UNIVERSITY OF GHANA
ANTI-MONEY LAUNDERING AND ENTERPRISE RISK MANAGEMENT
BY
JONATHAN NII OKAI WELBECK
(10259262)
THIS THESIS IS SUBMITTED TO UNIVERSITY OF GHANA, LEGON IN
PARTIAL FULFILMENT OF THE REQUIREMENT FOR THE AWARD OF PHD
FINANCE DEGREE
MARCH, 2015
University of Ghana http://ugspace.ug.edu.gh
i
DECLARATION
I, Jonathan Nii Okai Welbeck, declare that this work is the result of my own research and
has not been presented by anyone for any academic award in this or any other university.
All references used in the work have been fully acknowledged.
………………………………………........... ……………………………
JONATHAN NII OKAI WELBECK DATE
(10259262)
University of Ghana http://ugspace.ug.edu.gh
ii
CERTIFICATION
This is to certify that this thesis is the result of research undertaken by Jonathan Nii Okai
Welbeck, towards the award of the Doctor of Philosophy in Finance Degree in the
Department of Finance, University of Ghana, under the supervision of Dr. Godfred A.
Bokpin, Dr. Albert Gemegah and Dr. Simon K. Harvey, all of the University of Ghana
Business School, Ghana.
In places where references of other works have been cited, full acknowledgement has been
given. No part of this thesis has either been presented in whole or in part to any institution
for any award.
………………………………….. …………………….
DR. GODFRED A. BOKPIN DATE
(PRINCIPAL SUPERVISOR)
…………………………………….. ……………………..
DR. ALBERT GEMEGAH DATE
(CO-SUPERVISOR)
……………………………………. ……………………..
DR. SIMON K. HARVEY DATE
(CO-SUPERVISOR)
University of Ghana http://ugspace.ug.edu.gh
iii
DEDICATION
This thesis is dedicated to my beloved wife, Edem Emerald Welbeck (Mrs.), my three (3)
boys: Jefferson Reuben Nii Adama Welbeck; Jonathan Nii Ayitey-Adjin Welbeck; and
Sedem Nii Ayisam Welbeck, and also to my parents – Mrs Victoria Nueki Welbeck and
Edward Niifio Welbeck (deceased).
University of Ghana http://ugspace.ug.edu.gh
iv
ACKNOWLEDGEMENTS
I have been able to complete this thesis with the support and active co-operation of
concerned bodies and authorities as well as several persons; I am really indebted to them.
My God saw me through this journey and I would forever be grateful. I would like to
express deep feelings of gratitude to my Head of Department (HOD), Department of
Finance, University of Ghana Business School, Dr. Godfred A. Bokpin and Prof. A.Q.Q.
Aboagye, Department of Finance, University of Ghana Business School, for their
invaluable guidance at different stages of this thesis.
I am intensely indebted to my thesis supervisors, Dr. Godfred A. Bokpin, Dr. Albert
Gemegah and Dr. Simon K. Harvey, all of the Department of Finance, University of
Ghana Business School, for their very useful guidance and counseling in overcoming
various bottlenecks during the study and also for their commitment. My gratitude also
goes to Prof. Joshua Abor, Dean, University of Ghana Business School, Prof. Charles
Adjasi, University of Stellenbosch Business School, Stellenbosch University and Prof.
Isaac Kwame Dontwi, Dean, Institute of Distance Learning, Kwame Nkrumah University
of Science and Technology, Kumasi for their extraordinary support and encouragement to
the whole process of this thesis. I am truly blessed to benefit from their invaluable
contextual insights.
I am equally grateful to Mr. Millison Narh, Deputy Governor, Bank of Ghana, Mr.
Nicholas Okoe Sai, former Head Banking Supervision Department, Bank of Ghana and
Mr. Madoc Quaye, Director, Bank of Ghana Training Center for their support. I am highly
indebted to Mr. Essel Thompson, Chief Executive Officer, Financial Intelligence Centre
(FIC) for his wonderful interpretation of the AML/CFT laws to me.
University of Ghana http://ugspace.ug.edu.gh
v
I would similarly like to thank Ms. Kristel Grace Poh, Senior Financial Sector Expert,
Financial Integrity Group, Legal Department, International Monetary Fund and Mrs.
Rebecca Obare, Resident Advisor, Africa, International Monetary Fund, for their
continuous interest in the outcome of this thesis. Furthermore, I also wish to express my
profound gratitude to Mr. Jose Lewis, Association of Certified Anti-Money Laundering
Specialists (ACAMS), Miami, USA for his AML/CFT brochures and Mrs. Milimo Moyo,
Office of Technical Assistance (OTA), United States Department of Treasury for her
invaluable material support.
Again, I would take this opportunity to thank Prof. Kwame Adom Frimpong, Managing
Director, Main Stream Re-insurance and Mrs. Frances Van-Hein Sackey, Deputy Head,
AML/CFT Unit, Bank of Ghana whose significant contributions were evident in this
thesis; they lifted my spirit when it was most needed.
My sincere appreciation also goes to Mrs. Cecilia Adewale, and as well as my family for
their immense contributions and support.
Finally, my heartiest thanks go to my sweet wife, Mrs. Edem Emerald Welbeck, my lovely
sons, Nii Adama Welbeck, Nii Ayitey-Adjin Welbeck, and Nii Ayisam Welbeck, whose
proximity, love and affection provided me joy and relaxation. A special mention to
Jefferson Reuben Nii Adama Welbeck who played a leadership role for his siblings within
the period that I was writing this thesis, I am so grateful Jefferson.
University of Ghana http://ugspace.ug.edu.gh
vi
ABSTRACT
This thesis investigates the link between Anti-Money Laundering (AML) and Enterprise
Risk Management (ERM) as well as firm performance and ERM in the Ghanaian banking
industry. The study attempts to construct two barometers; AML and ERM barometers
using PCA methodology to gauge levels of compliance and adoption. The global financial
system continues to be plagued with uncertainties that need effective dynamic operational
risk management programmes in order to ensure financial institutions stay in business.
Though risk management in banks has improved over the years with the adoption of
enterprise risk management (ERM) and anti-money laundering compliance frameworks,
the association between the two has not been tested. This study therefore adopts a
positivist management research philosophy, a deductive and quantitative approach to
establish the relationship between AML and ERM within the Ghanaian banking space.
Also, the drivers of AML and ERM in Ghanaian banking sector are also investigated.
Results indicate that, the eight COSO ERM input variables are statistically significant and
could drive ERM in Ghanaian banks. Also, money laundering risk assessment, records
management, compliance programme and corporate governance significantly predict AML
in Ghanaian banks. In addition, AML influences banks adoption of ERM. Surprisingly,
there was no statistically significant relationship between firm performance and ERM.
The study concludes that as banks devote resources to AML compliance, the ERM
improves. The study recommends that banks invest in their AML systems in order to
improve their ERM. Furthermore, the study provides policy support to the global AML
standard setters/regulators.
University of Ghana http://ugspace.ug.edu.gh
vii
TABLE OF CONTENTS
CONTENT PAGE
DECLARATION ................................................................................................................... i
CERTIFICATION ................................................................................................................ ii
DEDICATION .................................................................................................................... iii
ACKNOWLEDGEMENTS ................................................................................................. iv
ABSTRACT ......................................................................................................................... vi
TABLE OF CONTENTS .................................................................................................... vii
LIST OF TABLES .............................................................................................................. xii
LIST OF FIGURES ........................................................................................................... xiv
LIST OF EQUATIONS ...................................................................................................... xv
LIST OF ACRONYMS AND ABBREVIATIONS ........................................................... xvi
CHAPTER ONE – INTRODUCTION ............................................................................. 1
1.0 Overview of the thesis ..................................................................................................... 1
1.1 Background of the Study ................................................................................................. 5
1.2 Problem Statement ........................................................................................................ 10
1.2.1 The Cost Implications of adopting AML and ERM frameworks ........................................... 11
1.2.2 Implications for wider range of risks and emerging risks ..................................................... 12
1.2.3 Implications of AML and ERM indices for prudent corporate governance ..................... 13
1.2.4 Implications of adopting AML and firm performance on ERM ............................................. 13
1.2.5 Implications for developing an AML Index ................................................................................... 15
1.3 Research Objectives ...................................................................................................... 17
1.5 Research Hypotheses .................................................................................................... 17
1.6 Motivation for the Study ............................................................................................... 17
University of Ghana http://ugspace.ug.edu.gh
viii
1.8 Scope of the Study ........................................................................................................ 21
1.9 Study Limitations .......................................................................................................... 22
1.10 Organisation of the study ............................................................................................ 22
CHAPTER TWO – LITERATURE REVIEW .............................................................. 24
2.0 Introduction ................................................................................................................... 24
2.1 Goal of this chapter ....................................................................................................... 24
2.2 Layout of this chapter.................................................................................................... 25
2.3 Theoretical background ................................................................................................. 25
2.4 Evolution of Enterprise Risk Management ................................................................... 28
2.4.1 The COSO ERM framework ...................................................................................... 29
2.4.1.1 Overview of COSO ERM components .......................................................................................... 32
2.5 Drivers of ERM ............................................................................................................. 43
2.5.1 Firm size ...................................................................................................................................................... 46
2.5.2 Firm industry ............................................................................................................................................ 46
2.5.3 Financial leverage ................................................................................................................................... 47
2.5.4 Earnings volatility ................................................................................................................................... 48
2.5.5 Stock price volatility............................................................................................................................... 48
2.5.6 Institutional ownership ........................................................................................................................ 49
2.5.7 Corporate governance ........................................................................................................................... 50
2.5.8 Firm complexity ....................................................................................................................................... 50
2.5.9 Presence of Chief Risk Officer (CRO) ............................................................................................... 52
2.5.10 Auditor type (Big four) ....................................................................................................................... 53
2.5.11 Management commitment ................................................................................................................ 53
2.6 ERM Effectiveness measures ........................................................................................ 54
2.7 General theoretical foundations of firm performance ................................................... 71
University of Ghana http://ugspace.ug.edu.gh
ix
2.8 Definitions of money laundering .................................................................................. 84
2.8.1 Stages of money laundering ................................................................................................................ 86
2.8.2 Empirical review on money laundering (ML) ............................................................................. 87
2.9 Drivers of AML............................................................................................................. 92
2.10 Overview of Ghana’s AML/CFT & P environment ................................................. 108
2.11 Construction of Composite Indices (CIs) .................................................................. 114
2.12 The Structure of Ghana’s Financial and Banking Systems ....................................... 118
CHAPTER THREE – RESEARCH METHODOLOGY ............................................ 121
3.0 Introduction ................................................................................................................. 121
3.1 Construction on AML and ERM Indices Using PCA ................................................. 121
3.1.1 The ERM adoption components ...................................................................................................... 123
3.1.2 Anti-money laundering components ............................................................................................ 126
3.2 Percentile categorisation and interpretation of PCA scores ........................................ 129
3.3 The Basic model for AML, Firm performance, and ERM Nexus .............................. 130
3.4 Description of selected drivers of ERM ...................................................................... 135
i. Auditor type ......................................................................................................................................... 135
ii. Firm size ................................................................................................................................................ 136
iii. Chief Risk Officer (CRO) ............................................................................................................. 136
iv. Capital Adequacy Ratio (CAR) ...................................................................................................... 137
v. Firm performance (bank profitability) ..................................................................................... 137
vi. Risk Culture .......................................................................................................................................... 138
vii. Anti-Money Laundering index ................................................................................................. 138
3.5 The Study Research Design ........................................................................................ 139
University of Ghana http://ugspace.ug.edu.gh
x
CHAPTER FOUR ........................................................................................................... 140
EMPIRICAL RESULTS AND DISCUSSIONS ........................................................... 140
4.0 Introduction ................................................................................................................. 140
4.2 The AML drivers......................................................................................................... 141
1. Money laundering risk assessment (MLRA) ................................................................................ 141
2. Records Management (RMGT) ......................................................................................................... 143
3. Compliance Programme (CPROG) ................................................................................................... 145
4. Corporate governance (CGOV) .......................................................................................................... 147
4.3 The AML index ........................................................................................................... 149
4.4 The ERM components ................................................................................................ 151
1. Internal environment ............................................................................................................................ 151
2. Objective setting ...................................................................................................................................... 153
3. Event identification ................................................................................................................................ 155
4. Risk assessment ....................................................................................................................................... 157
5. Risk response ........................................................................................................................................... 159
6. Control activities ..................................................................................................................................... 161
7. Information and Communication ..................................................................................................... 163
8. Monitoring and evaluation .................................................................................................................. 164
9. Organisational culture .......................................................................................................................... 166
10 The ERM index ....................................................................................................................................... 167
4.5 Descriptive statistics.................................................................................................... 172
4.6 Association between AML and ERM ......................................................................... 174
4.7 Regression Results ...................................................................................................... 176
4.6.1 Firm performance (ROA) ................................................................................................................... 177
4.6.2 Anti-money laundering compliance index .................................................................................. 177
4.6.3 Firm size .................................................................................................................................................... 178
University of Ghana http://ugspace.ug.edu.gh
xi
4.6.4 Auditor type ............................................................................................................................................. 179
4.6.5 Capital Adequacy Ratio ....................................................................................................................... 179
4.6.6 Risk Culture ............................................................................................................................................. 180
CHAPTER FIVE ............................................................................................................. 181
SUMMARY OF FINDINGS, CONCLUSIONS, CONTRIBUTIONS AND
RECOMMENDATIONS ................................................................................................ 181
5.0 Introduction ................................................................................................................. 181
5.1 Summary of Findings .................................................................................................. 181
5.2 Conclusions ................................................................................................................. 183
5.1 Contributions to knowledge ........................................................................................ 184
5.3 Recommendations ....................................................................................................... 185
5.4 Areas of Further Research ........................................................................................... 186
BIBLIOGRAPHY ............................................................................................................. 187
Appendix A: Questionnaire on Enterprise Risk Management and Anti-Money Laundering
in the Ghanaian banking sector ......................................................................................... 212
Appendix B: Rescaled scores: ERM Adoption and AML compliance ............................. 224
University of Ghana http://ugspace.ug.edu.gh
xii
LIST OF TABLES
Table 1: Ghana AML/CFT compliance environment ........................................................ 110
Table 2: The ERM Adoption index variables .................................................................... 125
Table 3: AML index variables ........................................................................................... 128
Table 4: Scores interpretation ............................................................................................ 130
Table 5: Selected Drivers of ERM Adoption ..................................................................... 134
Table 6: Risk matrix of ML/TF vulnerabilities .................................................................. 140
Table 7: Results: Money Laundering Risk Assessment ..................................................... 142
Table 8: Results: Records Management Component ......................................................... 144
Table 9: Results: Compliance Programme ......................................................................... 146
Table 10: Results: Corporate Governance ......................................................................... 148
Table 11: Results: AML Index ........................................................................................... 150
Table 12: Results: Internal Environment ........................................................................... 152
Table 13: Results: Objective Settings Component............................................................. 154
Table 14: Results: Event Identification Component .......................................................... 156
Table 15: Results: Risk Assessment .................................................................................. 158
Table 16: Results: Risk Response Component .................................................................. 159
Table 17: Results: Control Activities ................................................................................. 162
Table 18: Results: Information & Communication Component ........................................ 163
University of Ghana http://ugspace.ug.edu.gh
xiii
Table 19: Results: Monitoring and evaluation ................................................................... 165
Table 20: Results: Organisational Culture ......................................................................... 166
Table 21: Results: ERM Index ........................................................................................... 169
Table 22: Summary statistics: AML Compliance and ERM Adoption ............................. 172
Table 23: Percentile distribution of scores ......................................................................... 172
Table 24: AML compliance and ERM adoption ................................................................ 174
Table 25: Top ten performers ............................................................................................. 175
Table 26: Multivariate results ............................................................................................ 176
University of Ghana http://ugspace.ug.edu.gh
xiv
LIST OF FIGURES
Figure 1: COSO Framework (2004) .................................................................................... 30
Figure 2: Enterprise Risk Management (ERM) Adoption index variables (modified COSO
ERM framework) ............................................................................................ 124
Figure 3:Anti-Money Laundering Index Variables........................................................... 127
University of Ghana http://ugspace.ug.edu.gh
xv
LIST OF EQUATIONS
Equation 1: ERMi = b0 +b1AMLi +b2ROAi +BX +ei……………………………. 141
Equation 2: y = xb+ m ……………………………………………………………... 142
Equation 3: yi = ¢xib + ei …………………………………………………………… 142
University of Ghana http://ugspace.ug.edu.gh
xvi
LIST OF ACRONYMS AND ABBREVIATIONS
ACAMS - Association of Certified Anti-money Laundering Specialists
(CAMS)
AG’s - Attorney Generals Department
AIs - Accountable Institutions
AML/CFT - Anti-Money Laundering/ Combating of the Financing of Terrorism
BBG - Barclays Bank Ghana Limited
BNI - Bureau of National Investigation
BoG - Bank of Ghana
BSC - Balance Score Card
CDD - Customer Due Diligence
CFA - Confirmatory Factor Analysis
CIB - Chartered Institute of Bankers
COSO - Committee of Sponsoring Organisations of the Treadway
Commission
CRO - Chief Risk Officer
DIC - Direct Intellectual Capital methods
DNFBPs - Designated Non-Financial Businesses and Professions
EDD - Enhanced Due Diligence
EIU - Economic Intelligence Unit
EOCO - Economic and Organised Crime Office
ERM - Enterprise Risk Management
University of Ghana http://ugspace.ug.edu.gh
xvii
EVA - Economic Value Added
FATF - Financial Action Task Force
FEAR - Frontier Efficiency Analysis within R
FIC - Financial Intelligence Centre
FINSSP - Financial Sector Strategic Plan
FSRBs - FATF- style regional bodies FATF
G7 - Group of Seven Highly Industrialised Nations
GAF - Ghana Armed Forces
GBA - Ghana Bar Association
GCB - Ghana Commercial Bank
GDP - Gross Domestic Product
GFI - Global Financial Integrity
GhIPSS - Ghana Interbank Payment and Settlement System
GIABA - Intergovernmental Action Group Against Money Laundering in
West Africa
GIS - Ghana Immigration Service
GPS - Ghana Police Service
GRA - Ghana Revenue Authority
GREDA - Ghana Real Estate Developers Association
GSS - Ghana Statistical Service
ICA - Institute of Chartered Accountants
University of Ghana http://ugspace.ug.edu.gh
xviii
IEV - Implied Equity Volatility
IFAC - International Federation of Accountants
IMF - International Monetary Fund
IOSCO - International Organisation of Securities Commissions
KPMG - Klynveld Peat Marwick Goerdeler (accounting firm)
KRD - Key Risk Drivers
KRIs - Key Risk Indicators
KYC - Know Your Customer
L.I. - Legislative Instrument
LEA’s - Law Enforcement Agencies
MCM - Market Capitalisation Methods
ML - Money Laundering
MoF - Ministry of Finance
MOU - Memorandum of Understanding
NACOB - Narcotics Control Board
NGOs - Non-Governmental Organisations
NIC - National Insurance Commission
NPRA - National Pensions Regulatory Authority
NSCS - National Security Council Secretariat
OFISD - Other Financial Institutions Supervision Department
PEPs - Politically Exposed Persons
PESTEL - Political, Economic, Socio-Cultural, Technology, Ecology and Legal
University of Ghana http://ugspace.ug.edu.gh
xix
PMMC - Precious Minerals Marketing Company
PwC - PricewaterhouseCoopers
RCBs - Rural Community Banks
ROA - Return on Asset
ROE - Return on Equity
RV - Realised Volatility
SCB - Standard Chartered Bank
SEC - Securities and Exchange Commission
SEM - Structural Equation Modeling
SRB - Self-Regulatory Bodies
SSB - Social Security Bank
STR - Suspicious transactions reporting
SWOT - Strengths, Weaknesses, Opportunities and Threats
TF - Terrorists Financing
TQM - Total Quality Management
TRM - Traditional Risk Management
TSE - Toronto Stock Exchange
UNODC - United Nations Office on Drugs and Crime
VBRM - Value-based ERM
VCTA - Venture Capital Trust Authority
University of Ghana http://ugspace.ug.edu.gh
1
CHAPTER ONE – INTRODUCTION
This is the introductory chapter of the entire work which creates a general context for the
study. The goal of this chapter is to provide a comprehensive background to the study on
the need for financial institutions to adopt enterprise risk management and implement anti-
money laundering practices, especially in the Ghanaian banking sector. Additionally, the
chapter brings to the fore the research problem, the research objectives, research questions,
hypotheses, the motivation for the study, the scope and limitation of the study, as well as
the overall structure or the organization of the study.
1.0 Overview of the thesis
Money Laundering (ML) has become a topical issue and a global concern. AML measures
are expected to minimize the ML risk affecting the global financial system and countries.
COSO (2004) posits that with the adoption of ERM, firms effectively and efficiently
manage both traditional risks and emerging risks such as credit, interest rate, market risk,
money laundering, terrorist financing and cross border risks. Banks play unique role in
economic development through the financial intermediation activities. According to
FINSSP (2012) report, financial performance of Ghana’s banking sector has quadrupled in
the last two decades. Gordon et al., (2009) argue that performing firms are likely to adopt
ERM. This thesis investigates the link between AML and ERM as well as firm
performance and ERM in the Ghanaian banking industry. The study constructs two
barometers; AML barometer and ERM barometer using principal component analysis
(PCA) methodology to gauge the level of AML compliance and ERM among banks in
Ghana. The social and economic consequences of money laundering (ML) have been
espoused in literature (FATF, 2012, IMF, 2010). Financial institutions have been called
upon to be “gate-keepers” to ensure that the economic and financial systems do not
University of Ghana http://ugspace.ug.edu.gh
2
collapse as results of money laundering activities. The cost of money laundering is
estimated between USD 500m to USD 1.5 billion annually (IMF, 2012). In spite of the
absence of a robust metric to give early warning signals, a lot of effort has been made
financially and non-financially to ensure that there is global financial soundness and
stability. Financial and insurance activities contributed about 5.2% of gross domestic
product (GDP). Banking sector assets have tripled over the last two decades (FINSSP,
2012). Welbeck (2008) posits that the Ghana’s banking sector has become very
competitive (HHI=0.015). As at 31st December, 2013,the Bank of Ghana regulates and
supervises 26 universal banks,53 NBFIs, 333 forex bureau, 216 microfinance institutions,5
inward remittance Ghana’s financial sector reforms and banking sector liberalization have
witnessed the influx of foreign banks including Nigerian banks. To date out of the 26
banks, foreign banks are 14. Though, there is no empirical evidence to establish terrorist
financing through laundered funds in Ghana (Adu-Amankwa, 2015), the preconditions for
money laundering, terrorism and terrorist financing are ripe in Ghana. These include but
are not limited to: high volumes of cash-based transactions (approximately
GH₵1.13trillion), pervasive corruption, wide spread poverty, high rate of unemployment,
internet frauds, thriving shadow financial system, organized prostitution, booming real
estate business and electronic payment systems such as mobile money. Welbeck (2013)
argues that ML/TF risk assessment is key to an implementable AML/CFT compliance
framework. He further argues that without assessing the ML/TF risks in business
operations, banks compliance programmes may not achieve the intended goals or
objectives.
Ghana is a becoming interesting case to study with respect ML due to its unique role in the
West Africa sub region and its blacklisting by FATF in 2012. In addition, recent
developments in the banking sector reveals emergence of money laundering risks (Annor,
University of Ghana http://ugspace.ug.edu.gh
3
2014). To ensure Ghana is not a safe haven for money launderers, Ghana has established
the Law Enforcement Coordinating Bureau under Section 4(2) of the Executive Instrument
2012 (E.I.8), AML Act 2008 Sections 5(b), 28(2), 35 and 49 of Act 749 and is made up of
BoG, SEC, NIC, GPS, GIS, NSCS, BNI, EOCO, FIC, GAF, GRA, AG’s Department.,
NACOB, Ghana Maritime Authority, Ghana Airports Company Limited and Ministry of
Foreign Affairs and Regional Integration, It has also criminalized money laundering
(punishment for ML offence is 10years) under. S.2 of AML Act, 2008 (Act 749), passed
the AML (Amendment) Act 2014, (Act 874), AML Regulations, 2011 (L.I. 1987),
Criminal Offences (Amendment) Act, 2012 (Act 849), Immigration (Amendment) Act,
2012 (Act 848); Economic and Organised Crime Office Act, 2010 (Act 804), Economic
and Organised Crime Office (Operations) Regulations, 2012 (L.I. 2183), Anti-Terrorism
Act, 2008 (Act762), Anti-Terrorism (Amendment) Act, 2012 (Act 842), The Anti-
Terrorism Regulations, 2012 (L.I. 2181); BoG/FIC AML/CFT Guidelines (2011);
SEC/FIC AML/CFT Guidelines (2011) and NIC/FIC AML/CFT Guidelines (2011).
In spite of all these initiatives, the absence of a robust metric to gauge the level of AML
compliance and ERM makes it difficult to justify the investments made so far.
This study therefore attempts to develop an AML index to help measure the AML
compliance level of Ghanaian banks and also appreciate the efforts made by the Financial
Intelligence Centre, the Bank of Ghana and other international bodies.
The main theoretical framework for this study is risk management. Risk management has
evolved from “silo” risk management (RM) to “firm-wide” RM. Mixed results have been
found in literature on the relationship between firm performance and ERM (Gordon et al.,
2009; Pagach & Warr, 2008 & Liu et al., 2010). Purge (2008) argues that ERM
University of Ghana http://ugspace.ug.edu.gh
4
implementation increases the cost of operation, thus reducing profits of firms. Razali et al.,
(2011) measured ERM by firms using the presence of a chief risk officer (CRO), where
the presence of a CRO indicates adoption and non-presence, otherwise. Mcshane et al.,
(2011), using Standard and Poor’s (S&P’s) ERM index argues that ERM adoption
positively influences firm performance. Gordon et al., (2009), based on the COSO ERM
Framework (2004), developed an ERM adoption index based on the COSO output
variables (strategic, operations, reporting and compliance) and concluded that the positive
link between ERM and firm performance is dependent on contingencies. Several authors
including (Golshan & Abdul-Rasid, 2012; Gordon et al., 2009; Beasley et al., 2005)
identified a number of drivers for ERM adoption which include; firm size, firm
complexity, chief risk officer (CRO), auditor type (Big four). Several studies abound in
literature on the economic consequences of ML (Mackrell, 1997; McDowell, 2001 &
Tanzi, 1997). Yepes (2011) argues that domestic compliance of AML standards is a key
determinant of susceptibility of the financial sector to the risks posed by money laundering
and terrorist financing activities. However, studies considering the link between AML and
ERM are scarce in literature to the best of the author knowledge and this is the study’s
contribution to knowledge.
In order to meet the objectives outline earlier, an epistemological (positivist) research
philosophy with a deductive research approach was adopted. This study applied
quantitative research strategy to formulate hypotheses to test the empirical linkage
between AML and ERM in the Ghanaian banking sector. Furthermore, a 2-stage approach
was used to construct the ERM and AML indices. The first principal components were
selected to represent the indices because they represent contribute to a larger proportion of
the variability in the AML and ERM datasets
University of Ghana http://ugspace.ug.edu.gh
5
PCA results show the eight (8) COSO ERM framework components (Internal
environment, Objective setting, Event identification, Risk assessment, Risk response,
Control activities, Information and Communication and Monitoring and evaluation) are
statistically significant (p-values-0.0000). Also, money laundering risk assessment,
records management, compliance programme and corporate governance with p-values
of0.0000) are found to be predictors of AML in Ghana banking industry. Bank with good
AML compliance systems have adopted ERM. Chi-square results show an association
between AML and ERM. Furthermore, regression analysis shows that AML Compliance
is a significant predictor of ERM at 1%. Risk culture is also a significant predictor of ERM
at 5%. Prior studies (Gordon et al., 2009) show that profitability predicts ERM adoption;
however this study reveals statistically insignificant relationship. Also, size of a bank
influences the adoption of ERM at 10%. The major contribution to literature and industry
is the development of continuous AML and ERM barometers. Also, the study established
an association between AML and ERM. From the positive association between AML and
ERM, banks should be encouraged to invest in their AML systems. The study also
provides policy support to the global AML standard setters/regulators. However, this study
did not explore the causality between AML and firm performance.
1.1 Background of the Study
The global financial system has been plagued with varied risks and uncertainties, thus
calling for an introduction of proactive measures to ensure global financial stability
(White, 2009; Taylor, 2007; IMF, 2001; FATF, 2010). Financial crises have not only
occurred in advanced economies, but have also been a feature of the recent economic
scene in developing economies (World Bank, 2007; Mishkin, 1996). The prevalence of
both traditional and emerging risks like money laundering (ML) and terrorists financing
University of Ghana http://ugspace.ug.edu.gh
6
(TF) have forced academics, regulators and policy makers to rethink contours of the
current financial system (Kroszner & Melick, 2009). Thus, developing economies have
called for the maximum regulatory overhaul at both national and regional levels to
mitigate the effect of varied risks on their economies, financial systems and ultimately, the
citizenry (Acharrya et al., 2009; Rojas-Suarez & Weisbrod, 1994; Stiglitz & Diamond,
1984.). The holistic management of both traditional and emerging risks has been seen as a
stronger way of managing risks at the corporate and national levels of an economy
(COSO, 2004; ISO 31000, 2009).
Financial institutions of which banks constitute about eighty (80) percent in Sub-Saharan
Africa (FATF, 2010) have championed economic development by channeling funds from
surplus units to deficit units, risk mitigation and transparency. These institutions have
traditionally suffered from credit, interest rate, exchange rate, concentration, reputation
and legal risks (Dionne et al., 2010). Money laundering and terrorist financing which
have been recently identified as emerging risks facing the financial institutions of
developing countries have been in existence for many years in the western world, and
various laws and frameworks have been adopted to minimize their negative effects on
economic systems. However, little seem to have been done by developing economies to
curtail the financial system from being used by criminals to transfer their ill-gotten wealth,
and Ghana is no exception (Basel, 2012).
The threat to global financial stability, economic growth and the operations of financial
institutions by money launderers led to the establishment of the Financial Action Task
Force in 1989 by the G7 nations as the global standard-setter in the fight against money
laundering and terrorist financing (IMF, 2001; FATF, 1996). Money laundering involves
University of Ghana http://ugspace.ug.edu.gh
7
the placement, layering and integration of funds from illegal activities through the
financial system to legitimize the sources of such funds (FATF, 2010). Financial
institutions by coverage, nature, speed of transactions, ease of converting wealth to cash
without significant loss of principal, routine adoption of computer systems in operations,
operation within a competitive commission-driven environment and the performance of
auxiliary functions like acting as correspondent and respondent banks, trustees and agents
make them more susceptible to money laundering and other vulnerabilities. All entities
face uncertainties, which influence their profitability, effectiveness, reputation and
shareholder value. Traditionally, entities scan the environment through the strength,
weakness, opportunities and threats (SWOT) analysis while the political, economic, socio-
cultural, technology, environmental and legal (PESTEL) and other tools are used to detect
and manage the varied risks they face (COSO, 2004; Bell et al., 1997).
Until enterprise risk management (ERM) evolved in the year 2000, financial institutions
including banking institutions have relied on the simplistic silo-based approach to detect,
control, mitigate and manage risks. Abdullah et al., (2012) define risk management as the
process by which entities analyze their risks and assign effective risk controls to check
such exposures with the view to attain strategic objectives. Though there is no universally
accepted definition for enterprise risk management (ERM), it is broadly viewed as a
systematic, disciplined, holistic loss-prevention and control system that is strategically
applied to identify potential enterprise-wide risks that tend to affect an entity’s operations,
compliance, performance and reporting (Dionne, 2003; Razali et al., 2011; Gordon et. al,
2009; Standard & Poor, 2008; Havenga, 2006; COSO, 2004; Lam, 2003; Dickinson,
2001).
University of Ghana http://ugspace.ug.edu.gh
8
Anti-money laundering (AML) compliance programmes by design and implementation
manages firm-wide money laundering and terrorist financing risk. Thus, ERM and AML
compliance frameworks primarily task entities to be proactive in identifying and
addressing risks that hinder their operations and value creation abilities for stakeholders
(Dionne et al., 2003). The growth in the banking sector coupled with increasing
recognition for firm-wide risk management have fuelled increasing expectations of these
institutions to comply with constantly evolving regulatory demands (Wu & Olson, 2008;
FATF, 2010). This scrutiny has made AML and ERM a major requirement for many
Banks in Sub Saharan Africa, especially the Ghanaian banking institutions.
Consequently, banks in Ghana have been tasked by regulatory bodies to continually
implement and comply with risk management policies and procedures, which include anti-
money laundering laws to detect, prevent, mitigate and respond to the threat of money
laundering and other risks, which may affect their activities (Reuter & Truman, 2004).
Review of extant literature on ERM adoption and firm performance reveal that various
studies conducted on advanced economies produced mixed results (Gordon et al., 2009;
Pagach & Warr, 2006; Stulz, 2003; Vafeas, 1999; Yermack, 1996). Yepes (2011) looked
at countries’ compliance with the Anti-Money Laundering and Combating the Financing
of Terrorism (AML/CFT) international standards during the period 2004 to 2011 and
concluded that overall compliance is low; there is an adverse impact on financial
transparency created by the cumulative effects of poor implementation of standards on
customer identification. This therefore calls for a study of the effective compliance of
financial institutions especially banking institutions to domestic and international AML
standards. Additionally, money laundering as an evolving activity requiring banking
institutions to have an anti-money laundering compliance barometer to help avert
University of Ghana http://ugspace.ug.edu.gh
9
operational, legal, concentration and reputational risks that confront their operations
(Jones & Kroll, 2011; IMF, 1996). It is evident that the level of awareness and
understanding of ERM and AML concepts are still low in developing countries (Pagach &
Warr, 2011; Zadeh, 2010; Gordon et al., 2009; Liebenberg & Hoyt, 2003).
In addition, very little empirical research has been done on the drivers of ERM adoption in
the developing world and this has influenced the pace at which ERM is adopted, in
developing economies. Nonetheless, in a world of increasing globalization and
information technology, it is imperative for banking institutions in developing economies
to appreciate and adopt international best practices in risk management. Thus, the
ambiguity in the empirical findings, the need to have a robust ERM adoption and AML
compliance frameworks for timely risk mitigation and the implications these frameworks
have on firm performance necessitated this research.
The present study is therefore meant to fill the gap in the empirical literature on enterprise
risk management adoption, anti-money laundering compliance and firm performance in
developing economies. Clearly, this study is novel for investigating the hitherto
unexamined association among anti-money laundering compliance measures, firm
performance and the overall influence on enterprise risk management adoption in the
Ghanaian financial sector. The methodology adopted for the study followed those used in
similar research studies. This thesis aims at providing the drivers of enterprise risk
management adoption, developing an ERM adoption and AML compliance indices and
also establishing the linkages among anti-money laundering compliance, firm performance
and enterprise risk management adoption in Ghanaian banking industry. The study is
timely because it provides empirical analysis based on sound intellectual underpinnings
for enterprise risk management and anti-money laundering policies to better manage
University of Ghana http://ugspace.ug.edu.gh
10
emerging and traditional risks associated with the banking sectors of developing
economies.
1.2 Problem Statement
Financial institutions’ compliance with a country’s AML/CFT laws and guidelines plays
an important role in ensuring a sound financial system. Ghana’s financial sector has
undergone extensive reforms over the last two decades. The main financial institutions in
Ghana’s economy are banks which are the main mobilizers of funds, providers of risk
management services and financiers of medium and large scale enterprises and
government. It is through them that finance makes its major contribution to sustained
economic growth, development and stability in Ghana. Banks also play an important role
in ensuring an efficient and effective payment system and transaction processing and in
facilitating monetary and fiscal policies. The banking industry is dominated by banks and
NBFIs whose share of the total banking assets is 90 percent. The industry has seen growth
over the years; the number of banking institutions have increased from 16 to 79 (2000-
2013); total shareholders’ capital for the industry has almost tripled (2000-2013); the
industry looks profitable coupled with better return on assets and equity (2000-2013. Also,
introduction of e-payments systems such as the e-money,e-zwitch, mobile money
services, credit and debit cards, internet banking etc. make Ghana’s banking system an
interesting case to study. As money laundering and terrorist financing can occur through
many different avenues in different sectors of the economy, the banking system has
become the focus of regulators and the international community. In addition, the
inadequate comprehensive risk management guidelines for the industry make the players
in the industry to adopt different risk management models to mitigate risk in their internal
and external environments. Risk management has evolved from silo risk management to
University of Ghana http://ugspace.ug.edu.gh
11
holistic risk management where a residual risk is communicated across the entire firm and
to stakeholders. Gordon et al., (2009) argue that ERM improves firm’s performance. A
firm’s adoption of ERM has been proxied with appointment of a chief risk officer (CRO)
which is given a value of one, and zero, otherwise. This measure is seen as a weak tool in
assessing ERM adoption as it does not measure firms that have adopted ERM to some
degree. Also, risk management is a process and not an event. Hence, risk management
should be measured on a continuum at different times. This current study attempts to
develop a robust barometer to gauge the ERM levels of Ghanaian banks as at 31st
December, 2013. Also, due to the importance of AML in the financial service sector, a
robust discrete variable is also developed to assess the level of AML in the Ghanaian
banking sector. Furthermore, the association between AML and ERM is untested to the
best of the authors’ knowledge. Attempt is also made in this thesis to evaluate Ghana’s
technical compliance with FATF 40 recommendation after the delisting of Ghana from
FATF Blacklist. Also, the study attempted to answer the following research questions:
i. Do Ghanaian banks have high AML compliance levels?
ii. Do Ghanaian banks have high ERM adoption levels?
iii. Is there any association between anti-money laundering compliance and enterprise
risk management adoption in the Ghanaian banking industry?
1.2.1 The Cost Implications of adopting AML and ERM frameworks
According to the COSO framework (COSO, 2004), ERM is a holistic enterprise-wide
management process that is linked with the overall strategy of the firm. Strategy requires
management to strategically plan ahead in order to achieve set goals and targets. Thus, a
risk management framework in place serves as a guide for firms to prudently manage their
University of Ghana http://ugspace.ug.edu.gh
12
risks to achieve set objectives. Hypothetically and empirically, to some degree, ERM
tends to be adopted by larger firms that are well resourced performers in an industry.
