for example, if the employee has recently acquired assets which require significant cash outflows (is the employee living beyond his/her means?). Behavioural patterns can also be examined as well as the status of transactions conducted by employees and note areas of concern such as loan defaults. University of Ghana http://ugspace.ug.edu.gh 106 g. Training and staff awareness The need to train bank employees for the effectiveness of AML activities cannot be over emphasized. The lack of knowledge of the basic AML requirements as well as the banks’ attempts to limit resources, have negatively affected the smooth implementation of AML programmes (Subbotina, 2009). Training should be both adequate and continuous – indeed, Simwayi and Wang (2011) found in Zambia that only two AMLROs did not receive specialised training in AML despite being professional bankers and compliance experts. The rest had been trained both locally and internationally. Some training programmes were outsourced and others arranged by their regional or international head offices. Also, three AMLROs (21 percent) are Certified Anti-money Laundering Specialists (CAMS). One of them was a certified money laundering preventing officer (an internal certification programme). It further found that all commercial banks carried out AML training for their new and old employees. The highest frequency of employee training was every 12 months (64 percent) followed by 24 months (21 percent) and 12 months (15 percent). The FIC/BoG guideline (2011) requires financial institutions to design employee education and training programmes to make employees fully aware of their AML/CFT obligations and also to equip them with relevant skills in discharging their AML/CFT tasks. This employee training programme is mandatory for every financial institution and attracts fines of not less than two thousand (2000) penalty units (Ammended AML Act 2014,Act 874). The timing, coverage and content of the employee training programme should be tailored to meet the perceived needs of the financial institutions. However, it should be comprehensive enough to cover staff/areas such as: reporting officers; new staff (thus making it part of their orientation programme); banking operations/branch office University of Ghana http://ugspace.ug.edu.gh 107 staff (particularly cashiers, account opening, mandate, and marketing staff); internal control/audit staff; and managers. The employee training programme is required to be developed under the guidance of the AML/CFT reporting officer in collaboration with the executive management. Thus, the basic elements of the employee training programme are expected to include AML regulations and offences, the nature of money laundering, money laundering ‘red flags’ and suspicious transactions – including trade-based money laundering typologies, reporting requirements, customer due diligence (CDD), risk-based approach to AML/CFT, record keeping and retention policy (FIC/BoG, 2011). h. Customer records keeping The Financial Intelligence Centre (FIC) and the Bank of Ghana (BoG) requires all financial institutions to maintain all necessary records of transactions, both domestic and international, for at least five (5) years following completion of the transaction or longer if requested by the BoG and FIC in specific cases. This requirement applies regardless of whether the account or business relationship is ongoing or has been terminated (FIC/BoG, 2011). Thus, even when the business relationship is severed, the financial institution shall continue to keep the records pertaining to the severed business relationship. Financial institutions shall ensure that all customer-transaction records and information are available on a timely basis to the BoG and FIC. The reason for keeping data on old transactions or even when the business relationship is terminated is so that employees make those data available to the FIC/ BoG any time data about an old transaction is requested from the financial institution. Again, the financial institution shall deliver such data without delay. This requirement, however, defies the banker-customer confidentiality relationship in University of Ghana http://ugspace.ug.edu.gh 108 banking, where FIC/BoG guideline (2011) stipulates that: notwithstanding a financial institution’s internal policies relating to customer confidentiality and particularly in accordance with the provisions in the Banking Act, 2004 (Act 673) as amended by Act 738 and the AML Act, 2008 (Act 749), competent authorities shall have access to information in order to perform their functions in combating money laundering and financing of terrorism; the sharing of information between competent authorities, either domestically or internationally; and the sharing of information between financial institutions, where this is required or necessary. Appraisal of existing literature and various laws on AML categories the whole AML compliance programme into four (4) key themes namely: money laundering risk assessment, record management, compliance programme and corporate governance. 2.10 Overview of Ghana’s AML/CFT & P environment The Group seven (7) richest industrialized countries created FATF in 1989 to growing concern of the global drug problem. Later the scope of FATF’s responsibilities was expanded to fight the international drug trade and to prevent the global misuse of the banking sector and other financial institutions to launder drug money. FATF currently has 36 members and 8 regional bodies including GIABA (for West Africa). The mandate of the FATF is to set standards and to promote effective implementation of legal, regulatory and operational measures for combatting money laundering, terrorist financing and financing of proliferation and other related threats to the integrity of the international financial system. FATF recommendation set out a comprehensive and consistent framework of measures which countries should implement in order to combat money University of Ghana http://ugspace.ug.edu.gh 109 laundering and terrorist financing as well as financing of proliferation of weapons of mass destruction. An effective response to money laundering and terrorist financing and other threats to the financial system need to be a global response. To achieve a global implementation of sound AML/CFT measures, the FATF works closely with eight FATF- style regional bodies (FSRBs). These FSRBs encourage the implementation of the FATF’s Recommendations in their respective memberships. Together with the FATF and its members they make up the FATF Global Network of over 190 countries that are committed to ensuring the integrity of the international financial system. Ghana is a member of GIABA and is expected to comply with the 40 recommendations of FATF. Appraisal of Ghana’s AML/CFT is shown table 1. University of Ghana http://ugspace.ug.edu.gh 110 Table 1: Ghana AML/CFT compliance environment Recommendation Ghana's Compliance environment R1 - Assessing risks & applying a risk-based approach Risk Based Supervision R 2 - National cooperation and coordination Law Enforcement Coordinating Bureau - BoG, SEC, NIC, GPS, GIS, NSCS, BNI, EOCO, FIC, GAF, GRA, AG’s Department, NACOB, Ghana Maritime Authority, Ghana Airports Company Limited and Ministry of Foreign Affairs and Regional Integration established under Section 4(2) of the Executive Instrument 2012 (E.I.8), AML Act 2008 Sections 5(b), 28(2), 35 and 49 of Act 749. R 3 - ML offence – mental element and corporate liability Punishment for ML offence is 10years i.e. S.2 of AML Act, 2008 (Act 749), AML (Amendment) Act 2014, (Act 874) and Regulation 44 of the AML Regulations, 2011 (L.I. 1987), Criminal Offences (Amendment) Act, 2012 (Act 849), Immigration (Amendment) Act, 2012 (Act 848) R4 - Confiscation and provisional measures. Economic and Organised Crime Office Act, 2010 (Act 804) sections 33 to 40 , Economic and Organised Crime Office (Operations) Regulations, 2012 (L.I. 2183), Narcotic Drugs (Control, Enforcement & Sanctions) Act, 1990 (PNDC Law 236) R5 - Terrorist Financing Offence Anti-Terrorism Act, 2008 (Act762), Anti-Terrorism (Amendment) Act, 2012 (Act 842), The Anti-Terrorism Regulations, 2012 (L.I 2181) R6 - Targeted financial sanctions related to terrorism & terrorist financing UN Security Council Resolutions No. 1267 (1999), No. 1373 (2001), No. 1718 (2006), Successor Resolutions and Other Relevant Resolutions provided in Executive Instrument (E. I.) – 8 (2012), 19 (2012), 2 (2013) R7 - Targeted financial sanctions related to proliferation Publication of Terrorists List R8 – Non Profit Organisations (NPO’s) Department of Social Welfare and MMDA’s (AML/CFT & P Training Manual Proposed), Religious Bodies Supervisory Councils, Guidelines and Operational Manual for NPO’s or NGO’s, FATF’s International Best Practices for Combatting University of Ghana http://ugspace.ug.edu.gh 111 the Abuse of Non-Profit Organisations R9 – Financial Institution Secrecy Laws BoG/FIC AML/CFT Guidelines 2011 Paragraph 2.44 (h) , Banking Amendment Act 2007 (Act 738) Section 84 R10 - Customer Due Diligence The Anti-Money Laundering Regulations, 2011 (L. I. 1987). Proposed Guidelines and Operational Manual for AIs. R11 - Record keeping AML Act 2008 (Act 749) – Sections 23 & 24, AML (Amendment) Act 2014 (Act 874) Banking Act 2004 (Act 673), Electronic Transactions Act, BoG/FIC AML/CFT Guidelines. Proposals for Comprehensive Awareness for other AIs R12 - Politically Exposed Persons (PEPs) FIs complying with list of PEPs. Further training required for NBFI’s and AIs R13 - Correspondent banking FIC/BoG AML/CFT Guidelines 2011 Paragraph 1.12 (Correspondent banking is the provision of banking services by one bank (the correspondent bank) to another bank (the respondent bank)). R14 - Money or value transfer services BoG/ FICAML/CFT Guidelines 2011 Paragraph 1.34 for Banks and Non-Bank Financial Institutions (FIs & NBFIs) R15 - New technologies non- face-to-face business BoG, SEC, NIC AML/CFT Guidelines R16 - Wire transfers FIC/BoG AML/CFT Guideline 2011 Paragraph 1.35 for Banks and Non-Banks Institutions covers maintaining information on wire transfer. SWIFT screening tool to screen transactions and detect unusual and suspicious transactions. R17 - Reliance on 3rd parties To perform KYC, CDD, EDD in R10 and R11 (BoG/FIC AML/CFT Guideline 2011 Paragraph 2.44) R18 - Internal controls, and foreign branches and subsidiaries Addressed in AML Regulations 2011, L.I. 1987. Compliance Officers do comply promptly and properly. L.I. 1987 provides for the training of staff of FIs / AIs. The Regulatory bodies, FIC and the AIs have put in place and are implementing comprehensive training for management and staff of FIs University of Ghana http://ugspace.ug.edu.gh 112 and AIs. R19 - Higher risk countries BoG has developed AML/CFT Guidelines 2011 for FIs and NBFIs to be KYC/CDD/EDD compliant R20 - Reporting of Suspicious Transactions (STR) The FIC has received 402 Suspicious Transactions Reports (STR’s) from October 2012 to July 2013. R21 - Tipping-off and confidentiality A tipping-off offence is committed if a person knows or suspects that a disclosure has been made, and he makes a disclosure which is likely to prejudice any investigation which may be conducted following the disclosure. R22 - DNFBPs: customer due diligence R’s10, 11, 12, 15, and 17, R23 - DNFBPs: Other measures R18-21. AIs report suspicious transactions for a client when, on behalf of or for a client in line with R22 R24 - Transparency and beneficial ownership of legal persons A beneficial owner form has been designed by FIC disseminated to the financial institutions and is being implemented. Companies Act, 1963 (Act 179), Companies Bill (2013) R25 - Transparency and beneficial ownership of legal arrangements Financial institutions and DNFBPs undertaking the requirements set out in R10 & 22 R26 - Regulation and supervision of financial institutions BoG, NPRA, NIC, SEC, VCTA, AI’s, GAMING COMMISSION, FIC R27 - Powers of supervisors Support and develop special investigative techniques by LEA’s suitable for ML/TF investigations i.e. undercover operations. R28 - Regulation and supervision of DNFBPs AML/CFT & P Manuals for Self-regulatory bodies (SRB) - GBA, CIB, ICA, PMMC, GREDA, Association of Used Car Dealers, Auctioneers. R29 - The FIC Comprises Analysts, Compliance Officers, Administrators and Managers, Technology Experts, Regulatory Specialists, International Specialists R31- Powers of law enforcement and investigative Economic and Organised Crime Office Act, 2010 (Act 804), Narcotic Drugs (Control, Enforcement & Sanctions) Act, 1990 (PNDC Law 236), Criminal Offences University of Ghana http://ugspace.ug.edu.gh 113 authorities Act, 1960 (Act 29) Criminal Offences (Amendment) Act, 2012 (Act 849), Economic and Organised Crime Office Act, 2010 (Act 804) R32 – Cash couriers GRA submits Currency Declaration to FIC. 284 Currency Declaration forms are submitted to the FIC for the period under review. R33 - Statistics From October, 2012 to July, 2013, the following convictions have been reported in the media. o Robbery – 11, o Arms Trafficking – 1, o Stealing – 10, o Human Trafficking – 2, o Narcotics – 3, o Murder – 2, o Counterfeiting Currency – 1, o Fraud – 8, o Sexual Exploitation – 3, o Forgery – 13, 402 STRs, CTR – 1,100,022, Currency Declarations – 284, 51(47 prosecuted) cases of illicit trafficking in narcotic drugs and psychotropic substances received. Properties confiscated include 1. Two (2) vehicles – 1 BMW and 1 Askek Pontiac, 2. Two (2) laptops, 3. Currency of EURO1,950.00, USD 760.00 and GH ¢ 26. 14 cases on confiscation of houses pending. Two (2) currency smuggling cases received and prosecuted . R34 – Guidance and feedback Competent authorities and supervisors - FIC/BoG/NIC/SEC/NPRA and from DNFBP’s R35 - Sanctions Punishment for ML offence is 10years [S.2 of AML Act, 2008 (Act 749) Section 39 of Act 749, especially sub-section 4, Sections 42, 43, 44, 50(2) of Act 749 and Regulations 44 of the AML Regulations, 2011 (L.I. 1987)]. R36 - International instruments UN Convention against Illicit Trafficking in Narcotic Drugs and Psychotropic Substances, 1988 (the Vienna Convention), the UN Convention against Transnational Organized Crime, 2000 (the Palermo Convention), United Nations Convention against Corruption, 2003; Terrorist Financing Convention, 1999. UN Security Council Resolutions No. 1267 (1999), No. 1373 (2001), No. 1718 (2006), Successor Resolutions and Other Relevant Resolutions provided in Executive Instrument (E. I.) 2 (2013), UN Consolidated list of Terrorist Individuals and Entities R37 - Mutual Legal Assistance (MLA) Mutual Legal Assistance Act, 2010 (Act 807), FATF, GIABA, Other FIUs in the West African sub-region and beyond. R38 – Mutual Legal Assistance (MLA) confiscation and EOCO Act, 2010 (Act 804) University of Ghana http://ugspace.ug.edu.gh 114 freezing R39 - Extradition Extradition Act, 1960 (Act 22). MOU’s on Extradition. R40 - Other forms of co- operation EGMONT Group of Financial Intelligence Units, MOU’s with Cote d’Ivoire, Niger, Republic of South Africa, Information sharing with United States of America, Togo, British Virgin Islands, Mauritius and Nigeria. 2.11 Construction of Composite Indices (CIs) In general terms, composite indices (CIs) are quantitative or qualitative measures derived from series of observed facts that can reveal relative positions of entities. Composite indices that compare performances are increasingly recognised as useful tools in policy analysis and public communication. The number of composite indices in existence around the world keeps growing on yearly basis (Bandura, 2006). Composite indices allow for comparisons of firms in wide-ranging fields. Composite indices like mathematical or computational models, owe their construction more to the craftsmanship of the modeler than to universally accepted theories and rules for encoding. Again, the justification for composite indices lies in their fitness for the intended purposes and in peer acceptance (Rosen, 1991). On the debate over whether composite indices are good or bad per se, it has been noted that aggregators believe such a summary statistic can indeed capture reality and it is proven to be useful benchmarks for performance without compromising on its ability to generate public interest in policy making (Saltelli, 2007). On the other hand non- aggregators’ key objection to aggregation is that they see the arbitrary nature of the weighting process by which variables are combined (Sharpe, 2004). Multivariate techniques are useful for gaining insight into the structure of the data set of composite indices (CIs). However, it is vital to avoid carrying out multivariate analysis University of Ghana http://ugspace.ug.edu.gh 115 when the sample is small compared to the number of indicators as results will lack known statistical properties. Some of the useful multivariate techniques are discussed below: a. Principal components analysis (PCA) Principal component analysis (PCA) aims to reveal how diverse variables alter with respect to each other and how they are associated. PCA primarily transforms correlated variables into a new set of uncorrelated variables using a covariance matrix or the correlation matrix. It assigns equal weights to individual indicators in forming the principal components (Chatfield & Collins, 1981). Principal component analysis has the virtue of simplicity and allows for the construction of weights representing the information content of individual indicators (Nicoletti et al., 2000). It is able to summarise a set of individual indicators while preserving the maximum possible proportion of the total variation in the original data set. Likewise, it ensures that largest factor loadings are assigned to the individual indicators that have the largest variation across entities, a desirable property for cross-entity comparisons, as individual indicators that are similar across entities are of little interest and cannot possibly explain differences in performance. However, PCA cannot always reduce a large number of original variables into a small number of transformed variables. Another drawback of PCA is that it does not allow for inference on the properties of the general population. Furthermore, in a PCA framework, there is no estimation of the statistical precision of the results, which is essential for relatively small sample sizes. Finally, PCA is sensitive to both modifications in the basic data – data revisions and updates and the presence of outliers, which may introduce a spurious variability in the data (Efron & Tibshirani, 1993; 1991). University of Ghana http://ugspace.ug.edu.gh 116 b. Factor analysis (FA) and Cluster analysis (CA) Factor analysis is a statistical method that describes variability among observed and correlated variables in terms of a smaller number of factors that highlight the link between these variables. Factor analysis assumes that data is based on the underlying factors whose variance can be decomposed into that accounted for by common and unique factors. It uses regression modeling techniques to test hypotheses producing error terms, while PCA is a descriptive statistical technique. A major defect of factor analysis is that it may identify dimensions that do not necessarily help to reveal the unique structure in the data and can really mask taxonomic information. Cluster analysis on the other hand orders large data into manageable sets. Cluster analysis is used in the development of composite indices to group data on entities based on their similarity on different individual indicators. Cluster analysis is a purely statistical method of aggregation of indicators and a diagnostic tool for exploring the impact of the methodological choices made during the construction phase of composite indices. Additionally, it is a method of disseminating information on the composite indices without losing that on the dimensions of the individual indicators. Finally, it allows for selecting groups of entities for the imputation of missing data with a view to decreasing the variance of the imputed values. Thus, cluster analysis gives some insight into the structure of the data set. However, cluster analysis is criticised for its purely descriptive nature and its tendency not to be transparent if the methodological choices made during the analysis are not motivated and clearly explained (Davis, 2003; Massart & Kaufman, 1983; Spath, 1980; Anderberg, 1973; Ward, 1963). University of Ghana http://ugspace.ug.edu.gh 117 c. Cronbach coefficient alpha Cronbach alpha is the most common estimate of internal consistency of items in