Obviously, more financial and other inputs would only be committed to ERM adoption
when it significantly impacts on firm performance. Since available empirical results (Hoyt
& Liebenberg, 2009; Nocco & Stulz, 2006; COSO, 2004; Stulz, 2003, 1996; Lam, 2003;
Barton et al., 2002) suggest that financial institutions have been frontrunners in ERM
adoption, the current study seeks to echo to firms that huge cost is certainly involved in the
implementation of ERM as well as AML compliance. Additionally, compliance with laws
and conformity with high ethical standards, without compromising on international best
practices oblige financial institutions to enact AML legislations, in order to prevent the
financial system from being used as conduit for money laundering (ML).
Furthermore, the mandatory nature to adopt an AML compliance framework coupled with
its inherent non-compliance punitive measures, leave banking institutions no choice than
to absorb the huge costs involved in ensuring compliance with AML policies and
procedures. One of the objectives of the present study is the development of AML
compliance index, which would serve as a barometer for banking institutions to rightly
gauge their level of compliance to AML. Thus, it helps stakeholders to justify the costs
incurred in assessing the effectiveness of compliance programmes and the return on
investments made in AML implementation frameworks while being shielded from use as
conduit for the disposal of criminal proceeds.
1.2.2 Implications for wider range of risks and emerging risks
Until ERM was developed in the 2000s, firms had managed various risks with the help of
the piece-meal silo-by-silo method. Firms at the time performed well because they
operated in a business environment that was relatively stable and used no or few
University of Ghana http://ugspace.ug.edu.gh
13
technologies. However, rapid development in information technology, a flurry of
corporate governance scandals (Simkins & Samirez, 2008) and poor risk management in
the past few decades have deepened the need to proactively identify, prioritize, and
manage all possible risks that confront firms (COSO, 2004; CAS, 2003). To survive in a
competitive business environment within the context of globalisation, firms have
incorporated emerging risks such as money laundering (ML) and terrorists financing (TF)
into their traditional risk areas in determining performance. It is also worthy to note that
just as marketers advise that the marketing function should permeate the length and
breadth of an entity, ERM adoption and AML compliance frameworks remind
management to identify risks not only in the finance department, but also in the human
resource, research and development as well as other departments. This implies that ERM
adoption and AML compliance are designed to cut across all levels in the organization.
This study, thus, profiles the varied risks that confront the banking sector in developing
economies.
1.2.3 Implications of AML and ERM indices for prudent corporate governance
Even though substantial empirical literature and survey results of service providers have
affirmed inadequate corporate governance practices and poor risk management as causes
of the global financial crisis, very little has been done empirically to ascertain the link
among ERM, AML and corporate governance (Subhani & Osman, 2011). Both AML and
ERM implementation requires board and management commitment.
1.2.4 Implications of adopting AML and firm performance on ERM
The relationship among AML compliance, firm performance and ERM adoption, in real
time is still a debatable issue. Theoretically, ERM adoption has both direct and indirect
benefits to the firms that adopt it (Liebenberg et al., 2003; Hoyt & Liebenberg, 2006).
University of Ghana http://ugspace.ug.edu.gh
14
COSO (2004) observed that the overall purpose of ERM adoption is to protect and
enhance shareholder value. Furthermore, ERM adoption hypothetically reduces the
marginal cost of risk as it eliminates duplication of costs of risk management programmes
across departments (Eckles et al., 2011). Again, Gordon et al., (2009) explored the
relation between a firm’s ERM adoption and performance as contingent on the proper
match between a firm’s ERM adoption and five firm related variables: environmental
uncertainty, industry competition, firm size, firm complexity and board of directors’
monitoring (Golshan & Abdul-Rasid, 2012; Hoyt & Liebenberg, 2006; Beasley et al.,
2005). It is worth mentioning that the link between ERM adoption and firm performance
signifies the holistic and strategic characteristic of ERM as a system theory paradigm of
risk management. Since no empirical evidence exists in Ghana, this study seeks to
establish the impact firm performance would have on ERM adoption. This study reflects
the business environment of developing countries against the background of how
performance impacts ERM adoption in the Ghanaian banking sector.
University of Ghana http://ugspace.ug.edu.gh
15
1.2.5 Implications for developing an AML Index
An effective AML framework captures the extent of money laundering control on the
basis of a bank’s AML compliance. Meanwhile, banking institutions view AML
compliance as a strategic advantage for competitiveness and thus invest heavily in the area
to attain this objective. However, effective AML framework is not only limited to
achieving a one-off AML compliance. This explains why there is the need for banks to
institute continuous measurement strategies to signal them of the potential dips in real-
time to enhance their compliance to AML framework.
Furthermore, it is imperative to know which factors to focus on in committing scarce
resources to achieve AML compliance because it is critical to business success. It is
believed that developing an AML compliance index ensures an effective management of
the ever evolving money laundering and then improves on the risk management
framework of banking institutions. Thus, the research focuses on banking institutions for
reasons such as: without due diligence, banking institutions can be subject to reputational,
operational, legal and concentration risks, which ultimately can affect the integrity of
financial systems. Additionally, following the liberalization of Ghana’s financial sector in
1989, the sector has witnessed consistent growth in terms of size, composition and
sophistication as suggested by available data (GSS, 2013). It is therefore obvious that a
more concerted effort is needed to provide feedback to track performance and contribute
to improvement in the sector. Also, since 2001, the International Monetary Fund (IMF)
and World Bank have made it a requirement for countries that benefit from their financial
and structural assistance programmes to have in place an effective AML controls. Finally,
banking institutions by coverage, product portfolio and globalised nature are more
susceptible to money laundering. Thus, irrespective of the size of a bank, there should be
some centralized aspect of control that has an organization-wide view of AML efforts
University of Ghana http://ugspace.ug.edu.gh
16
within the entity. However, banks face risks that are dynamic and need to be continuously
managed accurately and periodically to device practical steps to mitigate them.
It is challenging to create an AML index and a standardized risk assessment because
money laundering is a secret act on which data is hard to obtain. Thus, it is difficult to find
a universally accepted methodology for measuring AML index due to the limited available
data. Lack of clear concepts and methodological standards mean that compliance officers
and researchers face considerable constraints and challenges when attempting to construct
an AML compliance index for entities on the basis of their exposure to money laundering.
Nonetheless, the banking sector nay consider the AML compliance barometer as a highly
useful tool to fulfill regulatory requirements in relation to AML country risk rating,
particularly, valuing its foundation in scientific research.
In developing the AML compliance index, this study seeks to establish the credible and
relevant sources to identify money laundering risks and methodology that can be used to
develop a composite AML index for the banking sector. Developing an AML index
would give banking institutions a barometer to continuously improve on the extent of their
AML compliance and then validate their gains and identify key areas for improvement.
The developed index can serve as an important tool for benchmarking and for motivating
policy makers to ensure AML compliance. Thus, the index would help policy makers to
prioritise reforms accordingly. Again, as future rounds of the data set become available,
they could also track the success of those reforms. Therefore, the AML compliance is
meant to be continuously reviewed to address its methodological challenges and monitor
new trends as data becomes available.
University of Ghana http://ugspace.ug.edu.gh
17
1.3 Research Objectives
The broad objective of this study is to investigate the influence of AML compliance and
enterprise risk management adoption in the Ghanaian banking industry. In this vein, the
specific objectives of the study are to:
1. Construct a barometer to measure the level of Anti-Money Laundering compliance
(AML) in the Ghanaian banking sector.
2. Construct a barometer to measure the level of Enterprise Risk Management
adoption (ERM) in the Ghanaian banking sector.
3. Investigate the association between AML compliance and ERM adoption in the
Ghanaian banking sector.
1.5 Research Hypotheses
Flowing from the objectives of the study, the following hypotheses were tested:
1. AML compliance levels are high in the Ghanaian banking industry
2. ERM adoption levels are high in the Ghanaian banking industry
3. AML compliance does not significantly affect ERM adoption in the Ghanaian
banking industry.
1.6 Motivation for the Study
Global Financial Integrity (GFI) estimates that in 2012, USD 991.2 billion left developing
countries in illicit financial outflows. Illegal movements of money or capital from one
country to another is usually referred to as illicit fund flow (IFF) and the Global Financial
Integrity (GFI) classifies this movement as an illicit flow when the funds are illegally
earned, transferred, and/or utilised. It is believed that most of these funds come from
predicate offences, money laundering and terrorist financing. The West African sub region
University of Ghana http://ugspace.ug.edu.gh
18
continues to witness activities of terrorist organizations causing instability in economic
and social activities of countries in the sub region. For instance, recent developments in
Ghana indicate that the environment in which banks operate is now turbulent. This is
because Ghana is perceived as a country where corruption is on the rise. Also,
developments in the financial sector, particularly in the banking sector including influx of
foreign banks, well sequenced financial sector liberalization policies, mergers and
acquisitions of banks; continuous integration of technology into financial transactions
coupled with the increase in integration of world economies make Ghana’s financial
system prone to illicit financial flows. It is important to note that Ghana’s banking system
constitutes about 87.9% of the total assets of Ghana’s financial system (BoG,2013) and as
such if not well insulated could be used as a conduit for proceeds of crime.
It is against this background that this study seeks to develop indices for measuring ERM
adoption and AML compliance among banking firms in Ghana. These metrics could serve
as early warning systems for gauging the financial health of the country as well as a lead
indicator for foreign inflow. It could also help to appreciate the performance of regulatory
bodies such as Financial Intelligence Centre, Bank of Ghana and also AML/CFT support
from the international community including the International Monetary Fund (IMF),
United Nations Office of Drug Control (UNODC), the World Bank, Swiss government,
etc.
Banks and special depository institutions are unique, in that they alone are allowed to
engage in the business of receiving deposits and providing direct access to those deposits
through the payment systems. Banks contribute to the growth and development of
economies but in the bid to raise loanable funds, they face varied default, operational,
reputational, concentration and emerging risks that adversely affect their performance.
University of Ghana http://ugspace.ug.edu.gh
19
Consequently, the unique role and nature of banking institutions make them the most
preferred line for money launderers who have no physical geographic horizons, operate
24/7 in every time zone, and maintain the pace of the global electronic highway. This
calls for effective, robust and operational anti-money laundering and combating the
financing of terrorism framework to reduce the surge in predicate offences activities such
as corruption, terrorism, tax invasion, child trafficking, etc. It is believed that most
terrorist organisations finance their operations using laundered funds through the global
financial systems. Ghana being a member of the Financial Action Task Force (FATF) is
expected to ensure that its systems and accountable institutions are used not to channel
proceeds of crime. Though Ghana has passed a lot of legislations on AML/CFT to protect
its economy and institutions, media reports suggest high levels of fraudulent and unlawful
financial transactions which mostly incur to the benefits of politicians, civil servants, etc.
Ghana’s cash economy may be opened to the high levels of washing dirty money. This
seems to destroy the hard earned reputation of the country. Financial gains from these
unlawful and criminal acts are believed to be channelled into financial and or real assets
which make its origin difficult to trace.
Organizations impact their environment and are in turn shaped by their environment. It is
the risk inherent in the environment that caused entities to abandon the silo-by-silo
approach of risk management in favour of the more holistic enterprise risk management
and anti-money laundering frameworks. Besides, the business environment varies in size,
complexity and risk management culture (Golshan & Abdul-Rasid, 2012; Simkins &
Ramirez, 2008; Beasley et al., 2005; Briers, 2000; Gordon et al., 2000). Review of
available literature on risk management revealed that there is no universally accepted
barometer for measuring enterprise risk management adoption and anti-money laundering
University of Ghana http://ugspace.ug.edu.gh
20
compliance levels in Africa. It is against this background that the current study attempts to
establish such measures for the Ghanaian banking sector.
Also, banks mobilise financial resources from varied sources and depending on the type of
capital structure chosen, the role of investors and shareholders cannot be underestimated in
the process of financial input mobilisation. An entity that truly seeks to grow its
shareholder value and build investor confidence has to demonstrate the application of
ERM and compliance to AML frameworks (Meulbrock, 2002; Cumming & Hirtle, 2001;
Lam, 2001; Miccolis & Shah, 2000). Thus, ERM adoption and compliance to AML
frameworks are indicative of how secure shareholders’ funds are with an entity, which in
turn determines the future investment trends in the firm and industry.
In addition, available literature demonstrates that considerable research has been done in
developed and emerging economies. While research on ERM adoption and AML
compliance are still less in the Asian economies, there is even very little and in some cases
no studies on ERM adoption and AML compliance in Africa. Some reasons often cited
for low adoption of ERM and AML in Africa include difficulties in measurement,
difficulty of identifying risks, fear of increased responsibilities, the financial commitment
and low confidence in ERM implementation (Kleffner et al., 2003). Similarly, Gordon et
al., (2009) observed that though ERM adoption improves firm performance in theory,
available empirical evidence offers mixed results. The controversies obviously signify a
gap in the empirical literature devoted to the studies of ERM adoption, AML compliance
and firm performance, and this is the lacuna the novel study seeks to fill since it is
evidence from the literature that no known empirical research exists for the Ghanaian
banking sector.
University of Ghana http://ugspace.ug.edu.gh
21
To survive competition, firms need to study trends in the market among other measures.
ERM adoption and AML compliance indices are essential for the projection and prudent
management of risks in the banking sector. Thus, this study’s focus is to develop ERM
adoption and AML compliance indices to establish their effects on firm performance. This
is likely to clear any doubts and misgivings that entrepreneurs and top level management
have on ERM and AML policies and procedures. The apprehension with which some
firms view ERM adoption is quite understandable because in Ghana for instance, apart
from few policy papers in the area, there is no known rigorous academic research that
clearly spells out best practices and the challenges of ERM adoption and AML
compliance.
Both ERM adoption and AML compliance are seen as risk management tools for banking
firms, though AML has law enforceability. Intuitively, AML is expected to ensure a better
risk management environment for banks as its implementation cuts across the whole firm.
Lots of works have been done on ERM adoption; however, no one has investigated the
association between the two. This study is the first to empirically test the existence of an
association between ERM adoption and AML compliance.
1.8 Scope of the Study
This study has mainly financial institutions (FIs) in mind. Anti-money laundering and
terrorism financing is quite ubiquitous in many institutions such as charities, gambling
centres and religious institutions, but this study could not cover all those institutions and
thus limited its focus to financial institutions, particularly, banks.
The study is expected to cover all financial institutions regulated by Bank of Ghana,
Securities and Exchange Commission (SEC), National Pensions Regulatory Authority
University of Ghana http://ugspace.ug.edu.gh
22
(NPRA), Venture Capital Trust Authority (VCTA) and National Insurance Commission
(NIC) as well as AML/CFT accountable institutions. This would have given a clearer
picture of ERM adoption and AML compliance levels within Ghana’s financial system.
However, Ghana’s financial system is mainly dominated by banking institutions regulated
and supervised by Bank of Ghana and constitutes about 90 percent of assets of Ghana’s
financial system.
1.9 Study Limitations
As with all empirical studies, there are limitations to this study. The most obvious
limitations to this study are outlined. Firstly, this study did not explore the causality
between AML compliance and firm performance. Secondly, the study could be affected by
response bias hence the developed ERM adoption and AML compliance indices may have
certain limitations that should be considered when interpreting the data. Thirdly, in terms
of the methodology, there is no objective standard in creating composite indices, which is
why in the development of the ERM adoption and AML compliance indices, the
researcher made choices and judgments on variables, weightings and methods. There is
also no benchmark for measuring the performance of firms over time hence bootstrapping
scores may lead to different ranges for different groups at different times.
1.10 Organisation of the study
The study is in five (5) chapters. This current chapter discusses the background, statement
of the problem, objectives, research questions, hypotheses, study motivation, scope and
limitation of the study. Chapter two focuses on the overview of evolution of risk
management, drivers of enterprise risk management, firm performance, evolution of
money laundering and efforts made globally and domestically to fight money laundering.
University of Ghana http://ugspace.ug.edu.gh
23
Chapter three then presents the research methodology. The empirical results and findings
are presented and discussed in chapter four, and lastly, chapter five concludes the study
with general contribution of the thesis, conclusion policy implications and areas of further
studies.
University of Ghana http://ugspace.ug.edu.gh
24
CHAPTER TWO – LITERATURE REVIEW
2.0 Introduction
This section provides relevant theoretical and empirical researches conducted on drivers of
ERM adoption and their effects on performance. The section also explores the evolution of
risk management, the broad determinants of enterprise risk management (ERM) and
extracts the frequently cited determinants of ERM adoption. It further discusses the
seminal works of Liebenberg & Hoyt (2003), Kleffner et al., (2003), and Briers (2000) on
ERM. Additionally, in light of limited empirical research in this area, part of this section
is devoted to discussion of the survey findings of service providers and interest groups like
PwC, KPMG, and Deloitte & Touché. Furthermore, it discusses the various AML
compliance frameworks and international best practices, the COSO ERM framework as
well as performance of firms. It also examines various efforts to measure the ERM
effectiveness on performance of firms.
2.1 Goal of this chapter
The goal of this chapter is to identify and discuss the various theories, empirical research
findings as well as the contributions of major service providers in the area of ERM
adoption, AML compliance and firm performance. Using the research objectives as a
guide, this chapter outlines the similarities between empirical research findings on the
drivers of ERM implementation and the results of service providers. The chapter
summarizes the relevant attempts previous research studies have made in deriving a metric
to measure the impact of ERM implementation on firm performance. In addition, the
major types of traditional and emerging risks are identified and discussed, as well as the
origins and evolution of the principles and practices of money laundering. Last of all,
efforts made by global anti-money laundering compliance institutions are made bare.
University of Ghana http://ugspace.ug.edu.gh
25
2.2 Layout of this chapter
The chapter is organized as follows: Section 2.3 provides theoretical background of the
study. Section 2.4 presents evolution of enterprise risk management. Sections 2.5 and 2.6
looks at the drivers of ERM and ERM effectiveness. Section 2.7 looks at the relationship
between firm performance and ERM. Sections 2.8 to 2.10 deals with origins of money
laundering and anti-money laundering compliance measures. The construction of indices
is discussed in section 2.11 and finally, section 2.12 presents the structure of Ghana’s
financial and systems.
2.3 Theoretical background
This section presents the theoretical background of the study. The theoretical underpinning
of the study is risk management. Risk management is the process of identifying,
measuring and quantifying risks or uncertainties associated with an event or a process in
order to put in appropriate tools to minimize or maximize its effect on the objectives of a
firm. D’Arcy (2001) traced the origin of risk management to the 1950s. In 1963, risk
management was specifically focused on pure and speculative risks and was meant to
maximise the productive efficiency of entities. In the 1970s, financial risk management
was an issue highlighted by firms due to how the rise in oil price affected the stability of
exchange and inflation rates. In the 1980s, political risks gained increasing recognition
with growth in multinational corporations (Skipper & Kwon, 2007; D’Arcy, 2001). The
scope of risk management was widened in the 1990s to deal with financial, operational,
and strategic risks (Skipper & Kwon, 2007). This came about as a result of increased
accountability demanded by shareholders from senior managers to take a more proactive
approach in managing risks (D’Arcy, 2001; Jones, 2006; Holton, 1996). Additionally, a
rise in corporate scandals in the 1990s coupled with the emergence of hazard, financial
University of Ghana http://ugspace.ug.edu.gh
26
and strategic risks caused many to question the effectiveness of the silo-based risk
management approach in dealing with the varied risks that confront entities (Weiser, 2009;
Wolf, 2008; Mango, 2007; Jablonowski, 2006; Cassidy, 2005; CAS, 2003; Li & Liu,
2002; D’Arcy, 2001). These factors primarily led to the emergence of enterprise risk
management (ERM) in the late 1990s (Woon et al., 2011; Lai & Samad, 2010; Gordon et
al., 2009; Kucuk Yilmaz, 2009; Pagach & Warr, 2008; Calandro Jr. & Lane, 2006; COSO,
2004; CAS, 2003), though Cassidy (2005) had affirmed the existence of ERM in the
planning, organisation and controlling activities of entities. ERM gained the interest of
stakeholders in the early 2000s due to the complexity and nature of risks from sometimes
noncore functions of firms (Lai & Samad, 2010).
Review of the evolution of ERM also revealed that it is synonymous with enterprise-wide
risk management (EWRM), holistic risk management (HRM), corporate risk management
(CRM), business risk management (BRM), integrated risk management (IRM), strategic
risk management (SRM), portfolio risk management, and value based enterprise risk
management (D’Arcy, 2001; Meulbroek, 2002; Liebenberg & Hoyt, 2003; Kleffner et al.,
2003; Hoyt & Liebenberg, 2006; Manab et al., 2007; Namwongse & Limpiyakorn, 2012;
Yazid et al., 2009).
In studies of transaction economies and management, the theories of perfect and imperfect
markets have gained currency. Based on the capitalist notion of demand and supply, it is
assumed that prices in a perfect market are determined by constant interaction between
demand and supply. Delving further from this asymmetry, a perfect market is said to have
a large number of sellers and buyers; buyers know the prices charged by the different
sellers of the goods or services, and any one price prevails in the market due to the
competition between sellers and buyers. Underlying all this, it has been assumed that firms
University of Ghana http://ugspace.ug.edu.gh
27
were price takers and that there was free entry and exit into the market. Price taking
implied that no one firm would influence the overall market price.
Many studies including the famous capital structure as postulated by Modigliani & Miller
(1958), assume perfect markets which does not exist in reality. Bonano (1990) argues that
there is the need to have a coherent theory of general equilibrium with imperfect
competition because the real-world economies are not captured by the assumptions of
perfect markets. Furthermore, considerable research on other market structures from a
partial equilibrium point of view stress on the fact that imperfect markets are more
practical. Extending the notion of perfect and imperfect markets to enterprise risk
management adoption and AML compliance is similar to assuming that in the former,
firms operate in a totally risk free environment which is far from the reality.
While a sizeable portion of the literature centres on whether ERM adoption positively or
negatively affects firm performance, relatively smaller aspects espouse the view that the
impact of ERM adoption on firm performance is neutral (Lai & Azizan, 2011). This
stance is rooted in neo-classical financial and modern portfolio theories based on the
seminal works of the capital asset pricing model (CAPM) by Modigliani & Miller (1963;
1958). The gist of the CAPM is that capital structure is irrelevant to firm value and so it is
sheer waste of resources to try to manage risks as idiosyncratic risk is eliminated through
diversification within an asset class (Lai & Azizan, 2011). The implication is that the
entire concept of ERM does not appeal to the proponents of the CAPM (Lai & Azizan,
2011). However, the CAPM is often criticised for its inherent limitations (Fama & French,
2004; Chatterjee et al., 1999). The CAPM is built on simplistic assumptions such as firms
operate in a perfect market void of information asymmetries and moral hazards, even
though information asymmetries and moral hazards are real and have created agency
University of Ghana http://ugspace.ug.edu.gh
28
problems, which need management (Stein, 1989, 1988 as cited in Lai & Azizan, 2011).
Based on these limitations, the favourable outcomes of ERM adoption undoubtedly must
reflect in a risk pricing formula that certainly affects the variable in the CAPM. This is of
course based on the assumption that managing unsystematic risk can yield positive effects
(Hoyt & Liebenberg, 2006; Gordon et al., 2009). The literature lists the main benefit for
ERM adoption as an improved capability to boost earnings. Earnings can be improved
through reduction or elimination of negative profit variation, reduction in cost of financial
distress, lowering of the firm’s risk premium and tax burden, minimisation of agency
problems as well as enhancing the corporate brand name (Lai & Azizan, 2011).
2.4 Evolution of Enterprise Risk Management
The contribution of Briers to the evolution of ERM was his development of a theoretical
basis for enterprise-wide risk management. Relying on critical analysis of theories of risk
existing at that time, he pioneered the design of a model of risk management that offers a
common theoretical framework upon which risk managers could base their work (Briers,
2000, as cited in Havenga, 2006). He tested the validity of his developed model of risk to
affirm that enterprise-wide risk management was an evolving management principle, still
in its infancy stage not only in South Africa, but globally (Havenga, 2006). Though, ERM
has evolved over time, it is still developing – an observation which service providers have
also made (ERM Survey Report [East Africa], 2012; EIU, 2007).
The traditional approach of risk management tackled risk in fragmented fashion, by
handling risks as individual units where departments with expertise managed risks in the
areas of underwriting, finance, claims, reinsurance, pensions and marketing. However,
modern risk management dates back to 1955 (Dionne, 2003; Harrington & Neihaus, 2003;
University of Ghana http://ugspace.ug.edu.gh
29
Williams & Heins, 1995; Rockford, 1982; Hedges, 1963). Risk management (RM) helps
to maximise a firm’s value and create value for stakeholders in accordance with strategic
objectives (Georges, 2013; Bell et al., 1997).
2.4.1 The COSO ERM framework
This study adopts the COSO (2004) ERM framework for measuring the ERM adoption
levels of banking institutions in Ghana. Theoretically, the COSO ERM framework is
designed primarily to assist firms to improve organizational performance and governance
through effective internal controls, ERM and fraud deterrence in the four thematic areas of
strategy, operations, reporting and compliance. While reporting and compliance are in the
organization’s internal environment, the strategic and operations categories are subject to
external events that are exogenously determined. COSO ERM objectives aid organizations
to achieve specific organizational objectives by aligning their activities to mitigate risks.
Closely related to the objectives of the COSO ERM framework are its eight (8)
components that guide organizations to achieve key objectives – namely, internal
environment, objective setting, event identification, risk assessment, risk response, control
activities, information and communication, and monitoring (COSO, 2010). These input
variables produce four (4) component outputs in the form of: compliance; operations;
reporting; and strategic.
University of Ghana http://ugspace.ug.edu.gh
30
Figure 1: COSO Framework (2004)
The COSO ERM framework having been endorsed by highly reputable international
professional bodies and having stimulated a lot of interest is considered a generic
framework within which organizations can mitigate risk effectively. Far from being
sacrosanct, the COSO ERM framework was formulated to strengthen already existing
internal controls of organizations (COSO, 2004). Indeed, major audit service providers
like KPMG, PwC, and Deloitte & Touché have indicated that the ERM framework is a
work-in-progress. The observation by both COSO and the service providers underline the
realistic, dynamic and flexible nature of approaching risk management. In addition,
reliance on evolving technology and regulators’ higher expectations for governance
oversight, risk management, detection and prevention of fraud have created the need for
University of Ghana http://ugspace.ug.edu.gh
31
organizations to constantly keep pace with emerging risks in order to survive the turbulent,
competitive and globalised business environment. Another area of relevance of the COSO
ERM framework is the clear distinction, yet close interrelationship, between internal and
external drivers of ERM adoption. Clearly, the link amongst the four major objectives
determines the impact of ERM adoption on organizational performance. Globalization,
the use of suppliers, service providers, the need to attract clients and improve service
quality pose varied risks that appear simultaneously within an entity. Hence, the COSO
ERM framework provides a general framework for firms to prioritize not only risks in the
accounting, finance and insurance departments, but in the entire organization because what
affects a sub system ultimately affects the entire system, according to systems theory.
Service Providers (SP) have also relied on the COSO ERM framework to identify greater
commitment from boards – greater complexity of organizations face in value chain due to
advanced business practices; globalization and technological change; the need to contain
events like product recall or fraud; maximization of shareholder value, reducing earnings
volatility; improving capital efficiency; reducing costs of external capital and regulatory
requirements as specific internal drivers of ERM adoption. Service providers are the
institutions that perform professional task or deeds (Lovelock & Witz, 2007; Hinson,
2014). Additionally, service providers also cite increased focus on corporate practices by
regulatory bodies, globalization, industry consolidation, regulations, technology,
governance and demands from investors for greater disclosure and accountability as
specific external drivers of ERM adoption (Subhani & Osman, 2011; 2008; Economist
Intelligence Unit, 2008; Havenga, 2006; Cumming & Hirtle, 2001; Miccolis & Shah,
2000).
University of Ghana http://ugspace.ug.edu.gh
32
Review of extant literature on the COSO ERM framework revealed that the few empirical
studies by Hoyt & Liebenberg (2006), Acharrya (2008) and Gordon et al., (2009)
produced mixed results and is also skewed towards developed economies at the expense of
developing economies. Emerging risks such as money laundering and terrorist financing
within the global economy especially, within the financial system have heightened the
need for firms to handle risks in a very comprehensive and holistic manner. Implicit in
these risks is the adoption of anti-money laundering and combatting of financing of
terrorisms measures by firms, particularly the global financial system. Anti-money
laundering compliance programmes ensure that firms, especially financial institutions,
manage money laundering and terrorist financing risks from both internal and external
environments. Vulnerabilities within a firm’s governance, operations, human capital,
channels of distribution, etc. are holistically managed in order that the strategic,
operational, compliance and reporting objectives of a firm are not compromised. Non-
compliance to AML attracts sanctions from regulatory bodies which affect the economy of
countries. It can be clearly seen that AML measures and COSO ERM framework seem to
protect a firm from all sources of uncertainties in order to achieve its strategic, operational,
compliance and reporting objectives.
2.4.1.1 Overview of COSO ERM components
Based on the COSO-ERM integrated framework the firm has to monitor, evaluate, and
communicate its performance to stakeholders (COSO, 2004) as and when it progresses on
the ladder of ERM implementation. The COSO-ERM integrated framework further
defines ERM effectiveness by linking ERM adoption to a firm’s vision, mission, strategy
and objectives (COSO, 2004). More specifically, the document outlines four major
categories of objectives which encompass the internal and external environments that
University of Ghana http://ugspace.ug.edu.gh
33
relate these categories to eight interrelating components. Specifically, the COSO-ERM
integrated framework outlines objectives in reference to strategy, operations, reporting and
compliance categories, while the eight components assist firms to achieve the specific
objectives in the four key areas. The literature indicates that ERM implementation is
increasing at a very fast pace (Havenga, 2006; Deloitte & Touché, 2009).
Similarly, the positive link between ERM implementation and firm performance has been
acknowledged in the literature (Namwongse & Limpiyakorn, 2012; Grace et al., 2013;
Pagach & Warr, 2008). However, limited empirical evidence exists on the actual impact
of ERM implementation on firm performance (Liu et al., 2010; Acharyya 2008; Gordon et
al., 2009). Worse still, it has been very challenging to arrive at a common theoretical
framework to allow the impact of ERM implementation to be measured holistically
(Acharyya, 2007; Gordon et al., 2009). The issue has been how to devise common indices
to quantify both financial and non-financial aspects of firm performance. Thus, providing
a general model to be adapted to suit local conditions should be seen as pioneering the
development of regional models to measure the effectiveness of ERM implementation.
Enterprise risk management adoption allows firms to effectively and efficiently use scarce
inputs to achieve performance targets. Also, it ensures reliable financial reporting and
compliance with laws and regulations to insulate firms from incurring reporting,
reputational, operational and strategic risks. Explicit in the COSO (2004) definition is that
an entity’s enterprise risk management framework is hinged on eight inputs of: internal
environment; objective setting; event identification; risk assessment; risk response; control
activities; information and communication and monitoring.
The study expanded upon the preceding eight inputs of enterprise risk management
specified by COSO (2004) by incorporating a ninth element called organisational culture.
University of Ghana http://ugspace.ug.edu.gh
34
This variable is included because in developing its enterprise risk management framework,
COSO (2004) relied on a contingency perspective by recognising that the appropriate
enterprise risk management system is dynamic and it is likely to vary from firm to firm.
Additionally, the fact that there is no universally ideal enterprise risk management system
means that COSO can be modified to suit the peculiarities of a firm and/or jurisdiction
(Moeller, 2007; Beasley et al., 2005). Furthermore, the contingency view of enterprise risk
management systems is consistent with the literature that examines the more generic
notion of management control systems (Beasley et al., 2005). Each of the eight (8) input
components of COSO ERM framework plus organisational culture is briefly discussed:
Internal environment (IE)
The COSO 2010 framework continues to make a strong case for internal environment
which has been widely accepted by business communities and authorities in various
industries and academic arenas around the globe respectively. The internal environment
has five strategic fundamental elements which include ethical standards of the firm, the
firm’s board oversight, firm’s structure, the firm’s human capital, and firm’s employees’
accountability (Beasley et al., 2005; COSO, 2013). These fundamental elements provide
clarity for users in designing and implementing systems of internal control.
Notwithstanding, the above firms’ enterprise risk management should embrace
government’s controls, policies and guide to promote stable markets or grounds for fair
competition. In a situation where, firms’ enterprise risk management strategies clashes
with government’s oversight policies, the firm could face sanctions leading to serious
stigmatisation. In Ghana, banking institutions are expected to conform to various laws,
acts, and regulations to ensure that their policies on internal control activities are strong
enough to mitigate any risk.
University of Ghana http://ugspace.ug.edu.gh
35
Objective Setting (OS)
Objective Setting is one of the COSO 2010 framework which captures Objective
definition, risk appetite, resource allocation, strategic planning, objective communication,
objective awareness and risk alignment (Kaplan & Mikes, 2012; Hammond et al., 2006;
Tufano, 1996; Moeller, 2007). These objectives pave way for strategic and policy makers
to enshrine and implement systems for internal controls. It must conform to the mission
and vision of the firm in alignment with the firm’s risk appetite or tolerance rate, since
every mission mad vision comes with its own peculiar risk which needs to be mitigated.
Event identification (EI)
Internal and external events affecting achievement of an entity’s objectives should be
identified, distinguishing between risks and opportunities. Opportunities are channeled
back to management’s strategy or objective-setting processes (COSO 2004). Event
identification includes the detection of internal or external incidents or occurrences that
affect the achievement of an entity’s objectives (Moeller, 2007). These events are often
thought of as negative in consequence, but may also provide positive outcomes, or both.
Events may be categorised among the types of influencing factors, such as external
economic, natural environmental, social, internal process-related, and or technological,
classifications that are critical to ensure comprehensive risks are considered (Moeller,
2007; Ballou & Heitger, 2005). Within this component, organisations should have
processes established to monitor the environment for potentially significant risk events,
via process flow analyses, interviews, questionnaires, and escalation triggers, among
others (Moeller, 2007; COSO, 2004). This involves the identification of internal and
external events that affect the achievement of its objectives and underscores the positive
University of Ghana http://ugspace.ug.edu.gh
36
and negative aspects of events as opportunities and risks as explained in the COSO ERM
framework (2010).
Risk assessment (RA)
Risk is said to be the uncertainty or the deviation from actual expectations. However, risk
can also be an opportunity or threat. The COSO (2010) framework identifies risk
assessment as a key indicator of identifying, measuring and developing corporate risk
mitigating tools to minimise threat and take advantage of opportunities. These activities
engineer the type of strategies and risk mitigating factors which a firm should implement
as internal control mechanisms in pursuit to stand the test of survival. The process of risk
management includes the identification, assessment, monitoring and treatment of risks. As
the scope of risk management expands, firms are likely to cover a larger number of areas
of an organisation’s activities as well as the variety of risks including credit risk, market
risk, liquidity risk, operational risks, strategic or business risk, reputational risk, money
laundering and terrorism financing risk, regulatory or compliance risk, country and cross
border risk and governance risk (Beasley et al., 2006; Fatemi & Glaum, 2000) highlight
the importance of having an enterprise wide approach to risk management and argue that
as organisations invest in a wider set of risk management processes, the organisational
objectives can be more easily met. Risk assessment includes the following variables: risk
identification; risk analysis; fraud alert; and risk response. Risk are analysed considering
the likelihood of its occurrence and the potential impact on the organisation as the basis
for determining how they should be managed (Moeller, 2007; Ballou & Heitger, 2005).
The internal and external risks are assessed on an inherent and residual basis (COSO,
2004). The Risk assessment component “represents the core of COSO ERM,” enabling an
organisation to evaluate the extent to which a risk may inhibit or enhance its ability to
University of Ghana http://ugspace.ug.edu.gh
37
meet objectives (Moeller & Ballou 2007). Accurate risk assessment offer firms
competitive advantages to lower their overall risk of failure, and thus increase their
performance and value (Hoyt & Liebenberg, 2009; Nocco & Stulz, 2006; Tufano, 1996).
In summary, risk assessment is the engine of any risk management programmes.
Risk response (RR)
Risk response is the appropriate risk management options that are considered for
significant risk including risk avoidance (avoid), pricing for risk retained (price), risk
transfer – e.g. insure, hedge, strategic alliances, joint ventures, contractual risk sharing
provisions, etc. (transfer), risk reduction to an acceptable level (accept/control) or risk
acceptance at present level (self-insured) (accept). Within the risk response of the COSO
Framework (2010) an organisation should continuously assess the effect of changes in the
environment and significantly process risks on the entity’s existing risk management
strategies, formulate updated strategies to respond to changes in risks by aligning the
entity’s strategies through resource allocation and performance measurement process.
Emerging risks such as money laundering and terrorism financing are defined or changes
in risks significant to an entity are responded to on timely basis. Moeller (2007) asserts
that risk avoidance involves disengaging from the risk completely, possibly by divesting a
line of business, while risk reduction may be accomplished through a wide range of
strategic business decisions. Meanwhile, risk sharing is commonly achieved through the
purchase of insurance and other hedging means. Risk acceptance is then, simply, taking
no action, which may be appropriate depending on a risk’s likelihood and impact.
Appraisal of literature shows that risk response refers to the appropriate actions which are
selected to align risks with risk tolerance and risk appetite and it includes inherent risk,
risk alert, risk mitigation strategies, risk standard setting, risk management policy approval
University of Ghana http://ugspace.ug.edu.gh
38
and monitoring, identifying emerging risks, risk policies, risk management strategy and
risk ownership, risk champion approval, performance appraisal, risk management
oversight, and risk reporting.
Control activities (CA)
Control activities are the policies, procedures, and practices that ensure management
objectives are achieved and risk mitigation strategies are effectively carried out (COSO,
2004). These activities occur throughout the organisation, at all levels and in all functions.
Segregation of duties, performance reviews, physical controls, authorisations and
verifications are examples of control activities (COSO, 2004). The verification activities
may be completed through performance indicators, physical controls, and reviews by both
top level and line level management (Moeller, 2004). COSO (2004) indicates that internal
controls are to promote operational effectiveness and efficiency, provide reliable financial
and administrative information, safeguard assets and records, encourage adherence to
prescribed policies and compliance with regulatory agencies. Control activities look at
manual and automated activities diverse as approvals, authorisations, verifications,
reconciliations, reviews of business performance, security of assets and segregation of
duties. The board of directors and senior management define and codify internal control
mechanisms and expected standards of conduct. COSO (2004) identifies a seven (7) factor
framework relating to effective control activities which are integrity and ethical values;
commitment to competence; board of directors or audit committee; management’s
philosophy and operating style; organisational structure; assignment of authority and
responsibility; and human resource policies.
University of Ghana http://ugspace.ug.edu.gh
39
However, a careful review of existing literature puts these seven into four broad thematic
areas namely; Business philosophy, corporate governance, ethical standards, and human
capital management. Management judgment is a key element in selecting the best controls
and ensuring they operate as designed. Controls are selected considering many factors,
including the assessed risk of material omission and misstatement, evaluation of benefits
and costs of designing and conducting effective controls (including segregation of duties
and considering alternative preventive or detective controls), technology versus manual
controls, and the competency of personnel performing the controls. In summary, as the
board approves, the management has oversight responsibility to implement and monitor
the internal control activities which are key to managing risks such as operational risk.
Information and communication (IC)
Information is an integral part in daily business activities as accounting, finance,
operations management, marketing, human capital management or any other major
business function. Imperative information is identified, captured, stored and disseminated
timely across the organisation to ensure that management and employees understand their
internal control responsibilities and their importance to the achievement of firm’s
objectives. Enterprise wide risk technology applications may assist to correct the
complexities of the web of disjointed information systems across firms (Bamberger, 2010;
Moeller, 2007). Effective communication also occurs in a broader sense, flowing down,
across, and up the entity (COSO, 2004). Establishing and communicating a whistle blower
programme often is an essential part of an entity’s oversight of internal control activities
and supports the control environment component.
The Information and communication component is highly integrated with the other four
COSO 2010 components. For example, internally generated or externally gathered
University of Ghana http://ugspace.ug.edu.gh
40
information supports the Risk assessment component. Communication occurs both
internally and externally and provides the organisation with the information needed to
carry out day to day internal control activities. Information also flows through the rumor
mill or the grape vine, which make adulterated information more risky to the firm.
Therefore, it is apparent to do verifications, to authenticate and ensure the credibility of
the source of information before acting on it. Information and communication also goes
the other way and includes gathering pertinent information from external regulatory bodies
and other sources to prepare. Information systems produce both internally and externally
generated data on operations, finances and compliance to help run, control and report on
firms on an efficient basis. Further, effective communication at all levels helps personnel
to receive clear directives from management. Indeed, this study identifies that generating
quality information, internally or externally disseminating it to the right parties at the right
time and place, is a prerequisite to support the function of internal controls and risk
management process.
Monitoring and evaluation (M)
Some form of independence from the daily process is necessary to ensure that monitoring
serves as an effective control. Monitoring covers the external oversight of internal controls
by management or other parties outside the process; or the application of independent
methodologies, like customised procedures or standard checklists, by employees within a
process. Monitoring ensures that control deficiencies are reported upstream to top
management and the board (COSO, 2004). Continuous monitoring processes are needed
to identify deviations from an installed ERM plan. Effective monitoring also enables an
organisation to refine its assessments and expand its ERM framework, further solidifying
the entity’s risk philosophy and culture (Ballou & Heitger, 2005). COSO (2010) always
University of Ghana http://ugspace.ug.edu.gh
41
intends that monitoring activities address how all of the components of internal control are
applied and whether the overall system of internal control operates effectively. In the
quest to monitor and control activities, a management review control is designed to detect
and correct errors. However, a management review control that is a monitoring activity
would ask why the errors exist, and then assign the responsibility of fixing the process to
the appropriate personnel. A monitoring activity assesses whether the controls in each of
the five components are operating as intended (KPMG, 2013; COSO, 2004).
The controls within other components of the COSO framework require continuous
monitoring either as ongoing evaluations, separate evaluations or a combination of the
two. Monitoring is attained through ongoing monitoring activities, separate evaluations or
a combination of the two. However, ongoing monitoring calls for regular management and
supervision of operations and pursuit of other actions on a timely basis to ensure that
controls instituted are working as they were designed to work. Again, ongoing evaluations
are built into the routine operations and are performed on a real time basis. The scope and
frequency of evaluations is determined by risks assessment, the effectiveness of ongoing
monitoring procedures, and judgment of management on the workings of internal controls.
In summary, the firm demonstrates homogeneity, demonstrates job performance as against
employee welfare, espouses rigid control structures, and employee espouse long term
orientation.
Organisational culture (OC)
Enterprise risk management is an integral part of the culture of a firm and this includes
risk appetite culture of the firm, risk response culture of the firm, risk treatment culture of
the firm and employees and management ethical values, etc. Activities at each level of the
firm have work culture revolving around it and this has significant effect on the firm’s risk
University of Ghana http://ugspace.ug.edu.gh
42
strategies. Achieving a good risk awareness culture is to establish an appropriate risk
architecture, strategy and protocols by the board to check the various types of risk
associated with the firm. Literature appraisals claim that the ethical environment within
which the firm is situated is likely to influence employee behaviours in two ways. First,
through organisational socialisation processes, employees will learn to behave according
to the level of ethical standards and the higher the ethical values, the greater the ethical
outcomes (Ardts, et al., 2001).
Empirical evidence also indicates that enterprise risk management involves management’s
attitude to corporate ethical environment, and for that matter, it has a positive impact on
overall employee behaviour (Weaver et al., 1999a). The ethical environment of an
organisation is seen to encompass aspects of upper management in achieving
organisational objectives, their value judgments and management styles (either the boss
type or the leader type). In other words personal traits of managers influence employees’
attitudes toward culture (COSO, 1992). It also opines that when morally acceptable
behaviours based on honesty and integrity are actively promoted and become part of an
organisation’s culture (shared system of values), a more highly ethical environment is
created and adopted, pruning off any ethical risk which the firm may be exposed to.
In a scientific study by Valentine et al., (2002), they assert that a positive correlation exists
between ethical environment and employee organisational commitment. Based on a
sample of 304 young working adults, Valentine et al., (2002) found that ethical
environment was positively and significantly correlated with the level of employees’
organisational commitment and the level of risk the firm is associated with. The more
ethical the environment, employees will be more willing to adhere to the organisation’s
internal control procedures. Valentine et al., (2002) identified six independent dimensions
University of Ghana http://ugspace.ug.edu.gh
43
of organisational cultures which are linked to enterprise risk management. These
dimensions include: process orientated versus results-orientated; job orientated versus
employee orientated; professional versus parochial; open systems versus closed systems;
tightly versus loosely controlled; and pragmatic versus normative. The position of an
organisation on these dimensions is determined in part by the business or industry the
organisation is in. These lead to conclusions about how organisation cultures can either be
viewed as systemic or un-systemic risk. Indeed, organisation culture is also viewed as
homogenous depicting how organisation culture favours internal processes, demonstrates
job performance as against employee welfare, how the firm promotes rigid control
structures, the reporting styles, employees embracing long term orientation, firm’s
adaptation to environmental changes, and how the firm’s employees demonstrate loyalty
to the firm.
2.5 Drivers of ERM
Entities in one way or the other have proactively or reactively practised aspects of ERM.
Treating risks by transfer, insurance or other means are common practices; so are
contingency planning and crisis management. Prior to discussing the entire empirical
literature on ERM adoption, it is worthy to discuss briefly the seminal works of Briers
(2000), Liebenberg & Hoyt (2003) and Kleffner et al., (2003). The study considered these
three seminal works as paramount because they were conducted few years prior to the
formulation of the COSO ERM framework and thus marked the beginning of empirical
research on ERM adoption (Golshan & Abdul-Rasid, 2012; Pagach & Warr, 2010;
Beasley et al., 2005). Kleffner et al., (2003) sampled 336 public listed Canadian firms in
2001 to ascertain the drivers of ERM adoption, features and challenges of firms that adopt
ERM and the influence of corporate governance in adopting ERM. The study affirmed that
University of Ghana http://ugspace.ug.edu.gh
44
31 percent of the firms had adopted ERM with an increasing number still in the process of
adoption. The study also revealed that thirteen (13) chief risk officers (CRO) in the firms
had adopted ERM. Interestingly, the study established no significant difference between
listed firms on the Toronto Stock Exchange (TSE) and those not listed in terms of the
tendency to adopt ERM (Havenga, 2006). Finally, consistent with the findings of
Liebenberg & Hoyt (2003), the study confirmed that firms which are motivated to adopt
ERM as a result of the influence of the risk manager is (61%); encouragement from board
of directors takes (51%); and compliance with the Toronto Stock Exchange (TSE)
guidelines is (37%). Other factors identified in the study as drivers of ERM adoption were
regulatory bodies’ requirement; firm size and industry; leverage; institutional ownership;
stability of earnings and profitability.
The seminal works of Liebenberg and Hoyt, Kleffner et al., (2003), and Briers (2000),
opened the floodgates for empirical research studies on the drivers of ERM adoption.
Ever since they published their findings and consequently, upon the introduction of the
COSO ERM framework, several empirical studies have been done in the area of ERM
adoption. In the space of eight years, there have been about twelve (12) empirical studies
on ERM adoption across the world – all in the attempt to add to previous research
knowledge and to confirm prior empirical findings. Among these are the works of Golshan
& Abdul-Rasid (2012a), Golshan & Abdul-Rasid (2012b), Pagach & Warr (2010), Liu,
Weng & Yu (2010), Gordon, Loeb & Tseng (2009), Pagach & Warr (2008), Hoyt &
Liebenberg (2006), Havenga (2006) as well as Beasley et al., (2005).
Again, Hoyt & Liebenberg (2006) studied the drivers of ERM for 275 US insurance firms
for the period 1995 to 2004. With the aid of probit regression, this study determined the
factors that influence insurance firms to practice ERM and estimated the link between
University of Ghana http://ugspace.ug.edu.gh
45
ERM and firm value. The results of the study revealed size, institutional ownership and
international diversification as significant drivers of ERM adoption. Pagach & Warr
(2007) examined the factors that influence firms to adopt ERM using the Cox Proportional
hazard model, which is an improved methodology over the probit regression used by Hoyt
& Liebenberg (2006). The study employed data from 1992 to 2004 and established that an
increase in leverage, size and earnings were significant factors for firms to hire a CRO.
Hoyt & Liebenberg (2008) extended their previous study in 2006 by improving on the
probit regression to maximum-likelihood treatment effect to establish the drivers of ERM
adoption. Still with the sample insurance firms, the study found out that 19.2 percent of
the study’s respondents were engaged in ERM adoption. In addition, it came to light from
the findings of the study that 15 companies had a CRO, where eight (8) of these
companies announced the appointment of CRO. Finally, the results of the determinants of
ERM adoption found that larger firms were more likely to engage in ERM adoption than
smaller firms. Other factors identified to be negatively and significantly related to ERM
adoption were leverage and reinsurance.
Review of relevant available empirical research revealed that seven (7) major studies have
been done on determinants of ERM adoption between 2004 and 2012. It is worthy to
mention that a sizeable percentage of the drivers reflect the initial seminal work of
Liebenberg & Hoyt (2003) as well as Kleffner et al., (2003). On the average, 20 drivers
were indicated in the studies, out of which fifteen ran through all the related studies. It is
also worthy to note that the study sample size, type of industry, assumptions and
limitations affected the results which were observed by the researchers. The underlying
factors of the drivers which make firms adopt ERM are discussed in detail.
University of Ghana http://ugspace.ug.edu.gh
46
2.5.1 Firm size
It is generally known that bigger organisations are more complex hence, are more difficult
to manage as a result of greater scope of threats and opportunities (Thompson et al., 2010).
While a large organisation that enjoys a huge market makes high turnover, it is also
equally possible it may face a lot of risks (Golshan & Abdul-Rashid, 2012; Beasley et al.,
2005). In view of the volume of resources that are needed to manage large organisations, it
is rational for them to adopt ERM to mitigate risks. Gordon et al., (2009), in a study of
112 firms revealed that ERM adoption depends upon firm size. Furthermore, Pagach &
Warr (2008) investigated the features of firms who adopted ERM and concluded that
larger firms who have greater risk of financial distress and more volatile operating cash
flows tend to adopt ERM. Hoyt & Liebenberg (2006) also concluded that firm size was
significantly and positively related to ERM adoption when they studied 166 publicly listed
insurance firms. The influence of firm size as a driver of ERM adoption is also consistent
with strategic management principles and evolution of management practice and theory
because as a firm’s size increases in tandem with an expansion in responsibilities for the
respective departments (functional) area. Thus, it is irrational to continue managing risks
in silos. The COSO ERM framework also indicated that firm size is important in the
decision to implement ERM.
2.5.2 Firm industry
Industry presents a wider environment which presents industry-level threats and
opportunities (Kotler, 2010; Porter, 2006). Industry parameters shape the nature and
dimensions of competition. Coupled with regulations and the quest to be a leader, a firm
may face various types of risks especially in an industry where competition is very intense,
such as pertains in the banking and insurance industry. As early as 2003, Liebenberg &
University of Ghana http://ugspace.ug.edu.gh
47
Hoyt (2003) made this observation that industry type is a major driver of ERM adoption,
when they investigated 26 firms in the US. Similarly, Beasley et al., (2005) as well as
Havenga (2006) observed the importance of firm industry as a determinant of ERM
adoption. Gordon et al., (2009) also observed that adoption of ERM depends on
environmental uncertainty and industry competition. In an industry of high performers, the
adoption of ERM is a sine qua non for continuous survival. The observation made in a
study conducted by Beasley et al., (2008) was that firms in the banking, education, and
insurance industries in the US were more likely to adopt ERM. In a related study, Golshan
& Abdul-Rashid (2012a) confirmed that firms in Malaysia operating in the banking,
insurance, utilities, and telecommunication industries had the propensity to adopt ERM.
2.5.3 Financial leverage
In finance terms, leverage refers to borrowing, usually by a firm as a way of acquiring part
of its capital to support operations (Keown et al., 2010). Thus, leverage reflects the capital
structure of a firm. This, therefore, implies that a firm has several sources of leverage
including options and futures which ultimately helps in the firm’s future growth. On
another hand, the firm could face financial distress and the risk of bankruptcy if its
borrowing becomes too much. Consequently, firms that carry higher leverage are more
likely to adopt ERM in order to be better able to mitigate resultant risks.
In a study of 77 firms, Pagach & Warr (2008) observed that firms with a relatively higher
level of leverage were more likely to adopt ERM than those with low average leverage.
This was corroborated by Golshan & Abdul-Rashid (2012), in a study of 90 firms listed on
the Malaysia Stock Exchange. The researchers found that financial leverage was positively
related to ERM adoption.. The principal limitation in their study was their use of
University of Ghana http://ugspace.ug.edu.gh
48
secondary data which may not be very accurate. In another study by Pagach & Warr
(2010), another weak, yet positive relationship between leverage and ERM adoption was
identified. It was noted that the relationship was borne out of the appointment of a chief
risk officer (CRO). This same conclusion was also drawn by Beasley et al., (2006) as well
as Pagach & Warr (2007) who in a study initially observed a statistically weak relationship
between stock market response and leverage on one hand and ERM adoption on the other.
When the variations in Pagach & Warr (2010) were correlated with the variables in
Beasley et al., (2006), it indicated a strong positive relationship between leverage and
ERM adoption.
2.5.4 Earnings volatility
Pagach & Warr (2008, 2010) found that firms which previously experienced declines in
their earnings were more likely to adopt ERM practice than those whose earnings were
more stable (Altuntas et al., 2011). Gordon et al., (2009) conducted a study based on the
contingency view of ERM and observed that the sub-factors under firm specific condition
were justifications for adopting ERM. In Pagach & Warr’s first study (2008), the
announcement of the appointment of the CRO generally stabilised the earnings of the
firms that had initiated ERM programs.
2.5.5 Stock price volatility
Stock price volatility is another major determinant of ERM adoption. Apart from
information asymmetry, several factors affect the prices of stock on the market. When
stock prices tend to be stable or increase gradually, there is generally a feeling of ease
among the firm’s management and board of directors. However, when stock prices are
unstable and tend to fall over a period, chief executive officers (CEOs) tend to take steps
University of Ghana http://ugspace.ug.edu.gh
49
to mitigate the decline. Pagach & Warr (2010) observed that firms which had volatile
stock prices were more likely to adopt ERM (by announcing the appointment of a CRO),
thus, confirming the result of Liebenberg & Hoyt’s seminal study (2003). Similarly,
Golshan & Abdul-Rasid (2012) found that a high level of stock price volatility stimulated
a greater possibility of adopting ERM.
2.5.6 Institutional ownership
Institutional ownership which derives from stakeholder theory, considers the organisation
as multilateral agreements between the enterprise and its stake holders (Clarke, 2007). It is
the interaction of the firm with both its internal and external stakeholders that offers
bundles of opportunities and threats, which the firm should well position it, to mitigate
effectively. To govern this institutional relationship, firms are required to be guided by
good corporate governance (Clarke, 2007). This is why a considerable portion of the
literature point to the need for better corporate governance to better entrench ERM
practice (Simkins & Ramirez, 2008; Havenga, 2006; Kleffner et al., 2003). Institutional
ownership refers to shareholders, investors and other parties with a stake in the firm’s
operations and desire to realise stable and increasing earnings over time. This represents
some form of pressure which is directly brought to bear on the CEO through the board of
directors. It is interesting to note that institutional ownership as a key driver of ERM
adoption is actually a corporate governance element. Institutional ownership which is
often referred to as majority shareholdership has been found to be an instrumental driver
for ERM adoption as a result of the pressure shareholders bring to bear on the need to
better control operations of the firm (Pagach & Warr, 2008). Hoyt & Liebenberg (2006)
reveal that institutional ownership was positively related to ERM adoption. This finding
appears logical because external stakeholders act as another level of regulatory bodies that
University of Ghana http://ugspace.ug.edu.gh
50
request more information about the nature and amount of risk a firm would realistically
undertake (Golshan & Abdul-Rasid, 2012).
2.5.7 Corporate governance
Board independence is another core element of corporate governance. An independent
board of directors looks at issues objectively and seeks the best for stakeholders through
close scrutiny of management’s major decisions (Clarke, 2007). If management adheres to
the board’s directives and counsel based on full disclosure to the board, there is a greater
likelihood of adopting ERM to achieve set goals (Beasley et al., 2005). In his study of the
South African business environment, Havenga (2006) observed that the most important
driver of ERM adoption in South Africa was the encouragement from the board of
directors. In a study on the determinants of ERM adoption by Malaysian firms, Golshan
and Abdul-Rasid (2012) found board independence as a significant and positive driver of
ERM adoption. The role of board independence can better be understood in terms of the
evolution of its role. Decades ago, most members of the board did not have the required
expertise – this was worsened by the presence of a large number of members who were
related in one way or the other, thus obscuring the objective role of the Board (Clarke,
2007). This was worsened further by poor disclosure. However, the situation improved
considerably after the series of financial scandals that culminated in the global financial
crises (Monks & Minnow, 2001; Clarke, 2007). In recent times, the independence of the
risk and audit committees have been stressed as an additional check for controlling risk in
firms.
2.5.8 Firm complexity
For simplicity, both international diversification and industrial diversification were
discussed under firm complexity (Golshan & Abdul-Rasid, 2012; Gordon et al., 2009;
University of Ghana http://ugspace.ug.edu.gh
51
Hoyt & Liebenberg, 2006). As the term implies, industrial diversification is the practice
whereby a firm operates in different related or unrelated industries. Industrial
diversification does not necessarily imply a large size, though the two may be present in
an entity. International diversification on the other hand is the practice whereby firms have
wider and various geographic business segments. Both terms involve certain costs that
stem from unresolved agency conflicts and benefits that derive from scope, economies of
scale, larger internal capital markets, and risk-reduction. In logical terms, firms with the
capacity to diversify into related or unrelated industries as well as established business
segments and subsidiaries in other counties spread their risks as well as widen the scope of
risks. Hence, complex firms are more likely to adopt ERM (Golshan & Abdul-Rasid,
2012; Liu, Weng & Yu, 2010; Gordon et al., 2009; Hoyt & Liebenberg, 2006).
Prior to the formulation of the COSO ERM framework, countries like United Kingdom,
Australia, New Zealand, Canada and South Africa, through professional bodies (the big
four audit firms) had initiated moves to deepen risk management practices and improve
performance in the business environment (Golshan & Abdul-Rasid, 2012). Though the
United States was very much involved in setting the tone of ERM principles, it actually
started its implementation long after European countries had blazed the trail (Golshan &
Abdul-Rasid, 2012; Beasley et al., 2005). Like the geographical or international
diversification, the diffusion theory posits that firms are headquartered or have
subsidiaries in countries seen as front runners in risk management are more likely to adopt
ERM (Golshan & Abdul-Rasid, 2012; Beasley et al., 2005; Liebenberg & Hoyt, 2003).
The rationale for this practice can be attributed to pressure of regulatory bodies in the
specific countries for firms to adopt ERM (Golshan & Abdul-Rasid, 2012; SOX, 2002).
University of Ghana http://ugspace.ug.edu.gh
52
2.5.9 Presence of Chief Risk Officer (CRO)
On the basis of 26 firms for the period 1997 - 2001, Liebenberg and Hoyt (2003)
pioneered a quantitative study through logistic regression to ascertain the drivers of ERM
implementation. The study revealed internal factors like maximisation of shareholders
value and external factors like globalisation, corporate governance and technological
progress as significant drivers for ERM implementation. By relying on eight independent
variables of firm size, firm industry, earnings volatility, stock price volatility, average
leverage, average market-book value ratios, financial opacity, average institutional
ownership and subsidiaries’ countries, the study argued that the declaration of a CRO
shows a firm’s adoption of ERM as firms ordinarily do not announce when they adopt
ERM (Golshan & Abdul-Rasid, 2012; Pagach & Warr, 2008; Hoyt & Liebenberg, 2006).
The results also indicated that firms with greater financial leverage were more likely to
appoint a CRO than other firms of similar size in the same industry and size was also a
significant driver for ERM adoption (Havenga, 2006). An organisation has both soft and
hard aspects as illustrated by its adoption of new titles, new designations and restructuring
of personnel. Though a sizeable portion of the literature on ERM adoption does not make
reference to the presence of the CRO directly, virtually all imply it. Subsequently, it is
observed that the use of the presence of the CRO through an announcement/appointment is
premised on the fact that firms do not usually inform the public when they formally adopt
ERM (Golshan & Abdul-Rasid, 2012; Liu, Weng & Yu, 2010; Pagach & Warr, 2008,
2010; Hoyt & Liebenberg, 2006; Beasley et al., 2005) unlike previous research that had
proxy ERM adoption with the existence of a CRO. Altuntas et al., (2011) conducted a
comprehensive survey to deduce a direct measure of ERM adoption. They argued that
management adopts ERM due to career concerns, to demonstrate to the board and
stakeholders that they could get the firm back on track to enjoy stable earnings, stock
University of Ghana http://ugspace.ug.edu.gh
53
prices, and ensure high turnover (Altuntas et al., 2011). Hence, based on past poor
performance, CEOs were more likely to adopt ERM practice than those who experienced
previous good performance. However, an examination of their methodology does not
reveal any innovation in the measurement of ERM adoption.
2.5.10 Auditor type (Big four)
Another driver of ERM adoption which is related to the role of regulatory bodies is auditor
type. In a study of Malaysian public listed firms, Golshan & Abdul-Rasid (2012) found
that the presence of the big four auditors underpinned the adoption of ERM. Beasley et
al., (2005) have also concluded that the stage of ERM adoption is positively affected by
the firm’s auditor type. In other words, if the firms auditor happens to be one of the big
four (KPMG, LLP, Ernest and Young LLP, PricewaterhouseCoopers LLP and Deloitte
Touché Tohmatsu Ltd), the firm was more likely to have adopted ERM. This argument is
based on the fact that the big four will always protect their own reputation as competent
auditors by ensuring that annual reports and relevant documents are transparent and free
from errors (Beasley et al., 2005; Golshan & Abdul-Rasid, 2012).
2.5.11 Management commitment
It is logical that the appointment of a CRO strengthens management position to have a
steady control of the firm’s risks. (Golshan & Abdul-Rasid, 2012; Gordon et al., 2009;
Simkins & Ramirez, 2008; Hoyt & Liebenberg 2006; Beasley et al., 2005). Closely
related to the appointment of a CRO, is the crucial role played by an independent internal
auditor or body in helping the board of directors to exercise its oversight functions over
senior management. The appointment of a CRO and the presence of a risk sub-committee
tend to deepen corporate governance that gives strategic direction to ERM implementation
University of Ghana http://ugspace.ug.edu.gh
54
in firms (Gordon et al., 2009; Walker, 2002; Havenga, 2006 as cited in Beasley et al.,
2005).
2.6 ERM Effectiveness measures
This part of the study explores measures that have been used to measure firm performance
till date. This is done by reviewing the attempts by Standard and Poor’s 500 rating system;
Gordon et al., (2009) ERM index; Acharyya’s pioneering work in suggesting a broad
theoretical framework for measuring ERM performance; and the application of
confirmatory factor analysis (CFA) by Namwongse & Limpiyakorn (2012). The various
empirical studies which measured firm performance using Tobin’s Q are also considered
(Tahir & Razali, 2011; Dybvig & Warachka, 2010; Liu et al., 2010; Hoyt & Liebenberg,
2006). Before various specific performance measures are discussed, it is paramount to
have a realistic measure of how effective the previous implementation has been in order to
precede to the next stage on the ladder. Since ERM adoption involves everybody in the
organisation (COSO, 2004), its measurement must be holistic to adequately capture
performance in the finance, accounting and procurement departments as well as
department of the human resource, marketing and other units. In order to have a realistic
holistic measure, it is appropriate to think of a measure long before the effects of ERM
adoption are measured. Indeed, some have termed ERM as a kind of performance
measurement system while others have spoken of the combination of existing
measurement tools like benchmarking, EVA, BSC, and TQM (Acharyya, 2008).
While some rating agencies such as Standard and Poor’s have designed indices to measure
how effective ERM adoption worked for mainly insurance and finance industries,
globally, it is debatable whether these ratings are holistic. The application of Tobin’s Q to
measure the impact of ERM implementation on firm performance has formed a
University of Ghana http://ugspace.ug.edu.gh
55
considerable proportion of the literature (Tahir & Razali, 2011; Hoyt & Liebenberg 2006;
Smith & Simkins, 2005; Liu et al., 2000). In most cases, there is limited empirical
evidence that the implementation of ERM caused an increase in Tobin’s Q (Liu et al.,
2010; Hoyt & Liebenberg, 2006). Secondly, the choice of Tobin’s Q as a measure
revealed the challenge of endogeneity of ERM (Dybvig & Warachka, 2010). Tobin’s Q as
a measure for the performance is based on several reasons. It is believed that Tobin’s Q
dominates other performance measures (Dybvig & Warachka, 2010; Lang & Stulz, 1994,
as cited in Hoyt & Liebenberg, 2006). Unlike other performance measures, Tobin’s Q
does not require risk-adjustment or normalisation. Thirdly, since Tobin’s Q reflects
market expectations, it is relatively free from managerial manipulation (Lindberg & Ross,
1981, as cited in Hoyt & Liebenberg, 2006). Furthermore, Smithson & Simkins (2005)
observe that most empirical studies on the value-relevance of ERM use Tobin’s Q to
proxy firm performance. Also, performance measurement by Tobin’s Q measures
financial aspects of the firm, excluding the non-financial components. Additionally,
unlike historical accounting performance measures such as ROA or ROE, Tobin’s Q
reflects future expectations of investors consequent upon ERM implementation as there is
a lag between ERM implementation and ERM benefits realisation (Hoyt & Liebenberg,
2006).
However, the use of Tobin’s Q as a performance measure has been seriously contested by
Dybvig & Warachka (2010). They argue that due to the endogeneity of Tobin’s Q which
arises from its ambiguous nature, it rather decreases with an increase in the firm’s value.
Though in their analysis, Dybvig & Warachka (2010) relate the effect of corporate
governance on firm performance, it is believed at least in theory that the effect of ERM on
firm performance is in the same direction. The assertion that Tobin’s Q does not reflect a
University of Ghana http://ugspace.ug.edu.gh
56
true relationship between firm performance and corporate governance is consistent with
the findings of Liu et al., (2010) who conclude that ERM implementation rather leads to a
fall in Tobin’s Q. Similarly, Dybvig & Warachka (2010) argue that ROA and ROE are
not good measures for performance and concluded that in general, any capital-adjusted
profitability metric is an ambiguous measure of firm performance. Thus, they suggest an
alternative measure based on revenue and cost efficiency deriving from the examination of
managerial decisions on cost and discipline.
This measure is similar to the measure adopted by Namwongse & Limpiyakorn (2012) as
well as Grace et al., (2013) to capture the impact of ERM on firm performance. Based on
a contingency perspective of ERM and firm performance, Gordon et al., (2009) investigate
the impact of ERM implementation on firm performance using an ERM index (ERMI) that
they modeled around COSO’s four objectives of ERM. In developing its framework,
COSO (2004) recognises that the appropriate ERM system will possibly vary from firm to
firm. Based on extant literature and acknowledging that there is no general theoretical
framework or model that can predict the key factors that influence the relation between
ERM implementation and firm performance; Gordon et al., (2009) allotted operational
definitions to the four objectives in the COSO–ERM framework. The researchers used two
indicators to measure the achievements of each objective and then constructed the ultimate
ERM index by summing up the above eight indicators of the four objectives in the COSO-
ERM integrated framework. Though, Gordon et al., (2009) blazed the trail in developing a
common theoretical framework for measuring the impact of ERM implementation on firm
performance, their work is often criticised for its weak theoretical foundations.
Critics say first, there is the need to examine whether the two indicators used by Gordon et
al., (2009) for each of the four objectives are adequate to capture the performance of firms.
University of Ghana http://ugspace.ug.edu.gh
57
Granted that there are several ways of measuring the strategic objectives, Gordon et al.
(2009) oversimplified the essential elements of their index and thus render it simplistic.
Gordon et al., (2009) did not mention the role of the eight components which
complements the four key objective categories. Apart from the fact that the four key
objective areas included several firm-specific objectives, it cannot be said that these four
broad areas covered the eight components within the ERM framework (COSO, 2004).
Furthermore, the ERM index of Gordon et al., (2009) fails to measure performance
holistically due to its inherent deficiency of not capturing performance from both the
financial and non-financial perspectives. As deduced from the literature on service
providers, the performance of a firm after ERM implementation may not be immediately
seen in real tangible terms (McShane et al., 2011; Nocco & Stulz, 2006). For instance,
there have been cases where initiation of ERM implementation by way of the
announcement of the appointment of a CRO has led to a rise in stock prices of the firm.
This may be explained in terms of how fast information flows between top executives, the
board, and shareholders.
Literature on ERM implementation and firm performance has always covered both the
academia and industry. The two areas have moved in tandem, though empirical research is
yet to fully incorporate certain trends into a common theoretical framework to measure
ERM effectiveness. The attempts of rating agencies such as Standard and Poor’s and the
contribution of McShane et al., (2011) are some attempts at harmonising theory and
practice (Acharyya, 2008; 2007). Based on the assumption that risk management is a
continuum which has traditional risk management and ERM at either ends, Mcshane et al.,
(2011) adopt Standard and Poor’s (S&P’s) ERM index to verify if ERM adoption really
affects the performance of a firm. Using S&P’s newly available risk management rating,
University of Ghana http://ugspace.ug.edu.gh
58
McShane et al., (2011) find a positive relationship between levels of traditional risk
management (TRM) capability and firm value. However, they do not find an additional
increase in value for firms that had adopted and fully implemented ERM. McShane et al.,
(2011) partially base their index on a major study done by Beasley et al., (2008) and
observe that S&P rates the financial strength of insurers based on eight components and
later included the latest component which is ERM. The eight components include risk
management culture, risk control processes, emerging risks management, risk and
economic capital models, and strategic management.
S&P places each insurance firm under one of five ‘ERM rating’ categories. A ‘weak’
ERM programme lacks reliable loss control systems for one or more major risks. An
‘adequate’ ERM programme has reliable loss control systems, but may still be managing
risks in silos instead of coordinating risks across the firm. The ERM programme is rated
‘adequate’ with a positive trend if it exhibits strong/excellent risk control systems,
however, it still lacks a well-developed process for making coordinated risk/reward
decisions that are necessary for effective strategic risk management. A ‘strong’ ERM
programme has moved beyond silo risk management to deal with risks in a coordinated
approach. An ‘excellent’ ERM programme has the same characteristics as a strong ERM
programme, nonetheless, it is run further into the implementation, effectiveness, and
execution of the ERM program (Mcshane et al., 2011).
The contribution of this study to the literature is that McShane et al., (2011) translate S&P
ERM ratings into numerical scores suitable for statistical analysis. In addition, McShane
et al., (2001) appreciate the need to have a performance measure which was
comprehensive and holistic and thus includes some non-financial characteristics of the
firm based on the S&P framework (Mcshane et al., 2011; Acharyya, 2007, 2008; Nocco &
University of Ghana http://ugspace.ug.edu.gh
59
Stulz, 2006). Besides, the researchers adopted a measure from a rating agency (service
provider) whose contribution in the finance and insurance sector was authoritative.
However, their measure has some weaknesses – for instance, while it is rational to adduce
numerical scores to the S&P ERM ratings to allow for statistical analysis, the limitation is,
what was the criterion for choosing the numbers for the various categories? Since ERM
implementation is done in stages, what score would be given to a firm which has taken
steps to appoint a CRO to manage its risk function? What score would be given to a firm
where risk is very well managed by a person who is not a CRO? Therefore, the theoretical
and practical underpinnings of the choice of scores are debatable.
Secondly, what exactly goes into the major categories which guide the achievement of
objectives is questionable as S&P’s criteria do not clearly spell out the elements that go
into determining the numerical scores. Another limitation of the adoption of S&P’s rating
index is that Mcshane et al., (2011) reduce their measure to a finance performance
measure essentially as S&P’s rating confirms a firm’s credit worthiness. Moreover, their
index could be good for the insurance industry, but what of other industries? Also, even in
the insurance industry how can the role of other departments like transportation and legal
be captured in financial terms.
A prominent feature of S&P’s rating criteria is that it is continually updated to be more
robust and inclusive. The implication is that to adopt another institution or person’s index,
measure or methodology, one must do that comprehensively and meaningfully to be tested
in similar conditions to obtain similar results. The need to discuss S&P’s rating criteria
was based on several reasons. S&P is one of the most important and authoritative global
credit rating agencies just like the presence of one of the big four auditor firms served as a
driver of ERM adoption (Beasley et al., 2005). Several academic studies have cited the
University of Ghana http://ugspace.ug.edu.gh
60
contribution of S&P’s rating system in the financial and insurance industry worldwide
(McShane et al., 2011; Acharyya, 2007, 2008). Furthermore, an increasing number of
firms have tried to satisfy regulatory requirements of ERM and corporate governance to be
part of the firms rated by S&P. This has implications for future investments and stock
prices and ultimately stability in earnings volatility (Pagach & Warr, 2010; Hoyt &
Liebenberg, 2006).
The scoring methodology of S&P is done in four primary categories: weak, adequate,
strong, and excellent. The scoring is allotted weights which factor in the relative
significance of ERM in the industry under assessment. S&P arrives at the ultimate scores
of firms through analysis of routine corporate decision-making, risk control, emerging risk
preparedness, and strategic risk management. An examination of the four major analytic
components of S&P indicates that they reflect the eight components within the COSO–
ERM integrated framework. This stresses the notion that ERM implementation is strategic
because if the ERM is well blended with corporate strategy, almost all major risks are
identified and non-financial service organisations are assessed based on the efficacy of
how management executes the risk of the company and builds shareholder value
(www.metricstream.com). An analysis of the four major factors also helps to describe the
risk appetite and risk profile of the firms within a particular industry, thus enabling S&P to
arrive at a single classification of a firm’s ERM standing or profile. This could be
expressed in terms of earnings loss, enterprise value or other important financial metrics
for various risks or for each firm (www.metricstream.com).
On the whole S&P’s rating is designed to provide relative ratings among issues and
obligation of overall credit worthiness (www.standardandpoors.com). Credit worthiness
includes likelihood of default, payment priority, recovery and credit stability. To promote
University of Ghana http://ugspace.ug.edu.gh
61
comparability of ratings across sectors, geographies and over time, S&P has recently
introduced stress scenarios which are associated with each rating category. The stress
scenarios are important tools for calibrating S&P’s criteria to help maintain comparability.
However, the scenarios do not form part of the rating definition. While it is true that the
benchmark of every organisation is ‘financial’, it cannot be denied that S&P’s rating
criteria is predominantly finance-focused. S&P has made bold improvements on its rating
criteria; in 2007, it announced using different scoring definitions for non-financial firms.
This is because while risks are fundamental for the existence of financial institutions, the
non-financial organisations accumulate risk as a result of making some other product or
providing some other service. Ultimately, S&P used the same four broad categories, but
altered the definitions slightly.
Accordingly, the weight of the score in the credit rating varies on the basis of the
importance of ERM for a particular company or sector. An examination of the definitions
of the four major rating criteria demonstrate the presence of control processes as well as
the degree to which non-financial firms incorporate risk and risk management into their
corporate judgment. These may be considered as the non-financial aspects of the
measurement criteria. However, these may not be adequate enough to reflect for instance,
the reputation of the firm. Segal (2006) has observed that credit ratings may not be reliable
and could be abused by top management. He, therefore, suggests that firms should use
internal performance measures and compare them to the ratings of rating agencies.
However, on the whole, S&P’s ratings hold a lot of promise because they are realistic,
based on sound philosophy and they are being continually updated.
Although Acharyya (2007) attempted constructing a common theoretical framework to
guide the holistic measurement of the impact of ERM implementation on firm
University of Ghana http://ugspace.ug.edu.gh
62
performance, he fell short of reducing the details to a common denominator which could
be used to measure firm performance. Acharyya appreciated the complex and
multidisciplinary nature of ERM and observed the challenge of linking the financial and
operating aspects of performance into a single metric (Gordon et al., 2009). Acharyya
(2008; 2007) observed that the role of S&P’s and other rating agencies as well as the
application of existing performance measures such as EVA, BSC, and TQM could be
combined to design a common theoretical framework. However, crucial observation
Acharyya made to ERM effectiveness as a whole is that the impact of ERM adoption on
firm performance hinged on the management of information systems in organisations
(Acharyya, 2008; 2007). Thus, in order to manage risk holistically as well as measure its
performance, there was the need for swift, reliable and accurate information and
communication flow in organisations. It is, therefore, worth mentioning that the COSO-
ERM integrated framework has listed information and communication as well as
monitoring in organisations as part of the eight components designed to help achieve the
four key objective areas (COSO, 2004). However, upon examination, it is realised that the
two parties iterated the same thing in different languages because both the process and the
outcome of ERM are important to stakeholders as a whole.