a model or survey (Boscarino et et al., 2004; Raykov, 1998; Miller, 1995; Cortina, 1993; Feldtet et al., 1987; Hattie, 1985; Green et al., 1977). It assesses how well a set of individual indicators measures a single unidimensional object. Cronbach alpha is primarily a coefficient of reliability based on the correlation between individual indicators. It increases with the number of individual indicators and with the covariance of each pair (Nunnally, 1978). Though, both Factor analysis and the Cronbach alpha are based on correlations among individual indicators, their conceptual frameworks are different. Cronbach alpha captures the internal consistency in the set of individual indicators, though correlations do not necessarily mean causality on the phenomenon expressed by the composite indices. d. Data envelopment analysis (DEA) Data envelopment analysis (DEA) employs linear programming tools to estimate inefficiency frontier that is used as a benchmark to measure the relative performance of entities (Cherchye et al., 2008; Melyn & Moesen, 1991). Data envelopment analysis is sensitive to policy priorities, in that its weights are endogenously determined by observed performances. Also, it is not based upon theoretical bounds but on a linear combination of observed best performances. Furthermore, data envelopment analysis is able to overcome the difficulties of linear aggregations (Sapir, 2005; Nicoletti et al., 2000; Sen, 1998; Haq, 1995). However, it often rewards the status quo, since for each entity the maximisation problem gives higher weights to higher scores. University of Ghana http://ugspace.ug.edu.gh 118 2.12 The Structure of Ghana’s Financial and Banking Systems Financial system (FS) primarily consists of financial institutions, the financial market, the act of rules and regulations that determine how money circulates within the economy to allow for various activities to be performed with ease. Ghana’s financial system broadly consists of regulators, regulations, infrastructure, products and services (financial assets and liabilities), financial institutions and customers of financial institutions. The five regulators of FS are Bank of Ghana (BoG), National Insurance Commission (NIC), Venture Capital Trust Authority (VCTA), Securities and Exchange Commission (SEC) and National Pension Regulatory Authority (NPRA). Bank of Ghana (BoG) is responsible for the formulation of monetary policies and regulation of the business of banking while VCTA was established as an oversight regulator over venture capital activities in Ghana. SEC was set up basically to protect investors and maintain the integrity of the security market while NIC is also charged to regulate the activities of all insurance firms in Ghana. The Ghana Interbank Payment and Settlement System (GhIPSS) implements and manages interoperable payment infrastructures for banks and non-bank financial institutions. All financial transactions by all actors in Ghana’s financial system are expected to be made using the payment and settlement GhIPSS infrastructure. Though, the Ministry of Finance (MoF) is primarily charged with the formation and implementation of sound fiscal and financial policies, it works closely with financial regulators to ensure financial stability. The Financial Intelligence Centre (FIC) is a fulcrum around which a secure and robust anti-money laundering regime works, thereby maintaining the integrity of the Ghana financial system. Thus, the regulators rely on various Acts, regulations, legislative instruments, guidelines and other authorities to ensure fair market conduct and financial stability. University of Ghana http://ugspace.ug.edu.gh 119 Examination of the Ghanaian financial system revealed an interesting classification of the players within the industry. Evidently, Ghana’s non-bank financial system is based on the scope of activities and the capital requirements. Additionally, non-bank financial institutions in Ghana still do the business of banking and are thus regulated by BoG. Finally, Non-bank financial institutions (FIs) in Ghana consist of deposit-taking (e.g. savings and loans) and non-deposit taking (e.g. leasing and mortgage companies). These observations obviously contrast with FIs classifications of both UK and US. Thus, future researchers are cautioned to note this fascinating observation in studying the structure of the Ghanaian financial institution. The initial periods of the financial reforms led to the entry of two new merchant banks, namely Continental Acceptances Limited (CAL) and Ecobank in 1988. This was followed by another three (3) banks namely; First Atlantic, Amalgamated and Metropolitan, and Allied banks in 1995. Additionally, over 20 Non-bank financial institutions (NBFIs), including leasing companies, finance houses, building societies and savings and loans companies were also established in this era. Specifically, three (3) NBFIs were licensed by BoG to bring them to a total of 4 by 2011. Additionally, one credit reference bureau was issued with an operational license in 2010, to bring it to a total of two (2) in Ghana. Bank of Ghana established Other Financial Institutions Supervision Department (OFISD) to supervise the operations of all microfinance institutions in Ghana. Furthermore, BoG established an office in 2011 to ensure that all deposit money banks and NBFIs comply with Anti-money Laundering/combating the financing of terrorism regulations based on the Anti-Money laundering Act, 2008 (Act, 749) and Anti-terrorism Act, 2008 (Act, 762). The Bank of Ghana has established a dedicated unit for supervision of AML/CFT activities. University of Ghana http://ugspace.ug.edu.gh 120 Until 2000, Ghana’s formal banking sector was dominated by three (3) primary and one (1) secondary commercial banks; namely, GCB, SCB, BBG and SSB. As at 2004, there were nine (9) commercial banks, three (3) development banks, six (6) merchant banks and over hundred rural banks in Ghana. As at 2004, the individual banks in the Ghanaian merchant banks were the Merchant Bank of Ghana Ltd., Ecobank Ghana Limited, Cal Merchant Bank Ltd., and the First Atlantic Merchant Bank. The Ghana Stock Exchange (GSE) was established in 1991 under the Companies Code 1963, Act 179 to primarily facilitate business expansion by making long term financing available to the public. The period witnessed a steady increase in the number of deposit money banks to twenty-three (23) banks at the end of 2006 and to twenty-six (26) banks by 2012 (Aboagye et al., 2008). Currently, the banking industry in Ghana is made up of the Central Bank, ARB Apex Bank, twenty-six (26) Commercial Banks, one hundred and thirty-six (136) RCBs and two (2) representative offices, three hundred and thirty-three (333) forex bureau, two hundred and sixteen (216) MFIs, five (5) inward remittance companies and two (2) representative offices (BoG, 2013). University of Ghana http://ugspace.ug.edu.gh 121 CHAPTER THREE – RESEARCH METHODOLOGY 3.0 Introduction The study adopted epistemology (positivist) research philosophy using a deductive approach. The quantitative research strategy was used. Desktop review was carried out to evaluate Ghana’s current status with respect to FATF 40 recommendations. Data was collected from banking institutions licensed by Bank of Ghana that have been in operation for at least a year were used and 79 Bank and Non-bank financial institutions (NBFIs) were used as the sample. Descriptive statistics such as mean, percentiles and percentages were used to describe the generated scores for the banking industry. Principal Component Analysis (PCA) was deployed in the construction of the indices and the hypotheses were tested using chi-square. In determining the effect of AML compliance, FP on ERM adoption, three (3) approaches were used: (1) Logistic: ERM is measured as a binary variable taking a value of 1, if a bank appoints a CRO and 0 otherwise. (2) Ordinary Least Squares: ERM is measured as a continuous variable (ERM Adoption Index). Finally, a 2- stage Least Square Regression was done, due to endogeneity between ERM adoption and firm performance (ROA). Net interest margin and cost-income ratio were used as instruments for ROA. The justification for selected variables, research design and data collection techniques are captured in this section. 3.1 Construction on AML and ERM Indices Using PCA This section discusses how the ERM Adoption and AML Compliance indices are constructed and the variables used. The principal component analysis (PCA) was used to analyze the interrelationships among a large number of variables and to explain these variables in terms of a smaller number of variables (called principal components) while still maintaining the original value of the variables. PCA methodology helps extract University of Ghana http://ugspace.ug.edu.gh 122 orthogonal variables that measure different aspects of a subject from a set of variables that describe the subject. Let wi be a p -dimensional constant vector with ¢wiwi =1 and x a p - dimensional random vector. Then yi = ¢wix is a linear combination of the random vector x and var(yi ) = ¢wiSwi "i =1,..., p cov(yi ,y j ) = ¢wiSw j "i, j =1,..., p WhereS is the covariance matrix of x . The ith principal component yi is defined as yi = mwi axvar(yi ) subject to ¢wiwi =1 and cov(yi , y j ) = 0 The implication of this maximisation problem is that the principal components yi and y j are orthogonal and can therefore, be used in the same regression. In this study, a two (2)-stage approach was used to construct the AML compliance and ERM adoption indices. ERM adoption had nine (9) thematic areas. Each of the nine (9) thematic areas had different set of questions, for example the first has 5 questions (p=5) and all the five (5) were reduced into one (1) variable called Principal Component (PC). For each of the other thematic areas, the numbers of questions were all reduced to one (1) PC. The second stage involved reducing the entire nine (9) PCs to one (1) PC which is the ERM Adoption index. Similar approach was used to derive the AML compliance index. The first principal component (PCs) by construction tends to contain the largest portion of the information contained by the original set of variables. Additionally, factor loadings greater or equal to 0.30 are selected. PCA scores are generated for the 79 banking firms. University of Ghana http://ugspace.ug.edu.gh 123 The PCA scores for both AML compliance and ERM adoption were bootstrapped to ascertain their ranges. These scores were further rescaled to lie between 0 and 10,000 for easy analysis. In addition, scores were categorized using 5th, 50th, 75th and 95th percentiles and ranked. The industry in which a bank operates i.e. (1 for universal banks and 2 for NBFIs) was used to present the ranked results to ensure confidentiality. The top ten (10) performers are reported in the analysis to appreciate the performance of NBFIs and universal banks. 3.1.1 The ERM adoption components Since publication of the COSO ERM framework in 1992, there have been varied acceptance levels by industry, practitioners and academia. However, review of literature shows that the COSO ERM framework is gradually gaining recognition and adoption (Mcshane et al., 2012; Gordon et al, 2009; Beasley et al., 2008). Figure 2 and table 2 show the variables employed in the two-stage ERM adoption index construction and justification of variables respectively. University of Ghana http://ugspace.ug.edu.gh 124 Figure 2: Enterprise Risk Management (ERM) Adoption index variables (modified COSO ERM framework) Internal Environment Index Objective Setting Index Event Identification index Risk Response Index Monitoring index Risk Assessment Index Control Activities Index Information and Communication Index Organisational Culture Index Internal environment indicators Objective setting indicators Event identification indicators Risk assessment indicators Risk response indicators Control activities indicators Information and communication indicators Monitoring and evaluation indicators Organisational culture indicators ERM Adoption Index University of Ghana http://ugspace.ug.edu.gh 125 Table 2: The ERM Adoption index variables Variable Justification for inclusion Factor loading sign Internal environment It captures a set of standards on integrity, ethical values and competence of an entity's people; management's philosophy, operating style, processes and structures. + Objective setting This captures objectives that are set to support the organisation's mission are consistent with its risk appetite. + Event identification This involves the identification of internal and external events that affect the achievement of a firm’s objectives. + Risk assessment This involves a dynamic and iterative process for identifying, analyzing, responding and tolerating risks that hinder the ability of firms to achieve set objectives. + Risk response This refers to the appropriate actions which are selected to align risks with risk tolerance and risk appetite. + Control activities This captures policies and procedures required to execute directives of management. + University of Ghana http://ugspace.ug.edu.gh 126 Information & communication It captures pertinent information that must be identified, captured and communicated in a form and within a stipulated time to help a firm perform its internal controls to achieve set objectives. + Monitoring This captures how information systems should ensure that risk is identified, captured and communicated in a format and time frame that enables managers and staff to carry out their responsibilities to achieve set objectives + Organizational culture This variable captures how value system influence how risks are perceived, detected, mitigated and exploited to enhance holistic risk management in a firm + 3.1.2 Anti-money laundering components Review of existing literature, domestic and international AML laws show four (4) thematic areas that should engage the attention of banks and regulators. These four key variables capture the entirety of an AML framework and is shown in Figure 3 and justification of these variables is shown in table 3. University of Ghana http://ugspace.ug.edu.gh 127 Figure 3:Anti-Money Laundering Index Variables Money laundering risk assessment indicators Records management Indicators Compliance programme indicators Corporate Governance indicators AML Compliance Index Compliance programme Index Records management Index Corporate Governance Index Money laundering risk assessment Index University of Ghana http://ugspace.ug.edu.gh 128 Table 3: AML index variables Variable Justification for inclusion Factor loading sign Money laundering Risk Assessment (MLRA) This variable signifies scanning of both internal and external environment of a bank to identify, quantify and measure the potential effect of all money laundering risks on objectives of banks. It helps banks priorities their resources in combating money laundering. + Records Management (RM) Money laundering is a derivative crime; hence its detection depends on the filing of suspicious transaction reports by accountable institutions. Investigation, prosecution and conviction of potential money laundering cases depend largely on proper and effective records keeping. + Compliance program (CP) As required by both international and domestic AML standard, banks are expected to document the potential ML risk they face and the measure they would adopt to manage or minimize theses risks. The variable ensures a + University of Ghana http://ugspace.ug.edu.gh 129 coherent and consistent handling of expected and unexpected ML issues. This category basically deals with the extent to which AML policies and procedures are translated into Knowing Your Customer (KYC) and training of employees on the AML framework Corporate Governance (CG) The implementation of AML compliance programme depends largely on the corporate governance practices in a firm. The quality of board and management oversight is essential in ensuring banking institutions comply with AML policies and procedures + 3.2 Percentile categorisation and interpretation of PCA scores In order to measure the level of success of AML compliance and ERM adoption programmes of banks, scores generated from the PCA were grouped using percentiles in table 4 below. The 5th and 95th were used for poor and excellent banks respectively. This is to ensure that banks with weak and strong AML and ERM systems are easily identified. Banks that fell with the 5th percentile are assumed to have major deficiencies in the AML compliance and ERM adoption programmes, whilst those in the 95th percentile are assumed to have better systems. This was to help rate and rank banks as to the best knowledge of the author no percentile scale exist to rank the risk management tools. University of Ghana http://ugspace.ug.edu.gh 130 Table 4: Scores interpretation Percentile AML compliance ERM adoption Interpretation 5th Weak Low Major shortcomings 50th Fair Medium Moderate shortcomings 75th Good High Minor shortcomings 95th Strong Very high No shortcoming 3.3 The Basic model for AML, Firm performance, and ERM Nexus An increasing number of scholars view ERM adoption as a fundamental model for risk management in organisations (Hoyt & Liebenberg, 2009; Beasley et al., 2008; Nocco & Stulz, 2006). Driving this trend is the belief that ERM adoption offers firms a holistic framework toward risk management because firms presumably lower their overall risk of failure and thus increase their performance by adopting ERM. The presumed link between AML compliance, firm performance and ERM adoption has been clearly captured in the COSO (2004) definition of ERM (Moeller, 2007; Lin and Wu, 2006; Beasley et al., 2005). A multiple regression model is estimated in order to investigate the linkages between University of Ghana http://ugspace.ug.edu.gh 131 AML compliance and firm performance and ERM adoption. Specifically, the following model is estimated: ERMi = b0 +b1AMLi +b2ROAi +BX +ei ……………………………….Equation 1 where, B is a vector of coefficients and X is matrix of control variables. ERM adoption is often measured as binary variable taking a value 1, if a firm appoints a CRO and 0 otherwise. In such situations, logistic regression will be a natural choice for evaluating the effects of AML compliance, firm performance and ERM adoption. Logistic regression has been used in the literature to determine whether or not some firm specific variables are related to ERM adoption (Razali et al., 2011; Keown et al., 2010; Kleffner et al., 2003; Yazid, 2001; Lam, 2000). It is worth noting that the model specified in equation 1 suffers from the well-known endogeneity problem as ERM adoption and firm performance are endogenous to the model. Endogeneity occurs when explanatory variables correlate with the regression error term to render the estimates of regression parameters inconsistent. In such circumstances, instrumental variables (IV) models provide a way of obtaining consistent parameter estimates (Wooldridge, 2007; Miguel, 2006; Brunner, 2002; Robinson, 2001; Jeckman 1997). Therefore, the instrumental variable (IV) approach was used to estimate this model. Instrumental variable in econometric analysis is meant to address endogeneity, measurement error and omitted variable bias in estimation of economic models. Following Baum (2009) and Hansen (2009), the theoretical underpinnings of the instrumental variable method are outlined: Consider the equation of the form University of Ghana http://ugspace.ug.edu.gh 132 y = xb+ m ………………………………………………………………Equation 2 Where, there is no association between x and µ. In such a situation, the ordinary least squares (OLS) method generates consistent estimates of the model. However, OLS regression breaks down when there is correlation between x and µ due to the presence of endogeneity. To address endogeneity that was likely to emanate from aggregation of variable, the author following Hansen (2009) explored the instrumental variable model of the form: yi = ¢xib + ei ………………………………………………………………Equation 3 Where xi is (k × 1), and assume that E (xi, ei) ≠ 0 due to endogeneity. The instrumental variable method is employed to justify that the association between AML compliance, firm performance and ERM adoption is a causal relationship rather than simply a correlation. Additionally, this study’s reliance on the instrumental variable model was to help address major methodological endogeneity that one encounters in using OLS to examine AML compliance, firm performance and ERM adoption. For instance, there is a possible two-way link between return on assets (firm