Acharyya (2007) provided the requirements for constructing a common theoretical
framework, but did not provide the necessary tools and techniques to meet stakeholder
expectations. He reviewed the application and limitations of available performance tools
like EVA, BSC, Benchmarking and TQM. Acharyya (2008) demonstrated this to a large
extent when he combined EVA and BSC in the study of ERM effectiveness in four major
insurance firms in Europe. Acharyya chose to combine EVA and BSC because the two
share basic philosophies and complement each other to measure both the financial and
University of Ghana http://ugspace.ug.edu.gh
63
operational aspects of an organisation (Acharyya, 2008). Another major contribution
Acharyya made to existing literature on performance measurement of ERM was outlining
the key characteristics of the performance index developed from the common theoretical
framework (Acharyya, 2007). These characteristics include inclusiveness, universality,
measurability and consistency (Beamon, 1996).
Similarly, Caplice and Sheffi (1994), as cited in Hansen (2009) mentioned eight
evaluation criteria which should govern frameworks for assessing performance metrics.
These include validity, robustness, usefulness, integration, economy, compatibility, level
of detail, and behaviour soundness. Hansen (2009) stresses that the appropriateness of the
eight criteria for evaluating measures of ERM effectiveness is based on the fact that it was
originally created with performance management in mind and with the conviction that
ERM is essentially a performance management system (Hansen, 2009). In a related study,
Hansen (2009) extensively reviewed the existing literature on ERM metrics and indicators
of financial distress for banks (Bongini et al., 2002 as cited in Hansen, 2009). Another
section of the literature that has used risk management widely is accounting research,
where the relationship between accounting and market based measures of total risk are
explored (Agusman et al., 2006, as cited in Hansen, 2009; Ball & Brown, 1969 as cited in
Hansen, 1969). Furthermore, some aspects of the literature gradually expand the set of
measures that were used as proxies for risk in order to overcome the drawbacks of the
general CAPM based Beta measure (Kallunki, 2000 as cited in Hansen, 2009; Gordon,
1993 as cited in Hansen, 2009). Miller &Bromily (1990), as cited in Hansen (2005),
surveyed the use of ERM measures within the strategic management literature and found
nine metrics which include systematic risk (CAPM beta,) unsystematic or idiosyncratic
risk, debt-to-risk equity ratio, research and development intensity, return on asset (ROA),
University of Ghana http://ugspace.ug.edu.gh
64
return on equity (ROE), capital intensity, stock analysts’ earnings forecast and the
coefficient of variation of stock analyst earning forecast. The fifth literature stream which
was used to construct potential metrics deals with the information content of stock return
volatility forecasts. The two general types of measures under stock return volatility
forecasts are implied equity volatility (IEV) and equity volatility forecasts based on
realised volatility (RV). While the former is derived from implied volatilities of option
prices, the latter is derived from historical stock returns.
Based on the literature review of ERM metrics, Hansen (2009) selected thirteen (13)
metrics for further evaluation. It is interesting to note that some of the metrics Hansen
selected include probability of default swap, volatility of return on assets, volatility of
return on equity, earnings volatility, total value-at-risk and CAPM beta. Some of the
metrics are considered as drivers of ERM adoption, but could serve to measure the impact
of ERM adoption on firm performance. After a thorough evaluation of the thirteen
metrics, Hansen concludes that ERM measures based on IEV and RV are the most
promising in the light of their high information content, high measurement frequency and
continuous updating (Hansen 2009). He said that the other measures have serious
fundamental weaknesses which limited the results they generate. Besides, the accounting
measures suffer from significant drawbacks with respect to their usefulness due to the low
frequency at which they are updated (Hansen, 2009).
Finally, while IEV and RV are forward looking, the accounting measures are not forward
looking and are affected by accounting conventions (Hansen, 2009; Acharyya, 2008;
2007). However, IEV and RV can only be applied to large organisations that are listed on
a stock exchange. Furthermore, their usefulness reduces as the size of the firm reduces
because smaller stocks are usually not traded in frequently (Pastor & Stambaugh, 2001 as
University of Ghana http://ugspace.ug.edu.gh
65
cited in Hansen, 2009). In a study of available methods for measuring intangible assets,
Sveiby (2001) observes that the four major methods are direct intellectual capital methods
(DIC), market capitalisation methods (MCM), the return on asset methods (ROA) and the
scorecard methods (SC). The DIC methods estimate the dollar value of intangible assets
by identifying their components while the MCM methods calculate the difference between
a firm’s market capitalisation and its stockholders’ equity as the value of its intellectual
capital or intangible assets. In the case of the ROA methods, average pre-tax earnings of a
company over a period of time are divided by the average tangible assets of the company.
The result obtained is then compared with its industry average. The difference is then
multiplied by the company’s average tangible assets to obtain average annual earnings
from the intangible. Finally, dividing the above average earnings by the company’s
average cost of capital or interest rate gives an estimate of the value of the firm’s
intangible assets.
Comparatively with the scorecard methods, the various components of intangible assets
are identified while indicators and indices are generated and reported in scorecards or on
graphs. SC methods are similar to DIC methods except that no estimate is made of the
dollar-value of the intangible assets. Hence, a composite index may or may not be
produced. Such an index may come close to what Acharyya (2007) proposed in his
preliminary requirements of a theoretical framework for measuring ERM effectiveness.
Sveiby (2001) argues that the ultimate question which a measurement effort should seek to
answer is ‘what is the purpose of our measuring initiative?’ He argued that it is not
possible to measure social phenomena with anything close to scientific accuracy and the
inconsistency between what measurement systems can achieve and what stakeholders
expect from them often makes the systems fragile and open to manipulation. To
University of Ghana http://ugspace.ug.edu.gh
66
corroborate his argument, there have been instances where some non-financial service
firms have asked why they should be allowed to be rated by S&P when that very rating
agency has been rating some financial institutions for decades, but could not help them
improve performance and prevent manipulation of achievements through the doctoring of
records.
Therefore, Sveiby (2001) concluded that no one method can fulfill all purposes and there
is the need to select a method depending on purpose, situation and audience. Sveiby
outlines the merits and demerits of the four major methods. The author’s analysis has
contributed to the literature on measurement of firm performance by way of putting
together the numerous financial and non-financial metrics used to measure intangible
assets. However, Sveiby fell short of suggesting a universal model that could meet some
of the requirements in Acharyya’s proposal (Namwongse & Limpiyakorn, 2012; Grace et
al., 2013).
Notwithstanding, Jafari et al., (2011) investigate the effect of research and development,
innovations, intellectual capital and rapid knowledge growth (as part of ERM
programmes) on firm performance. Though these factors form part of the non-financial
aspects of the firms, the final results as well as the individual variables were captured in
financial terms. They explained the ultimate impact of innovations, research and
development (R&D), knowledge growth in terms of increasing confidence in investment
and reduced average capital expenditures. The approach of Jafari et al., (2011) highlights
applications of aspects of the method in Sveiby’s overview of methods of measuring
intangible assets. Jafari et al., (2011) clearly expose the intricate relationship between
intangible assets and financial metrics by demonstrating how quality management
University of Ghana http://ugspace.ug.edu.gh
67
decisions would increase investor confidence, reduce average cost of capital and enable
the organisation to invest in specific assets. This also demonstrates the argument of Sveiby
that the purpose of the measurement determines the type of metric to be used. Though
Jafari et al., (2011) prove that non-financial variables or factors could be captured and
measured in financial terms, the questions remains as to whether it is every conceivable
intangible asset of the organisation that can be captured in financial terms. If this is done
internally, it may be prone to self-selection and considerable subjectivity and should thus
be comparable to the results of a rating agency or some other form of measurement by an
independent body.
Grace et al., (2013), having acknowledged the absence of a common theoretical model to
govern the measurement of firm performance due to ERM implementation decided to use
revenue and cost efficiency as pertained in the banking and insurance industries. Grace et
al., (2013) confirm that Berger and Humphrey (1997 as cited in Grace et al., 2013) had
identified over 130 efficiency articles published between 1992 and 1997. Besides, Eling &
Luhen (2009 as cited in Grace et al., 2010) had surveyed more than 90 studies in the
insurance industry alone between 1998 and 2008. The articles confirm frontier efficiency
as appropriate because they directly derive from micro- economic theory and provide
meaningful and reliable measures of performance in a simple statistic that controls for
differences in input usage and output production in multi-input, multi-output firms
(Leverty & Grace, 2009 as cited in Grace et al., 2013). The merit of using the frontier
efficiency method is that it enabled some benchmarking to be done within the industry.
The respective shortfalls of firms form the best-practice frontier (benchmark) form a
measure of inefficiency. Besides, Grace et al., (2013) used cost and revenue efficiency to
capture the total efficiency of the firm (Wilson, 2007 as cited in Grace et al., 2009). Grace
University of Ghana http://ugspace.ug.edu.gh
68
et al. used the Frontier Efficiency Analysis within R (FEAR) to identify the outputs and
inputs of the firms using the value-added approach which was consistent with the
economic realities of the insurance market.
Output prices were defined as the difference of premiums earned and the present value of
losses incurred divided by the present value of losses incurred. The inputs of the firm were
grouped into five; administrative, labour, agent labour, business services and materials
(including physical capital, financial equity capital and policy holder- supplied debt
capital). Mathematically, the quantity of an input is defined as the current dollar
expenditure associated with the particular input from the regulatory annual statement
divided by its current price. Since previous research stressed the impact of organisational
structure on the success of information sharing between business segments and top
management (Stein, 2002, as cited in Grace et al., 2013), Grace et al., (2013) created
indicators for a number of variables in their study. Firstly, they capture whether the firm
has a CRO or a significant risk management entity to ascertain how effectively the risk
management function is organised within (Nocco & Stulz, 2006). Secondly, they create
indicators for reporting relationships and whether the firm uses output from risk
management to influence executive compensation to confirm the stress Acharyya (2008)
placed on information management in an entity. However, the cost and revenue efficiency
aspects (financial aspects) were investigated using multi-variant weighted least squares
regressions - these weights were based on total assets.
Namwongse & Limpiyakorn (2012) developed a portfolio risk index system to investigate
the impact of ERM adoption among transportation network service providers. Though
their research was conducted in an entirely different sector that was responsible for
managing toll collection on an expressway in Thailand, their measurement technique is
University of Ghana http://ugspace.ug.edu.gh
69
considered to have moved much more closely to measuring non-financial characteristics of
firms. Using value-based risk management, Namwongse and Limpiyakorn identified key
risk drivers (KRDs) using Porter’s competitive strategy model and Ansoff’s product-
market expansion strategy to establish the causal links between inputs and organisation
value creation. Just as Sveiby (2009) stressed that the choice of the metric (measurement
method) depends on the purpose, Namwongse and Limpiyakorn applied the strategy map
per Kaplan and Norton (2003) to identify key drivers and key risk indicators (KRIs)
(Namwongse & Limpiyakorn, 2012). The KRIs identified by Namwongse and
Limpiyakorn covered five categories of risks in the areas of: environment, resource,
strategy, capacity and market and company-specific risks. These five categories define the
external and internal environments of the firm (Tan & Xu, 2011; Zhang et al., 2010; Shang
& Bao, 2010; Yongsheng & Li, 2009; Guohua & Jin, 2008).
In determining the value drivers and risk indicators, Namwongse and Limpiyakorn, like
Jafari et al., (2011) were guided by the peculiar characteristics of the internal and external
environments that firms face. To create the index for measuring ERM effectiveness,
Namwongse & Limpiyakorn (2012) reduced the broad five categories of risk into four
broad risk dimensions: external environmental risk; enterprise resource risk; enterprise
capacity risk; and strategy implementation risk. Notably, the index was selected based on
twelve principles which are similar to the ones cited by Acharyya (2007; 2008). Finally,
Namwongse and Limpiyakorn used confirmatory factor analysis (CFA) to test the
construct validity of the model. Accordingly, they created twenty six KRIs and eight
indices covering the broad five risk categories and then gave weights to the eight indices
(Namwongse & Limpiyakorn, 2012).
University of Ghana http://ugspace.ug.edu.gh
70
Confirmatory factor analysis (CFA) is a type of structural equation modeling (SEM) in
statistics which specifically deals with a proposed measurement model. A fundamental
characteristic of CFA is its hypothesis-driven nature. Furthermore, it is an indispensable
analytic tool for construct validity in social sciences. The advantage CFA has over
traditional methods is that it provides a stronger analytic framework and accounts for
measurement errors (Namwongse & Limpiyakorn, 2012; Suhr, 2010). More specifically,
CFA enables resulting estimates of convergent and discriminant validity to be adjusted for
measurement error. On the whole, Namwongse and Limpiyakorn demonstrated that the
achievement of the non-financial aspect of a firm could lead to improved financial
performance. This implies that even if non-financial aspects of a firm cannot be measured
in financial terms, the achievement of the former should serve as a catalyst for the
achievement of the latter.
Unlike the case of Liu et al., (2010), this is not the case of individual risk management
(IRMs) being mutually interdependent on ERM. Where the construct validity is strong and
the basic principles of index creation are satisfied, then a method like the one used by
Namwongse & Limpiyakorn (2012) and to some extent that of Grace et al., (2013) should
reflect ERM effectiveness in a particular industry or related industry. However, where
non-financials like human capital, innovativeness, and corporate governance do not lead to
better competitiveness, how can this be empirically explained if non-financials were
measured by means of non-financial metrics? This, therefore, makes it impossible to
improve future performance as aspects of the literature argue that firm performance
measurement should help to improve performance (Hansen, 2009). This is because the
failure of ERM adoption to improve firm performance may be due to non-financial aspects
which because they were not measured in non-financial terms could not be explained.
University of Ghana http://ugspace.ug.edu.gh
71
Thus, many have stressed on the use of a composite index that combines both financial
and non-financial aspects of the organisation to examine how the two impact one another
to affect firm performance. Since value drivers, key risk indicators as well as key
performance indicators and the risk appetite may differ from one industry to another, there
is the need to construct a common theoretical framework that can be applied across
industries given a few modifications against the background of best practices for bench-
marking (Grace et al., 2013).
Indeed, since ERM adoption is done in stages, it is logical and possible that some
intangible benefits would be enjoyed by the firm almost immediately as aspects of the
literature have indicated (Meulbroek, 2002). However, it is possible that even before a
firm reaches an advanced level of ERM adoption; it may have started experiencing
benefits in real terms.
2.7 General theoretical foundations of firm performance
The ultimate goal of a firm is to perform well over time in order to grow stakeholders’
value and continue to meet societal needs. In the literature on firm performance, two major
schools of economic and organisational models of measuring performance are identified
(Acharyya, 2007). The organisational performance or non-financial or operational
dimension of a firm is based on behavioural and sociological factors which are difficult to
assess (Hansen & Wernerfelt, 1989). While there are several ways of measuring both the
economic and organisational performance of firms, it has been difficult to have a
combined framework to assess both (Acharyya, 2008; Nocco & Stulz, 2006). Thus, for the
firm to have a holistic idea about how it is performing, it must have both realistic
economic and organisational indicators within a unified framework.
University of Ghana http://ugspace.ug.edu.gh
72
The COSO ERM framework (COSO 2004) has outlined the potential benefits of adopting
ERM, using a common language for risk management. Various theories have been
formulated on the potential benefits of adopting ERM (McShane et al., 2011; Liu et al.,
2010; Gordon et al., 2009; Acharyya, 2007; Nocco & Stulz, 2006;). Gordon et al., (2009)
employed the contingency theory perspective to establish that the link between ERM and
firm performance is dependent on key firm specific factors; environmental uncertainty,
industry competition, firm complexity, firm size and board monitoring. However, an
examination of their argument indicates a weakness of the contingency theory because
contingency forms the basis why risks should be holistically managed (COSO, 2004).
Hence, employing an underlying assumption as an argument readily defeats the basis of
the argument. Liu et al., (2010), drawing on the strategic determinants of risk and
integration and value creation of firms argue that individual risk management (IRM) and
ERM are mutually interdependent because the latter was proposed to create synergies for
the former.
However, it is interesting to note that they conceive of individual risk management (IRMs)
as being implemented on a silo-by-silo basis which defeats the very essence of ERM
(COSO 2004). If the firm continues to handle risks at the level of departments, then in
theory, it cannot reduce cost of mitigating risks and neither can it appreciate the
interrelationship of one risk to another. Therefore, the perspective of Liu et al., (2010)
appears to be a simplistic portrait of what they might have considered as a systems theory
perspective of the relationship between enterprise risk management and firm performance.
Nocco & Stulz (2006) argue that firms that adopt ERM effectively enjoy a long-run
competitive advantage over those that manage risk via the traditional approach. The
authors’ argument was based on the fact that measurement and management of risk
University of Ghana http://ugspace.ug.edu.gh
73
consistently and systematically to optimise the trade-off between risks and returns, put the
firm in a stronger position to execute its strategic plan. Thus, Nocco & Stulz (2006) hinted
on the essence of information management systems to ERM in order to quantify
organisational performance. They then advised firms to be modest and realistic in their
choice of measurement tools to reflect their needs and the environment in which they
operate (COSO, 2004).
McShane et al., (2011) contributed to the theoretical foundations on the relationship
between ERM and firm performance by stressing on the complexity of ERM
implementation and lack of a suitable proxy to determine the degree of implementation
(adoption). They based their theory on the assumption that risk management is a
continuum along which certain firms and industries move at varying speed. Thus, they
used IRM and ERM to capture the state of a firm prior to ERM implementation to when it
adopts ERM respectively. Appraisal of the theory indicates that they compare the
adoption of ERM and its effectiveness to a triangle. Additionally, they take the argument
of Liu et al., (2011) to another level by taking a more realistic approach to ERM adoption.
Furthermore, like Nocco & Stulz (2006), and McShane et al., (2011) advise firms to
concentrate more on risk areas where they have comparative cost advantage (Schrand &
Ural, 1998) because ERM adoption varies from one firm and industry to the other (Gordon
et al., 2009; COSO, 2004). Finally, Mcshane et al., (2011) adopted Standard and Poor’s
(S &P) ERM index to establish if ERM adoption affects a firm’s performance thus,
showing their deep appreciation of the comprehensive and holistic nature of ERM
(Mcshane et al., 2011; Acharyya, 2008; Acharyya, 2007; Nocco & Stulz, 2006).
Nocco & Stulz (2006), Mcshane et al., (2011), and Acharyya (2007) extensively built on
existing theory by proposing a conceptual framework to measure the complex link
University of Ghana http://ugspace.ug.edu.gh
74
between ERM and firm performance. Acharyya (2007) observed that using a single
numerical performance measure to assess the effectiveness of ERM is inadequate due to
the challenge of linking financial and operational (organisational) aspects of performance
into a single whole. Review of Acharyya’s work suggests that though previous studies
acknowledge the multifaceted nature of the interplay between ERM and firm performance,
it was Acharyya (2007) who really projected this aspect. Also, consistent with the thinking
of Nocco and Stulz (2006) and McShane et al., (2011), and Acharyya (2007) project the
role of ERM performance as an information system, which allows firms, regulators and
rating agencies to measure the strength and success of the entire business.
Additionally, he affirmed that the immediate benefits of ERM adoption may not
necessarily be tangible but may be almost immediately intangible. Finally, Acharyya
(2007) observes that attempts of regulators and rating agencies to explore how ERM
adoption affects certain key industries were crucial to developing an all-inclusive theory
on the link between ERM adoption and firm performance (McShane et al., 2011).
Though a lot has been done to shape the theoretical basis of the effect of ERM adoption on
firm performance, inadequate attention has been given to empirical studies in the area. The
major studies that were done in this area include the works of Hoyt & Liebenberg (2006),
Namwongse & Limpiyakorn (2012), Tahir & Razali (2011); Jafari et al., (2011), Pagach
& Warr, (2010); Soileau (2010), Liu et al., (2010); Grace et al., (2013), Gordon et al.,
(2009) as well as Acharyya (2008). Out of this number, only four (4) actually investigate
the impact of ERM adoption on firm performance. The others based their empirical
studies on theoretical perspectives of ERM which affect the essence and outcome of their
findings, thus limiting the extent to which they could be applied (Liu et al., 2010; Gordon
et al., 2009). The table below show attempts to measure ERM and firm performance
University of Ghana http://ugspace.ug.edu.gh
75
This section discusses the various empirical findings to identify trends and differences and
their implications for the study. Long before the major empirical studies were done to
confirm the positive effects of ERM implementation on firm performance, Kleffner et al.,
(2003) had observed in a study that stability in earnings, profitability, turnover, and
leverage were among the key motivations (drivers) for firms in Canada to practice ERM.
Prior to the major qualitative studies, which were carried out to investigate the impact of
ERM adoption on firm performance, some empirical works had been done. Though these
empirical studies indicated a positive link between ERM and firm performance, they could
not contribute considerably to the study area because they were partial studies (Smithson
& Simkins, 2005; Guay & Kothan, 2003; Weston, 2001).
Hoyt & Liebenberg (2006) studied the impact of the insurance industry on the value of
ERM using Tobin’s Q as a proxy for firm performance and found that Tobin’s Q was
significantly higher for firms that adopted ERM programmes. Both the mean and median
variables of Tobin’s Q were significantly higher for firms who had adopted ERM
programmes. They further tested how specific ERM drivers relate to firm value and found
a positive correlation between international diversification and Tobin’s Q (Hoyt &
Liebenberg, 2006). Some empirical studies which sought to investigate the impact of
ERM adoption on firm value used Tobin’s Q as a measure of performance (Tahir &
Razali, 2011; Liu et al., 2010; Hoyt & Liebenberg, 2006). However, these studies are
criticised for their reliance on the narrow financial perspective as a proxy for performance.
Following deep theoretical insights and revelations, Acharyya (2007) blazed the trail to
investigate the link between ERM adoption and firm performance in the insurance
industry over the period 1994–2003. The researcher adopted a combined shareholder and
stakeholder approach to measuring ERM. Acharyya stressed the multi-disciplinary nature
University of Ghana http://ugspace.ug.edu.gh
76
of ERM and espoused the need for a corporate harmonised conceptual framework that
considers both the financial and non-financial components of a firm’s success (Acharyya,
2008). The researcher noted that previous studies had captured a firm’s performance upon
ERM adoption using financial aspects only.
It is worthy to note that Acharyya appreciated and cited the existence and application of
existing measurement instruments which could be combined in a common framework to
measure a firm’s performance holistically. The researcher cited measurement tools like
Total Quality Management (TQM), economic valued added (EVA) and the balanced score
card (BSC). Results of the survey he conducted indicated that no technique has been
developed to evaluate the benefits of ERM in the cases he studied (Acharyya, 2008).
Besides, the performance initiatives taken by key stakeholders, credit rating agencies,
financial analysts, regulators were considered as meaningful, but crude benchmarking
criteria. Consistent with Altuntas et al., (2011) who based their argument on career
concerns theory, Acharyya found that firms with less volatile profits streams tend to invest
less in ERM implementation (Acharyya, 2008). On the whole, he found out that poorly
performing firms seek risky investments and thus, would implement ERM by way of
having the assurance that risks would be more targeted. Using EVA and BSC, Acharyya
discovered that the benefits managers derive from practising ERM are general in nature
because the ability to withstand industry competition, to reduce cost of capital and
improve risk assessment were benefits which if sustained will produce tangible benefits
(Acharyya, 2008). Again, Acharyya’s study confirmed previous literature which noted
that ERM works best when business activities are at their worst and thus reminded
researchers on the need to conduct empirical studies on the link between ERM and firm
performance in both good and bad times for the strength of risk management techniques to
University of Ghana http://ugspace.ug.edu.gh
77
be better appreciated (Acharyya, 2008). By way of conclusion, Acharyya observed that
added shareholder value is the ultimate measure of the success of ERM, though aspects of
the literature still debate the value- adding capability of ERM.
In a study of 112 US firms, Gordon et al., (2009) measured the effectiveness of ERM
adoption with a created index and concluded that such an index (ERMI) was a fair, but not
a perfect measure of the effectiveness of ERM. Drawing on the contingency theory, they
postulated that the impact of ERM on firm performance is based on environmental
uncertainty, industry competition, firm complexity, firm size and board monitoring. They
established that for high performing firms, all firm specific factors had a significant effect
on the effectiveness of the ERM index except environmental uncertainty. The implication
is that contingency is the exact reason why ERM has become popular as firms operate
under unstable environments. Additionally, it means high performing firms take
contingency variables more seriously than low performing firms in the implementation of
enterprise risk management (Gordon et al., 2009). Consistent with the findings of
previous researchers, Gordon et al., (2009) reveal that ERM improves firm performance
(Barton et al., 2002 as cited in Gordon et al., 2009; Hoyt & Liebenberg, 2006; Nocco &
Stulz, 2006). Further, they affirm ERM as a means-end system tied to the endogenous
nature of variables that determine it at one level and become its effect at another level.
Finally, the measurement of performance is critical to deduce the link between ERM and
firm performance and Gordon et al., (2009) contribution in this regard was capturing the
effect of ERM adoption on firm performance based on a created index from the four key
objectives of the COSO ERM framework (strategy, operations reporting and compliance).
However, Gordon et al., (2009) proceeded with a theory which affects the very essence of
their study because to them, without contingency variables, no link exists between ERM
University of Ghana http://ugspace.ug.edu.gh
78
and firm performance. Though they argued that no general theoretical framework could
predict the key factors that influence the link between ERM and firm performance, their
argument was in line with the COSO observation that the ERM system varies from one
firm to another. In conclusion, the study is reduced to an argument at the expense of a
hypothesis especially, when their approach was heavily quantitative (Archaryya 2007;
2008).
Pagach & Warr (2010) examine the effect of ERM adoption on long term firm
performance and found little evidence that ERM adoption significantly affects firm
performance. However, in the examination of the subset of firms for whom the market
considered ERM to be most beneficial, there was some evidence of risk reduction, a
finding which was consistent with their findings in 2008 (Pagach & Warr, 2008). The key
finding of this study was that firms which had initiated ERM implementation experienced
some reduction in earnings volatility (Pagach & Warr, 2010). The study captured earnings
volatility as the standard deviation of the error term from a regression of the firm’s
quarterly earnings on the prior quarter’s earnings (Pagach & Warr, 2010). Additionally,
the study established a statistically significant increase in leverage and return on equity
(ROE). The contribution of this study to the empirical literature devoted to ERM adoption
was that it is credited as the first to examine how financial performance changes after the
initiation of ERM implementation.
Liu et al., (2010), in their study of the property and casualty industry in the US, confirm
the findings of Pagach & Warr (2010). Using Tobin’s Q, Liu et al., (2010) reveal that
ERM implementation in the insurance industry has a negative correlation with firm
performance (Beasley et al., 2008; Liu et al., 2010). Like Pagach & Warr (2010) observe,
Liu et al., (2010) address the endogeneity of ERM adoption when they test the effects of
University of Ghana http://ugspace.ug.edu.gh
79
ERM implementation on firm value. It is interesting to note that unlike Nocco & Stulz
(2006) and Pagach & Warr (2007; 2008) who examined the holistic effects of ERM on
firm value. Liu et al. (2010), like Hoyt and Liebenberg (2006), extended their line of
research by controlling the effects of individual risk management programmes (IRMs).
Consequently, the study found that ERM adoption rather decreases Tobin’s Q by 0.111
(Liu et al., 2010), a finding which is consistent with that of Pagach & Warr (2007; 2008).
Though the IRM-ERM continuum approach adopted by Liu et al. (2010) was innovative to
absorb reduction in the error term, it was not identical to the Hoyt and Liebenberg (2000)
approach that tested the effect of respective ERM drivers on firm performance and
concluded that international diversification increases Tobin Q (Hoyt & Liebenberg, 2006).
Interestingly, the study of Liu et al., (2010) covered a period equal to that of Gordon et al.,
(2009). An appraisal of the study of Liu et al., (2010) suggests that their approach makes
it possible to have an ex ante and post ante view on the effects of ERM adoption on firm
performance. In addition, the key limitation to the study was its basic assumption that
ERM adoption and the various IRMs were mutually interdependent. This assumption
basically destroys the essence of the holistic nature of ERM and raises a question of how
previous positive correlations between IRMs and firm value should be interpreted. Though
the basis of their theory confirms the COSO assertion that ERM implementation is done in
stages, the study was unable to explain how exactly IRMs can stimulate firms to adopt
ERM (Liu et al., 2010). Again, Liu et al., (2010) contribute to the literature by way of
identifying how costly it is to implement ERM, a fact confirmed by service providers.
Secondly, they confirm how complex ERM implementation is in practice and thus suggest
future comprehensive and longitudinal assessment of all dimensions of firm risks and
corresponding risk management practices. Interestingly, there is a stage in ERM which
University of Ghana http://ugspace.ug.edu.gh
80
caters for prioritisation of all risks within a firm and this would make it a herculean task to
integrate IRMs instead of implementing ERM using the COSO ERM framework.
Though Liu et al., (2010) underscore and appreciate the need to integrate and create
synergies of all the risks in an organisation in the early stages of their study, their results
and further discussion point to totally different conclusions. Moreover, it is clear that there
is no need to study an IRM in order to appreciate ERM adoption as accurate information
on certain performance indicators prior to ERM adoption can be compared to the same
performance indicators after ERM adoption. Soileau (2010) examined the relationship
between ERM adoption, performance benefits and disclosure effect and asserted that
controlling for other factors, there was limited evidence of an association between
assessed maturity of adopted ERM processes and firm performance (ROA). He also found
a negative association between the market value of equity (MVE) and the assessed level of
ERM while controlling for other variables. Soileau’s results were consistent with the
findings of Hoyt & Liebenberg (2006), Liu et al., (2010) as well as Pagach & Warr (2010).
Finally, Soileau (2010) followed the COSO ERM framework religiously without
suggesting the assessment of IRMs in silos, as was proposed by Liu et al., (2010).
Following Hoyt & Liebenberg (2006) and Liu et al., (2010), Tahir & Razali (2011)
explore the relationship between ERM and firm value of Malaysian public listed
companies with the aid of Tobin’s Q. The study confirmed that ERM implementation is
positively related to firm value, though it was not significant. The implication was that
there was no support that Malaysian firms which practise ERM perform better than firms
which did not practice ERM. This observation was inconsistent with findings of Liu et al.,
(2010), Hoyt & Liebenberg, (2006; 2008), as well as Pagach & Warr (2008). Evidently,
the study confirms that while size and profitability (ROA) indicate a negative and
University of Ghana http://ugspace.ug.edu.gh
81
significant relationship with firm value, leverage and firms that do not diversify
internationally have a positive and significant relationship (Goshlan & Abdul-Rasid; 2012;
Beasley et al., 2005). The relationship between majority ownership and firm value was
positive, but insignificant.
Interestingly, Tahir & Razali’s negative link between international diversifications and
firm value contradicted the Hoyt & Liebenberg (2006) assertion that a positive correlation
exists between international diversification and firm value. Tahir & Razali’s study is
important for various reasons. The study revealed the level of knowledge and acceptance
of ERM practices in Malaysia which is an emerging market in Asia. Also, the study
refutes previous studies in the light of the economic climate of Malaysia. Furthermore, the
study spanned just a year (Liu et al., 2010; Gordon et al., 2009). However, like previous
studies, this study also focused on only the financial aspects of firm performance. Jafari et
al., (2011) investigate the link between total risk management (ERM) and firm
performance in Malaysian firms that had invested in research, development and
innovations as well as in intellectual capital and rapid knowledge growth. The results
indicated a positive and significant relationship between total risk management and firm
performance. Like Acharyya (2007, 2008), and Jafari et al., (2011) underscored the need
to have a comprehensive and integrated framework for measuring the impact of ERM
implementation on firm performance. Compared to previous research, this study is
germane because it was conducted in the knowledge and intellectual human capital
domain as against the norm to cover banking, insurance and utility industries. The reality
is because it was even more difficult to identify, prioritise and manage risk for
innovations, resource use and knowledge management. Again, the study acknowledges
how difficult it is to implement ERM, and observes the need to measure non-financial or
University of Ghana http://ugspace.ug.edu.gh
82
behavioural changes of management on performance (Acharyya, 2008; Nocco & Stulz,
2006).
Following Mackay & Moeller (2007), Grace et al., (2013) examine the impact of ERM
adoption on firm performance in the insurance industry and concluded that ERM improves
firm performance. More specifically, they found that firms which hire CROs have
dedicated risk committees and risk management entities that report to CFO experience
higher cost efficiency and return on assets (ROA). Furthermore, they found that life
insurers benefit from the application of economic capital models to a greater extent than
property casualty (PC) insurers. Grace et al., (2013) like Nocco & Stulz (2006), McShane
et al., (1998), and Acharyya (2008) realised the need to assess firm performance based on
financial and non-financial perspectives. The study acknowledges the absence of a
common theoretical framework to capture the total measurement of firm performance
(Cumming & Hirtle, 2001). Unlike previous studies that proxy ERM adoption with the
appointment of the CRO (Liebenberg & Hoyt, 2003, 2006, 2009; Beasley et al., 2005;
Hoyt & Liebenberg, 2006 and Pagach & Warr, 2010). Grace et al., (2013) employed data
envelopment analysis (DEA) to look for detailed information on ERM initiatives that aid
firms to identity the specific aspects of ERM that create value (Grace et al., 2013).
Also, the study combined data envelopment analysis (DEA) with a modification of the
VAA, to identify the important outputs of life and property liability insurers (Grace et al.,
2013). Further, the study corroborated the call for a common theoretical framework of
measuring the impact of ERM adoption on firm performance. In addition, by measuring
the level of confidence which is a non-financial factor, the study demonstrates how other
non-financial factors could be measured when an appropriate theoretical model is
established for the purpose. Finally, their longitudinal study offers multiple scenarios of
University of Ghana http://ugspace.ug.edu.gh
83
ERM adoption over a period, thus making one to appreciate how the various ERM drivers
are affected by exogenous variables. Namwongse & Limpiyakorn (2012) employed the
value-based ERM (VBRM) to construct a portfolio risk index using confirmatory factor
analysis (CFA) to measure the holistic impact of ERM adoption on firm value in Thailand.
Appraisal of the literature revealed VBRM as ERM that essentially exists to create value
through various performance measures. An innovative approach deduced in this study was
that the eight indices created contained both financial and non-financial factors (Acharyya,
2008).
The non-financials encompassed brand image risk, socio-economic risk, process value risk
and service quality risk. Again, the portfolio risk index system based on confirmatory
factor analysis (CFA) served as a valid and robust substitute for the common theoretical
framework that has eluded both academics and practitioners. Furthermore, this study
pioneered the use of a composite theoretical framework that encapsulates both financial
and non-financial performances (Gordon et al., 2009). An appraisal of the study suggests
that like Jafari et al., (2011), this study also recognised the concept of intellectual capital
as a key resource and driver of organisational performance. Likewise, it relates its
modified model to Kaplan and Norton’s BSC in order to create value. Additionally,
consistent with the study of Grace et al., (2013), this study also combined the various
levels of inputs to produce expected output value that is measurable. Essentially,
Namwongse & Limpiyakorn considered ERM from a systems theory perspective by
viewing VBRM as a subset of strategic management. Thus, the study was driven by an
ever increasing need to look at risks holistically and measure them holistically to ensure
continuous total improvement. The subsequent sections review literature on money
laundering.
University of Ghana http://ugspace.ug.edu.gh
84
2.8 Definitions of money laundering
“Money laundering” was first derived from the habit of the gangster Al Capone who used
launderettes to legitimise his ill-gotten gains (Walker, 1995; FATF, 2010; Savona, 1997;
IFAC, 2001; Cuéllar, 2003). Though the definition of money laundering is more
ambiguous, it generally means ‘making dirty money and assets look clean’ to ensure that
criminals enjoy their proceeds, by conserving or investing them in the legal economy. The
modern term of money laundering first occurred in US legal context in 1982. However,
the concept of money laundering was originally used by the American enforcement
officers in the 1920s. To construct a unified definition of money laundering, the researcher
reviewed various definitions by researchers, entities and legislations and compared them
with one another. The researcher explored the definitions by the Financial Action Task
Force (FATF), International Monetary Fund and World Bank, International Organisation
of Securities Commissions (IOSCO), International Federation of Accountants (IFAC);
United Nations Office on Drugs and Crime (UNODC); definition of Walker (1995);
Savona (1997) and Cuéllar (2003) were also explored.
FATF (2010) defined money laundering as the processing of criminal proceeds to disguise
their illegal origin. IMF in collaboration with the World Bank defined money laundering
as a process in which assets obtained or generated by criminal activity are moved or
concealed to obscure their link with the crime. IOSCO also defined money laundering as
a wide range of activities and processes intended to obscure the source of illegally
acquired money to create the look that it has emanated from a legitimate source. Further,
IFAC defined money laundering as the process by which criminals attempt to conceal the
true origin and ownership of their criminal activities. UNODC posits that a person
commits the offence of money laundering when he/she acquires, possesses or renders
University of Ghana http://ugspace.ug.edu.gh
85
assistance to another person for the conversion or transfer of property derived directly or
indirectly from acts or omissions that form an offence against any law punishable by
imprisonment for not less than a year. Walker (1995) defines money laundering as the
process by which illicit source moneys are introduced into an economy and used for
legitimate purposes. Savona (1997) defined money laundering as an activity aimed at
concealing the unlawful source of sums of money. Cuéllar (2003) defines money
laundering as a process whereby proceeds from crime are rendered more useful by either
converting it into a desirable medium or erasing its more obvious links to crimes.
Appraisal of the definitions of money laundering reveals that money laundering has been
severally defined (Unger et al., 2006), however, it depends on how law considers the
laundered money (stock or flow), the feeder activities (illegal or criminal), and the goal of
money laundering (hiding the source of the money or making it appear legal). Again,
money laundering is elusive for it affects simultaneously many aspects of economic life.
For instance, it starts from the illegal side of the economy, but its adverse effects are felt in
the legal side of the economy. Also, it is linked with crimes that are difficult to
disentangle. Thus, the effectiveness and efficiency of the AML law depends on how the
regulatory framework is able to balance benefits and costs of money laundering.
Furthermore, AML regulations can be assessed by looking at the relevant variables
affected, starting from the choices that the launderer, the intermediaries and the authorities
have to face. Finally, it is the stance of the researcher that each definition signifies a push
for an expansion of the scope of ML as the wide consensus is that ML signifies the
transformation of a potential purchasing power from criminals to criminals in an effective
manner to outwit law enforcement agencies.