performance) and the dependent variable, ERM due to the fact that while profitability of a firm makes resources available for implementing ERM, successful adoption of ERM can also impact positively on a firm’s profit level. As such, the study used instruments that have high correlation with ROA, but uncorrelated with the dependent variable, ERM index. The challenge of using the instrumental variables (IV) model was how to identify valid instruments to explore AML compliance, firm performance and ERM adoption. This study identified cost to income ratio (CIR) and net interest margin (NIM) as valid instruments for firm performance (ROA). University of Ghana http://ugspace.ug.edu.gh 133 Review of literature reveals many drivers of ERM adoption. However, the ERM drivers indicated in table 5 were chosen as control variable in the model to reflect the peculiarity of Ghana’s banking industry. University of Ghana http://ugspace.ug.edu.gh 134 Table 5: Selected Drivers of ERM Adoption Dimension Expected sign Indicator Citation Auditor type + Bank audited by one of big four (4)-(KPMG, LLP, Ernst and Young LLP, PricewaterhouseCoopers LLP, and Deloitte Touché Tohmatsu Ltd Golshan et al., (2012); Clune et al., (2005) Firm size + Natural log of Total Assets Golshan et al., (2012); Golshan & Abdul-Rashid (2012); Thompson et al., (2010); Gordon et al., (2009); Beasley et al., (2008, 2005); Yazid et al., (2008); Pagach & Warr (2008; 2007); Hoyt et al.,; (2006). Bank solvency + The capital adequacy ratio is measured as a percentage of the adjusted capital base of the bank to its adjusted asset base. Banking Act, 2004 (Act 673) Bank Profitability +/- Profit after tax to total asset Gordon et al. (2009); Acharyya, (2008, 2007); Liebenberg & Hoyt (2003) Dummy + I-universal banks;0-savings & loans University of Ghana http://ugspace.ug.edu.gh 135 Anti-money laundering compliance + AML compliance index Anti-Terrorism (Amendment Act), 2012 (Act, 842); Basel (2012); Anti-Terrorism Regulations, 2012 (L.I. 2181). Anti-money laundering Regulations (2011); Anti-money laundering Act 2008, (Act 749); Anti-Terrorism Act, 2008 (Act 762 3.4 Description of selected drivers of ERM This section provides further theoretical and empirical explanation to the selected drivers of ERM adoption shown in table 5. The drivers were carefully selected due to data availability. The drivers are discussed with respect its measurement and expected influence on ERM adoption within the Ghanaian banking context. i. Auditor type The presence of one of the big four (4) international accounting firms (KPMG, LLP, Ernst and Young LLP, PricewaterhouseCoopers LLP and Deloitte Touché Tohmatsu Ltd) may give assurance to investors, customers, employees and other stakeholders in terms provisions of appropriate controls and banking reporting. Auditing ensures adherence to regulatory standards, internal company policies and industry standards. Regulators would insist on tried and tested auditing firms to ensure protection of customer deposit and minimise risks a bank is exposed to. In addition, the fact that the big four (4) will always protect their own reputation as competent auditors by ensuring that annual reports and University of Ghana http://ugspace.ug.edu.gh 136 relevant documents are transparent and free from errors is paramount (Golshan & Abdul- Rasid, 2012; Beasley et al., 2005). Beasley et al., (2005) have also concluded that the stage of ERM adoption is positively affected by the firm’s auditor type. In other words, if the firms’ auditor happens to be one of the big four (4), the firm was more likely to have adopted ERM. ii. Firm size The size of a company is often reflected in its assets and/or employee size. Companies need to effectively manage their assets in order to achieve their strategic short-term and long-term goals. Other things being constant, large firms are more likely to adopt ERM than smaller firms (Yazid et al., 2008; Pagach & Warr, 2007; Hoyt & Liebenberg, 2006; Beasley et al., 2005). This assertion stems from the fact that large firms are more likely to be diversified in terms of scope, product portfolio, staff and ownership structure. Hence, size is expected to be positively correlated with ERM adoption (Hoyt & Liebenberg, 2009; Lawrence & Lorsch, 1967; Myers et al., 1991). iii. Chief Risk Officer (CRO) The chief risk officer (CRO) plays a critical role in the adoption and implementation of the ERM programme. Many had stressed on the appointment of a CRO to manage all of the firms’ potential risks in ERM adoption (Yazid et al., 2011; Beasley et al., (2005); Kleffner et al., 2003; Lam &Kawamoto, 1997). Liebenberg and Hoyt (2003) had also argued that if companies fail to hire a CRO, it does not mean such companies do not practice ERM. The author acknowledged a complex link between the appointment of CRO and ERM adoption. To simplify this complexity, this study hypothesizes that while a positive relationship between the appointment of CRO and ERM implementation is the norm. It is very possible to have firms who adopted ERM but do not have CROs. University of Ghana http://ugspace.ug.edu.gh 137 iv. Capital Adequacy Ratio (CAR) The banking systems’ capital adequacy ratio (CAR) measures the system’s ability to withstand shocks (internal and external risks); hence, the importance of regulators (Basel 1, 2, and 3; section 54 of Banking Act, 2004, Act 673 as amended). The importance of capital to a bank is again given a global impetus by the Basel 2 Agreement on capital standards and relevant European Union (EU) directives. The Bank of Ghana measures the capital adequacy of a bank, as a percentage of the adjusted capital base to its adjusted asset base and requires banks to maintain a minimum capital adequacy ratio of 10% at all times while in operation. A positive CAR implies a bank’s ability to withstand shocks and stay in business. Hence, this study hypothesises that apositive relationship exists between CAR and ERM implementation. This variable though important to the business of banking has often not been cited. v. Firm performance (bank profitability) This generally refers to various indicators which prove the effect of a set of principles, processes, programmes and projects in real terms. The general description of firm performance implies that it covers both financial and operational (non-financial) aspects of the firm. Firm performance can be measured in several ways. For the purpose of this study, firm performance is defined in both financial and operational terms in order to have a holistic (comprehensive) idea about how implementation of enterprise risk management impacts firm performance. Firm performance is therefore defined not only in terms of, level of profitability; return on assets, turnover, and stock price changes but also in terms of intangible components which include reputation etc. This is based on previous studies (Beasley et al., 2005; Gordon et al., 2009; Pagach & Warr, 2008). Firm performance is also defined to include factors which are not numerically quantifiable as it is not all risk University of Ghana http://ugspace.ug.edu.gh 138 that are related to strategic operational and ethical issues (Orlitzky, 2003, as cited in Acharyya, 2007). this current study looks at the financial aspects of a firm performance and first employ the use of return on assets (ROA) as a measure of performance of Ghanaian banks using the logistic and ordinary least square estimations and subsequently used net interest margin (NIM) as an instrument to ensure robustness using 2SLS estimation method. ROA indicates how effectively a bank’s assets are used to generate profits, thus, serving as strong gauge of how well a bank deploys all its available resources to ensure its profitability and survival. The net interest margin is calculated as tax- equivalent net interest income, divided by average interest-earning assets. Though, net interest margin is not a measure of a bank’s total profitability since most banks also earns fees and other non-interest income from providing services, like brokerage and deposit account services and does not take operating expenses, like personnel and facilities costs, or credit costs into account, it can be used to track the profitability of a bank’s investing and lending activities over a time period. vi. Risk Culture A dummy variable is included to take account of the different levels of risk management practices among banks. Though the Bank of Ghana regulates and supervises both universal banks and non-bank financial institutions (NBFIs) under the same banking Act, the permissible activities and capital requirements make universal banks take more risk than the NBFIs. A universal bank takes the value 1, NBFI, otherwise. This study hypothesises that universal banks are more likely to adopt ERM than non-bank financial institutions. vii. Anti-Money Laundering index Though AML measures mitigate risk with respect to money laundering, it can be subsumed under enterprise risk management. However, intuitively, AML compliance and University of Ghana http://ugspace.ug.edu.gh 139 ERM adoption manage firm risk from different perspectives. Hence, AML is included in this study to assess the association between the two (2). In this study, an AML compliance index is generated to gauge AML programmes of banks. This index is used to test the influence AML compliance on ERM adoption within the Ghanaian banking space. 3.5 The Study Research Design This study evaluates the determinants of ERM adoption using cross section survey data obtained from the Ghanaian banking sector. The study adopts a causal design to assess the impact of selected drivers on the probability of a Ghanaian bank to adopt ERM. A quantitative (parametric) research strategy was employed. A structured questionnaire was administered to twenty-six (26) universal banks and fifty-three (53) non-bank financial institutions (NBFIs) regulated and supervised by the Bank of Ghana with 31st December 2013 as the reference date. The comprehensive survey instrument (questionnaire) was developed to capture the enterprise risk management adoption based on COSO ERM framework input components and components of an AML programme within the Ghanaian banking industry context. In addition, secondary data on total assets, auditor type, capital adequacy ratio and firm performance (bank profitability) were collected from Bank of Ghana as at 31st December 2013. Data collected was analyzed using STATA 13. University of Ghana http://ugspace.ug.edu.gh 140 CHAPTER FOUR EMPIRICAL RESULTS AND DISCUSSIONS 4.0 Introduction This chapter presents and discusses the empirical results. Ghana’s technical compliance with FATF recommendations is presented. The AML and ERM indices are presented and discussed. The descriptive statistics of the generated scores for AML and ERM as well as the ranking of banks is also discussed in this chapter. Finally, the results of the hypotheses tested and regression are presented and discussed in the light of previous literature. Table 6: Risk matrix of ML/TF vulnerabilities Though Ghana has done well in terms of technical compliance as reviewed in literature (see table 1), table 6 shows emerging ML/TF risks and their likely impact. University of Ghana http://ugspace.ug.edu.gh 141 4.2 The AML drivers These components are derived based on international, regional and domestic anti-money compliance standards, laws and guidelines. Following review of literature on AML compliance, the study captures these laws into four (4) thematic areas: Money laundering risk assessment (MLRA); Records Management (RM); Compliance Programme (CP); and Corporate Governance (CG). 1. Money laundering risk assessment (MLRA) A well-developed operational AML/CFT compliance programme is precedent on a sound ML/FT risk assessment. ML/FT risk assessment also entails identifying, analysing and measuring ML/FT inherent risk in order to design corresponding AML/CFT compliance programme. This is core to any effective and operational AML compliance programme. A bank’s ML/FT risk assessment generally focuses on the structural factors (i.e. bank profile, corporate structure, size) and significant activities which include correspondent banking relationships, customer/account type, product, services, customers, entities, transactions and geographic location. These are categorized into three (3) key themes as shown in table 7. University of Ghana http://ugspace.ug.edu.gh 142 Table 7: Results: Money Laundering Risk Assessment Table 7a: Selected principal components Observed Coefficients Bootstrap Std Error P-value (95% confidence Interval) Principal Component 1 2.4622 0.0895 0.0000 (2.2866,2.6378) Table 7b: Factor loadings of Principal Component 1 Factor Loadings Bootstrap Std Error P-value (95% confidence Interval) Bank profile 0.593 0.0093 0.0000 (0.5747,0.6112) Corporate structure 0.5548 0.0146 0.0000 (0.5261,0.5834) Business activities 0.5836 0.0087 0.0000 (0.5664,0.6009) * signifies factor loading ≥0.30 LR test for independence: chi2(3) = 141.16 Prob > chi2 = 0.0000 Table 7c:Variance explained by components Components Eigenvalue Proportion Cumulative Principal Component 1 2.4620 0.8207 0.8207 Principal Component 2 0.3532 0.1177 0.9385 Principal Component 3 0.1846 0.0615 1.0000 From the table 7a, only the first principal component is retained. All factors individually and jointly load positive on the component with a good model fit (see table 7b). All the factors are individually and jointly, statistically and economically significant. This component accounts for 82% of the variability of the data set as shown in table 7c. Thus, this principal component is labeled as money laundering inherent risk index. University of Ghana http://ugspace.ug.edu.gh 143 2. Records Management (RMGT) Records management is vital to effective dissemination and prosecution of money laundering offences. Sections 23 and 24 of Act 749 & Regulation 3 of L.I. 1987 require bank and non-banking institutions to keep customer record for a minimum of six (6) years from the time customer -relationship is terminated. Below is table 8 which shows PCA results of the key themes of records management. University of Ghana http://ugspace.ug.edu.gh 144 Table 8: Results: Records Management Component Table 8a: Selected principal components Observed Coefficients Bootstrap Std Error P-value (95% confidence Interval) Principal Component 1 3.8307 0.6093 0.0000 (2.6363,5.0250) Table 8b: Factor loadings of Principal Component 1 Metric Name Loadings Bootstrap Std Error P-value (95% confidence Interval) Compliance 0.4323 0.0157 0.0000 (0.4016,0.4631) Reporting 0.4671 0.0083 0.0000 (0.4509,0.4833) Accessibility 0.4387 0.0106 0.0000 (0.4180,0.4594) Records manager 0.4685 0.0108 0.0000 (0.4475,0.4896) Suspicious transaction reports 0.4275 0.0151 0.0000 (0.5664,0.6009) * signifies factor loading ≥0.30 LR test for independence: chi2(10) = 301.48 Prob > chi2 = 0.0000 Table 8c:Variance explained by components Components Eigenvalue Proportion Cumulative Principal Component 1 3.8307 0.7661 0.7661 Principal Component 2 0.4400 0.0880 0.8541 Principal Component 3 0.3572 0.0715 0.9256 Principal Component 4 0.2343 0.0469 0.9725 Principal Component 5 0.1377 0.0275 1.0000 Applying the Kaiser’s stopping rule, only first principal component is selected as shown in table 8a. The first principal component accounts for approximately 77% of the variability in the data (see table 8c). All the factor loadings are above 0.30 and positively load on the University of Ghana http://ugspace.ug.edu.gh 145 component as indicated in table 8b. The factors individually and jointly predict the first principal component and are statistically and economically significant. The model has a good fit. Thus, this index is labeled as records management index. 3. Compliance Programme (CPROG) This AML compliance programme contains policies and procedures to help banks comply with existing international and domestic regulations on Anti-money laundering (AML) and combatting of terrorist financing. Review of literature and relevant laws show that at a minimum, an AML compliance programme should address issues on customer due diligence, customer acceptance criteria, client’s file update, “enhanced due diligence” and independent testing and training. The underlying principles in AML compliance programme is categorized into six (6) themes. The PCA results of the AML compliance programme are shown in table 9 below. University of Ghana http://ugspace.ug.edu.gh 146 Table 9: Results: Compliance Programme Table 9a: Selected principal components Observed Coefficients Bootstrap Std Error P-value (95% confidence Interval) Principal Component 1 4.334 0.2187 0.0000 (3.9056,4.7630) Table 9b: Factor loadings of Principal Component 1 Metric Name Loadings Bootstrap Std Error P-value (95% confidence Interval) Customer due diligence 0.4077* 0.0134 0.0000 (0.3461,0.4694) Customer acceptance criteria 0.4175* 0.029 0.0000 (0.3606,0.4743) Client file update 0.4193* 0.0284 0.0000 (0.3636,0.4750) Enhance due diligence 0.4011* 0.0331 0.0000 (0.3361,0.4659) Independent testing 0.4074* 0.0315 0.0000 (0.3457,0.4692) Training 0.3959* 0.0337 0.0000 (0.3299,0.4620) * signifies factor loading ≥0.30 LR test for independence: chi2(15) = 333.74 Prob > chi2 = 0.0000 Table 9c:Variance explained by components Components Eigenvalue Proportion Cumulative Principal Component 1 4.3340 0.7224 0.7224 Principal Component 2 0.5439 0.0907 0.8131 Principal Component 3 0.3688 0.0615 0.8746 Principal Component 4 0.3335 0.0556 0.9301 Principal Component 5 0.2387 0.0398 0.9699 Principal Component 6 0.1806 0.0101 1.0000 The first principal component has an eigenvalue of 4.334 and is selected as presented in table 9a. This component accounts for 72% of the variability in the data set (see table 9c). University of Ghana http://ugspace.ug.edu.gh 147 The factors loadings individually and jointly load positive unto this component. The factors are statistically and economically significant (see table 9b) and predict the index. This component is labeled as compliance programme index. 4. Corporate governance (CGOV) The governing board and senior management of the bank take and demonstrate overall responsibility for AML/CFT systems and controls. For AML programme to work the board should fully understand their obligations and AML/CFT responsibilities, approve the AML/CFT policy and procedures, receive regular AML/CFT training as well as play a directing role in terms of allocating resources to the AML/CFT function. The compliance programme is categorised into seven (7) thematic areas as shown in table 10. University of Ghana http://ugspace.ug.edu.gh 148 Table 10: Results: Corporate Governance Table 10a: Selected principal components Observed Coefficients Bootstrap Std Error P-value (95% confidence Interval) Principal Component 1 5.103 0.2184 0.0000 (4.6749,5.5311) Table 10b: Factor loadings of Principal Component 1 Metric Name Loadings Bootstrap Std Error P-value (95% confidence Interval) AML framework approval 0.3711 0.0157 0.0000 (0.3403,0.4019) Board training 0.3715 0.0148 0.0000 (0.3425,0.4006) Adherence to AML procedure and policies 0.3945 0.0088 0.0000 (0.3772,0.4118) PEPs On Board/management 0.3961 0.0078 0.0000 (0.3808,0.4112) Standardized KYC procedures 0.3631 0.0148 0.0000 (0.3342,0.3920) Independent testing 0.3988 0.0082 0.0000 (0.3827,0.4148) Big four audit firm 0.3477 0.2027 0.0000 (0.3079,0.3874) LR test for independence: chi2(21) = 439.66 Prob > chi2 = 0.0000 * signifies factor loading ≥0.30 Table 10c:Variance explained by components Components Eigenvalue Proportion Cumulative Principal Component 1 5.1030 0.7290 0.7290 Principal Component 2 0.4869 0.0696 0.7986 Principal Component 3 0.3871 0.0553 0.8539 Principal Component 4 0.3595 0.0514 0.9052 Principal Component 5 0.3322 0.0475 0.9527 Principal Component 6 0.1971 0.0282 0.9809 Principal Component 7 0.1339 0.0191 1.0000 University of Ghana http://ugspace.ug.edu.gh 149 From table 10a above principal component 1 with eigenvalue of 5.10 is selected. This component accounts for approximately 73 percent of the total variability in the data set (see table 10b). All the factors are economically and statistically significant with positive loadings onto the component (see table 10b). This component is labeled corporate governance index. 4.3 The AML index Following from the discussions above, the entire variables of the proposed AML compliance index are statistically significant, hence could be used in determining the key drivers of AML compliance in the Ghanaian banking industry. The proposed AML compliance index is a composite index – it means the overall score is a weighted average of four (4) key indices derived from the four (4) -stage one (1) variables. These indices include: money laundering risk assessment, records management, compliance programme, and corporate governance. University of Ghana http://ugspace.ug.edu.gh 150 Table 11: Results: AML Index Table 11a: Selected principal components Observed Coefficients Bootstrap Std Error P-value (95% confidence Interval) Principal Component 1 3.3549 0.5337 0.0000 (2.3089,4.4011) Table 11b: Factor loadings of Principal Component 1 Metric Name Loadings Bootstrap Std Error P-value (95% confidence Interval) Money laundering Risk Assessment 0.4873* 0.3059 0.0000 (0.4273,0.5472) Records Management 0.5207* 0.0196 0.0000 (0.4823,0.5590) Compliance program 0.5198* 0.0197 0.0000 (0.4812,0.5584) Corporate Governance 0.4704* 0.0349 0.0000 (0.4019,0.5388) * signifies factor loading ≥0.30 LR test for independence: chi2(6) = 305.42 Prob > chi2 = 0.0000 Table 11c:Variance explained by components Components Eigenvalue Proportion Cumulative Principal Component 1 3.3550 0.8387 0.8387 Principal Component 2 0.3829 0.0957 0.9345 Principal Component 3 0.1815 0.0454 0.9799 Principal Component 4 0.0805 0.0201 1.0000 It is clear that the overall fitness of the AML compliance model is good. Principal component 1 is selected as shown in table 11a. The factor loadings are all above 0.30 and individually and jointly; positively load on the principal component 1. The component alone accounts for 84% of the variability of the data set (see table 11c). All factors are statistically and economically significant with factor loadings above 0.30 (see table 11b. University of Ghana http://ugspace.ug.edu.gh 151 This component is thus labeled AML compliance index. This index is now used to rank the AML compliance of sampled firms. Scores generated from the Stata 13 based on parameters set in methodology are bootstrapped for AML compliance and ERM adoption to create valid confidence interval. Each bank is assigned a score on a scale from – 6 to 6 for AML compliance and -10 to 10 for ERM adoption. Higher scores are preferred and results are shown in appendix B with name of banks replaced with the industry it operates to ensure confidentiality. 4.4 The ERM components This section of the thesis seeks to discuss the latent factors that drive the ERM adoption index. Each of the COSO ERM input factors, together with organization culture, have underlining principles which have been categorized into key themes (factors) based on the researcher’s interpretation to ensure appropriate labeling of the proposed indices as shown in tables 12 to 20. Following Kaiser Stopping rule, principal component with eigenvalue above one (1) and factor loadings greater or equal to 0.30 are selected. The higher the value of each input factor, the better the ERM adoption index. The nine (9) factors are discussed below. 1. Internal environment The underlining principles of the internal environment include: entity’s commitment to integrity and ethical values; the autonomy of the board of directors in exercising its oversight duties; the presence of the organizational structure; the entity’s commitment to attract, develop, and retain competent individuals in the pursuit of set objectives (COSO, 2010). The above underlining principles have been categorized into five (5) key themes (factors) as shown in table 12 below. University of Ghana http://ugspace.ug.edu.gh 152 Table 12: Results: Internal Environment Table 12a: Selected principal components Observed Coefficients Bootstrap Std Error P-value (95% confidence Interval) Principal Component 1 2.9173 0.2587 0.0000 (2.4102,3.4244) Principal Component 2 1.0811 0.1532 0.0000 (0.7808,1.3815) Table 12b: Factor loadings of Principal Component 1 Factor Loadings Bootstrap Std Error P-value (95% confidence Interval) Ethical standard 0.4949* 0.2037 0.0000 (0.4551,0.5349) Board oversight 0.296 0.0791 0.0000 (0.1409,0.4510) Organisational structure 0.4812* 0.025 0.0000 (0.4322,0.5305) Human capital 0.4323* 0.0483 0.0000 (0.3375,0.5271) Employee accountability 0.4988* 0.0269 0.0000 (0.4461,0.5515) * signifies factor loading ≥0.30 Table 12c: Factor loadings of Principal Component 2 Factor Loadings Bootstrap Std Error P-value (95% confidence Interval) Ethical standard -0.2823 0.0204 0.0000 (-0.4138,-0.1505) Board oversight 0.7515* 0.3599 0.0000 (0.6809,0.8220) Organisational structure -0.3211 0.0733 0.0000 (-0.4649,-0.1774) Human capital 0.442* 0.0680 0.0000 (0.087,0.5753) Employee accountability -0.2391 0.0711 0.0000 (-03787,-0.996) * signifies factor loading ≥0.30 LR test for independence: chi2(10) = 166.76 Prob > chi2 = 0.0000 University of Ghana http://ugspace.ug.edu.gh 153 Table 12d:Variance explained by components Components Eigenvalue Proportion Cumulative Principal Component 1 2.9172 0.5835 0.8535 Principal Component 2 1.0811 0.2162 0.7997 Principal Component 3 0.4066 0.0813 0.8810 Principal Component 4 0.3156 0.0631 0.9441 Principal Component 5 0.2793 0.0559 1.0000 The table discusses the result of the principal components, factor loadings and the overall fitness of the internal environment constructs. Component one (1) and component two (2) were selected because it is evident from the variance analysis that the two components have eigenvalues above one and account for approximately 80% of the total variability of the data set as shown in table 12d. Component one alone accounts for as much as 58% of the variability and it is driven by all the five (5) variables which are all statistically and economically significant as indicated in table 12b. Component one (1) is therefore labeled as internal environment index. Component two is mainly driven by board oversight with factor loading of 0.75 and some factors load negatively (see table 12c). This is therefore labeled as board oversight index. From the discussion, component one which is labeled as “Internal Environment Index” is chosen because it has the higher variability and all factors load positively onto the index. 2. Objective setting The objective setting reflects the board’s objectives that support the organization’s mission and is consistent with its risk appetite. This is captured under seven (7) key themes (factors) as shown in table 13. University of Ghana http://ugspace.ug.edu.gh 154 Table 13: Results: Objective Settings Component Table 13a: Selected principal components Observed Coefficients Bootstrap Std Error P-value (95% confidence Interval) Principal Component 1 3.8206 0.2337 0.0000 (3.3626,4.2786) Table 13b: Factor loadings of Principal Component 1 Metric Name Loadings Bootstrap Std Error P-value (95% confidence Interval) Objective definition 0.3271* 0.0559 0.0000 (0.217,0.4368) Strategic planning 0.3551* 0.0504 0.0000 (0.3563,0.4539) Risk appetite 0.3747* 0.0467 0.0000 (0.2832,0.4662) Resource allocation 0.4103* 0.0422 0.0000 (0.3276,0.4929) Objective communication 0.3802* 0.0466 0.0000 (0.2888,0.4716) Objective awareness 0.4086* 0.0424 0.0000 (0.3256,0.4916) Risk alignment 0.3829* 0.0456 0.0000 (0.2936,0.4724) * signifies factor loading ≥0.30 LR test for independence: chi2(21) = 252.90 Prob > chi2 = 0.0000 Table 13c:Variance explained by components Components Eigenvalue Proportion Cumulative Principal Component 1 3.8206 0.5458 0.5458 Principal Component 2 0.9223 0.1318 0.6776 Principal Component 3 0.8044 0.1149 0.7925 Principal Component 4 0.5640 0.0806 0.8731 Principal Component 5 0.4015 0.0574 0.9304 Principal Component 6 0.3050 0.0436 0.9740 Principal Component 7 0.1817 0.026 1.000 University of Ghana http://ugspace.ug.edu.gh 155 The table 13a above indicates that the principal component 1 has eigenvalue above one. This component constitutes about 55% of the variability in the data set (see table 13c). All factors load positively on this component and also have factor loadings greater than 0.30. These factors are economically and statistically significant as shown in table 13b. Each factor contributes almost equally on the index and labeled as objective setting index. 3. Event identification The event identification is the recognition of internal and external events affecting the achievement of an entity’s objectives. These events should be distinguished as risks and opportunities. Events may be categorized among the types of influencing factors, such as external economic, natural environmental, social, internal process-related, and or technological; classifications that are critical to ensure that comprehensive risks are considered. The underlining factors were grouped into six (6) key themes and they are shown in table 14 below. University of Ghana http://ugspace.ug.edu.gh 156 Table 14: Results: Event Identification Component Table 14a: Selected principal component(s) Observed Coefficients Bootstrap Std Error P-value (95% confidence Interval) Principal Component 1 3.4282 0.2069 0.0000 (0.4287,0.4767) Table 14b: Factor loadings of Principal Component 1 Metric Name Loadings Bootstrap Std Error P-value (95% confidence Interval) Environmental risks 0.4527* 0.0122 0.0000 (0.4287,0.4767) Risk signals 0.4107* 0.0189 0.0000 (0.3735,0.4479) Impact assessment 0.3971* 0.0213 0.0000 (0.3554,0.4387) Risk linkages 0.4114* 0.0227 0.0000 (0.3669,0.4558) Risk categorisation 0.4201* 0.0187 0.0000 (0.3834,0.4567) Event categorisation 0.3507* 0.0319 0.0000 (0.2881,0.4133) * signifies factor loading ≥0.30 LR test for independence: chi2(15) = 214.34 Prob > chi2 = 0.0000 Table 14c:Variance explained by components Components Eigenvalue Proportion Cumulative Principal Component 1 3.4282 0.5714 0.5714 Principal Component 2 0.9532 0.1589 0.7302 Principal Component 3 0.7045 0.1174 0.8476 Principal Component 4 0.3849 0.0642 0.9117 Principal Component 5 0.3138 0.0523 0.9640 Principal Component 6 0.2157 0.036 1.0000 From the table 14a shown above, only the first principal component meets the eigenvalue rule. This first component accounts for roughly 57% of the variability of the data set (see University of Ghana http://ugspace.ug.edu.gh 157 table 14c) with all factors loading positive (see table 14b). All the six (6) factors are economically and statistically significant and individually and jointly drive the first principal component which labeled as event identification index. 4. Risk assessment Risk assessment involves a dynamic and iterative process for identifying and analyzing risks to achieving the entity’s objectives, and forming a basis for determining how risks should be managed. The severity of impact, probability of occurrence, and management’s selection of risk responses are key to risk assessment programmes. This has been put into four (4) key themes as shown by the PCA results in table 15 below. University of Ghana http://ugspace.ug.edu.gh 158 Table 15: Results: Risk Assessment Table 15a: Selected principal component(s) Observed Coefficients Bootstrap Std Error P-value (95% confidence Interval) Principal Component 1 2.924 0.4652 0.0000 (3.013,3.8137) Table 15b: Factor loadings of Principal Component 1 Metric Name Loadings Bootstrap Std Error P-value (95% confidence Interval) Risk specification 0.5028 0.0382 0.0000 (0.4278,0.5777) Firm risks 0.5029 0.0384 0.0000 (0.4278,0.5782) Fraud alerts 0.4722 0.04559 0.0000 (0.3822,0.5623) Change management 0.5208 0.0331 0.0000 (0.4558,0.5857) * signifies factor loading>=0.30 LR test for independence: chi2(6) = 159.35 Prob > chi2 = 0.0000 Table 15c:Variance explained by components Components Eigenvalue Proportion Cumulative Principal Component 1 2.9259 0.7312 0.7312 Principal Component 2 0.4645 0.1161 0.8473 Principal Component 3 0.3318 0.0829 0.9303 Principal Component 4 0.2788 0.0697 1.0000 Only principal component one (1) is chosen as shown in table 15a. Also, table above 15c shows that principal component 1 accounts for 73% of the total variability in the data set. All factors load individually and jointly onto the component and are also statistically and economically significant (see table 15b). This component is labeled as risk assessment index. University of Ghana http://ugspace.ug.edu.gh 159 5. Risk response Risk response describes management selection of a set of actions to align risks with the entity’s risk tolerances and risk appetite (COSO, 2004). Risk response is an important input in the risk management process of a firm and this is also categorized into twelve (12) key themes .Table 16 shows its PCA results. Table 16: Results: Risk Response Component Table 16a: Selected principal components Observed Coefficients Bootstrap Std Error P-value (95% confidence Interval) Principal Component 1 6.8121 0.4433 0.0000 (5.9432,7.6810) Principal Component 2 1.0652 0.2989 0.0000 (0.4792,1.6511) Table 16b: Factor loadings of Principal Component 1 Metric Name Loadings Bootstrap Std Error P-value (95% confidence Interval) Process risk 0.2757 0.0174 0.0000 (0.2414,0.3100) Risk alerts 0.2836 0.02535 0.0000 (0.2339,0.3333) Risk mitigants 0.2654 0.0229 0.0000 (0.2205,0.3104) Standard setting 0.2669 0.297 0.0000 (0.2087,0.3252) Risk monitoring 0.2736 0.02253 0.0000 (0.2293,0.3117) Risk policies 0.3016* 0.0164 0.0000 (0.2694,0.3337) Emerging risks 0.2859 0.0169 0.0000 (0.2527,0.3190) Risk ownership 0.3004* 0.0136 0.0000 (0.2737,0.3271) Risk champions 0.2829 0.2456 0.0000 (0.2347,0.3311) Accountability 0.3101* 0.0139 0.0000 (0.2829,0.3373) Risk oversight 0.3127* 0.0137 0.0000 (0.2859,0.3396) Risk reporting 0.3001* 0.0131 0.0000 (0.2744,0.3258) * signifies factor loading ≥0.30 University of Ghana http://ugspace.ug.edu.gh 160 Table 16c: Factor loadings of Principal Component 2 Metric Name Loadings Bootstrap Std Error P-value (95% confidence Interval) Process risk 0.0035 0.1863 0.0000 (-0.3617,0.3686) Risk alerts -0.0486 0.2078 0.0000 (-0.4559,0.3587) Risk mitigants -0.5294* 0.4738 0.0000 (-1.456,0.39908) Standard setting 0.3476* 0.2595 0.0000 (-0.1610,0.8563) Risk monitoring 0.833* 0.3645 0.0000 (-0.3312,1.0978) Risk policies 0.2661 0.2326 0.0000 (-0.1897,0.7219) Emerging risks -0.288 0.2445 0.0000 (-0.7673,0.1913) Risk ownership 0.1528 0.1644 0.0000 (-0.1695,0.4751) Risk champions 0.2849 0.263 0.0000 (-0.2310,0.8008) Accountability -0.0126 0.1341 0.0000 (-0.2753,0.2502) Risk oversight -0.1251 0.1487 0.0000 (-0.4166,0.1664) Risk reporting -0.4188* 0.3131 0.0000 (-1.0326,0.19492) * signifies factor loading ≥0.30 LR test for independence: chi2(66) = 572.95 Prob > chi2 = 0.0000 Table 16d:Variance explained by components Components Eigenvalue Proportion Cumulative Principal Component 1 6.8120 0.5677 0.5677 Principal Component 2 1.0651 0.0888 0.6564 Principal Component 3 0.7059 0.0588 0.7153 Principal Component 4 0.6009 0.0501 0.7654 Principal Component 5 0.5613 0.0468 0.8121 Principal Component 6 0.4916 0.041 0.8531 Principal Component 7 0.4251 0.0354 0.889 Principal Component 8 0.3337 0.0278 0.9163 Principal Component 9 0.2986 0.0249 0.9412 University of Ghana http://ugspace.ug.edu.gh 161 Principal Component 10 0.2905 0.0242 0.9654 Principal Component 11 0.2354 0.0196 0.9851 Principal Component 12 0.1793 0.0149 1.0000 As shown in table 16a, two principal components are selected. The first principal component accounts for 57% of variability in the data set (see table 16d). Though not all the factors were economically significant, all were statistically significant with p-values of 0.0000. While five factors had loadings above 0.30 in the first principal component, only three were significant in the second principal component (see table 16c). The table 16b shows that the first principal component appears to be driven by risk policies, emerging risks, risk champions, risk oversight and risk reporting. These factors individually load positively onto the first principal component. These variables collectively reflect the risk oversight role of management. Risk monitoring has a factor loading of 0.833 in the second component and is labeled as risk monitoring index, while the first principal component is labeled as risk response index. From the afore discussion, it is explicit that the first component has a higher variability and the factors load positive. It is therefore selected. 6. Control activities Control activities are the policies and procedures that ensure that management directives are carried out. They help to ensure that necessary actions are taken to address risks in order to assist the entity to achieve its objectives. Control activities occur throughout the organization at all levels and in all functions. The control activities are categorized into four (4) key themes as seen in table 17 which indicate a strong correlation between the data set. University of Ghana http://ugspace.ug.edu.gh 162 Table 17: Results: Control Activities Table 17a: Selected principal components Observed Coefficients Bootstrap Std Error P-value (95% confidence Interval) Principal Component 1 2.3042 0.2189 0.0000 (1.8751,2.7334) Table 17b: Factor loadings of Principal Component 1 Metric Name Loadings Bootstrap Std Error P-value (95% confidence Interval) Control manual 0.4089 0.8572 0.0000 (0.2409,0.5769) Mitigant selection 0.5159 0.0599 0.0000 (0.3985,0.6335) System & technology 0.5419 0.053 0.0000 (0.4379,0.6458) Procedure manual 0.5224 0.0594 0.0000 (0.4059,0.6388) * signifies factor loading ≥0.30 LR test for independence: chi2(6) = 73.44 Prob > chi2 = 0.0000 Table 17c:Variance explained by components Components Eigenvalue Proportion Cumulative Principal Component 1 2.3042 0.5761 0.5761 Principal Component 2 0.7460 0.1865 0.7626 Principal Component 3 0.5175 0.1294 0.8920 Principal Component 4 0.4321 0.1080 1.0000 From the table 17a, only principal component 1 is retained. Principal component one accounts for 58% of the variability in the data set (see table 17c). All factors load positively unto the component (see table 17b). Hence, this index is labeled control activities index. University of Ghana http://ugspace.ug.edu.gh 163 7. Information and Communication Relevant information is identified, captured, and communicated in a form and time frame that enable people to carry out their responsibilities. Effective communication also occurs in a broader sense, flowing down, across, and up the entity (COSO, 2004). Information systems must be integrated with operations and objectives. The principal component analysis results in table 18 below show overall significance of the model and a strong correlation between the four themes which captures information and communication. Table 18: Results: Information & Communication Component Table 18a: Selected principal components Observed Coefficients Bootstrap Std Error P-value (95% confidence Interval) Principal Component 1 2.7289 0.1761 0.0000 (2.3837,3.7422) Table 18b: Factor loadings of Principal Component 1 Metric Name Loadings Bootstrap Std Error P-value (95% confidence Interval) Control data 0.5237 0.0116 0.0000 (0.5010,0.5465) Internal communication 0.5175 0.0183 0.0000 (0.4817,0.5533) External communication 0.4565 0.0371 0.0000 (0.3837,0.5293) Timely information 0.4995 0.0229 0.0000 (0.4545,0.5444) LR test for independence: chi2(6) = 134.32 Prob > chi2 = 0.0000 * signifies factor loading ≥0.30 University of Ghana http://ugspace.ug.edu.gh 164 Table 18c:Variance explained by components Components Eigenvalue Proportion Cumulative Principal Component 1 2.7289 0.6822 0.6822 Principal Component 2 0.6375 0.1594 0.8415 Principal Component 3 0.3329 0.0832 0.9249 Principal Component 4 0.3005 0.0751 1.0000 Principal component 1 accounts for 68% of variability in the data set as shown in table 18c. All factors are statistically significant and load positively unto this component as shown in the table 18b. This principal component is labeled, information and communication index. 