University of Ghana http://ugspace.ug.edu.gh
86
2.8.1 Stages of money laundering
Money laundering involves a highly complex process, which can be broadly classed into
three sequential elements of placement, layering and integration (Federal Reserve System,
2002; UNDCP, 1996). The pre-wash/placement stage involves the physical movement of
the proceeds obtained directly from illegal activities to a more convenient place for
launderers or into a form that is hidden from authority inquiries. Various techniques like
smurfing or structuring, camouflage, currency smuggling, buying travelers’ cheques,
gambling in the casino, horse racing, betting and lotteries, legitimate business ownership,
and informal value transfer systems are used to place laundered funds into traditional or
nontraditional financial institutions or the retail economy (FATF, 2002). At the main
wash/layering stage, launderers conceal or disguise the source of the ownership of their
funds, by using correspondent banking, bank cheques, collective accounts, payable-
through accounts, loans at low or no interest rates, back-to-back loans, fake invoices and
insurances, fictitious sales and purchases, shell companies, trust offices or special
purposes entities, wire transfers and monetary instruments. The stage involves multiple
and complex financial transactions to circulate ill-gotten funds through accounts, banks,
countries or mixture of the three around the world to hide its origin. Globalisation of
financial systems coupled with technological advancement has made movement of
laundered funds across the globe an easy task. Finally, the integration/after-wash phase,
entails converting illegal proceeds into apparently legitimate business earnings via normal
financial operations or economic activities (Van Duyne, 2003). Appraisal of the stages of
money laundering suggests that the three-stage grouping is a useful decomposition of what
can sometimes be a complex process. Also, it is clear that the three stages are often
discernible in some cases where the basic steps occur simultaneously or overlap with each
other.
University of Ghana http://ugspace.ug.edu.gh
87
2.8.2 Empirical review on money laundering (ML)
Walker (1995) estimates the economic effects of money laundering on output, income,
imports and employment by using input-output data to generate multipliers per sector. He
found out that ML adversely affects imports and employment, but its effects on output and
income depend on how criminals spend laundered money. Like Quirk’s elasticity
approach, Walker’s input-output multipliers are applicable to only closed economies. The
input-output multipliers are not substitutes for a model for economic effects because they
fail to capture the effects of changed behaviour on the amounts of demand in other sectors
that are generated by an original stimulus of demand in one sector. Quirk (1997) extended
Barro’s work in 1991 in estimating the effect of ML on economic growth in the Euro-zone
over the period 1983-1993. Using regression with two control variables, he established
that ML was closely and positively related to economic growth. This finding contradicts
Barro’s result that ML dampens economic growth.
However, Quirk’s result like Tanzi’s approach has been criticised for being outdated due
to their elasticity approach that lacks universal application. Also, ML has increased
substantially in size and complexity since the 1980s, and has thus rendered the elasticity
approach ineffective as elasticity depends on the absolute size of ML. Building on
Becker’s (1968) approach, Masciandaro (1998) studied the microeconomic drivers of ML
focusing on the criminal’s demand for ML, and showed that the optimal amount of
proceeds to be laundered decreases with the probability of detection of the crime and the
severity of the sanction, but increases as the expected average return on the laundered cash
rises. These drivers are in turn affected by a set of factors that contribute to shape the
AML regulation and the context it operates in. Firstly, the profitability of reinvesting
laundered money is determined by the general investment opportunities and the financial
University of Ghana http://ugspace.ug.edu.gh
88
system of a country (Unger et al., 2006). Secondly, the severity of the sanction is
influenced by the law and the rapidity of the prosecution by the judicial system. Finally,
the probability of detecting ML is dependent on the preventive measures of AML
regulation and precisely by the function of “gate-keeping” that intermediaries is required
to ensure.
Masciandaro (1999) analysed the effects of AML policy on the criminal and financial
markets. His major contribution to the literature was his realisation that financial activities
include both legal and illegal transactions. Also, he found out that money laundering
tends to make financial flows to be larger in economies with much organised crime than in
comparable countries with less crime. Further, he found a significant impact of the illegal
economy and an increasing link between the growth of illegal activities and the
involvement of banks in the ML business. Finally, he asserted that the higher the diffusion
of ML activities, the less effective are AML regulations. A review of Masciandaro’s study
revealed that he did not apply his model to Italy. After explaining the multiplier model, he
skipped to doing a cross-section analysis on the ties between bank deposits, the legal
economy and illegal markets, instead of calculating the multiplier for Italy. He backed his
stance by claiming that bank deposits depict an outstanding feature of the Italian financial
system.
Gillmore (2004) like Bossard (1990) studied ML and globalisation and asserted that only
highly coordinated responses at the international level can suitably tackle ML. He said
globalisation due to removal of borders, technological improvements, and ease of
communication and trade has made it difficult to deal with the definition of laundering, the
design of a proper regime for sanctioning legal entities, and the need to address territorial
issues posed by the transnational dynamics of money laundering (ML). He iterated that
University of Ghana http://ugspace.ug.edu.gh
89
ML practices constitute paradigmatic transnational crimes and should be systemically
addressed by specific international instruments. Again, he recalled Nilsson’s “know-your-
customer” (KYC) rule, as a pillar for devising any ML counter measure in recent times.
Furthermore, Gilmore (2004) noted that legislators never created a system of “complete
uniformity” as further harmonisation was unlikely in the case where AML measures are
concerned. Hence, Gillmore’s dirty money was a pioneering work in the new international
world of ML. It specifically offers an interesting and accurate overview of the most vital
global methods and mechanisms enacted and implemented over the last two decades to
deal with ML. Masciandaro (2005) made the first theoretical and empirical discussion of
the stigma effect of ML. The study highlighted the fact that in the aftermath of September
11, 2001, growing attention was focused on the role of the lax financial regulations in
facilitating ML and TF. He said the two interacting principles that have commonly
featured in the debate on the link between ML and regulations have been whether lax
financial regulation promotes illegal financial flows and whether jurisdictions with lax
financial regulation do not cooperate in the international effort aimed at combating
criminal finance (Yepes, 2011; Masciandaro, 2005; Holder, 2003).
In a related argument, it was established that the effectiveness of an international AML
regime largely depends on the effectiveness of its constituents and vice versa. This
argument was premised on the fact that due to the global nature of ML, the compliance of
domestic regimes with the AML international standard is seen as the first mechanism for
achieving the global effectiveness of the AML regime against a global phenomenon
(Yepes, 2011; Putnam, 1988; Young, 2000). It reiterated that a typical explanation often
cited for the absence of countries’ convergence in international rules is that domestic
differences persist. Finally, it agrees that at the root of the problem of ML are
University of Ghana http://ugspace.ug.edu.gh
90
governments’ attitudes towards ML, which dictate its level of acceptance and the extent of
the involvement of the banking sector in this activity (Johnson et al., 2002).
Masciandaro et al., (2007) indicate that the compliance costs of ML have both material
and immaterial components. They trace the material component to the investment required
to execute the tasks imposed by AML regulation and the immaterial component to the
context within which agents operates in, mainly in terms of changes in reputation. It is
certain that in all activities where there is ML risk, secrecy is an asset and comparative
advantage. Thus, immaterial costs are deeply affected, in cases where there are reputation
matters, the more “costly” the AML tasks are, and the stronger the incentives agents need
to have an effective AML regulation.
Yepes (2011) employed econometric analysis to assess what factors explain countries
compliance with AML/CFT standard during 2004–2011. The paper established that
overall compliance by countries was low. Again, the paper reveals that the quality of the
domestic regulatory framework helps boost compliance while high net interest margin and
prevalence of corruption adversely affect countries’ compliance with the AML and CFT
international standard. However, financial depth, country openness and illegal activities
were found not to have an impact on compliance. These findings showed geographical
disparities particularly in developed economies that complied with the AML/CFT standard
for the period 2004 to 2011.
Another school of thought has explored how institutional factors create both avenues for
and barriers to ML (Johnson et al., 2002). This stance posits that an effective domestic
AML regime requires certain structural elements like a good regulatory framework,
appropriate measures to prevent corruption, rule of law, government effectiveness, culture
University of Ghana http://ugspace.ug.edu.gh
91
of compliance and an effective judicial system to be in place. It argues that lack of such
elements or shortcomings in the general framework can significantly impair the
implementation of an effective AML framework. Another strand of the literature on ML
has focused on the effects of ML on stakeholders. It asserts that ML has been criminalised
for its legitimate economic, social and public effects (Quirk, 1997). The stigma effects of
ML have been confirmed and limited efforts to capture the sizeable phenomenon of ML
around the world is available (Schneider & Enste, 2000; Tanzi, 2000; Walker, 1999;
Quirk, 1996)
Walker (1995) assumed that the social effect of ML stems from the consolidation of
economic power by criminals to ultimately corrupt the political system (MacKrell, 1997;
Masciandaro et al., 2007; Camdessus; 1998). Proponents for the criminalisation of ML
have revealed that the costs associated with ML to victims and societies are often direct,
though most of the effects of ML are indirect (Meloen et al., 2003). They argue that as
launderers use front entities to effect their illegal activities, ML often leads to loss of
control on economic policy in areas like exchange and interest controls (Chinn & Frankel,
2005; Bayoumi, 2004; FATF, 2002; Boorman & Ingves, 2001; Camdessus, 1998;
McDonell, 1998; Tanzi, 1996) that adversely affects prudential banking supervision
(Bagella et al., 2003; Baldwin, 2002; FATF, 2002), tax evasion (Fullerton & Karayannis,
1993), statistical reporting and legislation (Alldridge, 2002; Tanzi, 1997), threats of
monetary instability (Alldridge, 2002; McDowell, 2001; Tanzi, 1997), distortion on one
country's import and export volumes (Barlett 2002; McDonell, 2001,1998; Baker, 1999;
Keh, 1996), losses of income of the public sector and distortion in the demand for money
(Powell, 2013; KPMG, 2011; Freeman, 2010; Levi, 2002; Masciandaro et al., 2007;
Unger, 2006; Sullivan, 2004; Alldridge 2002; McDonell, 1998; Quirk, 1996).
University of Ghana http://ugspace.ug.edu.gh
92
Again, ML affects financial institutions (FIs) for two main reasons. First, ML erodes FIs
due to the operational and reputational risks it poses to them (Rawlings & Unger, 2005).
Second, customer trust is adversely affected by the perpetuation of ML and its associated
institutional fraud and corruption (Powell, 2013; Masciandaro et al., 2007; Kleemans
2004; Lankhorst & Nelen, 2003; Barlett, 2002; FATF 2002; Schroeder, 2001). Another
lock of the literature stresses on the forms of ML as capital market investments, bank
transactions (Thony, 2002), corresponding banking (FATF, 2002; Nawaz, 2002; Johnson,
2001) loan at low or no interest rates, insurance markets, travelers’ cheques, bank cheques
and drafts, collective accounts, payable through account, on-line banking, black market for
forex; exchange bureau, international money transfers (Nawaz, 2002; Kleemans, 2002),
derivatives; gambling and casinos (Paauw, 2005; Kaspersen, 2005), real estate acquisition
(Eichholtz, 2004; Alldridge, 2002; McDowell, 2001), catering and hospitality business,
false contracts and documents (Robinson, 1996), fictitious sales and purchase (FATF,
2002), gold and diamond markets (Cuellar, 2003), purchase of consumer goods for exports
(Masciandaro & Portlano, 2004), acquisition of luxurious goods, currency smuggling
(Kleemans et al., 2002), underground banking and informal money transfer networks
(Masciandaro 2004; Passas, 2004; Nawaz, 2002). Clearly, launderers use a variegated set
of markets to perpetuate ML. This means that the effectiveness of an anti-money
laundering regime depends on how it individually tracks these channels used by
launderers.
2.9 Drivers of AML
Sham's reconstruction has grouped AML framework into four main phases. The first or
incipient stage spanned the 1970s and focused mainly on regulatory and preventive
measures. The second stage begun in 1980s, with the aim to criminalise and make ML an
University of Ghana http://ugspace.ug.edu.gh
93
international issue, however, In 1989, the AML regime entered its third phase with the
establishment of the FATF in 1989. FATF was established as an institutional centre to
develop and coordinate efforts of AML. Following 2001, a new phase emerged when
FATF’s mandate was extended to cover Terrorist financing (TF). Undoubtedly, AML
measures have evolved along two tracks where one track deals with measures expected at
repressing ML with the other track designed to prevent proceeds of ML from ultimately
entering into the lawful financial system.
Globally, financial institutions are mandated by the FATF to comply with AML directives.
It is important that a compliance programme is put in place to monitor the establishment,
undertaking and update of AML directives. In Ghana, the passage of the Anti-money
Laundering Act, 2008, (Act 749), Anti-money Laundering Regulations, 2011 (L.I. 1987),
Anti-Terrorism Act, 2008 (Act 762), Anti-Terrorism (Amendment Act), 2012 (Act, 842),
Anti-Terrorism Regulations, 2012 (L.I. 2181) makes AML compliance mandatory for all
accountable institutions. The various sanctions and fines are enshrined in the anti-money
laundering amendment Act 2014, Act 874 for non-compliance with the provisions of the
Acts. Similarly global sanctions by FATF exist for non-compliant countries. The world,
from a financial perspective, has experienced phenomenal evolution of its financial
systems and structures, and the corresponding positive impact on the provision of financial
services. This progress has transcended financial barriers and created worldwide economic
machinery which has facilitated effective global financial intermediation.
Regrettably, this growth has seen the development of an equally globalised drawback in
the form of money laundering, which allows for the concealment of illegitimately obtained
money, and to a more distressing extent, aids the funding of terrorist activities. From the
University of Ghana http://ugspace.ug.edu.gh
94
exploits of Al Capone in the 1930s, to the illicit monies of the Watergate scandal of the
1970s, money laundering has gained prominence within the international financial
community. As a 1993 UN report noted ML’s global nature, the flexibility and
adaptability of its operations, the use of the latest technological means and professional
assistance, the ingenuity of its operators and the vast resources at their disposal. Illegal
arms sales, smuggling, and the activities of organised crime, including for example drug
trafficking and prostitution rings, have become generators of huge funds (FATF, 2010).
Embezzlement, insider trading, bribery and computer fraud schemes have also produced
large profits and created the incentive to legitimise the ill-gotten gains through money
laundering. By its very nature, money laundering is an illegal activity carried out by
criminals and it occurs outside of the normal range of economic and financial structures.
Along with some other aspects of underground economic activity, rough estimates have
been put forward to give some sense of the scale of the problem. The United Nations
Office on Drugs and Crime (UNODC) conducted a study to determine the magnitude of
illicit funds generated by drug trafficking and organised crime, and to investigate to what
extent these funds are laundered. The report estimates that in 2009, criminal proceeds
amounted to 3.6% of global GDP, with 2.7% (or USD 1.6 trillion) being laundered.
However, due to the illegal and intricate nature of the transactions, it is difficult to provide
precise statistics and therefore, impossible to produce a definitive estimate of the amount
of money that is globally laundered every year. The integrity of the banking and financial
services market place heavily depends on the perception that it functions within a
framework of high legal, professional and ethical standards. A reputation for integrity is
the one of the most valuable assets of a financial institution. If for instance, funds from
criminal activity can be easily processed through a particular institution – either because
University of Ghana http://ugspace.ug.edu.gh
95
its employees or top management have been bribed, or because the institution turns a blind
eye to the criminal nature of such funds, the institution could be drawn into active
involvement with criminals and become part of the criminal network itself. Evidence of
such complicity will have a damaging effect on the attitudes of other financial
intermediaries and of regulatory authorities as well as ordinary customers (FATF, 2013).
As for the potential negative macroeconomic consequences of unchecked money
laundering, one can cite bizarre changes in money demand, high risks of damaging bank
soundness, contamination effects on legal financial transactions, and increased volatility of
risk, international capital flows and exchange rates, due to unanticipated cross-border asset
transfers. Also, as it rewards corruption and crime, successful money laundering damages
the integrity of the entire society and undermines democracy and the rule of the law
(FATF, 2013). There is also the effect of money laundering on overall economic
development of countries.
As with the damaged integrity of an individual financial institution, there is a dampening
effect on foreign direct investment when a country’s commercial and financial sectors are
perceived to be subject to the control and influence of organised crime. Fighting money
laundering and terrorist financing is therefore, a part of creating a business friendly
environment which is a precondition for lasting economic development. Therefore, money
laundering has proven to be a multidimensional problem that manipulates and exploits
financial systems the world over, leaving ominous effects in its wake. Countries and
financial institutions are mandated to institute AML/CFT compliance regimes to protect
the global financial system. These anti-money laundering frameworks to be adopted by
banks should include but not limited to the following:
University of Ghana http://ugspace.ug.edu.gh
96
a. Compliance Programme
The two pillars of the AML regime: prevention – which is undertaken by supervisors; and
enforcement – for which law enforcement bodies are responsible. Supervisors play an
important role in addressing market confidence, and after the recent crisis, some authors
vouched for stauncher oversight (Bradley, 2009). Indeed, AML programmes encompass
the three main areas of deterrent policies against crime: investigating; increasing the
probability of criminal detection; and regulating. These functions are imperative, given
that they affect the variables which ensure that crime does not pay.
AML frameworks may either be risk-based or rule-based. The risk-based approach
involves law-makers giving freedom to supervisors regarding their behaviours and
obligations. The risk-based approach is in alignment with the Third Directive of EU
(ACAMS, 2010), whereby every financial institution is mandated to develop a risk
management department in order to judge and process information. The rule-based
approach involves laws and regulations as established by government policy. In countries
where the rule-based approach is solely pursued, money laundering prosecutions are low
(Reuter & Truman, 2004) because laws are too ambiguous and financial institutions are
not able to distinguish suspicious activities from normal ones. Furthermore, the rule-based
approach can be described as passive, because agents passively follow the rules. Thus, a
perception surfaced that AML frameworks are ineffective in fighting organised crime
(Naylor, 2002).
Nonetheless, some authors argue that the rule-based approach ensures that rules are clear,
concise and provide legal certainty and equality to the system (Unger & Waarden, 2009).
The risk-based approach relies on the principle that regulations should be strong only
when the risks are greater (Hutter, 2005). This, however, requires expert appraisal and
University of Ghana http://ugspace.ug.edu.gh
97
evaluation of the risks that various customers pose, and thus comes across as more arduous
than the rule-based approach. Other voices on the subject observed that the risk-based
approach “makes the obligation of public authorities passive. In this model, they await
reports from bank managers, accountants, lawyers and other professionals, rather than
taking active steps to deploy crime-fighters to identify, pursue and indict criminals”
(Mather, 2001).
b. Risk assessment and risk based approach (RBA)
The Financial Action Task Force (FATF), through its recommendations has recognised the
principle of a risk-based approach (RBA) to combating money laundering / terrorist
financing (ML/TF). In the past few years, the FATF has extensively discussed the issue of
the risk-based approach (RBA) with the private sector. The FATF recommendation one
(1) requires countries and financial institutions to adopt a risk-based approach to
combating money laundering and terrorist financing (FATF, 2012). The general principle
of a risk based approach is that where there are higher risks, countries should require
financial institutions to take enhanced measures to manage and mitigate those risks, and
that correspondingly where the risks are lower (and there is no suspicion of money
laundering or terrorist financing) simplified measures may be permitted. The application
of a risk-based approach requires countries to take appropriate steps to identify and assess
the ML/TF risks for different market segments, intermediaries, and products on an
ongoing basis. The principle of a RBA applied to AML/CFT matters is very relevant for
countries that wish to build a more inclusive financial system that can respond to the need
of bringing the financially excluded (who may present a lower ML/TF risk) into the
formal financial sector. It is broadly recognised that this approach requires significant
domestic consultation and strong cross-sector dialogue. Risk assessment is the first step a
University of Ghana http://ugspace.ug.edu.gh
98
business or organisation should take before developing an AML/CFT programme. It
involves identifying and assessing the risks the business or organisation reasonably
expects to face from ML and TF.
Once a risk assessment is completed, a business can put in place a programme that
minimises or mitigates these risks. Regulators and other stakeholders also conduct risk
assessments based on their own methodologies and objectives to determine the best way to
minimise or mitigate ML/TF risks in their jurisdictions. Carvalho (2011) asserts that AML
risk management frameworks represent the structures that countries use in combating
money laundering. Risk assessments facilitate the prevention, detection and repression of
the incidence of money laundering (Rocha, 2011).
c. Support from board and management
The foremost and a core issue in dealing with AML/CFT regimes and compliance is the
support that emanates from the corporate governance structure. In Ghana, a bank should
be a body corporate. Therefore, AML/CFT compliance among banks assumes corporate
governance issue. Board of directors represents shareholder interest in the company and
plays a supervisory role on management. Management on the other hand owes certain
responsibility to the board. Strategic decisions and commitments are made at the board
and management level. The management and board of directors face the dilemma of
profitability or compliance, whether to seek profit and shareholder interest or to comply
fully and likely lose money. Especially, in current situations where banks face increasing
pressure from a number of sources to improve their compliance with AML/CFT and
integrity related standards. Johnston & Carrington (2006) assert that although a number of
institutions are responding positively to establish robust AML/CFT regimes, attention
University of Ghana http://ugspace.ug.edu.gh
99
must be brought to the fact that there is a risk of disrupting legitimate business lines
thereby reducing profitability. For any AML/CFT compliance programme to be successful
in any financial regime, the role or support of the board and management is very crucial.
In the 2012 KPMG AML survey, it was mentioned that globally, regulators have been
emphasising the critical role of senior management for many years.
It was further revealed that AML is a high profile issue for banks’ senior management
within the African region; about 66% of the boards of directors take active interest in
AML issues slightly higher than the global response in the 2011 world survey. According
to the survey, the rate of engagement in West Africa was the lowest compared to South
Africa and East Africa. Simwayi & Wang (2011) found that compliance with the Bank of
Zambia AML directives of 2004 by commercial banks in Zambia was generally successful
due to the overwhelming support from senior management and board of directors.
According to the FIC/BoG guidelines (2011), the ultimate responsibility for AML/CFT
compliance is placed on the board/executive management of every financial institution in
Ghana. It is therefore, required that the Board ensures that a comprehensive operational
AML/CFT compliance manual is formulated by management and presented to the Board
for consideration and formal approval. In other words, the board and executive
management have the responsibility of ensuring that resources are channeled to develop
well defined and comprehensive AML/CFT policies and procedures for the company.
d. AML/CFT policies and procedures
Most multinational banks operating across countries benchmark their policies and
procedures to the international best practices; they however, take into account domestic
guidelines. KPMG (2012) attributes this to the challenge that comes with operating across
University of Ghana http://ugspace.ug.edu.gh
100
different jurisdictions. In putting down guidelines and procedures for AML/CFT, one of
the important factors to watch out is not to financially excluded people because of basic
things they do not have especially, in sub Saharan Africa. For instance, FATF’s attention
to financial inclusion matters has been long awaited. Countries and institutions have
struggled to ensure that their AML/CFT controls do not unnecessarily bar socially
vulnerable persons from accessing formal financial services (Bester et al., 2008). De
Koker (2009) found that when the South African anti-money laundering (AML)
regulations were drafted in 2002, an exemption was made under the Financial Intelligence
Centre Act 38 of 2001 (FICA) to ensure that the lack of a verifiable residential address did
not bar low-income persons from access to appropriate financial services. This was
amended in 2004 to facilitate the launch of a basic bank account, the Mzansi account.
This account was designed to meet the needs of the majority of South Africans who did
not have access to financial services. This consequently lifted the percentage of banked
adults in South Africa from 46% to 63%.
According to the FIC/BoG guidelines, every financial institution is mandated to adopt
policies indicating its commitment to comply with AML/CFT obligations under the
relevant Acts and regulations to prevent any transaction that facilitates ML/TF activities.
They shall formulate and implement internal rules, procedures and other controls that will
deter criminals from using its facilities for money laundering and terrorist financing and to
ensure that its obligations under the relevant laws and regulations are always met. All
financial institutions are to develop their own policies, procedures, processes and controls
to prevent them from being used as a channel to facilitate money laundering and terrorist
financing. Another important factor is the periodic and constant review of the policies and
procedures. It is one thing to establish procedures and another thing reviewing to adjust
University of Ghana http://ugspace.ug.edu.gh
101
procedures to current needs. KPMG survey found that, a slight majority, about 56%, of
banks in Africa review their policies yearly while 10% had not reviewed since
incorporation.
AML reporting officer (AMLRO)
Although literature on financial crimes particularly money laundering is voluminous and
growing, the vital role that AMLROs play in combating these crimes has unfortunately,
eluded academic attention. Several aspects about the functions of AMLRO are amenable
to academic research. The extent of seriousness with which any organisation takes its anti-
money laundering activities can be measured by the level of the seniority of the AMLRO
within its ranks. The number of other roles they have is crucial in assessing how effective
they are and how important money laundering compliance is to the institution. In Zambia,
Simwayi and Wang (2011) found that, out of 14 AMLROs interviewed, only two (14
percent) said that the position of AMLRO was their only job while the rest (86 percent)
responded that they have other responsibilities within their respective banks. Another
factor is the average time spent on performing anti-money laundering functions in cases
where they have other roles to play in their respective institutions.
The FIC/BoG guideline (2011) directs every financial institution to appoint a person of
senior status as an anti-money laundering reporting officer (AMLRO). In accordance with
Regulation 5(1) of L.I.1987, such an officer shall receive suspicious or unusual transaction
reports from persons handling transactions for the financial institution. Each anti-money
laundering reporting officer shall be equipped with the relevant competence, authority, and
independence to implement the institution’s AML/CFT compliance programme. The
University of Ghana http://ugspace.ug.edu.gh
102
duties of the AML reporting officer shall include but not limited to developing an
AML/CFT compliance programme; receiving and vetting suspicious transaction reports
from staff; filing suspicious transaction reports with the FIC; ensuring that the financial
institution’s compliance programme is implemented; coordinating the training of staff in
AML/CFT awareness, detection methods and reporting requirements; and serving both as
a liaison officer with the BoG and the FIC and a point-of-contact for all employees on
issues relating to money laundering and terrorist financing (FIC/BoG, 2011).
e. Transactions monitoring (TM) & suspicious transaction reporting (STR)
It is not enough to try to obtain knowledge about customers, prior to starting the business
relationship. The process of knowing the customer must be an on-going one throughout
the existence of the business relationship. This makes any changes in behaviour of the
customers easily detectable by the financial institutions. A system should be put in place to
update any changes in customer details or particulars. The FIC/BoG guideline (2011) on
anti-money laundering and combating the financing of terrorism (AML/CFT) state that,
“Financial institutions shall pay special attention to all complex, unusually large
transactions or unusual patterns of transactions that have no apparent or visible economic
or lawful purpose”. Even though all transactions relating to customers are to be monitored
diligently, financial institutions have the duty of detecting and reporting any suspicious
activities that customers might engage in. A transaction is most likely suspicious if it falls
out of the normal transactional activities of a customer and is not accompanied by a
satisfactory explanation. For example a voluminous deposit made by a customer far above
his usual deposits can be deemed suspicious. According to the National Commission on
University of Ghana http://ugspace.ug.edu.gh
103
Terrorist Attack upon USA (n.d), smaller transactions may also be seen as suspicious if
they meet certain criteria.
Suspicious transactions reporting (STR) regime is a fundamental element of AML
measures. It refers to a piece of information which alerts law enforcement agencies that
certain activity is in some way suspicious and might indicate money laundering or
terrorism financing (Fleming, 2005). STR obligation arises regardless of the amount of
money involved, the nature and seriousness of the criminal offence, or whether the
reporting entity accepts the business or transactions of the customers (Chaikin, 2009b). In
Ghana, the obligation to report suspicious transaction was introduced in 2011. The
FIC/BoG guideline requires banks to have written policy framework that would guide and
enable its staff to monitor, recognise and respond appropriately to suspicious transactions.
Every banking institution shall designate an officer appropriately as the AML/CFT
reporting officer to inter alia supervise the monitoring and reporting of suspicious
transactions. These institutions should be alert to the various patterns of conduct that have
been known to be suggestive of money laundering and maintain a checklist of such
transactions which should be disseminated to the relevant staff. Furthermore, directors
and employees of banking institutions (permanent and temporary) are prohibited from
disclosing the fact that a report is required to be filed or has been filed with the competent
authorities. It must be borne in mind that an ineffective STR regime will lead to mistaken
reporting and defensive reporting. This would result in a flood of reporting and resources
spent on irrelevant files may jeopardise the effectiveness of the STR regime. Therefore, to
mitigate these problems, banks need to clearly specify the channels for reporting of
suspicious transactions. The guideline again requires financial institutions to report to the
FIC all cash transactions within Ghana in any currency and with a threshold of GH¢20,000
University of Ghana http://ugspace.ug.edu.gh
104
and above (or its foreign currency equivalent) for both individuals and business entities or
amounts as may be determined by the BoG from time to time.
f. Customer due diligence (CDD)
The requirement to know your customer (KYC) forms the basis of AML/CFT and as the
first line of defense in combating both of these. Customer due diligence (CDD) is the
identification and verification of both the client and beneficiary, but not limited to
continuous monitoring of the business relationship with the financial institution. Financial
institutions are not permitted to operate anonymous accounts or accounts in fictitious
names. Simonova (2011) argues that not only is the customer due diligence requirements
imposed by the AML regime useful for preventing and detecting fraud, identity theft, etc.,
but is also beneficial from an economic point of view by gathering data about customers.
The FIC/BoG guideline (2011) clearly states that financial institutions shall undertake
customer due diligence (CDD) anytime they are establishing business relationships with
clients, when they are carrying out transactions which are beyond the designated threshold
of GH¢20,000.00 (or its foreign currency equivalent) or in other situations that may be
determined by Bank of Ghana from time to time. This includes where the transaction is
carried out in a single operation or several operations that appear to be linked; and
carrying out occasional transactions such as money transfers, and whenever the financial
institution is suspicious of money laundering or terrorist financing or when there are
doubts about the authenticity and adequacy of the data and information about the client or
customer.
University of Ghana http://ugspace.ug.edu.gh
105
Banking institutions shall always undertake CDD on every customer they deal with to
ensure they deal with authentic persons and to reduce the probability of anonymous
persons using these institutions as a channel for laundering money or financing terrorism.
Banks that do not conduct robust due diligence procedures expose themselves to
reputational risk as well as the risk of possible legal, financial or regulatory sanction.
Banks are encouraged to conduct and enhance customer due diligence (CDD) on their high
risk customers. This principle encourages the continuous monitoring of clients’ accounts
to identify transactions that seem out of the ordinary. Due to the ‘know your customer’
rule, banks have information regarding the expected cash flows and sources of funds of
clients. When extraordinary transactions occur on an account, a bank is within its rights to
inquire about the transaction from its client. Banks are also required to report such
transactions to regulating bodies. However, there is often a conflict between client
confidentiality and the bank’s duty to report any suspicious transaction.
In addition, banks are required by law to also assess their new as well as old employees.
Money laundering occurs in banking institutions sometimes with the help of employees or
at least in the presence of employee ignorance. When employing personnel, banks ought to
take measures to ensure that only trustworthy and highly qualified people are employed.
Banks can do credit checks, reference checks, criminal records checks, and even internet
checks to ascertain the personality of the prospective employee and his/her propensity for
wrong doing. Once the individual has been hired, random checks may also be carried out
occasionally to check for example, if the employee has recently acquired assets which
require significant cash outflows (is the employee living beyond his/her means?).
Behavioural patterns can also be examined as well as the status of transactions conducted
by employees and note areas of concern such as loan defaults.
University of Ghana http://ugspace.ug.edu.gh
106
g. Training and staff awareness
The need to train bank employees for the effectiveness of AML activities cannot be over
emphasized. The lack of knowledge of the basic AML requirements as well as the banks’
attempts to limit resources, have negatively affected the smooth implementation of AML
programmes (Subbotina, 2009). Training should be both adequate and continuous –
indeed, Simwayi and Wang (2011) found in Zambia that only two AMLROs did not
receive specialised training in AML despite being professional bankers and compliance
experts. The rest had been trained both locally and internationally. Some training
programmes were outsourced and others arranged by their regional or international head
offices. Also, three AMLROs (21 percent) are Certified Anti-money Laundering
Specialists (CAMS). One of them was a certified money laundering preventing officer (an
internal certification programme). It further found that all commercial banks carried out
AML training for their new and old employees. The highest frequency of employee
training was every 12 months (64 percent) followed by 24 months (21 percent) and 12
months (15 percent).
The FIC/BoG guideline (2011) requires financial institutions to design employee
education and training programmes to make employees fully aware of their AML/CFT
obligations and also to equip them with relevant skills in discharging their AML/CFT
tasks. This employee training programme is mandatory for every financial institution and
attracts fines of not less than two thousand (2000) penalty units (Ammended AML Act
2014,Act 874). The timing, coverage and content of the employee training programme
should be tailored to meet the perceived needs of the financial institutions. However, it
should be comprehensive enough to cover staff/areas such as: reporting officers; new staff
(thus making it part of their orientation programme); banking operations/branch office
University of Ghana http://ugspace.ug.edu.gh
107
staff (particularly cashiers, account opening, mandate, and marketing staff); internal
control/audit staff; and managers. The employee training programme is required to be
developed under the guidance of the AML/CFT reporting officer in collaboration with the
executive management.
Thus, the basic elements of the employee training programme are expected to include
AML regulations and offences, the nature of money laundering, money laundering ‘red
flags’ and suspicious transactions – including trade-based money laundering typologies,
reporting requirements, customer due diligence (CDD), risk-based approach to AML/CFT,
record keeping and retention policy (FIC/BoG, 2011).
h. Customer records keeping
The Financial Intelligence Centre (FIC) and the Bank of Ghana (BoG) requires all
financial institutions to maintain all necessary records of transactions, both domestic and
international, for at least five (5) years following completion of the transaction or longer if
requested by the BoG and FIC in specific cases. This requirement applies regardless of
whether the account or business relationship is ongoing or has been terminated (FIC/BoG,
2011). Thus, even when the business relationship is severed, the financial institution shall
continue to keep the records pertaining to the severed business relationship. Financial
institutions shall ensure that all customer-transaction records and information are available
on a timely basis to the BoG and FIC. The reason for keeping data on old transactions or
even when the business relationship is terminated is so that employees make those data
available to the FIC/ BoG any time data about an old transaction is requested from the
financial institution. Again, the financial institution shall deliver such data without delay.
This requirement, however, defies the banker-customer confidentiality relationship in
University of Ghana http://ugspace.ug.edu.gh
108
banking, where FIC/BoG guideline (2011) stipulates that: notwithstanding a financial
institution’s internal policies relating to customer confidentiality and particularly in
accordance with the provisions in the Banking Act, 2004 (Act 673) as amended by Act
738 and the AML Act, 2008 (Act 749), competent authorities shall have access to
information in order to perform their functions in combating money laundering and
financing of terrorism; the sharing of information between competent authorities, either
domestically or internationally; and the sharing of information between financial
institutions, where this is required or necessary.
Appraisal of existing literature and various laws on AML categories the whole AML
compliance programme into four (4) key themes namely: money laundering risk
assessment, record management, compliance programme and corporate governance.
2.10 Overview of Ghana’s AML/CFT & P environment
The Group seven (7) richest industrialized countries created FATF in 1989 to growing
concern of the global drug problem. Later the scope of FATF’s responsibilities was
expanded to fight the international drug trade and to prevent the global misuse of the
banking sector and other financial institutions to launder drug money. FATF currently has
36 members and 8 regional bodies including GIABA (for West Africa). The mandate of
the FATF is to set standards and to promote effective implementation of legal, regulatory
and operational measures for combatting money laundering, terrorist financing and
financing of proliferation and other related threats to the integrity of the international
financial system. FATF recommendation set out a comprehensive and consistent
framework of measures which countries should implement in order to combat money
University of Ghana http://ugspace.ug.edu.gh
109
laundering and terrorist financing as well as financing of proliferation of weapons of mass
destruction. An effective response to money laundering and terrorist financing and other
threats to the financial system need to be a global response. To achieve a global
implementation of sound AML/CFT measures, the FATF works closely with eight FATF-
style regional bodies (FSRBs). These FSRBs encourage the implementation of the FATF’s
Recommendations in their respective memberships. Together with the FATF and its
members they make up the FATF Global Network of over 190 countries that are
committed to ensuring the integrity of the international financial system. Ghana is a
member of GIABA and is expected to comply with the 40 recommendations of FATF.
Appraisal of Ghana’s AML/CFT is shown table 1.
University of Ghana http://ugspace.ug.edu.gh
110
Table 1: Ghana AML/CFT compliance environment
Recommendation Ghana's Compliance environment
R1 - Assessing risks &
applying a risk-based approach
Risk Based Supervision
R 2 - National cooperation and
coordination
Law Enforcement Coordinating Bureau - BoG, SEC, NIC, GPS, GIS, NSCS, BNI,
EOCO, FIC, GAF, GRA, AG’s Department, NACOB, Ghana Maritime Authority,
Ghana Airports Company Limited and Ministry of Foreign Affairs and Regional
Integration established under Section 4(2) of the Executive Instrument 2012 (E.I.8),
AML Act 2008 Sections 5(b), 28(2), 35 and 49 of Act 749.
R 3 - ML offence – mental
element and corporate liability
Punishment for ML offence is 10years i.e. S.2 of AML Act, 2008 (Act 749), AML
(Amendment) Act 2014, (Act 874) and Regulation 44 of the AML Regulations, 2011
(L.I. 1987), Criminal Offences (Amendment) Act, 2012 (Act 849), Immigration
(Amendment) Act, 2012 (Act 848)
R4 - Confiscation and
provisional measures.
Economic and Organised Crime Office Act, 2010 (Act 804) sections 33 to 40 ,
Economic and Organised Crime Office (Operations) Regulations, 2012 (L.I. 2183),
Narcotic Drugs (Control, Enforcement & Sanctions) Act, 1990 (PNDC Law 236)
R5 - Terrorist Financing
Offence
Anti-Terrorism Act, 2008 (Act762), Anti-Terrorism (Amendment) Act, 2012 (Act
842), The Anti-Terrorism Regulations, 2012 (L.I 2181)
R6 - Targeted financial
sanctions related to terrorism &
terrorist financing
UN Security Council Resolutions No. 1267 (1999), No. 1373 (2001), No. 1718
(2006), Successor Resolutions and Other Relevant Resolutions provided in
Executive Instrument (E. I.) – 8 (2012), 19 (2012), 2 (2013)
R7 - Targeted financial
sanctions related to
proliferation
Publication of Terrorists List
R8 – Non Profit Organisations
(NPO’s)
Department of Social Welfare and MMDA’s (AML/CFT & P Training Manual
Proposed), Religious Bodies Supervisory Councils, Guidelines and Operational
Manual for NPO’s or NGO’s, FATF’s International Best Practices for Combatting
University of Ghana http://ugspace.ug.edu.gh
111
the Abuse of Non-Profit Organisations
R9 – Financial Institution
Secrecy Laws
BoG/FIC AML/CFT Guidelines 2011 Paragraph 2.44 (h) , Banking Amendment Act
2007 (Act 738) Section 84
R10 - Customer Due Diligence
The Anti-Money Laundering Regulations, 2011 (L. I. 1987). Proposed Guidelines
and Operational Manual for AIs.