8. Monitoring and evaluation The entirety of enterprise risk management is monitored and modifications are made as necessary. This input component covers the external oversight of internal controls by management or other parties outside the process, or the application of independent methodologies, such as customised procedures or standard checklists by employees within a process. The monitoring factor is categorized into three (3) key themes as shown in table 19 below. University of Ghana http://ugspace.ug.edu.gh 165 Table 19: Results: Monitoring and evaluation Table 19a: Selected principal components Observed Coefficients Bootstrap Std Error P-value (95% confidence Interval) Principal Component 1 1.8068 0.1624 0.0000 (1.4885,2.1251) Table 19b: Factor loadings of Principal Component 1 Metric Name Loadings Bootstrap Std Error P-value (95% confidence Interval) Control evaluation 0.6556 0.0268 0.0000 (0.60301,0.7082) Feedback process 0.5647 0.0442 0.0000 (0.4781,0.6512) Board meeting 0.5013 0.0624 0.0000 (0.3789,0.6236) LR test for independence: chi2(3) = 44.08 Prob > chi2 = 0.0000 * signifies factor loading ≥0.30 Table 19c:Variance explained by components Components Eigenvalue Proportion Cumulative Principal Component 1 1.8068 0.6020 0.6023 Principal Component 2 0.8046 0.2682 0.8705 Principal Component 3 0.3885 0.1295 1.0000 The first principal component with an eigenvalue of 1.8068 as shown in table 19a is retained. All factors individually and jointly; significantly and economically load positively unto the component (see table 19b). This chosen principal component explains 60% of the variability in the data set as shown in table 19c. Therefore, this index is labeled as monitoring index. University of Ghana http://ugspace.ug.edu.gh 166 9. Organisational culture The organizational culture is an additional variable proposed by the researcher to capture the dynamic nature of the COSO ERM framework in different working environment. The ethical environment of an organization is seen to encompass aspects of upper management’s tone in achieving organizational objectives, their value judgments and management styles (COSO, 1992) introduced the concept of ‘ethical climate’ to explain and predict organizational ethical behaviour. Review of existing literature on organization cultures identified six (6) key themes as presented in table 20 below. Table 20: Results: Organisational Culture Table 20a: Selected principal component Observed Coefficients Bootstrap Std Error P-value (95% confidence Interval) Principal Component 1 3.1208 0.4966 0.0000 (2.1476,4.0941) Table 20b: Factor loadings of Principal Component 1 Metric Name Loadings Bootstrap Std Error P-value (95% confidence Interval) Homogeneity 0.2342 0.0454 0.0000 (0.1451,0.3233) Job-welfare conflict 0.4344 0.0212 0.0000 (0.3927,0.4761) Firm controls structure 0.429 0.0236 0.0000 (0.3827,0.4752) Long orientation 0.4533 0.0145 0.0000 (0.4248,0.4818) Customer orientation 0.4464 0.0162 0.0000 (0.4145,0.4782) Familiarity 0.4095 0.0245 0.0000 (0.3614,0.4575) LR test for independence: chi2(15) = 144.65 Prob > chi2 = 0.0000 * signifies factor loading ≥0.30 University of Ghana http://ugspace.ug.edu.gh 167 Table 20c:Variance explained by components Components Eigenvalue Proportion Cumulative Principal Component 1 3.1208 0.5201 0.5201 Principal Component 2 0.9424 0.1571 0.6772 Principal Component 3 0.6350 0.1058 0.7830 Principal Component 4 0.5019 0.0837 0.8667 Principal Component 5 0.4148 0.0691 0.9358 Principal Component 6 0.3850 0.0642 1.0000 The principal component has an eigenvalue of 3.0208 as shown in table 20a and represents 52% of the variability in the data set (see table 20c). All factor loadings are above 0.30 except homogeneity with a factor loading of 0.2342 (see table 20b). The factors individually positively load unto the first principal component. The index has an overall level of significance. This index is therefore, labeled organizational culture index. With reference to the modified COSO ERM adoption components discussed above, all the nine (9) components constructed have high level of significance (p-value = 0.0000) and the individual factors are statistically significant, indicating a strong correlation among drivers of the proposed composite ERM adoption index. 10 The ERM index Following the works of Namwongse & Limpiyakorn (2012) , Grace et al., (2013), Gordon et al., (2009), Mcshane et al., (2011) and Beasley et al., (2010; 2008), this study used principal component analysis to establish the latent factors that drive enterprise risk management adoption in the Ghanaian banking industry using the nine (9) indices previously generated. The ERM adoption index is a composite index, meaning the overall score is a weighted average of the nine (9) factors. University of Ghana http://ugspace.ug.edu.gh 168 The result of the composite ERM adoption factors is shown in table 21. The model is statistically significant. Principal component 1 and principal component 2 as selected as shown in table 21a below. The two components account for approximately 73 percent of the variability in the data set (see table 21). University of Ghana http://ugspace.ug.edu.gh 169 Table 21: Results: ERM Index Table 21a: Selected principal components Observed Coefficients Bootstrap Std Error P-value (95% confidence Interval) Principal Component 1 5.5563 0.2826 0.0000 (5.0023,6.1102) Principal Component 2 1.017 0.1485 0.0000 (0.7258,1.3081) Table 21b: Factor loadings of Principal Component 1 Factor Loadings Bootstrap Std Error P-value (95% confidence Interval) Internal environment index 0.2988* 0.0213 0.0000 (0.2225,0.3752) Objective setting index 0.3545* 0.0091 0.0000 (0.2963,0.4128) Event identification index 0.3567* 0.0129 0.0000 (0.3012,0.4123) Risk assessment index 0.3673* 0.0103 0.0000 (0.3169,0.4176) Risk response index 0.3892* 0.0079 0.0000 (0.3500,0.4284) Control activities index 0.361* 0.0114 0.0000 (0.3057,0.4163) Information & communication index 0.3455* 0.0203 0.0000 (0.2827,0.4084) Monitoring index 0.3469* 0.0096 0.0000 (0.2858,0.4080) Organisational culture index 0.0364* 0.0606 0.0000 (-0.0774,0.1502) * signifies factor loading ≥0.30 Table 21c: Factor loadings of Principal Component 1 Factor Loadings Bootstrap Std Error P-value (95% confidence Interval) Internal environment Index 0.1423 3011 0.0000 (-2.1099,2.3894) Objective setting Index 0.2047 0.2381 0.0000 (-1.3266,1.7361) Event identification index 0.128 0.1719 0.0000 (-0.7336,0.9895) Risk assessment index 0.0687 0.125 0.0000 (-0.6998,0.8372) Risk response index -0.0928 0.0661 0.0000 (-.2955,0.1100) University of Ghana http://ugspace.ug.edu.gh 170 Control activities index -0.1523 0.2237 0.0000 (-1.5959,1.2914) Information & communication index -0.2219 0.2952 0.0000 (-2.1405,1.6968) Monitoring index -0.1473 0.2258 0.0000 (-1.8891,1.5945) Organisational culture index 0.9022* 0.1994 0.0000 (-.9542, 2.7587) * signifies factor loading ≥0.30 LR test for independence: chi2(36) = 560.50 Prob > chi2 = 0.0000 Table 21d:Variance explained by components Components Eigenvalue Proportion Cumulative Principal Component 1 5.5563 0.6174 0.6174 Principal Component 2 1.0170 0.1130 0.7304 Principal Component 3 0.9691 0.1070 0.8380 Principal Component 4 0.4771 0.0530 0.8910 Principal Component 5 0.3190 0.0355 0.9265 Principal Component 6 0.2018 0.0244 0.9489 Principal Component 7 0.1890 0.021 0.970 Principal Component 8 0.1471 0.0163 0.9863 Principal Component 9 0.1234 0.0137 1.0000 The principal component 1 alone accounts for 62% of the variability in the data set (see table 21d). The factors in the first principal component individually and jointly load positively unto the principal component with factor loadings above 0.30 except organisational culture which has a factor loading of 0.03. All the factors in this component are statistically significant and is labeled enterprise risk management adoption index (ERM adoption index). University of Ghana http://ugspace.ug.edu.gh 171 Principal component 2 accounts for only 11% of the variability in the data set (see table 21d). Organisational culture is the dominant factors in this component with a factor loading of 0.90 and is statistically significant as shown in table 21c. This affirms the researchers’ believe that organisational culture plays a key significant role in ERM adoption. This component is labeled organizational culture index. This index is dropped because organizational culture alone cannot be the predictor of ERM adoption in banks. Though organisational culture is not economically significant in the principal component 1, the eight other factors load positive unto the ERM adoption index, hence, these factors individually and jointly predict ERM adoption in the Ghanaian banking industry. Hopefully, organisation culture may influence ERM adoption in a cross-country study. The ERM adoption index is therefore selected as the barometer to measure level of ERM adoption in Ghanaian banks. This study has taken the initiative to design an effective ERM adoption index based on a modified COSO ERM framework. The approach is novel because to the best of the researcher’s knowledge, no one has used principal component analysis in arriving at the ERM adoption index for the Ghanaian banking industry. This ERM adoption index is used as a dependent variable to determine the drivers of ERM adoption in the Ghanaian banking industry. University of Ghana http://ugspace.ug.edu.gh 172 4.5 Descriptive statistics Table 22: Summary statistics: AML Compliance and ERM Adoption Summary Statistic: AML and ERM Rescaled Scores AML Industry (mean) Maximum Minimum Number of banks above industry average 500 984 2.07 38 ERM Industry (mean) Maximum Minimum Number of banks above industry average 500 968 17.46 35 Table 23: Percentile distribution of scores Percentile distribution of banks AML Percentile 5th 50th 75th 95th Label Low Medium High Very High Number of banks 4 36 39 0 ERM Percentile 5th 50th 75th 95th Label Weak Fair Good Strong Number of banks 3 36 36 4 University of Ghana http://ugspace.ug.edu.gh 173 The mean scores for AML compliance and ERM adoption were 499 and 500 respectively. The maximum scores for AML compliance and ERM adoption were 984 and 968 with a minimum score of 2.07 and 17.46 respectively. Thirty eight (38) banks were found to be above the industry average for AML compliance. Surprisingly, three (3) universal banks were among the forty one (41) banks that fell below the average. Also, whilst thirty five (35) banks were above the industry score of 500 for ERM, a universal bank was among firms that fell below the average. This is a cause for concern, as class one banks are expected to have stronger risk management practices than NBFIs due to the permissible activities they undertake. This high score in terms of AML compliance affirms the mandatory nature of AML laws on financial institutions whilst risk management practices meant to minimize risk exposure are not mandatory and is dependent on the choice of banks. Furthermore, whilst none of the banks were found to have “very high” AML compliance levels, four (4) had low AML compliance and about 94 percent lie between “medium-high” compliance. Similarly, four (4) banks had “strong” ERM systems with three (3) having weak ERM practices. Approximately, 91 percent of banks had “fair to good” ERM systems University of Ghana http://ugspace.ug.edu.gh 174 4.6 Association between AML and ERM Table 24: AML compliance and ERM adoption AML compliance low medium high very high Total ERM adoption weak 0 (0%) 2 (50%) 2 (50%) 0 (0%) 4 (100%) fair 4 (11%) 24 (67%) 8 (22%) 0 (0%) 36 (100%) good 0 (0%) 10 (28%) 26 (72%) 0 (0%) 36 (100%) strong 0 (0%) 0 (0%) 3 (100%) 0 (0%) 3 (100%) Total 4 (5.06%) 36 (46%) 39 (49%) 0 (0%) 79 (100%) Pearson chi2(6) = 22.9198 Pr = 0.001 Restating the hypotheses, 1. AML compliance levels are high in the Ghanaian banking industry 2. ERM adoption levels are high in the Ghanaian banking industry 3. AML compliance does not significantly affect ERM adoption in the Ghanaian banking industry; Approximately 92 % and 91 % of banks had satisfactory AML Compliance and ERM adoption respectively levels as shown in table 24. Chi-square results show X2(6) =22.92 University of Ghana http://ugspace.ug.edu.gh 175 with p-value of 0.001, thus rejecting Ho indicating an association between AML compliance and ERM Adoption. Table 25: Top ten performers Industry ERM Adoption score ERM Label AML compliance score AML Label Industry 1 968.44 strong 984.39 High 1 1 961.17 strong 984.39 High 1 1 946.46 strong 984.39 High 1 1 902.34 good 984.39 High 1 1 896.70 good 984.39 High 1 1 866.05 good 959.01 High 2 1 864.92 good 944.29 High 1 1 849.85 good 929.87 High 1 1 824.00 good 927.33 High 1 2 795.75 good 926.74 High 1 1-universal banks 2-NBFIs Table 25 shows the top ten performances with respect to AML compliance and ERM adoption in the Ghanaian banking sector. Interestingly, some NBFIs are among the top ten performers in both AML compliance and ERM adoption. It is not shocking to see majority of the top tem performers in both categories to be universal banks (1) because of the level of risk culture. University of Ghana http://ugspace.ug.edu.gh 176 4.7 Regression Results This section discusses the regression results taking into consideration previous studies that used the appointment of CRO as proxy for ERM adoption. The results of the logistics model which uses the appointment of a CRO as indication of ERM adoption showed mixed results similar to previous studies (see Beasley et al., 2005; Hoyt & Liebenberg, 2006). However, most of the drivers improved as shown in the OLS and the 2SLS. The results are discussed below. Table 26: Multivariate results Dependent variable: CRO ERM Adoption index ERM Adoption index Variable Logistic OLS 2SLS ROA -0.002 -0.025 0.23 AML compliance 0.135c 0.543a 0.566a Firm Size 0.181 1.671a 2.030c Auditor type -0.634 0.402 0.79 Capital Adequacy ratio 0.377 2.714 6.78 Risk Culture 1.728b -4.402b -4.948b N 79 79 79 R2 0.54 0.35 Pseudo R2 0.52 Prob>F 0.0000 Prob.chi2 0.0000 0.0000 a, b, c indicates significance level at the 1%, 5%, and 10% level, respectively. University of Ghana http://ugspace.ug.edu.gh 177 4.6.1 Firm performance (ROA) The two (2)-stage least square produced a positive relationship between firm performance (ROA) and enterprise risk management adoption though insignificant. The logistic and ordinary least square results show a negative relationship between enterprise risk management adoption and firm performance in line with studies by Beasley et al., (2008) and Liu et al., (2010). Aspects of empirical literature have observed how difficult it is to quantify the real benefits of adopting enterprise risk management (Gordon et al., 2009; Acharyya, 2008). While the intangible benefits seem to be more readily perceived, there is the challenge of how to measure them (EIU, 2007). Hence, firms generally believe they will witness improvement in profit margins and returns after adopting enterprise risk management, though they are not too sure how they would be realistically measured. The premise that the adoption of enterprise risk management will increase bottom figures and turnover is borne out of the notion that managing risk exposures and new opportunities could enhance performance in general ( Pagach & Warr (2010); Deloitte & Touché, 2009). However, Purge (2008) suggests enterprise risk management adoption is a cost, hence, until the real benefits are seen, profits are likely to be affected because of the huge cash outflow. 4.6.2 Anti-money laundering compliance index The AML compliance index generated interesting results. AML compliance and enterprise risk management adoption are risk mitigation tools. Hence, firms may be more interested in protecting on the value of the firm through cost mitigation tools. Table 21 shows a statistically significant positive relationship between anti-money laundering compliance and enterprise risk management adoption at 1% for 2SLS and OLS estimation methods and 10% for the logistic estimation technique. Though to the best knowledge of the author, University of Ghana http://ugspace.ug.edu.gh 178 no studies have been done to test this association, results buttress the rejection of the null hypothesis that AML compliance does not influence a bank’s decision to adopt or adoption of ERM. This implies that an AML compliance programme will increase ERM adoption in the Ghanaian banking industry. A one percent change in anti-money laundering compliance will result in a 0.57 increase in enterprise risk management adoption using the 2SLS estimation method. The results clearly show that an effective AML regime influences enterprise risk management adoption. The assertion is premised on the fact that whereas AML compliance is enforceable by international, regional and national anti-money laundering agencies, enterprise risk management adoption is optional, so firms adopt at different stages in the business cycle with different reasons. To avoid attracting regulatory actions, fines and other penalties, and to effectively manage risks at an enterprise-wide scale, banks also conduct money laundering risk assessment of their internal and external environments to assess money laundering vulnerabilities. However, this is not to say that enterprise risk management adoption is totally devoid of encouraging pro-compliance behaviour of firms. 4.6.3 Firm size Firm size showed a positive statistically significant at 1% and 10% for the OLS and 2SLS estimation methods consistent with Beasley et al., (2008), Hoyt & Liebenberg (2006), Pagach & Warr (2008:2007), Gordon et al., (2009), Golshan & Abdul Rashid (2012) and Yazid et al., (2008). Although statistically insignificant in the logistic model, firm size had the right positive sign in all estimations, implying that firm size influences enterprise risk management adoption positively, but not rigorously so under the logistic model. This analysis lends credence to the assertion that larger and complex firms with greater University of Ghana http://ugspace.ug.edu.gh 179 complexities and risks of banking distress and more volatile operating cash flows tend to adopt enterprise risk management. 4.6.4 Auditor type Results were mixed and also not statistically significant with regards to all the three estimation methods contrary to Beasley et al., (2008). The logistic showed a negative relationship between auditor type and enterprise risk management adoption, the ordinary least square and 2SLS showed a positive influence though not statistically significant. Though it is argued that firms audited by one of the top four auditing firms (KPMG LLP, Ernst &Young LLP, PricewaterhouseCoopers LLP and Deloitte & Touché Tohmatsu Ltd) are likely to adopt enterprise risk management, the Ghanaian banking industry shows different results hence the type of auditor a bank chooses has no direct influence on its decision to adopt ERM. 4.6.5 Capital Adequacy Ratio Finally, a bank’s solvency measured by the level of capital it holds to meet expected and unexpected losses arising from its risk exposures is discussed. This also gauges the safety and soundness of a firm (Estrella et al., 2000) in times of crisis. Section 23 (1) of the Ghanaian Banking Act 2004, Act 673 as amended requires banks to hold a minimum of 10 percent adjusted capital to adjusted assets. The overall banking industry stability and soundness is measured by the aggregate capital adequacy ratios of individual banks. Results revealed no link between capital adequacy and enterprise risk management adoption though capital adequacy is key to bank’s solvency and regulators sanction/close down banks with low capital adequacy. University of Ghana http://ugspace.ug.edu.gh 180 4.6.6 Risk Culture The three (3) estimation techniques revealed mixed results though all three estimates were statistically significant at 5%. The logistic model produced a positive relationship between risk culture and ERM Adoption implying that universal banks are likely to adopt ERM more that non-bank financial institutions. This is not surprising due to difference in risk taking behavior of banks and non-banks and permissible activities under the Banking (Amendment) Act , 2007 (Act 738) and Non-Bank Financial Institutions Act, 2008, (Act 774). Though non-bank financial institutions do financial intermediation, their scope of activities as permitted under is limited to only borrowing and lending. NBFIs are expected to be clients of universal bank hence their forex transactions, contingency liabilities are all handled by universal banks. Depositors’ funds are not too much at risk as these funds are managed by universal bank. Due to the simple “vanilla” product and services operated by NBFIs, it is normal for them to be less risky than universal banks. This results buttress the call for separate banking regulations for bank and non-bank financial institutions to ensure customers of NBFIs get full banking services and also deepen financial services delivery. The overall regression model had a good fitness level (Prob.chi2 = 0.000 for logistic and 2SLS models and Prob> F = 0.0000 for the OLS estimation model). Finally, the study concludes that AML compliance, bank size, and risk culture are predictors of ERM adoption in the Ghanaian banking space. University of Ghana http://ugspace.ug.edu.gh 181 CHAPTER FIVE SUMMARY OF FINDINGS, CONCLUSIONS, CONTRIBUTIONS AND RECOMMENDATIONS 5.0 Introduction In this thesis, the author sought to investigate the empirical linkages AML and ERM in the Ghanaian banking industry using a sample of 79 banking institutions licensed by Bank of Ghana and have been in business for at least a year. Various theoretical and empirical literature on ERM and AML as well as international and domestic laws on AML compliance were reviewed. Both parametric and non-parametric estimation techniques were employed to help meet the objectives of the study. Two key indices: AML compliance index and ERM index were developed to help gauge the AML compliance and ERM levels in the Ghanaian banking sector. The association between AML and ERM was also established. Finally, regression analysis was used to establish the linkages between the variables. 5.1 Summary of Findings Analyses of the index scores for both AML and ERM show a high compliance and adoption levels among banks, more especially the universal banks. 40 banks were above the industry AML compliance median score. Interestingly, 14 NBFIs were among the 40 firms. What is worrying is the presence of a universal bank among firms below the industry median. Also, 35 firms were above the ERM adoption means score. Surprisingly, a universal bank was among the 44 firms who fell below the industry average. Though the study establishes an association between AML and ERM, it is not quite shocking that AML compliance scores were far higher than the ERM Adoption scores because AML compliance is regulatory and mandatory. Furthermore, based on the score percentile distribution and interpretation, approximately 92 percent of firms indicate “medium to University of Ghana http://ugspace.ug.edu.gh 182 high” AML Compliance levels while about 91 percent had “fair to good” ERM adoption levels. Based on the PCA analysis, the following factors are significant drivers of AML Compliance in Ghana are banking industry (p- values of all PCAs = 0.000; chi-square (6) = 305.42): money laundering risk assessment, records management, compliance programme and corporate governance. Also, based on the PCA analysis, the following factors are significant drivers of ERM Adoption in Ghana’s banking industry (p- values of all PCAs = 0.000; chi-square (36) = 560.50): Internal environment, Objective setting, Event identification, Risk response, Control activities, Information and communication and Monitoring. In addition, banks in Ghana with good AML compliance systems have adopted ERM. Additionally, based on the regression results; AML Compliance is a significant predictor of ERM adoption at 1%. Risk management practices are significant predictors of ERM adoption at 5%. Prior studies (Gordon et al., 2009) show that profitability predicts ERM adoption; this study confirms the positive relationship, though it is not statistically significant. The size of a bank influences the adoption of ERM at 10%. Capital Adequacy Ratio does not influence adoption of ERM in the Ghanaian banking sector. A Bank’s risk culture influences its adoption of ERM. The study’s findings are robust due to the use of mixed methods that draw on various estimation procedures. To the best knowledge of the author, the construction of both the ERM adoption and AML compliance indices is a novelty which reasonably measures the effectiveness of ERM adoption and AML Compliance in Banks respectively. University of Ghana http://ugspace.ug.edu.gh 183 5.2 Conclusions The study set out to investigate the association between anti-money laundering compliance and enterprise risk management adoption in the Ghanaian banking sector. The general theoretical and empirical literature on the predictors of AML compliance and ERM adoption is inconclusive. This study also attempts to establish the level of ERM adoption and its drivers and AML compliance in the Ghanaian banking sector. ERM and AML indices are developed using principal component analysis and drivers of ERM adoption in the Ghanaian banking sector are established using logistic, ordinary least square and 2SLS estimation techniques. The association between AML and ERM is also tested using chi- square test. PCA scores show encouraging AML compliance and ERM adoption levels among banks. Results also show that money laundering risk assessment, records management, compliance programme and corporate governance are drivers of AML compliance in the Ghanaian banking industry. The study also reveals that AML compliance is a key driver of ERM adoption in the Ghanaian banking industry and supports the hypothesis that larger banks have a higher propensity to adopt ERM. The implication of this revelation is that size matters when it comes to ERM adoption in the Ghanaian banking sector. Further, it emerged from this study that a Ghanaian bank may not adopt ERM because it wants to manage its risk but solely because it is audited by one of the big four (4) accounting firms. The study further concludes that the risk culture of a bank would influence its adoption of ERM. Finally, the study could not resolve the controversy in the literature on the exact link between profitability and ERM adoption because it offered mixed results which were also statistically insignificant. University of Ghana http://ugspace.ug.edu.gh 184 The results support the global and domestic efforts made so far to contain money laundering as shown in the high AML compliance levels of banks. Also, a comprehensive predictor of ERM adoption using the COSO ERM framework provides a better metric than the use of the presence of a CRO. Bank stakeholders can assess the level of ERM adoption and AML Compliance using the indices developed. The findings from the study further confirms that minimizing money laundering risk requires a bank to design, implement, test, and improve its AML policies and procedures on a continuous basis since AML compliance is a process, not an event. 5.1 Contributions to knowledge The major contribution to literature and industry is the development of continuous AML compliance and ERM adoption barometers and the establishment of an association between AML compliance and ERM adoption in the banking sector of Ghana. This study is designed to be the first to consider using a comprehensive index based on a modified COSO ERM framework as a robust measure of ERM adoption which is a continuous metric rather than a discrete one. In this way, one may not only judge the mere existence of ERM adoption in firms, but also the extent of adoption. It is argued that ERM is a process, not an event – it is a continuum as it is adopted in varying degrees over time. Secondly, the intensity with which money laundering and terrorist financing have increased geometrically has global consequences and African countries have not been spared. Though international efforts have been made to enhance anti-money laundering and propose measures of combatting terrorist financing, no robust metric has been developed to gauge the level of compliance among financial institutions in Ghana. This study serves as a pioneering one in light of the global attention paid to money laundering University of Ghana http://ugspace.ug.edu.gh 185 and terrorist financing risk and bridges the measurement gap of AML compliance in financial institutions. The study also establishes the association between AML compliance and ERM adoption and affirms that AML Compliance is a significant predictor of ERM adoption in the Ghanaian banking space. Though many drivers of AML compliance have been espoused by regulators, academics and practitioners, the study identifies four (4) key drivers of AML compliance. Once banks focus on money laundering risk assessment, records management, compliance programme and corporate governance, they are likely to have a good AML environment. 5.3 Recommendations From the positive association between AML compliance and ERM adoption, banks should be encouraged to invest in their AML systems. The study also provides policy support to the global AML standard setters/regulators. Also, banking institutions should understand that a robust risk management system should aim at dealing with business risks and other risks holistically. The study recommends continuous risk assessment with the bank’s internal and external environment to minimize the threat of money laundering. Also, proper customer records and updates should be strictly enforced by bank management and regulators to help in the prosecution of money laundering cases. Regulators should ensure that banks adhere to proper corporate governance practices. Also, compliance programmes of banks should be reviewed periodically to capture money laundering risks on a continuous basis. University of Ghana http://ugspace.ug.edu.gh 186 As part of ensuring a stronger risk management environment and adherence to internal controls, banks should employ the COSO ERM framework in their enterprise risk management practices. Also, management should ensure that a risk culture permeates the organization as it leads to adoption of holistic risk management. 5.4 Areas of Further Research It is hoped that the study’s analysis would contribute to the discussion on the justifications for AML compliance and ERM adoption, but at the same time, the researcher realises the need for further research on this subject. For example, future researchers on the subject should consider the role of expectations on ERM adoption and AML compliance in their analysis, as the expectations play an important role in the determination of the firm’s orientation towards risk mitigation, firm profitability and growth. Also, this study did not explore the causality between AML compliance and firm performance. As data on AML compliance becomes more available, it is the researcher’s expectation that further study is conducted to ascertain the influence of AML compliance on firm performance. It is also expected that the coverage of the analysis would be expanded, for example, by examining ERM adoption and firm performance in different sectors as firms in different sectors such as insurance and transportation are confronted by varied risks, and are thus likely to respond differently in terms of rate of ERM adoption. The study also did not examine the technical and effective AML compliance of Ghanaian banks; further research could focus on this area. University of Ghana http://ugspace.ug.edu.gh 187 BIBLIOGRAPHY Abdullah, N. H., Shamsuddin, A., & Wahab, E. (2012). The Influence of Transformational Leadership on Product Innovations among Small Business. International Conference on Technology Management, Business and Entrepreneurship (ICTMBE) 2012, 18-19 December 2012, Melaka, Malaysia. Aboagye, A. Q., Akoena, S. K., Antwi‐Asare, T. O., & Gockel, A. F. (2008). Explaining Interest Rate Spreads in Ghana. African Development Review, 20(3), 378-399. Acharya, V. V., & Yorulmazer, T. (2007). Too many to fail - An analysis of time- inconsistency in bank closure policies. Journal of Financial Intermediation, Elsevier, 16(1), 1-31. Acharyya, M. (2008). In measuring the benefits of enterprise risk management in insurance: an integration of economic value added and balanced score card approaches. Working paper for the society of Actuaries. Adu-Amankwah, A. (2015, August 26). Money Laundering and Financing of Terrorist Activities in Ghana at Tema Metropolitan Assembly Capacity Building and Awareness Programme, Tema, Ghana. Agusman, A., Monroe, G. S., Gasbarro, D., & Zumwalt, J. K. (2008). Accounting and capital market measures of risk: Evidence from Asian banks during 1998-2003, Journal of Banking & Finance 32, 480-488. Alldridge, P. (2002). The Moral Limits of the Crime of Money Laundering, Buffalo Criminal Law Review, 5 (1), 279–319. Altuntas, M., Berry-Stölzle, T. R., & Hoyt, R. E. (2011). Implementation of Enterprise Risk Management: Evidence from the German Property-Liability Insurance University of Ghana http://ugspace.ug.edu.gh 188 Industry. The Geneva Papers on Risk and Insurance – Issues and Practice, 36, 414- 439. Anderberg, M.R. (1973). Cluster Analysis for Applications, Academic Press, Inc: New York. Annor, G. (2014, July 22). Adansi Rural Bank increases stated capital. Daily Graphic, p. 11. Bagella, M., Becchetti, L., & Cicero M. L. (2003). Regional Externalities and Direct Effects of Legislation Against Money Laundering: A Test on Excess Money Balances in The Five Andean Countries, Journal of Money Laundering Control, 7 (4), 347–366. Baker, R. W. (1999). The Biggest Loophole in the Free-Market System, Washington Quarterly, 22 (4), 29–46. Baldwin, F. N. (2002). Money laundering countermeasures with primary focus upon terrorism and the USA Patriot Act 2001 (Analysis), Journal of Money Laundering Control, 6 (2), 105–136. Ball, R., & Brown, P. (1969). Portfolio theory and accounting. Journal of Accounting Research, 300-323. Ballou, B., & Heitger, D. L. (2005). A building-block approach for implementing COSO’s enterprise risk management – Integrated framework. Management Accounting Quarterly, 6(2), 1-10. Bamberger, K. A. (2010). Technologies of compliance: Risk and regulation in a digital age. Texas Law Review, 88(4), 669-739. University of Ghana http://ugspace.ug.edu.gh 189 Bandura, A. (2006). Toward a psychology of human agency. Perspectives on Psychological Science, 1(2), 164-180. Basel Institute on Governance (2012). The Basel AML Index. Bayoumi, T. (2004). A new International Macroeconomic Mode. IMF Occasional Paper 239. Beamon, B. M. (1996). Performance measures in supply chain management. Proceedings of the 1996 Conference on Agile and Intelligent Manufacturing System, Rensselaer Polytechnic Institute, Troy, New York. Beasley, M. S., Chen, A., Nunez, K., & Wright, L. (2006). Working hand in hand: Balanced scorecards and enterprise risk management. Strategic Finance, 49–55. Beasley, M. S., Clune, R., & Hermanson, D. R. (2008). The impact of enterprise risk management on the internal audit function. Journal of Forensic Accounting, 9(1), 1-20. Beasley, M., Branson, B., & Hancock, B. (2010). COSO’s Report on ERM - Current State of Enterprise Risk Oversight and Market Perceptions of COSO’s ERM Framework, ERM Initiative at North Carolina State University, Raleigh. Beasley, M., Clune, S. R., & Hermanson, D. R. (2005). Enterprise Risk Management: An Empirical Analysis of Factors Associated with the Extent of Implementation. Journal of Accounting and Public Policy, 24(6), 521-531. Beasley, M., Pagach, D., & Warr, R. (2008). Information conveyed in hiring announcements of senior executives overseeing enterprise-wide risk management processes. Journal of Accounting, Auditing and Finance, 28(3), 311–332. University of Ghana http://ugspace.ug.edu.gh 190 Becker, G. S. (1968). Crime and Punishment: An Economic Approach. The Journal of Political Economy, 76(2), 169-217. Bell, T., Solomon, F., & Thomas, I. (1997). Auditing Organisations through a strategic- systems lens: the KPMG business measure process. KPMG. Bester, H., Chamberlain, D., de Koker, L., Hougaard, C., Short, R., Smith, A., & Walker, R. (2008). Implementing FATF Standards in Developing Countries and Financial Inclusion: Findings and Guidelines. FIRST Initiative, Washington DC. Bonano, G. (1990). General equilibrium theory with imperfect Competition. Journal of Economic Surveys, 4 (4), 4-22. Bongini, P., Laeven, L., & Majnoni, G. (2002). How good is the market at assessing bank fragility? A horse race between different indicators. Journal of Banking & Finance, 26(5), 1011-1028. Boorman, J., & Ingves, S. (2001). Financial System Abuse, Financial Crime and Money Laundering. IMF Background Paper, International Monetary Fund. Boscarino, J. A., Figley, C. R., & Adams, R. E. (2004). Compassion fatigue following the September 11 terrorist attacks: A study of secondary trauma among New York City social workers. International journal of emergency mental health, 6(2), 57. Bossard, A. (1990). Transnational Crime and Criminal Law. Chicago. Briers, S. (2000). The development of an integrated model of risk. Unpublished DBL thesis. Pretoria: University of South Africa. Brunner, R. F. (2002). Does M&A pay? A survey of evidence for the decision-maker. Journal of Applied Finance, 12(1), 48-68. University of Ghana http://ugspace.ug.edu.gh 191 Calandro, Jr. J. & Lane, S (2006). An introduction to the enterprise risk scorecard. Measure Bus Excel 10(3), 31–40. Camdessus, M. (1998). Money Laundering: the importance of International Countermeasures. Plenary meeting of the FATF, Paris, February 10. Caplice, C., & Sheffi, Y. (1994). A review and evaluation of logistics metrics. The International Journal of Logistics Management, 5(2), 11-28. Cassidy, D. (2005). Enterprise Risk Management (ERM). A New Reality for Businesses. Employee Benefit Plan Review, 29-31. Casualty Acturial Society (CAS). (2003). Overview of enterprise risk management. Retrieved from: http://www.casact.org/research/erm/overview.pdf. Chaikin, D. (2009b). Risk-based approaches to combating financial crime. Journal of Law and Financial Management, 8 ( 2 ) , 2 4 . Chatfield, C., & Collins, A. (1981). Introduction to multivariate analysis. Chapman and Hall, London. Chatterjee, S., Lubatkin, M. H., & Schulze, W. S. (1999). Toward a strategic theory of risk premium: moving beyond CAPM. Academic. Management. Review, 24(3), 556- 567. Cherchye, L. (2001). Using data envelopment analysis to assess macroeconomic policy performance, Applied Economics, 33, 407-416. Cherchye, L., Moesen, W., Rogge, N., Van Puyenbroeck, T., Saisana, M., Saltelli, A., & Tarantola, S. (2008). Creating composite indicators with DEA and robustness University of Ghana http://ugspace.ug.edu.gh 192 analysis: the case of the Technology Achievement Index. Journal of the Operational Research Society, 59(2), 239-251. Chinn, M., & Frankel, J. (2005). The Euro Area and World Interest Rates, Unpublished paper. Committee of Sponsoring Organisations of the Treadway Commission. (COSO). (2004). Enterprise risk management framework. New York, NY: American Institute of Certified Public Accountants. Committee of Sponsoring Organisations of the Treadway Commission. (1992). Internal Control-Integrated Framework, Executive Summary. http://w.w.w.coso.org/publications (Accessed February 2 2013). Committee of Sponsoring Organisations of the Treadway Commission. (2004). Enterprise Risk Management-http://w.w.w.coso.org/publications/ERM/COSO (Accessed March 23 2013). Committee of Sponsoring Organisations of the Treadway Commission. (1992). Internal control – Integrated framework, [Electronic version]. The Institute of Internal Auditors. Committee of Sponsoring Organizations of the Treadway Commission. (2004). Enterprise Risk Management - Integrated Framework, Retrieved from COSO’s website: http://www.coso.org. Accessed on 14th March 2014. Committee of Sponsoring Organizations of the Treadway Commission. (2010). Developing key risk indicators to strengthen enterprise risk management: How key risk indicators can sharpen focus on emerging risks. Retrieved from: University of Ghana http://ugspace.ug.edu.gh 193 http://www.coso.org/documents/COSOKRIPaperFull- FINALforWebPostingDec110.pdf. Cortina, J. M. (1993). What is coefficient alpha? An examination of theory and applications. Journal of Applied Psychology, 78(1), 98-104. Cuéllar, M. (2003). The Tenuous Relationship between the Fight Against Money Laundering and the Disruption of Criminal Finance. Journal of Criminal Law and Criminology, 93, 2-3. Cumming, C. M., & Hirtle, B. J. (2001). The Challenges of Risk Management in Diversified Financial Companies (Digest Summary). Economic Policy Review Federal Reserve Bank of New York, 7(1), 1-13. D’Arcy, S. P. (2001), Enterprise risk management. Journal of Risk Management in Korea, 12(1), 207-228. Davis, K. E. (2003). Legislating against the financing of terrorism: Pitfalls and prospects. Journal of Financial Crime, 10(3), 269-274. De Koker, L. (2009). Anonymous clients, identified clients and the shades in between: perspectives on the FATF AML/CFT standards and mobile banking, paper presented at the 27th Cambridge International Symposium on Economic Crime, 4 September, Jesus College, Cambridge. De Koker, L. (2009). Identifying and managing low money laundering risk: perspectives on FATF's risk-based guidance. Journal of Financial Crime, 16(4), 334-352. University of Ghana http://ugspace.ug.edu.gh 194 Deloitte & Touché. (2007). Global risk management survey. Fifth edition. Retrieved from Deloitte & Touché website:http://www.deloitte.com/assets/Dcom-Albania/Local% 20Assets/Documents/ al_fsi_global_risk_mgmt_survey2007.pdf. Deloitte & Touché. (2009). Global risk management survey. Sixth edition. Retrieved from Deloitte & Touché website: http://www.deloitte.com/assets/Dcom- UnitedStates/Local% 20Assets/Documents/us_fsi_GlobalRskMgmtSrvy_June09.pdf. Diamond, D. W. (1984). Financial intermediation and delegated monitoring. The Review of Economic Studies, 51(3), 393-414. Dionne, G., & Garand, M. (2003). Risk Management Determinants Affecting Firms’ Values in the Gold Mining Industry: New Empirical Results. Economics Letters, 79, 43-52. Dionne, G., Gauthier, G., Hammami, K., Maurice, M., & Simonato, J. G. (2010). Default risk in corporate yield spreads. Financial Management, 39(2), 707-731. Dionne, G., Pinquet, J., Maurice, M., & Vanasse, C. (2010). Incentive Mechanisms for Safe Driving: A Comparative Analysis with Dynamic Data. Review of Economics and Statistics 93, 218-227. Dybvig, P. H., & Warachka, M. (2010). Tobin’s Q does not measure performance: Theory, empirics, and alternative measures. Unpublished working paper. Washington University, Saint Louis, United Sates. Eckles, D. L., Hoyt, R. E., & Miller, S. M. (2011). The Impact of Enterprise Risk Management on Firms. Journal of Management Science, 26 (3), 41-52. University of Ghana http://ugspace.ug.edu.gh 195 Efron, B., & Tibshirani, R. (1991). Statistical data analysis in the computer age. Science 253, 390-395. Efron, B., & Tibshirani, R. (1993). An Introduction to the Bootstrap, Chapman & Hall/CRC, Boca Raton. Eichholtz, P. (2004). De Vastgoedwereld: Spelers, Activiteiten en Geldstromen’, Presentation held at the seminar Zicht op misdaad en onroerend goed, 15 December, 2004, Centre for Information and Research on Organised Crime, Amsterdam, Vrije Universiteit. Eling, M., & Luhnen, M. (2009). Frontier Efficiency Methodologies to Measure Performance in the Insurance Industry: Overview and New Empirical Evidence. The Journal of Banking and Finance, Forthcoming. Estrella, A., Park, S., & Peristiani, S. (2000). Capital ratios as predictors of bank failure, Economic policy review, 6(2), 33-52. Federal Reserve Bank of New York Economic Policy Review. Retrieved from:http://www.newyorkfed.org/research/epr/00v06n2/0007estr.pdf FAFT (2010).Working Group on Typologies - Draft FATF Global Money Laundering and Terrorism Financing Threat Assessment - A view of how and why criminals and terrorists abuse finances, the effect of this abuse and the steps to mitigate these threats - 21 June 2010, Hotel Okurra, Amsterdam, Netherlands. Fama, E. F., & French, K. R. (2004). The capital asset pricing model: theory and evidence. Journal of Economic Perspective, 18(3), 25-46. Fatemi, A., & Glaum, M. (2000). Risk management practices of German firms. Managerial Finance, 26(3), 1-17. University of Ghana http://ugspace.ug.edu.gh 196 Feldt, L. S., Woodruffe, D. J., & Salih, F. A. (1987). Statistical Inference for Coefficient Alpha. Applied Psychological Measuremen, 11(1), 93-103. FIC/BoG. (2011). AML/CFT Guideline for Banks and Non-Bank Financial Institutions. Financial Action Task Force. (1999). 