R11 - Record keeping
AML Act 2008 (Act 749) – Sections 23 & 24, AML (Amendment) Act 2014 (Act
874) Banking Act 2004 (Act 673), Electronic Transactions Act, BoG/FIC
AML/CFT Guidelines. Proposals for Comprehensive Awareness for other AIs
R12 - Politically Exposed
Persons (PEPs)
FIs complying with list of PEPs. Further training required for NBFI’s and AIs
R13 - Correspondent banking
FIC/BoG AML/CFT Guidelines 2011 Paragraph 1.12 (Correspondent banking is the
provision of banking services by one bank (the correspondent bank) to another bank
(the respondent bank)).
R14 - Money or value transfer
services
BoG/ FICAML/CFT Guidelines 2011 Paragraph 1.34 for Banks and Non-Bank
Financial Institutions (FIs & NBFIs)
R15 - New technologies non-
face-to-face business
BoG, SEC, NIC AML/CFT Guidelines
R16 - Wire transfers
FIC/BoG AML/CFT Guideline 2011 Paragraph 1.35 for Banks and Non-Banks
Institutions covers maintaining information on wire transfer.
SWIFT screening tool to screen transactions and detect unusual and suspicious
transactions.
R17 - Reliance on 3rd parties
To perform KYC, CDD, EDD in R10 and R11 (BoG/FIC AML/CFT Guideline 2011
Paragraph 2.44)
R18 - Internal controls, and
foreign branches and
subsidiaries
Addressed in AML Regulations 2011, L.I. 1987.
Compliance Officers do comply promptly and properly. L.I. 1987 provides for the
training of staff of FIs / AIs. The Regulatory bodies, FIC and the AIs have put in
place and are implementing comprehensive training for management and staff of FIs
University of Ghana http://ugspace.ug.edu.gh
112
and AIs.
R19 - Higher risk countries
BoG has developed AML/CFT Guidelines 2011 for FIs and NBFIs to be
KYC/CDD/EDD compliant
R20 - Reporting of Suspicious
Transactions (STR)
The FIC has received 402 Suspicious Transactions Reports (STR’s) from October
2012 to July 2013.
R21 - Tipping-off and
confidentiality
A tipping-off offence is committed if a person knows or suspects that a disclosure
has been made, and he makes a disclosure which is likely to prejudice any
investigation which may be conducted following the disclosure.
R22 - DNFBPs: customer due
diligence
R’s10, 11, 12, 15, and 17,
R23 - DNFBPs: Other
measures
R18-21. AIs report suspicious transactions for a client when, on behalf of or for a
client in line with R22
R24 - Transparency and
beneficial ownership of legal
persons
A beneficial owner form has been designed by FIC disseminated to the financial
institutions and is being implemented. Companies Act, 1963 (Act 179), Companies
Bill (2013)
R25 - Transparency and
beneficial ownership of legal
arrangements
Financial institutions and DNFBPs undertaking the requirements set out in R10 & 22
R26 - Regulation and
supervision of financial
institutions
BoG, NPRA, NIC, SEC, VCTA, AI’s, GAMING COMMISSION, FIC
R27 - Powers of supervisors
Support and develop special investigative techniques by LEA’s suitable for ML/TF
investigations i.e. undercover operations.
R28 - Regulation and
supervision of DNFBPs
AML/CFT & P Manuals for Self-regulatory bodies (SRB) - GBA, CIB, ICA,
PMMC, GREDA, Association of Used Car Dealers, Auctioneers.
R29 - The FIC
Comprises Analysts, Compliance Officers, Administrators and Managers,
Technology Experts, Regulatory Specialists, International Specialists
R31- Powers of law
enforcement and investigative
Economic and Organised Crime Office Act, 2010 (Act 804), Narcotic Drugs
(Control, Enforcement & Sanctions) Act, 1990 (PNDC Law 236), Criminal Offences
University of Ghana http://ugspace.ug.edu.gh
113
authorities Act, 1960 (Act 29) Criminal Offences (Amendment) Act, 2012 (Act 849), Economic
and Organised Crime Office Act, 2010 (Act 804)
R32 – Cash couriers
GRA submits Currency Declaration to FIC. 284 Currency Declaration forms are
submitted to the FIC for the period under review.
R33 - Statistics
From October, 2012 to July, 2013, the following convictions have been reported in
the media. o Robbery – 11, o Arms Trafficking – 1, o Stealing – 10, o Human
Trafficking – 2, o Narcotics – 3, o Murder – 2, o Counterfeiting Currency – 1,
o Fraud – 8, o Sexual Exploitation – 3, o Forgery – 13, 402 STRs, CTR – 1,100,022,
Currency Declarations – 284, 51(47 prosecuted) cases of illicit trafficking in narcotic
drugs and psychotropic substances received. Properties confiscated include 1. Two
(2) vehicles – 1 BMW and 1 Askek Pontiac, 2. Two (2) laptops, 3. Currency of
EURO1,950.00, USD 760.00 and GH ¢ 26. 14 cases on confiscation of houses
pending. Two (2) currency smuggling cases received and prosecuted .
R34 – Guidance and feedback
Competent authorities and supervisors - FIC/BoG/NIC/SEC/NPRA and from
DNFBP’s
R35 - Sanctions
Punishment for ML offence is 10years [S.2 of AML Act, 2008 (Act 749) Section 39
of Act 749, especially sub-section 4, Sections 42, 43, 44, 50(2) of Act 749 and
Regulations 44 of the AML Regulations, 2011 (L.I. 1987)].
R36 - International instruments
UN Convention against Illicit Trafficking in Narcotic Drugs and Psychotropic
Substances, 1988 (the Vienna Convention), the UN Convention against
Transnational Organized Crime, 2000 (the Palermo Convention), United Nations
Convention against Corruption, 2003; Terrorist Financing Convention, 1999. UN
Security Council Resolutions No. 1267 (1999), No. 1373 (2001), No. 1718 (2006),
Successor Resolutions and Other Relevant Resolutions provided in Executive
Instrument (E. I.) 2 (2013), UN Consolidated list of Terrorist Individuals and Entities
R37 - Mutual Legal Assistance
(MLA)
Mutual Legal Assistance Act, 2010 (Act 807), FATF, GIABA, Other FIUs in the
West African sub-region and beyond.
R38 – Mutual Legal Assistance
(MLA) confiscation and
EOCO Act, 2010 (Act 804)
University of Ghana http://ugspace.ug.edu.gh
114
freezing
R39 - Extradition Extradition Act, 1960 (Act 22). MOU’s on Extradition.
R40 - Other forms of co-
operation
EGMONT Group of Financial Intelligence Units, MOU’s with Cote d’Ivoire, Niger,
Republic of South Africa, Information sharing with United States of America, Togo,
British Virgin Islands, Mauritius and Nigeria.
2.11 Construction of Composite Indices (CIs)
In general terms, composite indices (CIs) are quantitative or qualitative measures derived
from series of observed facts that can reveal relative positions of entities. Composite
indices that compare performances are increasingly recognised as useful tools in policy
analysis and public communication. The number of composite indices in existence around
the world keeps growing on yearly basis (Bandura, 2006). Composite indices allow for
comparisons of firms in wide-ranging fields. Composite indices like mathematical or
computational models, owe their construction more to the craftsmanship of the modeler
than to universally accepted theories and rules for encoding. Again, the justification for
composite indices lies in their fitness for the intended purposes and in peer acceptance
(Rosen, 1991). On the debate over whether composite indices are good or bad per se, it has
been noted that aggregators believe such a summary statistic can indeed capture reality
and it is proven to be useful benchmarks for performance without compromising on its
ability to generate public interest in policy making (Saltelli, 2007). On the other hand non-
aggregators’ key objection to aggregation is that they see the arbitrary nature of the
weighting process by which variables are combined (Sharpe, 2004).
Multivariate techniques are useful for gaining insight into the structure of the data set of
composite indices (CIs). However, it is vital to avoid carrying out multivariate analysis
University of Ghana http://ugspace.ug.edu.gh
115
when the sample is small compared to the number of indicators as results will lack known
statistical properties. Some of the useful multivariate techniques are discussed below:
a. Principal components analysis (PCA)
Principal component analysis (PCA) aims to reveal how diverse variables alter with
respect to each other and how they are associated. PCA primarily transforms correlated
variables into a new set of uncorrelated variables using a covariance matrix or the
correlation matrix. It assigns equal weights to individual indicators in forming the
principal components (Chatfield & Collins, 1981). Principal component analysis has the
virtue of simplicity and allows for the construction of weights representing the information
content of individual indicators (Nicoletti et al., 2000). It is able to summarise a set of
individual indicators while preserving the maximum possible proportion of the total
variation in the original data set. Likewise, it ensures that largest factor loadings are
assigned to the individual indicators that have the largest variation across entities, a
desirable property for cross-entity comparisons, as individual indicators that are similar
across entities are of little interest and cannot possibly explain differences in performance.
However, PCA cannot always reduce a large number of original variables into a small
number of transformed variables. Another drawback of PCA is that it does not allow for
inference on the properties of the general population. Furthermore, in a PCA framework,
there is no estimation of the statistical precision of the results, which is essential for
relatively small sample sizes. Finally, PCA is sensitive to both modifications in the basic
data – data revisions and updates and the presence of outliers, which may introduce a
spurious variability in the data (Efron & Tibshirani, 1993; 1991).
University of Ghana http://ugspace.ug.edu.gh
116
b. Factor analysis (FA) and Cluster analysis (CA)
Factor analysis is a statistical method that describes variability among observed and
correlated variables in terms of a smaller number of factors that highlight the link between
these variables. Factor analysis assumes that data is based on the underlying factors whose
variance can be decomposed into that accounted for by common and unique factors. It
uses regression modeling techniques to test hypotheses producing error terms, while PCA
is a descriptive statistical technique. A major defect of factor analysis is that it may
identify dimensions that do not necessarily help to reveal the unique structure in the data
and can really mask taxonomic information. Cluster analysis on the other hand orders
large data into manageable sets. Cluster analysis is used in the development of composite
indices to group data on entities based on their similarity on different individual indicators.
Cluster analysis is a purely statistical method of aggregation of indicators and a diagnostic
tool for exploring the impact of the methodological choices made during the construction
phase of composite indices. Additionally, it is a method of disseminating information on
the composite indices without losing that on the dimensions of the individual indicators.
Finally, it allows for selecting groups of entities for the imputation of missing data with a
view to decreasing the variance of the imputed values. Thus, cluster analysis gives some
insight into the structure of the data set. However, cluster analysis is criticised for its
purely descriptive nature and its tendency not to be transparent if the methodological
choices made during the analysis are not motivated and clearly explained (Davis, 2003;
Massart & Kaufman, 1983; Spath, 1980; Anderberg, 1973; Ward, 1963).
University of Ghana http://ugspace.ug.edu.gh
117
c. Cronbach coefficient alpha
Cronbach alpha is the most common estimate of internal consistency of items in a model
or survey (Boscarino et et al., 2004; Raykov, 1998; Miller, 1995; Cortina, 1993; Feldtet et
al., 1987; Hattie, 1985; Green et al., 1977). It assesses how well a set of individual
indicators measures a single unidimensional object. Cronbach alpha is primarily a
coefficient of reliability based on the correlation between individual indicators. It
increases with the number of individual indicators and with the covariance of each pair
(Nunnally, 1978). Though, both Factor analysis and the Cronbach alpha are based on
correlations among individual indicators, their conceptual frameworks are different.
Cronbach alpha captures the internal consistency in the set of individual indicators, though
correlations do not necessarily mean causality on the phenomenon expressed by the
composite indices.
d. Data envelopment analysis (DEA)
Data envelopment analysis (DEA) employs linear programming tools to estimate
inefficiency frontier that is used as a benchmark to measure the relative performance of
entities (Cherchye et al., 2008; Melyn & Moesen, 1991). Data envelopment analysis is
sensitive to policy priorities, in that its weights are endogenously determined by observed
performances. Also, it is not based upon theoretical bounds but on a linear combination of
observed best performances. Furthermore, data envelopment analysis is able to overcome
the difficulties of linear aggregations (Sapir, 2005; Nicoletti et al., 2000; Sen, 1998; Haq,
1995). However, it often rewards the status quo, since for each entity the maximisation
problem gives higher weights to higher scores.
University of Ghana http://ugspace.ug.edu.gh
118
2.12 The Structure of Ghana’s Financial and Banking Systems
Financial system (FS) primarily consists of financial institutions, the financial market, the
act of rules and regulations that determine how money circulates within the economy to
allow for various activities to be performed with ease. Ghana’s financial system broadly
consists of regulators, regulations, infrastructure, products and services (financial assets
and liabilities), financial institutions and customers of financial institutions. The five
regulators of FS are Bank of Ghana (BoG), National Insurance Commission (NIC),
Venture Capital Trust Authority (VCTA), Securities and Exchange Commission (SEC)
and National Pension Regulatory Authority (NPRA). Bank of Ghana (BoG) is responsible
for the formulation of monetary policies and regulation of the business of banking while
VCTA was established as an oversight regulator over venture capital activities in Ghana.
SEC was set up basically to protect investors and maintain the integrity of the security
market while NIC is also charged to regulate the activities of all insurance firms in Ghana.
The Ghana Interbank Payment and Settlement System (GhIPSS) implements and manages
interoperable payment infrastructures for banks and non-bank financial institutions. All
financial transactions by all actors in Ghana’s financial system are expected to be made
using the payment and settlement GhIPSS infrastructure. Though, the Ministry of Finance
(MoF) is primarily charged with the formation and implementation of sound fiscal and
financial policies, it works closely with financial regulators to ensure financial stability.
The Financial Intelligence Centre (FIC) is a fulcrum around which a secure and robust
anti-money laundering regime works, thereby maintaining the integrity of the Ghana
financial system. Thus, the regulators rely on various Acts, regulations, legislative
instruments, guidelines and other authorities to ensure fair market conduct and financial
stability.
University of Ghana http://ugspace.ug.edu.gh
119
Examination of the Ghanaian financial system revealed an interesting classification of the
players within the industry. Evidently, Ghana’s non-bank financial system is based on the
scope of activities and the capital requirements. Additionally, non-bank financial
institutions in Ghana still do the business of banking and are thus regulated by BoG.
Finally, Non-bank financial institutions (FIs) in Ghana consist of deposit-taking (e.g.
savings and loans) and non-deposit taking (e.g. leasing and mortgage companies). These
observations obviously contrast with FIs classifications of both UK and US. Thus, future
researchers are cautioned to note this fascinating observation in studying the structure of
the Ghanaian financial institution.
The initial periods of the financial reforms led to the entry of two new merchant banks,
namely Continental Acceptances Limited (CAL) and Ecobank in 1988. This was followed
by another three (3) banks namely; First Atlantic, Amalgamated and Metropolitan, and
Allied banks in 1995. Additionally, over 20 Non-bank financial institutions (NBFIs),
including leasing companies, finance houses, building societies and savings and loans
companies were also established in this era. Specifically, three (3) NBFIs were licensed
by BoG to bring them to a total of 4 by 2011. Additionally, one credit reference bureau
was issued with an operational license in 2010, to bring it to a total of two (2) in Ghana.
Bank of Ghana established Other Financial Institutions Supervision Department (OFISD)
to supervise the operations of all microfinance institutions in Ghana. Furthermore, BoG
established an office in 2011 to ensure that all deposit money banks and NBFIs comply
with Anti-money Laundering/combating the financing of terrorism regulations based on
the Anti-Money laundering Act, 2008 (Act, 749) and Anti-terrorism Act, 2008 (Act, 762).
The Bank of Ghana has established a dedicated unit for supervision of AML/CFT
activities.
University of Ghana http://ugspace.ug.edu.gh
120
Until 2000, Ghana’s formal banking sector was dominated by three (3) primary and one
(1) secondary commercial banks; namely, GCB, SCB, BBG and SSB. As at 2004, there
were nine (9) commercial banks, three (3) development banks, six (6) merchant banks and
over hundred rural banks in Ghana. As at 2004, the individual banks in the Ghanaian
merchant banks were the Merchant Bank of Ghana Ltd., Ecobank Ghana Limited, Cal
Merchant Bank Ltd., and the First Atlantic Merchant Bank. The Ghana Stock Exchange
(GSE) was established in 1991 under the Companies Code 1963, Act 179 to primarily
facilitate business expansion by making long term financing available to the public. The
period witnessed a steady increase in the number of deposit money banks to twenty-three
(23) banks at the end of 2006 and to twenty-six (26) banks by 2012 (Aboagye et al., 2008).
Currently, the banking industry in Ghana is made up of the Central Bank, ARB Apex
Bank, twenty-six (26) Commercial Banks, one hundred and thirty-six (136) RCBs and two
(2) representative offices, three hundred and thirty-three (333) forex bureau, two hundred
and sixteen (216) MFIs, five (5) inward remittance companies and two (2) representative
offices (BoG, 2013).
University of Ghana http://ugspace.ug.edu.gh
121
CHAPTER THREE – RESEARCH METHODOLOGY
3.0 Introduction
The study adopted epistemology (positivist) research philosophy using a deductive
approach. The quantitative research strategy was used. Desktop review was carried out to
evaluate Ghana’s current status with respect to FATF 40 recommendations. Data was
collected from banking institutions licensed by Bank of Ghana that have been in operation
for at least a year were used and 79 Bank and Non-bank financial institutions (NBFIs)
were used as the sample. Descriptive statistics such as mean, percentiles and percentages
were used to describe the generated scores for the banking industry. Principal Component
Analysis (PCA) was deployed in the construction of the indices and the hypotheses were
tested using chi-square. In determining the effect of AML compliance, FP on ERM
adoption, three (3) approaches were used: (1) Logistic: ERM is measured as a binary
variable taking a value of 1, if a bank appoints a CRO and 0 otherwise. (2) Ordinary Least
Squares: ERM is measured as a continuous variable (ERM Adoption Index). Finally, a 2-
stage Least Square Regression was done, due to endogeneity between ERM adoption and
firm performance (ROA). Net interest margin and cost-income ratio were used as
instruments for ROA. The justification for selected variables, research design and data
collection techniques are captured in this section.
3.1 Construction on AML and ERM Indices Using PCA
This section discusses how the ERM Adoption and AML Compliance indices are
constructed and the variables used. The principal component analysis (PCA) was used to
analyze the interrelationships among a large number of variables and to explain these
variables in terms of a smaller number of variables (called principal components) while
still maintaining the original value of the variables. PCA methodology helps extract
University of Ghana http://ugspace.ug.edu.gh
122
orthogonal variables that measure different aspects of a subject from a set of variables that
describe the subject. Let wi be a p -dimensional constant vector with ¢wiwi =1 and x a p -
dimensional random vector.
Then yi = ¢wix
is a linear combination of the random vector x and
var(yi ) = ¢wiSwi "i =1,..., p
cov(yi ,y j ) = ¢wiSw j "i, j =1,..., p
WhereS is the covariance matrix of x . The ith principal component yi is defined as
yi = mwi axvar(yi )
subject to ¢wiwi =1 and cov(yi , y j ) = 0
The implication of this maximisation problem is that the principal components yi and y j
are orthogonal and can therefore, be used in the same regression.
In this study, a two (2)-stage approach was used to construct the AML compliance and
ERM adoption indices. ERM adoption had nine (9) thematic areas. Each of the nine (9)
thematic areas had different set of questions, for example the first has 5 questions (p=5)
and all the five (5) were reduced into one (1) variable called Principal Component (PC).
For each of the other thematic areas, the numbers of questions were all reduced to one (1)
PC. The second stage involved reducing the entire nine (9) PCs to one (1) PC which is the
ERM Adoption index. Similar approach was used to derive the AML compliance index.
The first principal component (PCs) by construction tends to contain the largest portion of
the information contained by the original set of variables. Additionally, factor loadings
greater or equal to 0.30 are selected. PCA scores are generated for the 79 banking firms.
University of Ghana http://ugspace.ug.edu.gh
123
The PCA scores for both AML compliance and ERM adoption were bootstrapped to
ascertain their ranges. These scores were further rescaled to lie between 0 and 10,000 for
easy analysis. In addition, scores were categorized using 5th, 50th, 75th and 95th percentiles
and ranked. The industry in which a bank operates i.e. (1 for universal banks and 2 for
NBFIs) was used to present the ranked results to ensure confidentiality. The top ten (10)
performers are reported in the analysis to appreciate the performance of NBFIs and
universal banks.
3.1.1 The ERM adoption components
Since publication of the COSO ERM framework in 1992, there have been varied
acceptance levels by industry, practitioners and academia. However, review of literature
shows that the COSO ERM framework is gradually gaining recognition and adoption
(Mcshane et al., 2012; Gordon et al, 2009; Beasley et al., 2008). Figure 2 and table 2
show the variables employed in the two-stage ERM adoption index construction and
justification of variables respectively.
University of Ghana http://ugspace.ug.edu.gh
124
Figure 2: Enterprise Risk Management (ERM) Adoption index variables (modified
COSO ERM framework)
Internal
Environment Index
Objective Setting
Index
Event
Identification
index
Risk Response
Index
Monitoring index
Risk Assessment
Index
Control Activities
Index
Information and
Communication
Index
Organisational
Culture Index
Internal environment
indicators
Objective setting indicators
Event identification
indicators
Risk assessment indicators
Risk response indicators
Control activities indicators
Information and
communication indicators
Monitoring and evaluation
indicators
Organisational culture
indicators
ERM
Adoption
Index
University of Ghana http://ugspace.ug.edu.gh
125
Table 2: The ERM Adoption index variables
Variable Justification for inclusion Factor loading sign
Internal
environment
It captures a set of standards on integrity,
ethical values and competence of an
entity's people; management's philosophy,
operating style, processes and structures.
+
Objective
setting
This captures objectives that are set to
support the organisation's mission are
consistent with its risk appetite.
+
Event
identification
This involves the identification of internal
and external events that affect the
achievement of a firm’s objectives.
+
Risk
assessment
This involves a dynamic and iterative
process for identifying, analyzing,
responding and tolerating risks that hinder
the ability of firms to achieve set
objectives.
+
Risk response This refers to the appropriate actions
which are selected to align risks with risk
tolerance and risk appetite.
+
Control
activities
This captures policies and procedures
required to execute directives of
management.
+
University of Ghana http://ugspace.ug.edu.gh
126
Information &
communication
It captures pertinent information that must
be identified, captured and communicated
in a form and within a stipulated time to
help a firm perform its internal controls to
achieve set objectives.
+
Monitoring This captures how information systems
should ensure that risk is identified,
captured and communicated in a format
and time frame that enables managers and
staff to carry out their responsibilities to
achieve set objectives
+
Organizational
culture
This variable captures how value system
influence how risks are perceived,
detected, mitigated and exploited to
enhance holistic risk management in a
firm
+
3.1.2 Anti-money laundering components
Review of existing literature, domestic and international AML laws show four (4)
thematic areas that should engage the attention of banks and regulators. These four key
variables capture the entirety of an AML framework and is shown in Figure 3 and
justification of these variables is shown in table 3.
University of Ghana http://ugspace.ug.edu.gh
127
Figure 3:Anti-Money Laundering Index Variables
Money laundering
risk assessment
indicators
Records
management
Indicators
Compliance
programme
indicators
Corporate
Governance
indicators
AML
Compliance
Index
Compliance
programme Index
Records
management Index
Corporate
Governance Index
Money laundering
risk assessment
Index
University of Ghana http://ugspace.ug.edu.gh
128
Table 3: AML index variables
Variable Justification for inclusion
Factor loading
sign
Money laundering
Risk Assessment
(MLRA)
This variable signifies scanning of both
internal and external environment of a
bank to identify, quantify and measure
the potential effect of all money
laundering risks on objectives of banks.
It helps banks priorities their resources
in combating money laundering.
+
Records Management
(RM)
Money laundering is a derivative crime;
hence its detection depends on the filing
of suspicious transaction reports by
accountable institutions. Investigation,
prosecution and conviction of potential
money laundering cases depend largely
on proper and effective records keeping.
+
Compliance program
(CP)
As required by both international and
domestic AML standard, banks are
expected to document the potential ML
risk they face and the measure they
would adopt to manage or minimize
theses risks. The variable ensures a
+
University of Ghana http://ugspace.ug.edu.gh
129
coherent and consistent handling of
expected and unexpected ML issues.
This category basically deals with the
extent to which AML policies and
procedures are translated into Knowing
Your Customer (KYC) and training of
employees on the AML framework
Corporate Governance
(CG)
The implementation of AML
compliance programme depends largely
on the corporate governance practices in
a firm. The quality of board and
management oversight is essential in
ensuring banking institutions comply
with AML policies and procedures
+
3.2 Percentile categorisation and interpretation of PCA scores
In order to measure the level of success of AML compliance and ERM adoption
programmes of banks, scores generated from the PCA were grouped using percentiles in
table 4 below. The 5th and 95th were used for poor and excellent banks respectively. This is
to ensure that banks with weak and strong AML and ERM systems are easily identified.
Banks that fell with the 5th percentile are assumed to have major deficiencies in the AML
compliance and ERM adoption programmes, whilst those in the 95th percentile are
assumed to have better systems. This was to help rate and rank banks as to the best
knowledge of the author no percentile scale exist to rank the risk management tools.
University of Ghana http://ugspace.ug.edu.gh
130
Table 4: Scores interpretation
Percentile AML compliance ERM adoption Interpretation
5th Weak Low Major shortcomings
50th Fair Medium Moderate shortcomings
75th Good High Minor shortcomings
95th Strong Very high No shortcoming
3.3 The Basic model for AML, Firm performance, and ERM Nexus
An increasing number of scholars view ERM adoption as a fundamental model for risk
management in organisations (Hoyt & Liebenberg, 2009; Beasley et al., 2008; Nocco &
Stulz, 2006). Driving this trend is the belief that ERM adoption offers firms a holistic
framework toward risk management because firms presumably lower their overall risk of
failure and thus increase their performance by adopting ERM. The presumed link between
AML compliance, firm performance and ERM adoption has been clearly captured in the
COSO (2004) definition of ERM (Moeller, 2007; Lin and Wu, 2006; Beasley et al., 2005).
A multiple regression model is estimated in order to investigate the linkages between
University of Ghana http://ugspace.ug.edu.gh
131
AML compliance and firm performance and ERM adoption. Specifically, the following
model is estimated:
ERMi = b0 +b1AMLi +b2ROAi +BX +ei ……………………………….Equation 1
where, B is a vector of coefficients and X is matrix of control variables.
ERM adoption is often measured as binary variable taking a value 1, if a firm appoints a
CRO and 0 otherwise. In such situations, logistic regression will be a natural choice for
evaluating the effects of AML compliance, firm performance and ERM adoption. Logistic
regression has been used in the literature to determine whether or not some firm specific
variables are related to ERM adoption (Razali et al., 2011; Keown et al., 2010; Kleffner et
al., 2003; Yazid, 2001; Lam, 2000). It is worth noting that the model specified in equation
1 suffers from the well-known endogeneity problem as ERM adoption and firm
performance are endogenous to the model. Endogeneity occurs when explanatory
variables correlate with the regression error term to render the estimates of regression
parameters inconsistent. In such circumstances, instrumental variables (IV) models
provide a way of obtaining consistent parameter estimates (Wooldridge, 2007; Miguel,
2006; Brunner, 2002; Robinson, 2001; Jeckman 1997). Therefore, the instrumental
variable (IV) approach was used to estimate this model. Instrumental variable in
econometric analysis is meant to address endogeneity, measurement error and omitted
variable bias in estimation of economic models. Following Baum (2009) and Hansen
(2009), the theoretical underpinnings of the instrumental variable method are outlined:
Consider the equation of the form
University of Ghana http://ugspace.ug.edu.gh
132
y = xb+ m ………………………………………………………………Equation 2
Where, there is no association between x and µ. In such a situation, the ordinary least
squares (OLS) method generates consistent estimates of the model. However, OLS
regression breaks down when there is correlation between x and µ due to the presence of
endogeneity. To address endogeneity that was likely to emanate from aggregation of
variable, the author following Hansen (2009) explored the instrumental variable model of
the form:
yi = ¢xib + ei ………………………………………………………………Equation 3
Where xi is (k × 1), and assume that E (xi, ei) ≠ 0 due to endogeneity.
The instrumental variable method is employed to justify that the association between
AML compliance, firm performance and ERM adoption is a causal relationship rather than
simply a correlation. Additionally, this study’s reliance on the instrumental variable model
was to help address major methodological endogeneity that one encounters in using OLS
to examine AML compliance, firm performance and ERM adoption. For instance, there is
a possible two-way link between return on assets (firm performance) and the dependent
variable, ERM due to the fact that while profitability of a firm makes resources available
for implementing ERM, successful adoption of ERM can also impact positively on a
firm’s profit level. As such, the study used instruments that have high correlation with
ROA, but uncorrelated with the dependent variable, ERM index. The challenge of using
the instrumental variables (IV) model was how to identify valid instruments to explore
AML compliance, firm performance and ERM adoption. This study identified cost to
income ratio (CIR) and net interest margin (NIM) as valid instruments for firm
performance (ROA).
University of Ghana http://ugspace.ug.edu.gh
133
Review of literature reveals many drivers of ERM adoption. However, the ERM drivers
indicated in table 5 were chosen as control variable in the model to reflect the peculiarity
of Ghana’s banking industry.
University of Ghana http://ugspace.ug.edu.gh
134
Table 5: Selected Drivers of ERM Adoption
Dimension
Expected
sign
Indicator Citation
Auditor type +
Bank audited by one of big four
(4)-(KPMG, LLP, Ernst and Young
LLP, PricewaterhouseCoopers
LLP, and Deloitte Touché
Tohmatsu Ltd
Golshan et al., (2012); Clune
et al., (2005)
Firm size + Natural log of Total Assets
Golshan et al., (2012);
Golshan & Abdul-Rashid
(2012); Thompson et al.,
(2010); Gordon et al., (2009);
Beasley et al., (2008, 2005);
Yazid et al., (2008); Pagach
& Warr (2008; 2007); Hoyt et
al.,; (2006).
Bank
solvency
+
The capital adequacy ratio is
measured as a percentage of the
adjusted capital base of the bank to
its adjusted asset base.
Banking Act, 2004 (Act 673)
Bank
Profitability
+/- Profit after tax to total asset
Gordon et al. (2009);
Acharyya, (2008, 2007);
Liebenberg & Hoyt (2003)
Dummy + I-universal banks;0-savings & loans
University of Ghana http://ugspace.ug.edu.gh
135
Anti-money
laundering
compliance
+ AML compliance index
Anti-Terrorism (Amendment
Act), 2012 (Act, 842); Basel
(2012); Anti-Terrorism
Regulations, 2012 (L.I.
2181). Anti-money
laundering Regulations
(2011); Anti-money
laundering Act 2008, (Act
749); Anti-Terrorism Act,
2008 (Act 762
3.4 Description of selected drivers of ERM
This section provides further theoretical and empirical explanation to the selected drivers
of ERM adoption shown in table 5. The drivers were carefully selected due to data
availability. The drivers are discussed with respect its measurement and expected
influence on ERM adoption within the Ghanaian banking context.
i. Auditor type
The presence of one of the big four (4) international accounting firms (KPMG, LLP, Ernst
and Young LLP, PricewaterhouseCoopers LLP and Deloitte Touché Tohmatsu Ltd) may
give assurance to investors, customers, employees and other stakeholders in terms
provisions of appropriate controls and banking reporting. Auditing ensures adherence to
regulatory standards, internal company policies and industry standards. Regulators would
insist on tried and tested auditing firms to ensure protection of customer deposit and
minimise risks a bank is exposed to. In addition, the fact that the big four (4) will always
protect their own reputation as competent auditors by ensuring that annual reports and
University of Ghana http://ugspace.ug.edu.gh
136
relevant documents are transparent and free from errors is paramount (Golshan & Abdul-
Rasid, 2012; Beasley et al., 2005). Beasley et al., (2005) have also concluded that the stage
of ERM adoption is positively affected by the firm’s auditor type. In other words, if the
firms’ auditor happens to be one of the big four (4), the firm was more likely to have
adopted ERM.
ii. Firm size
The size of a company is often reflected in its assets and/or employee size. Companies
need to effectively manage their assets in order to achieve their strategic short-term and
long-term goals. Other things being constant, large firms are more likely to adopt ERM
than smaller firms (Yazid et al., 2008; Pagach & Warr, 2007; Hoyt & Liebenberg, 2006;
Beasley et al., 2005). This assertion stems from the fact that large firms are more likely to
be diversified in terms of scope, product portfolio, staff and ownership structure. Hence,
size is expected to be positively correlated with ERM adoption (Hoyt & Liebenberg, 2009;
Lawrence & Lorsch, 1967; Myers et al., 1991).
iii. Chief Risk Officer (CRO)
The chief risk officer (CRO) plays a critical role in the adoption and implementation of the
ERM programme. Many had stressed on the appointment of a CRO to manage all of the
firms’ potential risks in ERM adoption (Yazid et al., 2011; Beasley et al., (2005); Kleffner
et al., 2003; Lam &Kawamoto, 1997). Liebenberg and Hoyt (2003) had also argued that if
companies fail to hire a CRO, it does not mean such companies do not practice ERM. The
author acknowledged a complex link between the appointment of CRO and ERM
adoption. To simplify this complexity, this study hypothesizes that while a positive
relationship between the appointment of CRO and ERM implementation is the norm. It is
very possible to have firms who adopted ERM but do not have CROs.
University of Ghana http://ugspace.ug.edu.gh
137
iv. Capital Adequacy Ratio (CAR)
The banking systems’ capital adequacy ratio (CAR) measures the system’s ability to
withstand shocks (internal and external risks); hence, the importance of regulators (Basel
1, 2, and 3; section 54 of Banking Act, 2004, Act 673 as amended). The importance of
capital to a bank is again given a global impetus by the Basel 2 Agreement on capital
standards and relevant European Union (EU) directives. The Bank of Ghana measures the
capital adequacy of a bank, as a percentage of the adjusted capital base to its adjusted asset
base and requires banks to maintain a minimum capital adequacy ratio of 10% at all times
while in operation. A positive CAR implies a bank’s ability to withstand shocks and stay
in business. Hence, this study hypothesises that apositive relationship exists between
CAR and ERM implementation. This variable though important to the business of banking
has often not been cited.
v. Firm performance (bank profitability)
This generally refers to various indicators which prove the effect of a set of principles,
processes, programmes and projects in real terms. The general description of firm
performance implies that it covers both financial and operational (non-financial) aspects of
the firm. Firm performance can be measured in several ways. For the purpose of this
study, firm performance is defined in both financial and operational terms in order to have
a holistic (comprehensive) idea about how implementation of enterprise risk management
impacts firm performance. Firm performance is therefore defined not only in terms of,
level of profitability; return on assets, turnover, and stock price changes but also in terms
of intangible components which include reputation etc. This is based on previous studies
(Beasley et al., 2005; Gordon et al., 2009; Pagach & Warr, 2008). Firm performance is
also defined to include factors which are not numerically quantifiable as it is not all risk
University of Ghana http://ugspace.ug.edu.gh
138
that are related to strategic operational and ethical issues (Orlitzky, 2003, as cited in
Acharyya, 2007). this current study looks at the financial aspects of a firm performance
and first employ the use of return on assets (ROA) as a measure of performance of
Ghanaian banks using the logistic and ordinary least square estimations and subsequently
used net interest margin (NIM) as an instrument to ensure robustness using 2SLS
estimation method. ROA indicates how effectively a bank’s assets are used to generate
profits, thus, serving as strong gauge of how well a bank deploys all its available resources
to ensure its profitability and survival. The net interest margin is calculated as tax-
equivalent net interest income, divided by average interest-earning assets. Though, net
interest margin is not a measure of a bank’s total profitability since most banks also earns
fees and other non-interest income from providing services, like brokerage and deposit
account services and does not take operating expenses, like personnel and facilities costs,
or credit costs into account, it can be used to track the profitability of a bank’s investing
and lending activities over a time period.
vi. Risk Culture
A dummy variable is included to take account of the different levels of risk management
practices among banks. Though the Bank of Ghana regulates and supervises both universal
banks and non-bank financial institutions (NBFIs) under the same banking Act, the
permissible activities and capital requirements make universal banks take more risk than
the NBFIs. A universal bank takes the value 1, NBFI, otherwise. This study hypothesises
that universal banks are more likely to adopt ERM than non-bank financial institutions.
vii. Anti-Money Laundering index
Though AML measures mitigate risk with respect to money laundering, it can be
subsumed under enterprise risk management. However, intuitively, AML compliance and
University of Ghana http://ugspace.ug.edu.gh
139
ERM adoption manage firm risk from different perspectives. Hence, AML is included in
this study to assess the association between the two (2). In this study, an AML
compliance index is generated to gauge AML programmes of banks. This index is used to
test the influence AML compliance on ERM adoption within the Ghanaian banking space.
3.5 The Study Research Design
This study evaluates the determinants of ERM adoption using cross section survey data
obtained from the Ghanaian banking sector. The study adopts a causal design to assess the
impact of selected drivers on the probability of a Ghanaian bank to adopt ERM. A
quantitative (parametric) research strategy was employed. A structured questionnaire was
administered to twenty-six (26) universal banks and fifty-three (53) non-bank financial
institutions (NBFIs) regulated and supervised by the Bank of Ghana with 31st December
2013 as the reference date. The comprehensive survey instrument (questionnaire) was
developed to capture the enterprise risk management adoption based on COSO ERM
framework input components and components of an AML programme within the
Ghanaian banking industry context. In addition, secondary data on total assets, auditor
type, capital adequacy ratio and firm performance (bank profitability) were collected from
Bank of Ghana as at 31st December 2013. Data collected was analyzed using STATA 13.
University of Ghana http://ugspace.ug.edu.gh
140
CHAPTER FOUR
EMPIRICAL RESULTS AND DISCUSSIONS
4.0 Introduction
This chapter presents and discusses the empirical results. Ghana’s technical compliance
with FATF recommendations is presented. The AML and ERM indices are presented and
discussed. The descriptive statistics of the generated scores for AML and ERM as well as
the ranking of banks is also discussed in this chapter. Finally, the results of the hypotheses
tested and regression are presented and discussed in the light of previous literature.
Table 6: Risk matrix of ML/TF vulnerabilities
Though Ghana has done well in terms of technical compliance as reviewed in literature
(see table 1), table 6 shows emerging ML/TF risks and their likely impact.
University of Ghana http://ugspace.ug.edu.gh
141
4.2 The AML drivers
These components are derived based on international, regional and domestic anti-money
compliance standards, laws and guidelines. Following review of literature on AML
compliance, the study captures these laws into four (4) thematic areas: Money laundering
risk assessment (MLRA); Records Management (RM); Compliance Programme (CP); and
Corporate Governance (CG).
1. Money laundering risk assessment (MLRA)
A well-developed operational AML/CFT compliance programme is precedent on a sound
ML/FT risk assessment. ML/FT risk assessment also entails identifying, analysing and
measuring ML/FT inherent risk in order to design corresponding AML/CFT compliance
programme. This is core to any effective and operational AML compliance programme.
A bank’s ML/FT risk assessment generally focuses on the structural factors (i.e. bank
profile, corporate structure, size) and significant activities which include correspondent
banking relationships, customer/account type, product, services, customers, entities,
transactions and geographic location. These are categorized into three (3) key themes as
shown in table 7.
University of Ghana http://ugspace.ug.edu.gh
142
Table 7: Results: Money Laundering Risk Assessment
Table 7a: Selected principal components
Observed
Coefficients
Bootstrap
Std Error P-value
(95% confidence
Interval)
Principal Component 1 2.4622 0.0895 0.0000 (2.2866,2.6378)
Table 7b: Factor loadings of Principal Component 1
Factor Loadings
Bootstrap
Std Error P-value
(95% confidence
Interval)
Bank profile 0.593 0.0093 0.0000 (0.5747,0.6112)
Corporate structure 0.5548 0.0146 0.0000 (0.5261,0.5834)
Business activities 0.5836 0.0087 0.0000 (0.5664,0.6009)
* signifies factor loading ≥0.30
LR test for independence: chi2(3) = 141.16 Prob > chi2 = 0.0000
Table 7c:Variance explained by components
Components Eigenvalue Proportion Cumulative
Principal Component 1 2.4620 0.8207 0.8207
Principal Component 2 0.3532 0.1177 0.9385
Principal Component 3 0.1846 0.0615 1.0000
From the table 7a, only the first principal component is retained. All factors individually
and jointly load positive on the component with a good model fit (see table 7b). All the
factors are individually and jointly, statistically and economically significant. This
component accounts for 82% of the variability of the data set as shown in table 7c. Thus,
this principal component is labeled as money laundering inherent risk index.
University of Ghana http://ugspace.ug.edu.gh
143
2. Records Management (RMGT)
Records management is vital to effective dissemination and prosecution of money
laundering offences. Sections 23 and 24 of Act 749 & Regulation 3 of L.I. 1987 require
bank and non-banking institutions to keep customer record for a minimum of six (6) years
from the time customer -relationship is terminated. Below is table 8 which shows PCA
results of the key themes of records management.
University of Ghana http://ugspace.ug.edu.gh
144
Table 8: Results: Records Management Component
Table 8a: Selected principal components
Observed
Coefficients
Bootstrap
Std Error P-value
(95% confidence
Interval)
Principal Component 1 3.8307 0.6093 0.0000 (2.6363,5.0250)
Table 8b: Factor loadings of Principal Component 1
Metric Name Loadings
Bootstrap
Std Error P-value
(95% confidence
Interval)
Compliance 0.4323 0.0157 0.0000 (0.4016,0.4631)
Reporting 0.4671 0.0083 0.0000 (0.4509,0.4833)
Accessibility 0.4387 0.0106 0.0000 (0.4180,0.4594)
Records manager 0.4685 0.0108 0.0000 (0.4475,0.4896)
Suspicious transaction reports 0.4275 0.0151 0.0000 (0.5664,0.6009)
* signifies factor loading ≥0.30
LR test for independence: chi2(10) = 301.48 Prob > chi2 = 0.0000
Table 8c:Variance explained by components
Components Eigenvalue Proportion Cumulative
Principal Component 1 3.8307 0.7661 0.7661
Principal Component 2 0.4400 0.0880 0.8541
Principal Component 3 0.3572 0.0715 0.9256
Principal Component 4 0.2343 0.0469 0.9725
Principal Component 5 0.1377 0.0275 1.0000
Applying the Kaiser’s stopping rule, only first principal component is selected as shown in
table 8a. The first principal component accounts for approximately 77% of the variability
in the data (see table 8c). All the factor loadings are above 0.30 and positively load on the
University of Ghana http://ugspace.ug.edu.gh
145
component as indicated in table 8b. The factors individually and jointly predict the first
principal component and are statistically and economically significant. The model has a
good fit. Thus, this index is labeled as records management index.
3. Compliance Programme (CPROG)
This AML compliance programme contains policies and procedures to help banks comply
with existing international and domestic regulations on Anti-money laundering (AML)
and combatting of terrorist financing. Review of literature and relevant laws show that at a
minimum, an AML compliance programme should address issues on customer due
diligence, customer acceptance criteria, client’s file update, “enhanced due diligence” and
independent testing and training. The underlying principles in AML compliance
programme is categorized into six (6) themes. The PCA results of the AML compliance
programme are shown in table 9 below.
University of Ghana http://ugspace.ug.edu.gh
146
Table 9: Results: Compliance Programme
Table 9a: Selected principal components
Observed
Coefficients
Bootstrap
Std Error P-value
(95% confidence
Interval)
Principal Component 1 4.334 0.2187 0.0000 (3.9056,4.7630)
Table 9b: Factor loadings of Principal Component 1
Metric Name Loadings
Bootstrap
Std Error P-value
(95% confidence
Interval)
Customer due diligence 0.4077* 0.0134 0.0000 (0.3461,0.4694)
Customer acceptance criteria 0.4175* 0.029 0.0000 (0.3606,0.4743)
Client file update 0.4193* 0.0284 0.0000 (0.3636,0.4750)
Enhance due diligence 0.4011* 0.0331 0.0000 (0.3361,0.4659)
Independent testing 0.4074* 0.0315 0.0000 (0.3457,0.4692)
Training 0.3959* 0.0337 0.0000 (0.3299,0.4620)
* signifies factor loading ≥0.30
LR test for independence: chi2(15) = 333.74 Prob > chi2 = 0.0000
Table 9c:Variance explained by components
Components Eigenvalue Proportion Cumulative
Principal Component 1 4.3340 0.7224 0.7224
Principal Component 2 0.5439 0.0907 0.8131
Principal Component 3 0.3688 0.0615 0.8746
Principal Component 4 0.3335 0.0556 0.9301
Principal Component 5 0.2387 0.0398 0.9699
Principal Component 6 0.1806 0.0101 1.0000
The first principal component has an eigenvalue of 4.334 and is selected as presented in
table 9a. This component accounts for 72% of the variability in the data set (see table 9c).
University of Ghana http://ugspace.ug.edu.gh
147
The factors loadings individually and jointly load positive unto this component. The
factors are statistically and economically significant (see table 9b) and predict the index.
This component is labeled as compliance programme index.
4. Corporate governance (CGOV)
The governing board and senior management of the bank take and demonstrate overall
responsibility for AML/CFT systems and controls. For AML programme to work the
board should fully understand their obligations and AML/CFT responsibilities, approve
the AML/CFT policy and procedures, receive regular AML/CFT training as well as play a
directing role in terms of allocating resources to the AML/CFT function. The compliance
programme is categorised into seven (7) thematic areas as shown in table 10.
University of Ghana http://ugspace.ug.edu.gh
148
Table 10: Results: Corporate Governance
Table 10a: Selected principal components
Observed
Coefficients
Bootstrap
Std Error P-value
(95% confidence
Interval)
Principal Component 1 5.103 0.2184 0.0000 (4.6749,5.5311)
Table 10b: Factor loadings of Principal Component 1
Metric Name Loadings
Bootstrap
Std Error P-value
(95% confidence
Interval)
AML framework approval 0.3711 0.0157 0.0000 (0.3403,0.4019)
Board training 0.3715 0.0148 0.0000 (0.3425,0.4006)
Adherence to AML procedure and
policies 0.3945 0.0088 0.0000 (0.3772,0.4118)
PEPs On Board/management 0.3961 0.0078 0.0000 (0.3808,0.4112)
Standardized KYC procedures 0.3631 0.0148 0.0000 (0.3342,0.3920)
Independent testing 0.3988 0.0082 0.0000 (0.3827,0.4148)
Big four audit firm 0.3477 0.2027 0.0000 (0.3079,0.3874)
LR test for independence: chi2(21) = 439.66 Prob > chi2 = 0.0000
* signifies factor loading ≥0.30
Table 10c:Variance explained by components
Components Eigenvalue Proportion Cumulative
Principal Component 1 5.1030 0.7290 0.7290
Principal Component 2 0.4869 0.0696 0.7986
Principal Component 3 0.3871 0.0553 0.8539
Principal Component 4 0.3595 0.0514 0.9052
Principal Component 5 0.3322 0.0475 0.9527
Principal Component 6 0.1971 0.0282 0.9809
Principal Component 7 0.1339 0.0191 1.0000
University of Ghana http://ugspace.ug.edu.gh
149
From table 10a above principal component 1 with eigenvalue of 5.10 is selected. This
component accounts for approximately 73 percent of the total variability in the data set
(see table 10b). All the factors are economically and statistically significant with positive
loadings onto the component (see table 10b). This component is labeled corporate
governance index.
4.3 The AML index
Following from the discussions above, the entire variables of the proposed AML
compliance index are statistically significant, hence could be used in determining the key
drivers of AML compliance in the Ghanaian banking industry. The proposed AML
compliance index is a composite index – it means the overall score is a weighted average
of four (4) key indices derived from the four (4) -stage one (1) variables. These indices
include: money laundering risk assessment, records management, compliance programme,
and corporate governance.
University of Ghana http://ugspace.ug.edu.gh
150
Table 11: Results: AML Index
Table 11a: Selected principal components
Observed
Coefficients
Bootstrap
Std Error P-value
(95% confidence
Interval)
Principal Component 1 3.3549 0.5337 0.0000 (2.3089,4.4011)
Table 11b: Factor loadings of Principal Component 1
Metric Name Loadings
Bootstrap
Std Error P-value
(95% confidence
Interval)
Money laundering Risk Assessment 0.4873* 0.3059 0.0000 (0.4273,0.5472)
Records Management 0.5207* 0.0196 0.0000 (0.4823,0.5590)
Compliance program 0.5198* 0.0197 0.0000 (0.4812,0.5584)
Corporate Governance 0.4704* 0.0349 0.0000 (0.4019,0.5388)
* signifies factor loading ≥0.30
LR test for independence: chi2(6) = 305.42 Prob > chi2 = 0.0000
Table 11c:Variance explained by components
Components Eigenvalue Proportion Cumulative
Principal Component 1 3.3550 0.8387 0.8387
Principal Component 2 0.3829 0.0957 0.9345
Principal Component 3 0.1815 0.0454 0.9799
Principal Component 4 0.0805 0.0201 1.0000
It is clear that the overall fitness of the AML compliance model is good. Principal
component 1 is selected as shown in table 11a. The factor loadings are all above 0.30 and
individually and jointly; positively load on the principal component 1. The component
alone accounts for 84% of the variability of the data set (see table 11c). All factors are
statistically and economically significant with factor loadings above 0.30 (see table 11b.
University of Ghana http://ugspace.ug.edu.gh
151
This component is thus labeled AML compliance index. This index is now used to rank
the AML compliance of sampled firms. Scores generated from the Stata 13 based on
parameters set in methodology are bootstrapped for AML compliance and ERM adoption
to create valid confidence interval. Each bank is assigned a score on a scale from – 6 to 6
for AML compliance and -10 to 10 for ERM adoption. Higher scores are preferred and
results are shown in appendix B with name of banks replaced with the industry it operates
to ensure confidentiality.
4.4 The ERM components
This section of the thesis seeks to discuss the latent factors that drive the ERM adoption
index. Each of the COSO ERM input factors, together with organization culture, have
underlining principles which have been categorized into key themes (factors) based on the
researcher’s interpretation to ensure appropriate labeling of the proposed indices as shown
in tables 12 to 20. Following Kaiser Stopping rule, principal component with eigenvalue
above one (1) and factor loadings greater or equal to 0.30 are selected. The higher the
value of each input factor, the better the ERM adoption index. The nine (9) factors are
discussed below.
1. Internal environment
The underlining principles of the internal environment include: entity’s commitment to
integrity and ethical values; the autonomy of the board of directors in exercising its
oversight duties; the presence of the organizational structure; the entity’s commitment to
attract, develop, and retain competent individuals in the pursuit of set objectives (COSO,
2010). The above underlining principles have been categorized into five (5) key themes
(factors) as shown in table 12 below.
University of Ghana http://ugspace.ug.edu.gh
152
Table 12: Results: Internal Environment
Table 12a: Selected principal components
Observed
Coefficients
Bootstrap
Std Error P-value
(95% confidence
Interval)
Principal Component 1 2.9173 0.2587 0.0000 (2.4102,3.4244)
Principal Component 2 1.0811 0.1532 0.0000 (0.7808,1.3815)
Table 12b: Factor loadings of Principal Component 1
Factor Loadings
Bootstrap
Std Error P-value
(95% confidence
Interval)
Ethical standard 0.4949* 0.2037 0.0000 (0.4551,0.5349)
Board oversight 0.296 0.0791 0.0000 (0.1409,0.4510)
Organisational structure 0.4812* 0.025 0.0000 (0.4322,0.5305)
Human capital 0.4323* 0.0483 0.0000 (0.3375,0.5271)
Employee accountability 0.4988* 0.0269 0.0000 (0.4461,0.5515)
* signifies factor loading ≥0.30
Table 12c: Factor loadings of Principal Component 2
Factor Loadings
Bootstrap
Std Error P-value
(95% confidence
Interval)
Ethical standard -0.2823 0.0204 0.0000 (-0.4138,-0.1505)
Board oversight 0.7515* 0.3599 0.0000 (0.6809,0.8220)
Organisational structure -0.3211 0.0733 0.0000 (-0.4649,-0.1774)
Human capital 0.442* 0.0680 0.0000 (0.087,0.5753)
Employee accountability -0.2391 0.0711 0.0000 (-03787,-0.996)
* signifies factor loading ≥0.30
LR test for independence: chi2(10) = 166.76 Prob > chi2 = 0.0000
University of Ghana http://ugspace.ug.edu.gh
153
Table 12d:Variance explained by components
Components Eigenvalue Proportion Cumulative
Principal Component 1 2.9172 0.5835 0.8535
Principal Component 2 1.0811 0.2162 0.7997
Principal Component 3 0.4066 0.0813 0.8810
Principal Component 4 0.3156 0.0631 0.9441
Principal Component 5 0.2793 0.0559 1.0000
The table discusses the result of the principal components, factor loadings and the overall
fitness of the internal environment constructs. Component one (1) and component two (2)
were selected because it is evident from the variance analysis that the two components
have eigenvalues above one and account for approximately 80% of the total variability of
the data set as shown in table 12d. Component one alone accounts for as much as 58% of
the variability and it is driven by all the five (5) variables which are all statistically and
economically significant as indicated in table 12b. Component one (1) is therefore labeled
as internal environment index.
Component two is mainly driven by board oversight with factor loading of 0.75 and some
factors load negatively (see table 12c). This is therefore labeled as board oversight index.
From the discussion, component one which is labeled as “Internal Environment Index” is
chosen because it has the higher variability and all factors load positively onto the index.
2. Objective setting
The objective setting reflects the board’s objectives that support the organization’s mission
and is consistent with its risk appetite. This is captured under seven (7) key themes
(factors) as shown in table 13.
University of Ghana http://ugspace.ug.edu.gh
154
Table 13: Results: Objective Settings Component
Table 13a: Selected principal components
Observed
Coefficients
Bootstrap
Std Error P-value
(95% confidence
Interval)
Principal Component 1 3.8206 0.2337 0.0000 (3.3626,4.2786)
Table 13b: Factor loadings of Principal Component 1
Metric Name Loadings
Bootstrap
Std Error P-value
(95% confidence
Interval)
Objective definition 0.3271* 0.0559 0.0000 (0.217,0.4368)
Strategic planning 0.3551* 0.0504 0.0000 (0.3563,0.4539)
Risk appetite 0.3747* 0.0467 0.0000 (0.2832,0.4662)
Resource allocation 0.4103* 0.0422 0.0000 (0.3276,0.4929)
Objective communication 0.3802* 0.0466 0.0000 (0.2888,0.4716)
Objective awareness 0.4086* 0.0424 0.0000 (0.3256,0.4916)
Risk alignment 0.3829* 0.0456 0.0000 (0.2936,0.4724)
* signifies factor loading ≥0.30
LR test for independence: chi2(21) = 252.90 Prob > chi2 = 0.0000
Table 13c:Variance explained by components
Components Eigenvalue Proportion Cumulative
Principal Component 1 3.8206 0.5458 0.5458
Principal Component 2 0.9223 0.1318 0.6776
Principal Component 3 0.8044 0.1149 0.7925
Principal Component 4 0.5640 0.0806 0.8731
Principal Component 5 0.4015 0.0574 0.9304
Principal Component 6 0.3050 0.0436 0.9740
Principal Component 7 0.1817 0.026 1.000
University of Ghana http://ugspace.ug.edu.gh
155
The table 13a above indicates that the principal component 1 has eigenvalue above one.
This component constitutes about 55% of the variability in the data set (see table 13c). All
factors load positively on this component and also have factor loadings greater than 0.30.
These factors are economically and statistically significant as shown in table 13b. Each
factor contributes almost equally on the index and labeled as objective setting index.
3. Event identification
The event identification is the recognition of internal and external events affecting the
achievement of an entity’s objectives. These events should be distinguished as risks and
opportunities. Events may be categorized among the types of influencing factors, such as
external economic, natural environmental, social, internal process-related, and or
technological; classifications that are critical to ensure that comprehensive risks are
considered. The underlining factors were grouped into six (6) key themes and they are
shown in table 14 below.
University of Ghana http://ugspace.ug.edu.gh
156
Table 14: Results: Event Identification Component
Table 14a: Selected principal component(s)
Observed
Coefficients
Bootstrap
Std Error P-value
(95% confidence
Interval)
Principal Component 1 3.4282 0.2069 0.0000 (0.4287,0.4767)
Table 14b: Factor loadings of Principal Component 1
Metric Name Loadings
Bootstrap
Std Error P-value
(95% confidence
Interval)
Environmental risks 0.4527* 0.0122 0.0000 (0.4287,0.4767)
Risk signals 0.4107* 0.0189 0.0000 (0.3735,0.4479)
Impact assessment 0.3971* 0.0213 0.0000 (0.3554,0.4387)
Risk linkages 0.4114* 0.0227 0.0000 (0.3669,0.4558)
Risk categorisation 0.4201* 0.0187 0.0000 (0.3834,0.4567)
Event categorisation 0.3507* 0.0319 0.0000 (0.2881,0.4133)
* signifies factor loading ≥0.30
LR test for independence: chi2(15) = 214.34 Prob > chi2 = 0.0000
Table 14c:Variance explained by components
Components Eigenvalue Proportion Cumulative
Principal Component 1 3.4282 0.5714 0.5714
Principal Component 2 0.9532 0.1589 0.7302
Principal Component 3 0.7045 0.1174 0.8476
Principal Component 4 0.3849 0.0642 0.9117
Principal Component 5 0.3138 0.0523 0.9640
Principal Component 6 0.2157 0.036 1.0000
From the table 14a shown above, only the first principal component meets the eigenvalue
rule. This first component accounts for roughly 57% of the variability of the data set (see
University of Ghana http://ugspace.ug.edu.gh
157
table 14c) with all factors loading positive (see table 14b). All the six (6) factors are
economically and statistically significant and individually and jointly drive the first
principal component which labeled as event identification index.
4. Risk assessment
Risk assessment involves a dynamic and iterative process for identifying and analyzing
risks to achieving the entity’s objectives, and forming a basis for determining how risks
should be managed. The severity of impact, probability of occurrence, and management’s
selection of risk responses are key to risk assessment programmes. This has been put into
four (4) key themes as shown by the PCA results in table 15 below.
University of Ghana http://ugspace.ug.edu.gh
158
Table 15: Results: Risk Assessment
Table 15a: Selected principal component(s)
Observed
Coefficients
Bootstrap
Std Error P-value
(95% confidence
Interval)
Principal Component 1 2.924 0.4652 0.0000 (3.013,3.8137)
Table 15b: Factor loadings of Principal Component 1
Metric Name Loadings
Bootstrap
Std Error P-value
(95% confidence
Interval)
Risk specification 0.5028 0.0382 0.0000 (0.4278,0.5777)
Firm risks 0.5029 0.0384 0.0000 (0.4278,0.5782)
Fraud alerts 0.4722 0.04559 0.0000 (0.3822,0.5623)
Change management 0.5208 0.0331 0.0000 (0.4558,0.5857)
* signifies factor loading>=0.30
LR test for independence: chi2(6) = 159.35 Prob > chi2 = 0.0000
Table 15c:Variance explained by components
Components Eigenvalue Proportion Cumulative
Principal Component 1 2.9259 0.7312 0.7312
Principal Component 2 0.4645 0.1161 0.8473
Principal Component 3 0.3318 0.0829 0.9303
Principal Component 4 0.2788 0.0697 1.0000
Only principal component one (1) is chosen as shown in table 15a. Also, table above 15c
shows that principal component 1 accounts for 73% of the total variability in the data set.
All factors load individually and jointly onto the component and are also statistically and
economically significant (see table 15b). This component is labeled as risk assessment
index.
University of Ghana http://ugspace.ug.edu.gh
159
5. Risk response
Risk response describes management selection of a set of actions to align risks with the
entity’s risk tolerances and risk appetite (COSO, 2004). Risk response is an important
input in the risk management process of a firm and this is also categorized into twelve (12)
key themes .Table 16 shows its PCA results.
Table 16: Results: Risk Response Component
Table 16a: Selected principal components
Observed
Coefficients
Bootstrap
Std Error P-value
(95% confidence
Interval)
Principal Component 1 6.8121 0.4433 0.0000 (5.9432,7.6810)
Principal Component 2 1.0652 0.2989 0.0000 (0.4792,1.6511)
Table 16b: Factor loadings of Principal Component 1
Metric Name Loadings
Bootstrap
Std Error P-value
(95% confidence
Interval)
Process risk 0.2757 0.0174 0.0000 (0.2414,0.3100)
Risk alerts 0.2836 0.02535 0.0000 (0.2339,0.3333)
Risk mitigants 0.2654 0.0229 0.0000 (0.2205,0.3104)
Standard setting 0.2669 0.297 0.0000 (0.2087,0.3252)
Risk monitoring 0.2736 0.02253 0.0000 (0.2293,0.3117)
Risk policies 0.3016* 0.0164 0.0000 (0.2694,0.3337)
Emerging risks 0.2859 0.0169 0.0000 (0.2527,0.3190)
Risk ownership 0.3004* 0.0136 0.0000 (0.2737,0.3271)
Risk champions 0.2829 0.2456 0.0000 (0.2347,0.3311)
Accountability 0.3101* 0.0139 0.0000 (0.2829,0.3373)
Risk oversight 0.3127* 0.0137 0.0000 (0.2859,0.3396)
Risk reporting 0.3001* 0.0131 0.0000 (0.2744,0.3258)
* signifies factor loading ≥0.30
University of Ghana http://ugspace.ug.edu.gh
160
Table 16c: Factor loadings of Principal Component 2
Metric Name Loadings
Bootstrap
Std Error P-value
(95% confidence
Interval)
Process risk 0.0035 0.1863 0.0000 (-0.3617,0.3686)
Risk alerts -0.0486 0.2078 0.0000 (-0.4559,0.3587)
Risk mitigants -0.5294* 0.4738 0.0000 (-1.456,0.39908)
Standard setting 0.3476* 0.2595 0.0000 (-0.1610,0.8563)
Risk monitoring 0.833* 0.3645 0.0000 (-0.3312,1.0978)
Risk policies 0.2661 0.2326 0.0000 (-0.1897,0.7219)
Emerging risks -0.288 0.2445 0.0000 (-0.7673,0.1913)
Risk ownership 0.1528 0.1644 0.0000 (-0.1695,0.4751)
Risk champions 0.2849 0.263 0.0000 (-0.2310,0.8008)
Accountability -0.0126 0.1341 0.0000 (-0.2753,0.2502)
Risk oversight -0.1251 0.1487 0.0000 (-0.4166,0.1664)
Risk reporting -0.4188* 0.3131 0.0000 (-1.0326,0.19492)
* signifies factor loading ≥0.30
LR test for independence: chi2(66) = 572.95 Prob > chi2 = 0.0000
Table 16d:Variance explained by components
Components Eigenvalue Proportion Cumulative
Principal Component 1 6.8120 0.5677 0.5677
Principal Component 2 1.0651 0.0888 0.6564
Principal Component 3 0.7059 0.0588 0.7153
Principal Component 4 0.6009 0.0501 0.7654
Principal Component 5 0.5613 0.0468 0.8121
Principal Component 6 0.4916 0.041 0.8531
Principal Component 7 0.4251 0.0354 0.889
Principal Component 8 0.3337 0.0278 0.9163
Principal Component 9 0.2986 0.0249 0.9412
University of Ghana http://ugspace.ug.edu.gh
161
Principal Component 10 0.2905 0.0242 0.9654
Principal Component 11 0.2354 0.0196 0.9851
Principal Component 12 0.1793 0.0149 1.0000
As shown in table 16a, two principal components are selected. The first principal
component accounts for 57% of variability in the data set (see table 16d). Though not all
the factors were economically significant, all were statistically significant with p-values of
0.0000. While five factors had loadings above 0.30 in the first principal component, only
three were significant in the second principal component (see table 16c). The table 16b
shows that the first principal component appears to be driven by risk policies, emerging
risks, risk champions, risk oversight and risk reporting. These factors individually load
positively onto the first principal component. These variables collectively reflect the risk
oversight role of management. Risk monitoring has a factor loading of 0.833 in the second
component and is labeled as risk monitoring index, while the first principal component is
labeled as risk response index. From the afore discussion, it is explicit that the first
component has a higher variability and the factors load positive. It is therefore selected.
6. Control activities
Control activities are the policies and procedures that ensure that management directives
are carried out. They help to ensure that necessary actions are taken to address risks in
order to assist the entity to achieve its objectives. Control activities occur throughout the
organization at all levels and in all functions. The control activities are categorized into
four (4) key themes as seen in table 17 which indicate a strong correlation between the
data set.
University of Ghana http://ugspace.ug.edu.gh
162
Table 17: Results: Control Activities
Table 17a: Selected principal components
Observed
Coefficients
Bootstrap
Std Error P-value
(95% confidence
Interval)
Principal Component 1 2.3042 0.2189 0.0000 (1.8751,2.7334)
Table 17b: Factor loadings of Principal Component 1
Metric Name Loadings
Bootstrap
Std Error P-value
(95% confidence
Interval)
Control manual 0.4089 0.8572 0.0000 (0.2409,0.5769)
Mitigant selection 0.5159 0.0599 0.0000 (0.3985,0.6335)
System & technology 0.5419 0.053 0.0000 (0.4379,0.6458)
Procedure manual 0.5224 0.0594 0.0000 (0.4059,0.6388)
* signifies factor loading ≥0.30
LR test for independence: chi2(6) = 73.44 Prob > chi2 = 0.0000
Table 17c:Variance explained by components
Components Eigenvalue Proportion Cumulative
Principal Component 1 2.3042 0.5761 0.5761
Principal Component 2 0.7460 0.1865 0.7626
Principal Component 3 0.5175 0.1294 0.8920
Principal Component 4 0.4321 0.1080 1.0000
From the table 17a, only principal component 1 is retained. Principal component one
accounts for 58% of the variability in the data set (see table 17c). All factors load
positively unto the component (see table 17b). Hence, this index is labeled control
activities index.
University of Ghana http://ugspace.ug.edu.gh
163
7. Information and Communication
Relevant information is identified, captured, and communicated in a form and time frame
that enable people to carry out their responsibilities. Effective communication also occurs
in a broader sense, flowing down, across, and up the entity (COSO, 2004). Information
systems must be integrated with operations and objectives. The principal component
analysis results in table 18 below show overall significance of the model and a strong
correlation between the four themes which captures information and communication.
Table 18: Results: Information & Communication Component
Table 18a: Selected principal components
Observed
Coefficients
Bootstrap
Std Error P-value
(95% confidence
Interval)
Principal Component 1 2.7289 0.1761 0.0000 (2.3837,3.7422)
Table 18b: Factor loadings of Principal Component 1
Metric Name Loadings
Bootstrap
Std Error P-value
(95% confidence
Interval)
Control data 0.5237 0.0116 0.0000 (0.5010,0.5465)
Internal communication 0.5175 0.0183 0.0000 (0.4817,0.5533)
External communication 0.4565 0.0371 0.0000 (0.3837,0.5293)
Timely information 0.4995 0.0229 0.0000 (0.4545,0.5444)
LR test for independence: chi2(6) = 134.32 Prob > chi2 = 0.0000
* signifies factor loading ≥0.30
University of Ghana http://ugspace.ug.edu.gh
164
Table 18c:Variance explained by components
Components Eigenvalue Proportion Cumulative
Principal Component 1 2.7289 0.6822 0.6822
Principal Component 2 0.6375 0.1594 0.8415
Principal Component 3 0.3329 0.0832 0.9249
Principal Component 4 0.3005 0.0751 1.0000
Principal component 1 accounts for 68% of variability in the data set as shown in table
18c. All factors are statistically significant and load positively unto this component as
shown in the table 18b. This principal component is labeled, information and
communication index.
8. Monitoring and evaluation
The entirety of enterprise risk management is monitored and modifications are made as
necessary. This input component covers the external oversight of internal controls by
management or other parties outside the process, or the application of independent
methodologies, such as customised procedures or standard checklists by employees within
a process. The monitoring factor is categorized into three (3) key themes as shown in
table 19 below.
University of Ghana http://ugspace.ug.edu.gh
165
Table 19: Results: Monitoring and evaluation
Table 19a: Selected principal components
Observed
Coefficients
Bootstrap
Std Error P-value
(95% confidence
Interval)
Principal Component 1 1.8068 0.1624 0.0000 (1.4885,2.1251)
Table 19b: Factor loadings of Principal Component 1
Metric Name Loadings
Bootstrap
Std Error P-value
(95% confidence
Interval)
Control evaluation 0.6556 0.0268 0.0000 (0.60301,0.7082)
Feedback process 0.5647 0.0442 0.0000 (0.4781,0.6512)
Board meeting 0.5013 0.0624 0.0000 (0.3789,0.6236)
LR test for independence: chi2(3) = 44.08 Prob > chi2 = 0.0000
* signifies factor loading ≥0.30
Table 19c:Variance explained by components
Components Eigenvalue Proportion Cumulative
Principal Component 1 1.8068 0.6020 0.6023
Principal Component 2 0.8046 0.2682 0.8705
Principal Component 3 0.3885 0.1295 1.0000
The first principal component with an eigenvalue of 1.8068 as shown in table 19a is
retained. All factors individually and jointly; significantly and economically load
positively unto the component (see table 19b). This chosen principal component explains
60% of the variability in the data set as shown in table 19c. Therefore, this index is
labeled as monitoring index.
University of Ghana http://ugspace.ug.edu.gh
166
9. Organisational culture
The organizational culture is an additional variable proposed by the researcher to capture
the dynamic nature of the COSO ERM framework in different working environment. The
ethical environment of an organization is seen to encompass aspects of upper
management’s tone in achieving organizational objectives, their value judgments and
management styles (COSO, 1992) introduced the concept of ‘ethical climate’ to explain
and predict organizational ethical behaviour. Review of existing literature on organization
cultures identified six (6) key themes as presented in table 20 below.
Table 20: Results: Organisational Culture
Table 20a: Selected principal component
Observed
Coefficients
Bootstrap
Std Error P-value
(95% confidence
Interval)
Principal Component 1 3.1208 0.4966 0.0000 (2.1476,4.0941)
Table 20b: Factor loadings of Principal Component 1
Metric Name Loadings
Bootstrap
Std Error P-value
(95% confidence
Interval)
Homogeneity 0.2342 0.0454 0.0000 (0.1451,0.3233)
Job-welfare conflict 0.4344 0.0212 0.0000 (0.3927,0.4761)
Firm controls structure 0.429 0.0236 0.0000 (0.3827,0.4752)
Long orientation 0.4533 0.0145 0.0000 (0.4248,0.4818)
Customer orientation 0.4464 0.0162 0.0000 (0.4145,0.4782)
Familiarity 0.4095 0.0245 0.0000 (0.3614,0.4575)
LR test for independence: chi2(15) = 144.65 Prob > chi2 = 0.0000
* signifies factor loading ≥0.30
University of Ghana http://ugspace.ug.edu.gh
167
Table 20c:Variance explained by components
Components Eigenvalue Proportion Cumulative
Principal Component 1 3.1208 0.5201 0.5201
Principal Component 2 0.9424 0.1571 0.6772
Principal Component 3 0.6350 0.1058 0.7830
Principal Component 4 0.5019 0.0837 0.8667
Principal Component 5 0.4148 0.0691 0.9358
Principal Component 6 0.3850 0.0642 1.0000
The principal component has an eigenvalue of 3.0208 as shown in table 20a and represents
52% of the variability in the data set (see table 20c). All factor loadings are above 0.30
except homogeneity with a factor loading of 0.2342 (see table 20b). The factors
individually positively load unto the first principal component. The index has an overall
level of significance. This index is therefore, labeled organizational culture index.
With reference to the modified COSO ERM adoption components discussed above, all the
nine (9) components constructed have high level of significance (p-value = 0.0000) and
the individual factors are statistically significant, indicating a strong correlation among
drivers of the proposed composite ERM adoption index.
10 The ERM index
Following the works of Namwongse & Limpiyakorn (2012) , Grace et al., (2013), Gordon
et al., (2009), Mcshane et al., (2011) and Beasley et al., (2010; 2008), this study used
principal component analysis to establish the latent factors that drive enterprise risk
management adoption in the Ghanaian banking industry using the nine (9) indices
previously generated. The ERM adoption index is a composite index, meaning the overall
score is a weighted average of the nine (9) factors.
University of Ghana http://ugspace.ug.edu.gh
168
The result of the composite ERM adoption factors is shown in table 21. The model is
statistically significant. Principal component 1 and principal component 2 as selected as
shown in table 21a below. The two components account for approximately 73 percent of
the variability in the data set (see table 21).
University of Ghana http://ugspace.ug.edu.gh
169
Table 21: Results: ERM Index
Table 21a: Selected principal components
Observed
Coefficients
Bootstrap
Std Error P-value
(95% confidence
Interval)
Principal Component 1 5.5563 0.2826 0.0000 (5.0023,6.1102)
Principal Component 2 1.017 0.1485 0.0000 (0.7258,1.3081)
Table 21b: Factor loadings of Principal Component 1
Factor Loadings
Bootstrap
Std Error P-value
(95% confidence
Interval)
Internal environment index 0.2988* 0.0213 0.0000 (0.2225,0.3752)
Objective setting index 0.3545* 0.0091 0.0000 (0.2963,0.4128)
Event identification index 0.3567* 0.0129 0.0000 (0.3012,0.4123)
Risk assessment index 0.3673* 0.0103 0.0000 (0.3169,0.4176)
Risk response index 0.3892* 0.0079 0.0000 (0.3500,0.4284)
Control activities index 0.361* 0.0114 0.0000 (0.3057,0.4163)
Information & communication index 0.3455* 0.0203 0.0000 (0.2827,0.4084)
Monitoring index 0.3469* 0.0096 0.0000 (0.2858,0.4080)
Organisational culture index 0.0364* 0.0606 0.0000 (-0.0774,0.1502)
* signifies factor loading ≥0.30
Table 21c: Factor loadings of Principal Component 1
Factor Loadings
Bootstrap
Std Error P-value
(95% confidence
Interval)
Internal environment Index 0.1423 3011 0.0000 (-2.1099,2.3894)
Objective setting Index 0.2047 0.2381 0.0000 (-1.3266,1.7361)
Event identification index 0.128 0.1719 0.0000 (-0.7336,0.9895)
Risk assessment index 0.0687 0.125 0.0000 (-0.6998,0.8372)
Risk response index -0.0928 0.0661 0.0000 (-.2955,0.1100)
University of Ghana http://ugspace.ug.edu.gh
170
Control activities index -0.1523 0.2237 0.0000 (-1.5959,1.2914)
Information & communication index -0.2219 0.2952 0.0000 (-2.1405,1.6968)
Monitoring index -0.1473 0.2258 0.0000 (-1.8891,1.5945)
Organisational culture index 0.9022* 0.1994 0.0000 (-.9542, 2.7587)
* signifies factor loading ≥0.30
LR test for independence: chi2(36) = 560.50 Prob > chi2 = 0.0000
Table 21d:Variance explained by components
Components Eigenvalue Proportion Cumulative
Principal Component 1 5.5563 0.6174 0.6174
Principal Component 2 1.0170 0.1130 0.7304
Principal Component 3 0.9691 0.1070 0.8380
Principal Component 4 0.4771 0.0530 0.8910
Principal Component 5 0.3190 0.0355 0.9265
Principal Component 6 0.2018 0.0244 0.9489
Principal Component 7 0.1890 0.021 0.970
Principal Component 8 0.1471 0.0163 0.9863
Principal Component 9 0.1234 0.0137 1.0000
The principal component 1 alone accounts for 62% of the variability in the data set (see
table 21d). The factors in the first principal component individually and jointly load
positively unto the principal component with factor loadings above 0.30 except
organisational culture which has a factor loading of 0.03. All the factors in this component
are statistically significant and is labeled enterprise risk management adoption index
(ERM adoption index).
University of Ghana http://ugspace.ug.edu.gh
171
Principal component 2 accounts for only 11% of the variability in the data set (see table
21d). Organisational culture is the dominant factors in this component with a factor
loading of 0.90 and is statistically significant as shown in table 21c. This affirms the
researchers’ believe that organisational culture plays a key significant role in ERM
adoption. This component is labeled organizational culture index. This index is dropped
because organizational culture alone cannot be the predictor of ERM adoption in banks.