1998-1999 Report on Money Laundering Typologies, FATF, Paris. FATF (2007), Guidance on the Risk-based Approach to Combating Money Laundering and Terrorist Financing: High Level Principles and Procedures, FATF, Paris, Financial Action Task Force. (2000). Financial Action Task Force, 1999-2000, Money Laundering Typologies. Paris, 2000. Financial Action Task Force. (2002). Basic Facts about Money Laundering. FATF website (www1.oecd.org/fatf). FATF Mutual Evaluation Report 2009 combined with FIU Business Object search dated 19 August 2013. Financial Action Task Force. (1996).The forty recommendations of the financial action task force on money laundering. Financial Action Task Force. (2002). Report on Money Laundering Typologies 2001- 2002. Paris, 2002. Financial Action Task Force. (2010). Money Laundering Using New Payment Methods. FATF, Paris, 66-71. Financial Action Task Force. (2010). The Review of the Standards: Preparation for the 4th Round of Mutual Evaluations, FATF, Paris. Financial Action Task Force. (2012). International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation, The FATF University of Ghana http://ugspace.ug.edu.gh 197 Recommendations ,FATF, Paris www.fatf- gafi.org/topics/fatfrecommendations/documents/fatfrecommendations2012.html Financial Action Taskforce. (2009). Risk-based Approach: Guidance for Money Service Businesses, FATF, Paris. Financial Action Taskforce. (2010). Global Money Laundering and Terrorist Financing Threat Assessment: A View of How and Why Criminals and Terrorists Abuse Finances – The Effect of This Abuse and the Steps to Mitigate These Threats, FATF, Paris. Fullerton, D., & Karayannis, M. (1993). Tax Evasion and the Allocation of Capital, NBER Working Paper No. 4581, National Bureau of Economic Research, Cambridge. Golshan, N. M., & Rashid, S. Z. A. (2012). What Leads Firms to Enterprise Risk Management Adoption? A Literature Review. International Proceedings of Economics Development & Research, 29. Golshan, N. M., & Rasid, S. A. (2012). Determinants of Enterprise Risk Management Adoption: An Empirical Analysis of Malaysian Public Listed Firms. International Journal of Social and Human Sciences 6, 119-126. Gordon, L., Loeb, M., & Tseng, C. (2009). Enterprise Risk Management and Firm Performance: A Contingency Perspective. Journal of Accounting and Public Policy, 28(4), 301-327. Grace, M., Leverty, J., Phillips, R., & Shimpi, P. (2013). The Value of Investing in Enterprise Risk Management, Working Paper, Georgia State University and University of Iowa (2010). Journal of Risk and Insurance (forthcoming). University of Ghana http://ugspace.ug.edu.gh 198 Green, S. B., Lissitz, R. W., & Mulaik, S.A. (1977). Limitations of coefficient alpha as an index of test unidimensionality. Educational and Psychological Measurement, 37, 827-838. Guay, W., & Kothari, S. (2003). How much do firms hedge with derivatives? Journal of Financial Economics, 70, 423-461. Hammond, J. S., Keeney, R. L., & Raiffa, H. (2006). The hidden traps in decision making. Harvard Business Review, 84 (1), 118–126. Hansen, B. E. (1969). Threshold effects in non-dynamic panels: Estimation, testing, and inference. Journal of Econometrics 93, 345-368. Hansen, B. E. (2009). Sample Splitting and Threshold Estimation. Econometrica, 68(3), 575-603. Hansen, B.E. (2005). Inference when a nuisance parameter risk not identified under the null hypothesis. Econometrica 64, 413-430. Hansen, C., & Wernerfelt, N. W. (1989). Estimation with Many Instrumental Variables. Journal of Business & Economic Statistics, 26(4), 398–422. Hansen, L. (1982). Large sample properties of generalized method of moments estimators. Econometrica, 50(3), 1029-1054. Hansen, L. P. (2009). Another look at the instrumental variable estimation of error- components models. Journal of Econometrics, 356, 340-354. Haq, M. (1995). Reflections on Human Development. Oxford University Press, New York. Hattie, J. (1985). Methodology Review: Assessing unidimensionality of tests and items. Applied Psychological Measurement, 9(2), 139-164. University of Ghana http://ugspace.ug.edu.gh 199 Havenga, A. H. S. (2006). Value of enterprise risk management in the South Africa business environment. Hoyt, R. E., & Liebenberg, A. P. (2006). Determinants of Risk Management adoption among the insurance companies. Journal of Business Social Science, 128(4), 213- 230. Hoyt, R. E., & Liebenberg, A. P. (2006). The value of enterprise risk management: Evidence from the US insurance industry. University of Georgia. Working paper. Hoyt, R. E., & Liebenberg, A. P. (2008). The value of enterprise risk management: evidence from the US insurance industry. Retrieved from:http://www.risknet.de/typo3conf/ext/bx_elibrary/elibrarydownload.phd?&do wnload. Hoyt, R. E., & Liebenberg, A. P. (2009).The value of enterprise risk management. Working Paper. Hoyt, R. E., & Liebenberg, A.P. (2011). The value of enterprise risk management. The Journal of Risk and Insurance, 78 (4), 795–822. Retrieved from: http://www.kpmg.com/SG/en/IssuesAndInsights/ArticlesPublications/Documents/ EnterpriseRiskMgmtTheoryPractice.pdf. International Federation of Accountants. (2007). Information Technology for Professional Accountants. In I.E.P.S. 2. New York: International Federation of Accountants (IFAC). Implementation. McGraw-Hill. International Monetary Fund & World Bank (2001). Enhancing Contributions To Combating Money Laundering. Policy Paper, International Monetary Fund and World Bank. University of Ghana http://ugspace.ug.edu.gh 200 International Standard Organization. (2009). ISO 31000 Risk Management — Principles and guidelines, Retrieved from: http://www.iso.org/iso/home/standards/iso31000.htm Jablonowski, M. (2007). The real value of ERM. Risk Management Magazine, 16-21. Johnson, J. (2001). In Pursuit of Dirty Money: Identifying Weaknesses in the Global Financial System. Journal of Money Laundering Control, 5(2), 22–132. Kaplan, R.S., & A. Mikes. 2012. Managing risks: A new framework. Harvard Business Review, 90 (6), 48-60. Kaspersen, H. W. K. (2005). De Wet op kansspelen en handhaving in Cyber space, Presentation held at the seminar Gokken en georganiseerde criminaliteit, 6 April 2005, Centre for Information and Research on Organized Crime, Amsterdam, Vrije Universiteit. Keh, D. I. (1996). Drug Money in a Changing World: Economic Reform and Criminal Finance, UNODC, 1996–4. Keh, D. I. (1996). Economic Reform and Criminal Finance. Transnational Organized Crime, 2(1), 66–80. Kleemans, E. R., Brienen, M. E. I., & van de Bunt, H. G. (Eds.) (2002). Georganiseerde criminalit eit in Nederland, tweede rapportage op basis van de WODC – monitor. Ministerie van Justitie, Wetenschappelijk Onderzoek- en Documentatiecentrum Kleffner, A. E., Lee, R. B., & McGannon, B. (2003). The Effect of Corporate Governance on the Use of Enterprise Risk Management: Evidence from Canada. Risk Management Insurance Review, 6(1), 53-73. University of Ghana http://ugspace.ug.edu.gh 201 KPMG. 2010. Enterprise Risk Management—From Theory to Practice: Insurance. Retrieved from:http://www.kpmg.com/SG/en/IssuesAndInsights/ArticlesPublications/Docum ents/EnterpriseRiskMgmtTheoryPractice.pdf. Krzanowski, W. J. (1983). Cross-validatory choice in principal components analysis: Somesampling results. Journal of Statistics Computation and Simulation, 18, 299 – 314. Kucuk-Yilmaz, A. (2009). The Management Strategies for Resource Dependency Risk and Research Agenda. Enterprise Risk Management, 1(2). Lai, W., & Azizan, N. A. (2011). Critical review of literature on enterprise risk management and the cost of capital: The value creation perspective. African Journal of Business Management, 6 (9), 3126-3133. Lam, J. (2001). The CRO is here to stay. Risk Management, 48(4), 16-22. Lam, J. (2003). Enterprise risk management: from incentives to controls. Canada: John Wiley & Sons, Inc. Lam, J. C. (2000). Enterprise - Wide Risk Management and the role of the Chief Risk Officer. Retrieved from http://www.erisk.com/learning/research/011_lamriskoff.pdf. Lawrence, P. R., & Lorsch, J. W. (1967). Differentiation and integration in complex organizations. Administrative science quarterly, 1-47. Levi, M. (2002). Money Laundering and Its Regulation. Annals of the American Academy of Political and Social Science, 582. University of Ghana http://ugspace.ug.edu.gh 202 Liebenberg, A., & Hoyt, R. (2003). The determinants of enterprise risk management: Evidence from the appointment of chief risk officers. Risk Management and Insurance Review, 6 (1), 37-52. Liebenberg, A., & Hoyt, R. (2003). The determinants of enterprise risk management: evidence from the appointment of chief risk officers. Risk Management and Insurance Review, 6 (1), 37–52. Liu, F., Narayanan, A., & Bai, Q. (2000). Real-time systems. Management. Business Management Dynamics, 1 (5), 8-16. Liu, H., & Li, Y. (2002). From Strategic Risk Measurement to Strategic Risk Management —A Resource Based View. USA - China Business Review, 2(2). Mackrell, N. (1997). Economic Consequences of Money Laundering, in Graycar, A., & Grabosky, P (eds), Money Laundering in the 21st Century: Risks and Countermeasures. Australian Institute of Criminology, Research and Public Policy Series, Seminar held on 7 February 1996, Canberra, Australia. Manab, N. A., Hussin, M. R., & Kassim, I. (2007). Empirical study on theory and practice of enterprise-wide risk management functions of public listed companies in Malaysia. Retrieved from:http/rmi.nccu.edu.tw/apria/docs/concurrent%20iv/session%201/14707EWR M_2007_New.doc. Mango, D. F. (2007). An Introduction to Insurer Strategic Risk Topic 1: Risk Management of an Insurance Enterprise. Retrieved from www.actuaries.org/ASTIN/Colloquia/Orlando/Papers/Mango1.pdf University of Ghana http://ugspace.ug.edu.gh 203 Masciandaro, D., & Portlano, A. (2004). Terrorism and Organised crime, Financial Regulation and non-Cooperative countries: inside the Black (List) Box. University of Lecce Economics, 32(14). Masciandaro, D., Nieto, M. J., & Prast, H. (2007). Who pays for banking supervision? Principles and trends. Journal of Financial Regulation and Compliance, 15(3), 303- 326. Massart, D. L., & Kaufman, L. (1983). The interpretation of analytical chemical data by the use of cluster analysis. Wiley. McDonell, R. (1998). Money Laundering Methodologies and International and Regional Counter-Measures, Presented at: Gambling, Technology and Society, Regulatory Challenges for the 21st Century, Rex Hotel, Sydney. McDowell, J. (2001). The Consequences of Money Laundering and Financial Crime, Economic Perspectives. Economic Perspectives, an Electronic Journal of the U.S. Department of State, 6 (2). McShane, M. K., Nair, A., & Rustambekov, E. (2011). Does Enterprise Risk Management Increase Firm Value? Journal of Accounting - Auditing & Finance, 16(4), 641- 658. Meloen, J., Landman, R., de Miranda, H., van Eekelen, J., & van Soest, S. (2003). Buit en Besteding, Een empirisch onderzoek naar de omvang, de kenmerken en de besteding van misdaadgeld, Den Haag: Reed Business Information. Melyn, W., & Moesen, W. (1991). Towards a synthetic indicator of macroeconomic performance: unequal weighting when limited information is available. Public economics research papers, 1-24. University of Ghana http://ugspace.ug.edu.gh 204 Meulbrock, L. (2002). A Senior Manager’s Guide to Integrated Risk Management. Journal of Applied Corporate Finance, 14(4), 56-70. Ministry of Finance and Economic Planning. (2012). Financial Sector Strategic Plan II. Accra, Ghana. Mishkin, F. S. (1996). Understanding financial crises: a developing country perspective (No. w5600). National Bureau of Economic Research. Modigliani, F., & Miller, M. H. (1958). The cost of capital, corporate finance and the theory of investment. American Economic Review Retrieved from: http://www.econ.uiuc.edu/...files/PalgraveRev_ModiglianiMiller_Villamil.pdf. Moeller, R. R. (2007). COSO Enterprise Risk Management: Understanding The New Integrated ERM Framework. John Wiley & Sons, Inc., Hoboken, New Jersey. Myers, M. D., Gordon, L. A., & Hamer, M. M. (1991). Post auditing capital assets and firm performance: an empirical investigation. Managerial and Decision Economics, 12(4), 317-327. Namwongse, P., & Limpiyakorn, Y. (2012) Developing Portfolio Risk Index System of Expressway Enterprise. Interdisciplinary Journal of Contemporary Research in Business, 3, 9. Nocco, B. W., & Stulz, R. M. (2006). Enterprise risk management: Theory and practice. Journal of Applied Corporate Finance, 18(4), 8-20. Nunnally, J. C. (1978). Psychometric theory. McGraw-Hill, New York. University of Ghana http://ugspace.ug.edu.gh 205 Paauw, K. (2005). Witwassen in een Nederlands casino. Presentation held at the seminar Gokken en georganiseerde criminaliteit. Centre for Information and Research on Organized Crime, Amsterdam, Vrije Universiteit. Pagach, D., & R. Warr, R. (2010). The effects of enterprise risk management on firm performance. Retrieved from :http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1155218. Pagach, D., & Warr, R. (2007). An empirical investigation of the characteristics of firms adopting enterprise risk management. North Carolina State University working paper. Pagach, D., & Warr, R. (2009). The effects of enterprise risk management on firm performance. Working Paper, North Carolina State University. Pagach, D., & Warr, R. (2011). The Characteristics of Firms That Hire Chief Risk Officers, Journal of Risk and Insurance, 78(1), 185-211. Passas, N. (2004). Informal Value Transfer Systems and their Mechanics. Presentation at a 2004 APEC conference in Tokyo. Pottier, S. W., & Sommer, D. W. (2002). The Effectiveness of Public and Private Sector Summary. Powell, J. H. (2013, November). Advanced economy monetary policy and emerging market economies. In speech delivered at the Federal Reserve Bank of San Francisco 2013 Asia Economic Policy Conference, San Francisco, 4. Putnam, R. D. (1988). Diplomacy and domestic politics: the logic of two-level games. International organization, 42(3), 427-460. University of Ghana http://ugspace.ug.edu.gh 206 Quirk, P. J. (1996). Macroeconomic Implications of Money Laundering, IMF Working Paper, International Monetary Fund, 96(66). Quirk, P. J. (1997). Money Laundering: Muddying the Macroeconomy. Finance & Development, 34 (1), 7–9. Rawlings, G., & Unger, B. (2005). Competing for Criminal Money. Paper prepared for the Society for the Advancement of Socio-economics, Budapest. Raykov, T. (1998). Cronbach’s Alpha and Reliability of Composite with Interrelated Nonhomogenous Items. Applied Psychological Measurement, 22, 375-385. Razali, A. R., & Tahir, I. M. (2011). Review of the Literature on Enterprise Risk Razali, A. R., Yazid, A. S., & Tahir, I. M. (2011). The Determinants of Enterprise Risk Management (ERM) Practices in Malaysian Public Listed Companies, Journal of Social and Development Sciences, 1(5), 202-207. Reuter, P., & Truman, E.M. (2004). Chasing Dirty Money. The Fight Against Money Laundering Washington: Institute for International Economics. Washington, DC. Robinson, M. S. (2001). The microfinance revolution: sustainable finance for the poor (1). World Bank Publications. Saltelli A. & Tarantola S. (2002). On the relative importance of input factors in mathematical models: safety assessment for nuclear waste disposal. Journal of American Statistical Association, 97 (459), 702-709. Saltelli, A. (2007) Composite indicators between analysis and advocacy, Social Indicators Research, 81, 65-77 University of Ghana http://ugspace.ug.edu.gh 207 Sapir, A. (2005). Globalisation and the Reform of European Social Models. Retrieved from:http://www.bruegel.org/ Savona, E.U. (1997). Responding to Money Laundering, International Perspectives. London, Harwood Academic Publishers. Schneider, F., & Enste, D. H. (2000). ‘Shadow Economies: Size, Causes, and Consequences. Journal of Economic Literature, 38, 77-114. Schroeder, W. R. (2001). Money Laundering. FBI Law Enforcement Bulletin, 70(5), 1-12. Sen, A. (1998). Tachyon condensation on the brane anticrime system. Journal of High Energy Physics, 8. Smithson, C., & Simkins, B. J. (2005). Does Risk Management Add Value? A Survey of the Evidence. Journal of Applied Corporate Finance 17(3), 8–17. Standard & Poor’s, (2005). Insurance Criteria: Evaluating The Enterprise Risk Management Practices of Insurance Companies, October 17. Stulz, R. (1996). Rethinking Risk Management. Journal of Applied Corporate Finance, 9(3), 8-24. Stulz, R. (2003). Rethinking Risk Management: The Revolution in Corporate Finance. (4th ed). Blackwell Publishing, 367–384. Subbotina, N. (2009). Challenges that Russian banks face implementing the AML regulations. Journal of Money Laundering Control, 12(1), 19-32. Sullivan, M. A. (2004). US Multinationals Move More Profits to Tax Havens. Tax Notes International, 27(4), 589-593. University of Ghana http://ugspace.ug.edu.gh 208 Sveiby, K. E. (2001). A knowledge-based theory of the firm to guide in strategy formulation. Journal of intellectual capital, 2(4), 344-358. Tahir, I. M., & Razali, A. R. (2011). The Relationship between enterprise risk management (ERM) and firm value: Evidence from Malaysian public listed companies. International Journal of Economics and Management, 32-41. Tanzi, V. (1997). Macroeconomic Implications of Money Laundering, in E.U. Savona, Responding to Money Laundering, International Perspectives. Taylor, J. B. (2007). Housing and monetary policy (No. w13682). National Bureau of Economic Research. Thony, J. F. (2002), Money Laundering and Terrorism Financing – An Overview, Prepared for the IMF Seminar on Current Developments in Monetary and Financial Law, Washington D.C. Tufano, P., (1996). Who manages risk? An empirical examination of risk management practices in the gold mining industry. Journal of Finance, 51(4), 1097-1137. Unger, B., & van Waarden, F. (2009). How to dodge drowning in data? Rule-and risk- based anti-money laundering policies compared. Review of Law & Economics, 5(2), 953-985. United Nations Development Programme. (1996). Human Development Report 1996. New York, Oxford University Press. Vafeas, N., (1999). Board meeting frequency and firm performance. Journal of Financial Economics, 53(1), 113–142. University of Ghana http://ugspace.ug.edu.gh 209 Valentine, S., Godkin, L., & Lucero, M. (2002). Ethical context, organizational commitment, and person-organization fit. Journal of Business Ethics, 41(4), 349- 361. Walker, J. (1995). Estimates of the Extent of Money Laundering in and through Australia, Paper Prepared for the Australian Transaction Reports and Analysis Centre, September 1995, Queanbeyan: Jonh Walker Consulting Services. Walker, J. (1999). How Big is Global Money Laundering?’ Journal of Money Laundering Control, 3(1). Walker, J. (1999). Measuring the Extent of International Crime and Money Laundering. Prepared for Kriminál Expo, Budapest. Walker, J. (2002). Just How Big is Global Money Laundering? Sydney: Australian Institute of Criminology Seminar. Ward Jr, J. H. (1963). Hierarchical grouping to optimize an objective function. Journal of the American statistical association, 58(301), 236-244. Weaver, G. R., Trevino, L. K., & Cochran, P. L. (1999). Corporate ethics programs as control systems: Influences of executive commitment and environmental factors. Academy of Management Journal, 42(1), 41-58. Weaver, G. R., Trevino, L.K., & Cochran, P. L. (1999). Integrated and decoupled corporate social performance: Management commitments, external pressures and corporate ethics practices. Academy of Management Journal, 42(5), 539-553. University of Ghana http://ugspace.ug.edu.gh 210 Welbeck, J. N. O. (2013). Developing an effective risk assessment plan that meets regulatory expectations, conference proceedings, ACAMS 3rd AML & Financial Crime Conference Africa, Accra, Ghana. Welbeck, J.N.O. (2008). Competition and Performance in the Ghanaian Banking Industry. (Unpublished master’s thesis) University of Ghana, Ghana. White, T. (2009). Hadoop: the definitive guide: the definitive guide. O’Reilly Media, Inc.. William, C. G. (1999). Dirty money: The evolution of money maundering countermeasures. Council of Europe Publishing, 125 - 157. Wooldridge, J. M. (2002). Econometric Analysis of Cross Section and Panel Data. Cambridge, Mass. MIT Press. Woon, L. F., Azizan, N. A., & Samad, F. A. (2011). A Strategic Framework for Value Enhancing Enterprise Risk Management. Journal of Global Business and Economics, 2(1), 23-47. World Bank (2006). The International Bank for Reconstruction and Development/The World Bank/The International Monetary Fund (2006). Reference Guide to Anti- Money Laundering and Combating the Financing of Terrorism. 2nd Edition www.amlcft.org Yazid A. S. (2001). Perceptions and practices of financial risk management in Malaysia. Glasgow Caledonian University, Scotland. PhD Thesis. Yazid, A. S., Hussin, M. R., & Razali, A. R. (2008). A cross-sectional study on foreign exchange risk management by Malaysian manufacturers. International Business Management Journal, 2(2), 28-32. University of Ghana http://ugspace.ug.edu.gh 211 Yazid, A. S., Hussin, M. R., & Razali, A. R. (2009). An Empirical Study of Risk Management Best Practices in Public Limited Companies in Malaysia. The Journal of Risk Management and Insurance, 13, 1-22 Yazid, A. S., Hussin, M. R., and Daud, W. N. W. (2011). An Examination of Enterprise Risk Management (ERM) Practices among the Government-Linked Companies (GLCs) in Malaysia, International Business Research, 4(4), 94-103. Yepes, C. V. (2011). Compliance with the AML/CFT International Standard: Lessons from a Cross-Country Analysis. IMF Working Paper WP/11/177 (Washington: International Monetary Fund). Yermack, D. (1996). Higher market valuation of companies with a small board of directors. Journal of Financial Economics, 40(2), 185-211. Yongsheng, L., & Li, J. (2009). Design of early warning indicator system of enterprise logistics risk based on supply chain management. Proceedings of Second International Conference on Intelligent Computation Technology and Automation (ICICTA), China, 918-923. doi: 10.1109/ICICTA.2009.687 Young, S.D., and O'Byrne, S.F. 2000. EVA and Value-Based Management: A Practical Guide. McGraw-Hill, NY. Zhang, C., Yang, R., Cheng, M., & Pan, C. (2010). Research on strategic risk based on resource-based view. Proceedings of International Conference on Management and Service Science (MASS), China, 1-4. doi: 10.1109/ICMSS.2010.5576858 Ziorklui, S. Q. (2001). The Impact of Financial Sector Reform on Bank Efficiency and Financial Deepening for Savings Mobilisation in Ghana. University of Ghana http://ugspace.ug.edu.gh 212 Appendix A: Questionnaire on Enterprise Risk Management and Anti-Money Laundering in the Ghanaian banking sector BACKGROUND INFORMATION: Please take a few minutes to complete this questionnaire. The data collected is solely used for academic purpose and industry-wide analysis. Your specific answer will be completely confidential and anonymous, but your views, in combination with those of others, are extremely important to measure the level of Enterprise risk management (ERM) and Anti-money laundering (AML) compliance in banks and non-bank financial institutions in Ghana. I do not retain personal data and will not give personal information to anyone. Thank you very much for your time and valuable contribution. Directions: Tick, Mark, circle or write the most appropriate response Enterprise risk management A structured, consistent and continuous process across the whole organisation for identifying, assessing, deciding on responses to and reporting on opportunities and threats that affect the achievement of its objectives. Money laundering The process by which criminals attempt to conceal the illegal origin and/or illegitimate ownership of property and assets that are the proceeds of their criminal activities. This indicates that the crime of money laundering is University of Ghana http://ugspace.ug.edu.gh 213 Operational definitions of terms used in this survey SECTION 1: BASIC PROFILE 1. Bank name………………………………………………………………………… 2. Name of Auditor: ………………………………………………………………. derived from an underlying crime. Anti-money laundering This is a set of procedures, laws or regulations designed to stop the practice of generating income through illegal/criminal actions University of Ghana http://ugspace.ug.edu.gh 214 SECTION 2: ENTERPRISE RISK MANAGEMENT Please indicate your degree of agreement with the indicators provided in the relevant box below. (1)SD= strongly disagree (2) SWD= Somewhat Disagree (3) D= Disagree (4)I = Indifferent (5) SWA = Somewhat Agree (6) A = Agree (7) SA = Strongly Agree 3.1 Internal Environment 1 2 3 4 5 6 7 3.1.1 The firm has integrity and ethical behaviour standards clearly enshrined in its code of ethics 3.1.2 The board of directors exercise their oversight duties without external interferences 3.1.3 The entities structure clearly shows reporting lines and responsibilities in the pursuit of firms’ objectives 3. 1.4 The firm is committed to attract, develop, and retain competent individuals 3.1.5 The firm holds individuals accountable for their internal control duties in the pursuit of set objectives 3.2 Objective Setting 1 2 3 4 5 6 7 3.2.1 Senior management defines objectives at the strategic level, establishing a basis for operations, reporting and compliance objectives. University of Ghana http://ugspace.ug.edu.gh 215 3.2.2 An effective strategic planning process is in place to formulate strategies that enable the organisation to achieve its business objectives. 3.2.3 Objectives selected support and are aligned with the organisation’s risk appetite, which drives risk tolerance levels for the organisation’s activities. 3.2.4. Resources are allocated within the entity with consideration to the entity’s risk appetite and strategies for growth and return. 3.2.5. Objectives selected by senior management are communicated throughout the entity to ensure that staff understand them and knows what is to be accomplished and are aware of the means of measuring what is to be done. 3.2.6. Objectives cascade down the entity and are aligned at each level with relevant strategies. 3.2.7. Senior management establishes risk tolerances relative to the importance of related objectives and aligns risk tolerances with risk appetite. 3.3 Event Identification 1 2 3 4 5 6 7 3.3.1. Management identifies potential events, affected by both internal and external factors that affect the ability of the entity to implement strategies to achieve its objectives. 3.3.2 Management systematically receives information about changes in the environment from key points of the entity, including from knowledgeable individuals, to ensure that all University of Ghana http://ugspace.ug.edu.gh 216 significant events are appropriately identified and considered. 3.3.3. Management systematically assesses the environment for significant changes in competitors, markets, customers, regulations, and other factors using techniques like industry analysis, competitor analysis, market analysis, benchmarking, scenario analysis and other practices. 3.3.4. Events are linked to and risk evaluated by individual objective. 3.3.5 Management groups potential events into categories via horizontal aggregation across the organisation and vertically within operating units to reinforce the entity’s portfolio view of events across the organisation 3.3.6. Management categorises events between those that potentially pose risks and those that potentially offer opportunities. Negative events are then taken by Management for assessment and response. Potential events are channeled back into management’s strategy or objective-setting process. 3.4 Risk Assessment 1 2 3 4 5 6 7 3.4.1 The firm clearly specifies and links its objectives to risks identification and assessment 3.4.2 The firm identifies, analysis and manages risks to achieve its objectives across the entity 3.4.3 The fi rm considers the potential for fraud in assessing risks in University of Ghana http://ugspace.ug.edu.gh 217 achieving its objectives 3.4.4The firm identifies and assesses changes that could significantly impact the system of internal control. 3.5 Risk Response 1 2 3 4 5 6 7 3.5.1 Senior management continuously assesses the effects of changes in the environment and significant process risks on the entity’s existing risk management strategies, formulates updated strategies to respond to changes in risks by aligning the entity’s strategies through resource allocation and performance measurement process. 3.5.2 Managers and activity owners throughout the entity develop both effective early-warning systems to monitor changes in risk factors in order to support the continuous assessment of risk management strategies. 3.5.3 Appropriate risk management options are considered for significant risk, including risk avoidance (avoid), pricing for risk retained (price), risk transfer (e.g. insure, hedge, strategic alliances, joint ventures, contractual risk sharing provisions, etc.) (transfer), risk reduction to an acceptable level (accept/control) or risk acceptance at present level (self-insure risk) (accept). 3.5.4 Management understands gathers and uses best practice standards for managing and controlling risk. University of Ghana http://ugspace.ug.edu.gh 218 3.5 Risk Response 1 2 3 4 5 6 7 3.5.5 Management takes appropriate action on risk management strategies formulated in response to new risks or changes in risks and monitors the actions taken. 3.5.6. Policies for managing significant risks are approved by the board and implemented at the direction of an executive committee and/or a senior executive reporting directly to the CEO. 3.5.7. Emerging risks are defined or changes in risks significant to the entity on a timely basis. 3.5.8. Senior management periodically assesses the implementation of risk management strategies for all significant risks by assigning risk management ownership. 3.5.9. Selection of managers and activity owners responsible for managing significant risks is reported to and approved by senior management. 3.5.10. Performance accountability is established at all levels for continuous risk controls. 3.5.11Performance appraisals and appropriate oversight and supervision reinforce significant entity-level risk management priorities and strategies. 3.5.12The executive committee and/or a senior executive reporting directly to the CEO monitors all aspects of implementing the policy and key risk management strategies in accordance with established accountabilities. University of Ghana http://ugspace.ug.edu.gh 219 3.6 Control Activities 1 2 3 4 5 6 7 3.6.1 The firm has a range of manual and automated activities as diverse as approvals, authorizations, verifications, reconciliations, reviews of business performance, security of assets and segregation of duties. 3.6.2 The firm selects and develops a set of activities to mitigate risk. 3.6.3 The firm selects and develops a set of activities over technology to support the achievement of objectives. 3.6.4The firm selects and develops policies and procedures to establish what is expected to achieve set objectives. 3.7 Information and communication 1 2 3 4 5 6 7 3.7.1 The firm obtains and/or generates quality data to support the function of internal control. 3.7.2 The firm internally communicates information, including objectives and duties for internal control and support of internal control. 3.7.3The firm communicates with external parties on matters affecting the functioning of its internal controls. 3.7.4 The firm emphasizes the importance of timely information and communication to its overall risk management process. University of Ghana http://ugspace.ug.edu.gh 220 3. 8 Monitoring and Evaluation 1 2 3 4 5 6 7 3.8.1 The firm elects, develops, and performs ongoing and/or separate evaluations to ascertain whether components of internal control are present and functioning 3.8.2The firm evaluates and communicates internal control deficiencies in a timely manner to parties responsible for taking corrective action, including senior management and the board of directors, as appropriate. 3.8.3 The board meets at least twice in a year to deliberate on strategies to mitigate risks on an enterprise-wide basis. 3.9 Organisational culture 1 2 3 4 5 6 7 3.9.1 Firm demonstrate homogeneity (the degree to which the organisation culture favors process oriented verses resulted oriented cultured ) 3.9.2 Firm demonstrate job performance as against employee welfare 3.9.3 Firm espouses rigid control structures 3.9.4 Firm’s employees espouse long term orientation. (The degree of a firm’s long-term devotion to traditional values) 3.9.5 Firm espouses adaptation to environment (that is the degree the firm to which firm applies intended rules) 3.9.6 Firm employees demand loyalty to organisation University of Ghana http://ugspace.ug.edu.gh 221 SECTION 3: ANTI-MONEY LAUNDERING (AML) COMPLIANCE Please indicate your degree of agreement with the indicators provided in the relevant box below. (1)SD= strongly disagree (2) SWD= Somewhat Disagree (3) D= Disagree (4) I = Indifferent (5) SWA = Somewhat Agree (6) A = Agree (7) SA = Strongly Agree 4.1 Money laundering risk assessment (MLRA) 1 2 3 4 5 6 7 4.1.1 Bank identifies politically exposed persons (PEPs) board and continuous review strategic focus to avoid business/individuals prone to money laundering risk. 4.1.2 The bank identifies vulnerabilities in relation to its size, board and management structure as well as the ultimate beneficial owner. 4.1.3 Bank conducts risk assessment of its business relations and channels of distribution of its product and services to assess its money laundering risk linked with a business relationship. 4.2 Records management (RM) 1 2 3 4 5 6 7 4.2.1. The firm produces records and information for determining compliance to AML framework. 4.2.2. The firm consider record keeping and management reporting in the AML Framework University of Ghana http://ugspace.ug.edu.gh 222 4.2.3 The firm ensures that clear and adequate records and documents relating to AML are kept by competent officers, stored and made readily accessible to stakeholders upon request in a timely manner. 4.2.4 The firm has appointed a competent and autonomous anti- money laundering reporting officer (AMLRO) at the management level to produce and submit to board regular and extensive reports on all ML related issues. 4.2.5 The firm files appropriate suspicious transaction reports to the Financial Intelligence Centre 4.3 Compliance Program 1 2 3 4 5 6 7 4.3.1 The firm has explicit policies and procedures for proper customer identification and verification. 4.3.2 The firm policies and procedures which embodies customer acceptance criteria as well as segments customers into risk bands 4.3.3The firm ensures periodic updating of client files and customer due diligence 4.3.4The firm has tools to conduct enhanced monitoring for higher risk customers, products or services and channels of delivery. 4.3.5 The firm has institutionalized its internal audit function to establish effective means of testing for AML compliance. 4.3.6The firm ensures ongoing training to keep staff abreast with developments on AML policies, procedures, systems and controls; trends and techniques as well as staff have easy access to relevant University of Ghana http://ugspace.ug.edu.gh 223 Thank you! AML policies and procedures with acknowledged understanding and receipt to raise red flags to insulate employers from ML risks. 4.4 Corporate Governance 1 2 3 4 5 6 7 4.4.1 The firms’ board of directors has approved an AML framework. 4.4.2 Board of directors receive regular comprehensive AML training. 4.4.3 Management adhere to both administrative and internal auditing procedures 4.4.4 Management and board of directors of the firm are subjected to AML risk Assessment. 4.4.5 My bank’s AML compliance efforts have evolved to have KYC standards 4.4.6 My bank has internal audit department to ensure adherence to AML 4.4.7 My bank is audited by one of the big top four firms? University of Ghana http://ugspace.ug.edu.gh 224 Appendix B: Rescaled scores: ERM Adoption and AML compliance Industry ERM Adoption score ERM Label AML compliance score AML Label Industry 1 968.44 strong 984.39 high 1 1 961.17 strong 984.39 high 1 1 946.46 strong 984.39 high 1 1 902.34 good 984.39 high 1 1 896.70 good 984.39 high 1 1 866.05 good 959.01 high 1 1 864.92 good 944.29 high 1 1 849.85 good 929.87 high 1 1 824.00 good 927.33 high 1 2 795.75 good 926.74 high 1 1 776.18 good 898.88 high 1 1 761.02 good 862.47 high 1 1 756.03 good 861.57 high 1 1 753.87 good 846.01 high 1 1 735.25 good 842.17 high 1 1 729.77 good 831.28 high 1 2 718.22 good 810.38 high 1 2 710.20 good 748.32 high 1 2 691.89 good 731.95 high 1 2 670.71 good 716.47 high 1 University of Ghana http://ugspace.ug.edu.gh 225 2 666.51 good 696.04 high 1 2 653.27 good 681.29 high 1 2 644.47 good 660.18 high 1 2 621.73 good 617.94 high 1 2 606.78 good 514.77 high 1 1 599.94 good 243.86 medium 1 2 575.00 good 974.19 high 2 2 574.12 good 833.40 high 2 2 567.59 good 814.12 high 2 1 560.20 good 701.58 high 2 2 558.62 good 696.36 high 2 1 547.09 good 655.08 high 2 2 540.98 good 654.61 high 2 1 520.51 good 642.89 high 2 2 518.06 good 583.39 high 2 2 488.62 good 574.17 high 2 2 476.91 good 487.17 high 2 1 473.81 good 462.12 medium 2 2 473.64 good 422.25 medium 2 1 466.76 fair 408.44 medium 2 2 465.15 fair 359.07 medium 2 2 458.71 fair 343.64 medium 2 2 454.01 fair 320.69 medium 2 2 446.39 fair 319.45 medium 2 University of Ghana http://ugspace.ug.edu.gh 226 2 443.64 fair 313.65 medium 2 2 440.41 fair 288.11 medium 2 2 433.54 fair 278.44 medium 2 2 433.09 fair 272.75 medium 2 1 411.90 fair 250.95 medium 2 2 385.16 fair 102.72 medium 2 2 380.47 fair 706.27 high 2 1 378.00 fair 648.91 high 2 2 377.32 fair 594.93 high 2 2 377.25 fair 452.31 medium 2 2 367.06 fair 444.89 medium 2 2 359.49 fair 442.67 medium 2 2 342.81 fair 341.06 medium 2 2 341.75 fair 321.45 medium 2 2 340.15 fair 236.13 medium 2 2 339.69 fair 232.95 medium 2 2 334.36 fair 219.56 medium 2 2 334.27 fair 204.75 medium 2 2 317.88 fair 196.71 medium 2 2 304.16 fair 188.26 medium 2 2 296.51 fair 174.46 medium 2 2 265.96 fair 163.81 medium 2 2 263.84 fair 159.36 medium 2 2 251.90 fair 151.66 medium 2 University of Ghana http://ugspace.ug.edu.gh 227 2 242.90 fair 124.22 medium 2 1 236.52 fair 116.52 medium 2 2 221.99 fair 85.67 medium 2 2 219.40 fair 73.96 medium 2 2 211.64 fair 72.08 medium 2 2 204.17 fair 65.97 medium 2 2 196.91 fair 54.99 medium 2 2 143.43 weak 44.92 low 2 2 107.42 weak 29.37 low 2 1 39.83 weak 18.08 low 2 1 17.46 weak 2.07 low 2 Legend: 1-universal banks 2-NBFIs University of Ghana http://ugspace.ug.edu.gh