Though organisational culture is not economically significant in the principal component
1, the eight other factors load positive unto the ERM adoption index, hence, these factors
individually and jointly predict ERM adoption in the Ghanaian banking industry.
Hopefully, organisation culture may influence ERM adoption in a cross-country study.
The ERM adoption index is therefore selected as the barometer to measure level of ERM
adoption in Ghanaian banks.
This study has taken the initiative to design an effective ERM adoption index based on a
modified COSO ERM framework. The approach is novel because to the best of the
researcher’s knowledge, no one has used principal component analysis in arriving at the
ERM adoption index for the Ghanaian banking industry. This ERM adoption index is used
as a dependent variable to determine the drivers of ERM adoption in the Ghanaian
banking industry.
University of Ghana http://ugspace.ug.edu.gh
172
4.5 Descriptive statistics
Table 22: Summary statistics: AML Compliance and ERM Adoption
Summary Statistic: AML and ERM Rescaled Scores
AML
Industry (mean) Maximum Minimum
Number of banks
above industry
average
500 984 2.07 38
ERM
Industry (mean) Maximum Minimum
Number of banks
above industry
average
500 968 17.46 35
Table 23: Percentile distribution of scores
Percentile distribution of banks
AML
Percentile 5th 50th 75th 95th
Label Low Medium High Very High
Number of banks 4 36 39 0
ERM
Percentile 5th 50th 75th 95th
Label Weak Fair Good Strong
Number of banks 3 36 36 4
University of Ghana http://ugspace.ug.edu.gh
173
The mean scores for AML compliance and ERM adoption were 499 and 500 respectively.
The maximum scores for AML compliance and ERM adoption were 984 and 968 with a
minimum score of 2.07 and 17.46 respectively. Thirty eight (38) banks were found to be
above the industry average for AML compliance. Surprisingly, three (3) universal banks
were among the forty one (41) banks that fell below the average. Also, whilst thirty five
(35) banks were above the industry score of 500 for ERM, a universal bank was among
firms that fell below the average. This is a cause for concern, as class one banks are
expected to have stronger risk management practices than NBFIs due to the permissible
activities they undertake. This high score in terms of AML compliance affirms the
mandatory nature of AML laws on financial institutions whilst risk management practices
meant to minimize risk exposure are not mandatory and is dependent on the choice of
banks. Furthermore, whilst none of the banks were found to have “very high” AML
compliance levels, four (4) had low AML compliance and about 94 percent lie between
“medium-high” compliance. Similarly, four (4) banks had “strong” ERM systems with
three (3) having weak ERM practices. Approximately, 91 percent of banks had “fair to
good” ERM systems
University of Ghana http://ugspace.ug.edu.gh
174
4.6 Association between AML and ERM
Table 24: AML compliance and ERM adoption
AML compliance
low medium high
very
high Total
ERM
adoption
weak 0 (0%) 2 (50%) 2 (50%)
0
(0%) 4 (100%)
fair 4 (11%)
24
(67%) 8 (22%)
0
(0%) 36 (100%)
good 0 (0%)
10
(28%)
26
(72%)
0
(0%) 36 (100%)
strong 0 (0%) 0 (0%)
3
(100%)
0
(0%) 3 (100%)
Total
4
(5.06%)
36
(46%)
39
(49%)
0
(0%)
79
(100%)
Pearson chi2(6) = 22.9198 Pr = 0.001
Restating the hypotheses,
1. AML compliance levels are high in the Ghanaian banking industry
2. ERM adoption levels are high in the Ghanaian banking industry
3. AML compliance does not significantly affect ERM adoption in the Ghanaian
banking industry;
Approximately 92 % and 91 % of banks had satisfactory AML Compliance and ERM
adoption respectively levels as shown in table 24. Chi-square results show X2(6) =22.92
University of Ghana http://ugspace.ug.edu.gh
175
with p-value of 0.001, thus rejecting Ho indicating an association between AML
compliance and ERM Adoption.
Table 25: Top ten performers
Industry
ERM Adoption
score
ERM
Label
AML
compliance
score AML Label Industry
1 968.44 strong 984.39 High 1
1 961.17 strong 984.39 High 1
1 946.46 strong 984.39 High 1
1 902.34 good 984.39 High 1
1 896.70 good 984.39 High 1
1 866.05 good 959.01 High 2
1 864.92 good 944.29 High 1
1 849.85 good 929.87 High 1
1 824.00 good 927.33 High 1
2 795.75 good 926.74 High 1
1-universal banks 2-NBFIs
Table 25 shows the top ten performances with respect to AML compliance and ERM
adoption in the Ghanaian banking sector. Interestingly, some NBFIs are among the top ten
performers in both AML compliance and ERM adoption. It is not shocking to see majority
of the top tem performers in both categories to be universal banks (1) because of the level
of risk culture.
University of Ghana http://ugspace.ug.edu.gh
176
4.7 Regression Results
This section discusses the regression results taking into consideration previous studies that
used the appointment of CRO as proxy for ERM adoption. The results of the logistics
model which uses the appointment of a CRO as indication of ERM adoption showed
mixed results similar to previous studies (see Beasley et al., 2005; Hoyt & Liebenberg,
2006). However, most of the drivers improved as shown in the OLS and the 2SLS. The
results are discussed below.
Table 26: Multivariate results
Dependent variable: CRO
ERM Adoption
index
ERM Adoption
index
Variable Logistic OLS 2SLS
ROA -0.002 -0.025 0.23
AML compliance 0.135c 0.543a 0.566a
Firm Size 0.181 1.671a 2.030c
Auditor type -0.634 0.402 0.79
Capital Adequacy
ratio
0.377 2.714 6.78
Risk Culture 1.728b -4.402b -4.948b
N 79 79 79
R2 0.54 0.35
Pseudo R2 0.52
Prob>F 0.0000
Prob.chi2 0.0000 0.0000
a, b, c indicates significance level at the 1%, 5%, and 10% level, respectively.
University of Ghana http://ugspace.ug.edu.gh
177
4.6.1 Firm performance (ROA)
The two (2)-stage least square produced a positive relationship between firm performance
(ROA) and enterprise risk management adoption though insignificant. The logistic and
ordinary least square results show a negative relationship between enterprise risk
management adoption and firm performance in line with studies by Beasley et al., (2008)
and Liu et al., (2010). Aspects of empirical literature have observed how difficult it is to
quantify the real benefits of adopting enterprise risk management (Gordon et al., 2009;
Acharyya, 2008). While the intangible benefits seem to be more readily perceived, there
is the challenge of how to measure them (EIU, 2007). Hence, firms generally believe they
will witness improvement in profit margins and returns after adopting enterprise risk
management, though they are not too sure how they would be realistically measured. The
premise that the adoption of enterprise risk management will increase bottom figures and
turnover is borne out of the notion that managing risk exposures and new opportunities
could enhance performance in general ( Pagach & Warr (2010); Deloitte & Touché,
2009). However, Purge (2008) suggests enterprise risk management adoption is a cost,
hence, until the real benefits are seen, profits are likely to be affected because of the huge
cash outflow.
4.6.2 Anti-money laundering compliance index
The AML compliance index generated interesting results. AML compliance and enterprise
risk management adoption are risk mitigation tools. Hence, firms may be more interested
in protecting on the value of the firm through cost mitigation tools. Table 21 shows a
statistically significant positive relationship between anti-money laundering compliance
and enterprise risk management adoption at 1% for 2SLS and OLS estimation methods
and 10% for the logistic estimation technique. Though to the best knowledge of the author,
University of Ghana http://ugspace.ug.edu.gh
178
no studies have been done to test this association, results buttress the rejection of the null
hypothesis that AML compliance does not influence a bank’s decision to adopt or
adoption of ERM. This implies that an AML compliance programme will increase ERM
adoption in the Ghanaian banking industry. A one percent change in anti-money
laundering compliance will result in a 0.57 increase in enterprise risk management
adoption using the 2SLS estimation method. The results clearly show that an effective
AML regime influences enterprise risk management adoption. The assertion is premised
on the fact that whereas AML compliance is enforceable by international, regional and
national anti-money laundering agencies, enterprise risk management adoption is optional,
so firms adopt at different stages in the business cycle with different reasons. To avoid
attracting regulatory actions, fines and other penalties, and to effectively manage risks at
an enterprise-wide scale, banks also conduct money laundering risk assessment of their
internal and external environments to assess money laundering vulnerabilities. However,
this is not to say that enterprise risk management adoption is totally devoid of encouraging
pro-compliance behaviour of firms.
4.6.3 Firm size
Firm size showed a positive statistically significant at 1% and 10% for the OLS and 2SLS
estimation methods consistent with Beasley et al., (2008), Hoyt & Liebenberg (2006),
Pagach & Warr (2008:2007), Gordon et al., (2009), Golshan & Abdul Rashid (2012) and
Yazid et al., (2008). Although statistically insignificant in the logistic model, firm size had
the right positive sign in all estimations, implying that firm size influences enterprise risk
management adoption positively, but not rigorously so under the logistic model. This
analysis lends credence to the assertion that larger and complex firms with greater
University of Ghana http://ugspace.ug.edu.gh
179
complexities and risks of banking distress and more volatile operating cash flows tend to
adopt enterprise risk management.
4.6.4 Auditor type
Results were mixed and also not statistically significant with regards to all the three
estimation methods contrary to Beasley et al., (2008). The logistic showed a negative
relationship between auditor type and enterprise risk management adoption, the ordinary
least square and 2SLS showed a positive influence though not statistically significant.
Though it is argued that firms audited by one of the top four auditing firms (KPMG LLP,
Ernst &Young LLP, PricewaterhouseCoopers LLP and Deloitte & Touché Tohmatsu Ltd)
are likely to adopt enterprise risk management, the Ghanaian banking industry shows
different results hence the type of auditor a bank chooses has no direct influence on its
decision to adopt ERM.
4.6.5 Capital Adequacy Ratio
Finally, a bank’s solvency measured by the level of capital it holds to meet expected and
unexpected losses arising from its risk exposures is discussed. This also gauges the safety
and soundness of a firm (Estrella et al., 2000) in times of crisis. Section 23 (1) of the
Ghanaian Banking Act 2004, Act 673 as amended requires banks to hold a minimum of 10
percent adjusted capital to adjusted assets. The overall banking industry stability and
soundness is measured by the aggregate capital adequacy ratios of individual banks.
Results revealed no link between capital adequacy and enterprise risk management
adoption though capital adequacy is key to bank’s solvency and regulators sanction/close
down banks with low capital adequacy.
University of Ghana http://ugspace.ug.edu.gh
180
4.6.6 Risk Culture
The three (3) estimation techniques revealed mixed results though all three estimates were
statistically significant at 5%. The logistic model produced a positive relationship between
risk culture and ERM Adoption implying that universal banks are likely to adopt ERM
more that non-bank financial institutions. This is not surprising due to difference in risk
taking behavior of banks and non-banks and permissible activities under the Banking
(Amendment) Act , 2007 (Act 738) and Non-Bank Financial Institutions Act, 2008, (Act
774). Though non-bank financial institutions do financial intermediation, their scope of
activities as permitted under is limited to only borrowing and lending. NBFIs are expected
to be clients of universal bank hence their forex transactions, contingency liabilities are all
handled by universal banks. Depositors’ funds are not too much at risk as these funds are
managed by universal bank. Due to the simple “vanilla” product and services operated by
NBFIs, it is normal for them to be less risky than universal banks. This results buttress the
call for separate banking regulations for bank and non-bank financial institutions to ensure
customers of NBFIs get full banking services and also deepen financial services delivery.
The overall regression model had a good fitness level (Prob.chi2 = 0.000 for logistic and
2SLS models and Prob> F = 0.0000 for the OLS estimation model). Finally, the study
concludes that AML compliance, bank size, and risk culture are predictors of ERM
adoption in the Ghanaian banking space.
University of Ghana http://ugspace.ug.edu.gh
181
CHAPTER FIVE
SUMMARY OF FINDINGS, CONCLUSIONS, CONTRIBUTIONS AND
RECOMMENDATIONS
5.0 Introduction
In this thesis, the author sought to investigate the empirical linkages AML and ERM in the
Ghanaian banking industry using a sample of 79 banking institutions licensed by Bank of
Ghana and have been in business for at least a year. Various theoretical and empirical
literature on ERM and AML as well as international and domestic laws on AML
compliance were reviewed. Both parametric and non-parametric estimation techniques
were employed to help meet the objectives of the study. Two key indices: AML
compliance index and ERM index were developed to help gauge the AML compliance and
ERM levels in the Ghanaian banking sector. The association between AML and ERM was
also established. Finally, regression analysis was used to establish the linkages between
the variables.
5.1 Summary of Findings
Analyses of the index scores for both AML and ERM show a high compliance and
adoption levels among banks, more especially the universal banks. 40 banks were above
the industry AML compliance median score. Interestingly, 14 NBFIs were among the 40
firms. What is worrying is the presence of a universal bank among firms below the
industry median. Also, 35 firms were above the ERM adoption means score. Surprisingly,
a universal bank was among the 44 firms who fell below the industry average. Though the
study establishes an association between AML and ERM, it is not quite shocking that
AML compliance scores were far higher than the ERM Adoption scores because AML
compliance is regulatory and mandatory. Furthermore, based on the score percentile
distribution and interpretation, approximately 92 percent of firms indicate “medium to
University of Ghana http://ugspace.ug.edu.gh
182
high” AML Compliance levels while about 91 percent had “fair to good” ERM adoption
levels. Based on the PCA analysis, the following factors are significant drivers of AML
Compliance in Ghana are banking industry (p- values of all PCAs = 0.000; chi-square (6)
= 305.42): money laundering risk assessment, records management, compliance
programme and corporate governance. Also, based on the PCA analysis, the following
factors are significant drivers of ERM Adoption in Ghana’s banking industry (p- values of
all PCAs = 0.000; chi-square (36) = 560.50): Internal environment, Objective setting,
Event identification, Risk response, Control activities, Information and communication
and Monitoring. In addition, banks in Ghana with good AML compliance systems have
adopted ERM.
Additionally, based on the regression results; AML Compliance is a significant predictor
of ERM adoption at 1%. Risk management practices are significant predictors of ERM
adoption at 5%. Prior studies (Gordon et al., 2009) show that profitability predicts ERM
adoption; this study confirms the positive relationship, though it is not statistically
significant. The size of a bank influences the adoption of ERM at 10%. Capital Adequacy
Ratio does not influence adoption of ERM in the Ghanaian banking sector. A Bank’s risk
culture influences its adoption of ERM. The study’s findings are robust due to the use of
mixed methods that draw on various estimation procedures.
To the best knowledge of the author, the construction of both the ERM adoption and AML
compliance indices is a novelty which reasonably measures the effectiveness of ERM
adoption and AML Compliance in Banks respectively.
University of Ghana http://ugspace.ug.edu.gh
183
5.2 Conclusions
The study set out to investigate the association between anti-money laundering compliance
and enterprise risk management adoption in the Ghanaian banking sector. The general
theoretical and empirical literature on the predictors of AML compliance and ERM
adoption is inconclusive. This study also attempts to establish the level of ERM adoption
and its drivers and AML compliance in the Ghanaian banking sector. ERM and AML
indices are developed using principal component analysis and drivers of ERM adoption in
the Ghanaian banking sector are established using logistic, ordinary least square and 2SLS
estimation techniques. The association between AML and ERM is also tested using chi-
square test.
PCA scores show encouraging AML compliance and ERM adoption levels among banks.
Results also show that money laundering risk assessment, records management,
compliance programme and corporate governance are drivers of AML compliance in the
Ghanaian banking industry. The study also reveals that AML compliance is a key driver of
ERM adoption in the Ghanaian banking industry and supports the hypothesis that larger
banks have a higher propensity to adopt ERM. The implication of this revelation is that
size matters when it comes to ERM adoption in the Ghanaian banking sector. Further, it
emerged from this study that a Ghanaian bank may not adopt ERM because it wants to
manage its risk but solely because it is audited by one of the big four (4) accounting firms.
The study further concludes that the risk culture of a bank would influence its adoption of
ERM. Finally, the study could not resolve the controversy in the literature on the exact
link between profitability and ERM adoption because it offered mixed results which were
also statistically insignificant.
University of Ghana http://ugspace.ug.edu.gh
184
The results support the global and domestic efforts made so far to contain money
laundering as shown in the high AML compliance levels of banks. Also, a comprehensive
predictor of ERM adoption using the COSO ERM framework provides a better metric than
the use of the presence of a CRO. Bank stakeholders can assess the level of ERM adoption
and AML Compliance using the indices developed. The findings from the study further
confirms that minimizing money laundering risk requires a bank to design, implement,
test, and improve its AML policies and procedures on a continuous basis since AML
compliance is a process, not an event.
5.1 Contributions to knowledge
The major contribution to literature and industry is the development of continuous AML
compliance and ERM adoption barometers and the establishment of an association
between AML compliance and ERM adoption in the banking sector of Ghana. This study
is designed to be the first to consider using a comprehensive index based on a modified
COSO ERM framework as a robust measure of ERM adoption which is a continuous
metric rather than a discrete one. In this way, one may not only judge the mere existence
of ERM adoption in firms, but also the extent of adoption. It is argued that ERM is a
process, not an event – it is a continuum as it is adopted in varying degrees over time.
Secondly, the intensity with which money laundering and terrorist financing have
increased geometrically has global consequences and African countries have not been
spared. Though international efforts have been made to enhance anti-money laundering
and propose measures of combatting terrorist financing, no robust metric has been
developed to gauge the level of compliance among financial institutions in Ghana. This
study serves as a pioneering one in light of the global attention paid to money laundering
University of Ghana http://ugspace.ug.edu.gh
185
and terrorist financing risk and bridges the measurement gap of AML compliance in
financial institutions.
The study also establishes the association between AML compliance and ERM adoption
and affirms that AML Compliance is a significant predictor of ERM adoption in the
Ghanaian banking space. Though many drivers of AML compliance have been espoused
by regulators, academics and practitioners, the study identifies four (4) key drivers of
AML compliance. Once banks focus on money laundering risk assessment, records
management, compliance programme and corporate governance, they are likely to have a
good AML environment.
5.3 Recommendations
From the positive association between AML compliance and ERM adoption, banks should
be encouraged to invest in their AML systems. The study also provides policy support to
the global AML standard setters/regulators. Also, banking institutions should understand
that a robust risk management system should aim at dealing with business risks and other
risks holistically.
The study recommends continuous risk assessment with the bank’s internal and external
environment to minimize the threat of money laundering. Also, proper customer records
and updates should be strictly enforced by bank management and regulators to help in the
prosecution of money laundering cases. Regulators should ensure that banks adhere to
proper corporate governance practices. Also, compliance programmes of banks should be
reviewed periodically to capture money laundering risks on a continuous basis.
University of Ghana http://ugspace.ug.edu.gh
186
As part of ensuring a stronger risk management environment and adherence to internal
controls, banks should employ the COSO ERM framework in their enterprise risk
management practices. Also, management should ensure that a risk culture permeates the
organization as it leads to adoption of holistic risk management.
5.4 Areas of Further Research
It is hoped that the study’s analysis would contribute to the discussion on the justifications
for AML compliance and ERM adoption, but at the same time, the researcher realises the
need for further research on this subject. For example, future researchers on the subject
should consider the role of expectations on ERM adoption and AML compliance in their
analysis, as the expectations play an important role in the determination of the firm’s
orientation towards risk mitigation, firm profitability and growth. Also, this study did not
explore the causality between AML compliance and firm performance. As data on AML
compliance becomes more available, it is the researcher’s expectation that further study is
conducted to ascertain the influence of AML compliance on firm performance. It is also
expected that the coverage of the analysis would be expanded, for example, by examining
ERM adoption and firm performance in different sectors as firms in different sectors such
as insurance and transportation are confronted by varied risks, and are thus likely to
respond differently in terms of rate of ERM adoption.
The study also did not examine the technical and effective AML compliance of Ghanaian
banks; further research could focus on this area.
University of Ghana http://ugspace.ug.edu.gh
187
BIBLIOGRAPHY
Abdullah, N. H., Shamsuddin, A., & Wahab, E. (2012). The Influence of Transformational
Leadership on Product Innovations among Small Business. International
Conference on Technology Management, Business and Entrepreneurship
(ICTMBE) 2012, 18-19 December 2012, Melaka, Malaysia.
Aboagye, A. Q., Akoena, S. K., Antwi‐Asare, T. O., & Gockel, A. F. (2008). Explaining
Interest Rate Spreads in Ghana. African Development Review, 20(3), 378-399.
Acharya, V. V., & Yorulmazer, T. (2007). Too many to fail - An analysis of time-
inconsistency in bank closure policies. Journal of Financial Intermediation,
Elsevier, 16(1), 1-31.
Acharyya, M. (2008). In measuring the benefits of enterprise risk management in
insurance: an integration of economic value added and balanced score card
approaches. Working paper for the society of Actuaries.
Adu-Amankwah, A. (2015, August 26). Money Laundering and Financing of Terrorist
Activities in Ghana at Tema Metropolitan Assembly Capacity Building and
Awareness Programme, Tema, Ghana.
Agusman, A., Monroe, G. S., Gasbarro, D., & Zumwalt, J. K. (2008). Accounting and
capital market measures of risk: Evidence from Asian banks during 1998-2003,
Journal of Banking & Finance 32, 480-488.
Alldridge, P. (2002). The Moral Limits of the Crime of Money Laundering, Buffalo
Criminal Law Review, 5 (1), 279–319.
Altuntas, M., Berry-Stölzle, T. R., & Hoyt, R. E. (2011). Implementation of Enterprise
Risk Management: Evidence from the German Property-Liability Insurance
University of Ghana http://ugspace.ug.edu.gh
188
Industry. The Geneva Papers on Risk and Insurance – Issues and Practice, 36, 414-
439.
Anderberg, M.R. (1973). Cluster Analysis for Applications, Academic Press, Inc: New
York.
Annor, G. (2014, July 22). Adansi Rural Bank increases stated capital. Daily Graphic, p.
11.
Bagella, M., Becchetti, L., & Cicero M. L. (2003). Regional Externalities and Direct
Effects of Legislation Against Money Laundering: A Test on Excess Money
Balances in The Five Andean Countries, Journal of Money Laundering Control, 7
(4), 347–366.
Baker, R. W. (1999). The Biggest Loophole in the Free-Market System, Washington
Quarterly, 22 (4), 29–46.
Baldwin, F. N. (2002). Money laundering countermeasures with primary focus upon
terrorism and the USA Patriot Act 2001 (Analysis), Journal of Money Laundering
Control, 6 (2), 105–136.
Ball, R., & Brown, P. (1969). Portfolio theory and accounting. Journal of Accounting
Research, 300-323.
Ballou, B., & Heitger, D. L. (2005). A building-block approach for implementing COSO’s
enterprise risk management – Integrated framework. Management Accounting
Quarterly, 6(2), 1-10.
Bamberger, K. A. (2010). Technologies of compliance: Risk and regulation in a digital
age. Texas Law Review, 88(4), 669-739.
University of Ghana http://ugspace.ug.edu.gh
189
Bandura, A. (2006). Toward a psychology of human agency. Perspectives on
Psychological Science, 1(2), 164-180.
Basel Institute on Governance (2012). The Basel AML Index.
Bayoumi, T. (2004). A new International Macroeconomic Mode. IMF Occasional Paper
239.
Beamon, B. M. (1996). Performance measures in supply chain management. Proceedings
of the 1996 Conference on Agile and Intelligent Manufacturing System, Rensselaer
Polytechnic Institute, Troy, New York.
Beasley, M. S., Chen, A., Nunez, K., & Wright, L. (2006). Working hand in hand:
Balanced scorecards and enterprise risk management. Strategic Finance, 49–55.
Beasley, M. S., Clune, R., & Hermanson, D. R. (2008). The impact of enterprise risk
management on the internal audit function. Journal of Forensic Accounting, 9(1),
1-20.
Beasley, M., Branson, B., & Hancock, B. (2010). COSO’s Report on ERM - Current State
of Enterprise Risk Oversight and Market Perceptions of COSO’s ERM
Framework, ERM Initiative at North Carolina State University, Raleigh.
Beasley, M., Clune, S. R., & Hermanson, D. R. (2005). Enterprise Risk Management: An
Empirical Analysis of Factors Associated with the Extent of Implementation.
Journal of Accounting and Public Policy, 24(6), 521-531.
Beasley, M., Pagach, D., & Warr, R. (2008). Information conveyed in hiring
announcements of senior executives overseeing enterprise-wide risk management
processes. Journal of Accounting, Auditing and Finance, 28(3), 311–332.
University of Ghana http://ugspace.ug.edu.gh
190
Becker, G. S. (1968). Crime and Punishment: An Economic Approach. The Journal of
Political Economy, 76(2), 169-217.
Bell, T., Solomon, F., & Thomas, I. (1997). Auditing Organisations through a strategic-
systems lens: the KPMG business measure process. KPMG.
Bester, H., Chamberlain, D., de Koker, L., Hougaard, C., Short, R., Smith, A., & Walker,
R. (2008). Implementing FATF Standards in Developing Countries and Financial
Inclusion: Findings and Guidelines. FIRST Initiative, Washington DC.
Bonano, G. (1990). General equilibrium theory with imperfect Competition. Journal of
Economic Surveys, 4 (4), 4-22.
Bongini, P., Laeven, L., & Majnoni, G. (2002). How good is the market at assessing bank
fragility? A horse race between different indicators. Journal of Banking & Finance,
26(5), 1011-1028.
Boorman, J., & Ingves, S. (2001). Financial System Abuse, Financial Crime and Money
Laundering. IMF Background Paper, International Monetary Fund.
Boscarino, J. A., Figley, C. R., & Adams, R. E. (2004). Compassion fatigue following the
September 11 terrorist attacks: A study of secondary trauma among New York
City social workers. International journal of emergency mental health, 6(2), 57.
Bossard, A. (1990). Transnational Crime and Criminal Law. Chicago.
Briers, S. (2000). The development of an integrated model of risk. Unpublished DBL
thesis. Pretoria: University of South Africa.
Brunner, R. F. (2002). Does M&A pay? A survey of evidence for the decision-maker.
Journal of Applied Finance, 12(1), 48-68.
University of Ghana http://ugspace.ug.edu.gh
191
Calandro, Jr. J. & Lane, S (2006). An introduction to the enterprise risk scorecard.
Measure Bus Excel 10(3), 31–40.
Camdessus, M. (1998). Money Laundering: the importance of International
Countermeasures. Plenary meeting of the FATF, Paris, February 10.
Caplice, C., & Sheffi, Y. (1994). A review and evaluation of logistics metrics. The
International Journal of Logistics Management, 5(2), 11-28.
Cassidy, D. (2005). Enterprise Risk Management (ERM). A New Reality for Businesses.
Employee Benefit Plan Review, 29-31.
Casualty Acturial Society (CAS). (2003). Overview of enterprise risk management.
Retrieved from: http://www.casact.org/research/erm/overview.pdf.
Chaikin, D. (2009b). Risk-based approaches to combating financial crime. Journal of
Law and Financial Management, 8 ( 2 ) , 2 4 .
Chatfield, C., & Collins, A. (1981). Introduction to multivariate analysis. Chapman and
Hall, London.
Chatterjee, S., Lubatkin, M. H., & Schulze, W. S. (1999). Toward a strategic theory of risk
premium: moving beyond CAPM. Academic. Management. Review, 24(3), 556-
567.
Cherchye, L. (2001). Using data envelopment analysis to assess macroeconomic policy
performance, Applied Economics, 33, 407-416.
Cherchye, L., Moesen, W., Rogge, N., Van Puyenbroeck, T., Saisana, M., Saltelli, A., &
Tarantola, S. (2008). Creating composite indicators with DEA and robustness
University of Ghana http://ugspace.ug.edu.gh
192
analysis: the case of the Technology Achievement Index. Journal of the
Operational Research Society, 59(2), 239-251.
Chinn, M., & Frankel, J. (2005). The Euro Area and World Interest Rates, Unpublished
paper.
Committee of Sponsoring Organisations of the Treadway Commission. (COSO). (2004).
Enterprise risk management framework. New York, NY: American Institute of
Certified Public Accountants.
Committee of Sponsoring Organisations of the Treadway Commission. (1992). Internal
Control-Integrated Framework, Executive Summary.
http://w.w.w.coso.org/publications (Accessed February 2 2013).
Committee of Sponsoring Organisations of the Treadway Commission. (2004). Enterprise
Risk Management-http://w.w.w.coso.org/publications/ERM/COSO (Accessed
March 23 2013).
Committee of Sponsoring Organisations of the Treadway Commission. (1992). Internal
control – Integrated framework, [Electronic version]. The Institute of Internal
Auditors.
Committee of Sponsoring Organizations of the Treadway Commission. (2004). Enterprise
Risk Management - Integrated Framework, Retrieved from COSO’s website:
http://www.coso.org. Accessed on 14th March 2014.
Committee of Sponsoring Organizations of the Treadway Commission. (2010).
Developing key risk indicators to strengthen enterprise risk management: How key
risk indicators can sharpen focus on emerging risks. Retrieved from:
University of Ghana http://ugspace.ug.edu.gh
193
http://www.coso.org/documents/COSOKRIPaperFull-
FINALforWebPostingDec110.pdf.
Cortina, J. M. (1993). What is coefficient alpha? An examination of theory and
applications. Journal of Applied Psychology, 78(1), 98-104.
Cuéllar, M. (2003). The Tenuous Relationship between the Fight Against Money
Laundering and the Disruption of Criminal Finance. Journal of Criminal Law and
Criminology, 93, 2-3.
Cumming, C. M., & Hirtle, B. J. (2001). The Challenges of Risk Management in
Diversified Financial Companies (Digest Summary). Economic Policy Review
Federal Reserve Bank of New York, 7(1), 1-13.
D’Arcy, S. P. (2001), Enterprise risk management. Journal of Risk Management in Korea,
12(1), 207-228.
Davis, K. E. (2003). Legislating against the financing of terrorism: Pitfalls and prospects.
Journal of Financial Crime, 10(3), 269-274.
De Koker, L. (2009). Anonymous clients, identified clients and the shades in between:
perspectives on the FATF AML/CFT standards and mobile banking, paper
presented at the 27th Cambridge International Symposium on Economic Crime, 4
September, Jesus College, Cambridge.
De Koker, L. (2009). Identifying and managing low money laundering risk: perspectives
on FATF's risk-based guidance. Journal of Financial Crime, 16(4), 334-352.
University of Ghana http://ugspace.ug.edu.gh
194
Deloitte & Touché. (2007). Global risk management survey. Fifth edition. Retrieved from
Deloitte & Touché website:http://www.deloitte.com/assets/Dcom-Albania/Local%
20Assets/Documents/ al_fsi_global_risk_mgmt_survey2007.pdf.
Deloitte & Touché. (2009). Global risk management survey. Sixth edition. Retrieved from
Deloitte & Touché website: http://www.deloitte.com/assets/Dcom-
UnitedStates/Local%
20Assets/Documents/us_fsi_GlobalRskMgmtSrvy_June09.pdf.
Diamond, D. W. (1984). Financial intermediation and delegated monitoring. The Review
of Economic Studies, 51(3), 393-414.
Dionne, G., & Garand, M. (2003). Risk Management Determinants Affecting Firms’
Values in the Gold Mining Industry: New Empirical Results. Economics Letters,
79, 43-52.
Dionne, G., Gauthier, G., Hammami, K., Maurice, M., & Simonato, J. G. (2010). Default
risk in corporate yield spreads. Financial Management, 39(2), 707-731.
Dionne, G., Pinquet, J., Maurice, M., & Vanasse, C. (2010). Incentive Mechanisms for
Safe Driving: A Comparative Analysis with Dynamic Data. Review of Economics
and Statistics 93, 218-227.
Dybvig, P. H., & Warachka, M. (2010). Tobin’s Q does not measure performance: Theory,
empirics, and alternative measures. Unpublished working paper. Washington
University, Saint Louis, United Sates.
Eckles, D. L., Hoyt, R. E., & Miller, S. M. (2011). The Impact of Enterprise Risk
Management on Firms. Journal of Management Science, 26 (3), 41-52.
University of Ghana http://ugspace.ug.edu.gh
195
Efron, B., & Tibshirani, R. (1991). Statistical data analysis in the computer age. Science
253, 390-395.
Efron, B., & Tibshirani, R. (1993). An Introduction to the Bootstrap, Chapman &
Hall/CRC, Boca Raton.
Eichholtz, P. (2004). De Vastgoedwereld: Spelers, Activiteiten en Geldstromen’,
Presentation held at the seminar Zicht op misdaad en onroerend goed, 15
December, 2004, Centre for Information and Research on Organised Crime,
Amsterdam, Vrije Universiteit.
Eling, M., & Luhnen, M. (2009). Frontier Efficiency Methodologies to Measure
Performance in the Insurance Industry: Overview and New Empirical Evidence.
The Journal of Banking and Finance, Forthcoming.
Estrella, A., Park, S., & Peristiani, S. (2000). Capital ratios as predictors of bank failure,
Economic policy review, 6(2), 33-52. Federal Reserve Bank of New York
Economic Policy Review. Retrieved
from:http://www.newyorkfed.org/research/epr/00v06n2/0007estr.pdf
FAFT (2010).Working Group on Typologies - Draft FATF Global Money Laundering and
Terrorism Financing Threat Assessment - A view of how and why criminals and
terrorists abuse finances, the effect of this abuse and the steps to mitigate these
threats - 21 June 2010, Hotel Okurra, Amsterdam, Netherlands.
Fama, E. F., & French, K. R. (2004). The capital asset pricing model: theory and evidence.
Journal of Economic Perspective, 18(3), 25-46.
Fatemi, A., & Glaum, M. (2000). Risk management practices of German firms.
Managerial Finance, 26(3), 1-17.
University of Ghana http://ugspace.ug.edu.gh
196
Feldt, L. S., Woodruffe, D. J., & Salih, F. A. (1987). Statistical Inference for Coefficient
Alpha. Applied Psychological Measuremen, 11(1), 93-103.
FIC/BoG. (2011). AML/CFT Guideline for Banks and Non-Bank Financial Institutions.
Financial Action Task Force. (1999). 1998-1999 Report on Money Laundering
Typologies, FATF, Paris. FATF (2007), Guidance on the Risk-based Approach to
Combating Money Laundering and Terrorist Financing: High Level Principles and
Procedures, FATF, Paris,
Financial Action Task Force. (2000). Financial Action Task Force, 1999-2000, Money
Laundering Typologies. Paris, 2000.
Financial Action Task Force. (2002). Basic Facts about Money Laundering. FATF
website (www1.oecd.org/fatf). FATF Mutual Evaluation Report 2009 combined
with FIU Business Object search dated 19 August 2013.
Financial Action Task Force. (1996).The forty recommendations of the financial action
task force on money laundering.
Financial Action Task Force. (2002). Report on Money Laundering Typologies 2001-
2002. Paris, 2002.
Financial Action Task Force. (2010). Money Laundering Using New Payment Methods.
FATF, Paris, 66-71.
Financial Action Task Force. (2010). The Review of the Standards: Preparation for the 4th
Round of Mutual Evaluations, FATF, Paris.
Financial Action Task Force. (2012). International Standards on Combating Money
Laundering and the Financing of Terrorism & Proliferation, The FATF
University of Ghana http://ugspace.ug.edu.gh
197
Recommendations ,FATF, Paris www.fatf-
gafi.org/topics/fatfrecommendations/documents/fatfrecommendations2012.html
Financial Action Taskforce. (2009). Risk-based Approach: Guidance for Money Service
Businesses, FATF, Paris.
Financial Action Taskforce. (2010). Global Money Laundering and Terrorist Financing
Threat Assessment: A View of How and Why Criminals and Terrorists Abuse
Finances – The Effect of This Abuse and the Steps to Mitigate These Threats,
FATF, Paris.
Fullerton, D., & Karayannis, M. (1993). Tax Evasion and the Allocation of Capital, NBER
Working Paper No. 4581, National Bureau of Economic Research, Cambridge.
Golshan, N. M., & Rashid, S. Z. A. (2012). What Leads Firms to Enterprise Risk
Management Adoption? A Literature Review. International Proceedings of
Economics Development & Research, 29.
Golshan, N. M., & Rasid, S. A. (2012). Determinants of Enterprise Risk Management
Adoption: An Empirical Analysis of Malaysian Public Listed Firms. International
Journal of Social and Human Sciences 6, 119-126.
Gordon, L., Loeb, M., & Tseng, C. (2009). Enterprise Risk Management and Firm
Performance: A Contingency Perspective. Journal of Accounting and Public
Policy, 28(4), 301-327.
Grace, M., Leverty, J., Phillips, R., & Shimpi, P. (2013). The Value of Investing in
Enterprise Risk Management, Working Paper, Georgia State University and
University of Iowa (2010). Journal of Risk and Insurance (forthcoming).
University of Ghana http://ugspace.ug.edu.gh
198
Green, S. B., Lissitz, R. W., & Mulaik, S.A. (1977). Limitations of coefficient alpha as an
index of test unidimensionality. Educational and Psychological Measurement, 37,
827-838.
Guay, W., & Kothari, S. (2003). How much do firms hedge with derivatives? Journal of
Financial Economics, 70, 423-461.
Hammond, J. S., Keeney, R. L., & Raiffa, H. (2006). The hidden traps in decision making.
Harvard Business Review, 84 (1), 118–126.
Hansen, B. E. (1969). Threshold effects in non-dynamic panels: Estimation, testing, and
inference. Journal of Econometrics 93, 345-368.
Hansen, B. E. (2009). Sample Splitting and Threshold Estimation. Econometrica, 68(3),
575-603.
Hansen, B.E. (2005). Inference when a nuisance parameter risk not identified under the
null hypothesis. Econometrica 64, 413-430.
Hansen, C., & Wernerfelt, N. W. (1989). Estimation with Many Instrumental Variables.
Journal of Business & Economic Statistics, 26(4), 398–422.
Hansen, L. (1982). Large sample properties of generalized method of moments estimators.
Econometrica, 50(3), 1029-1054.
Hansen, L. P. (2009). Another look at the instrumental variable estimation of error-
components models. Journal of Econometrics, 356, 340-354.
Haq, M. (1995). Reflections on Human Development. Oxford University Press, New
York.
Hattie, J. (1985). Methodology Review: Assessing unidimensionality of tests and items.
Applied Psychological Measurement, 9(2), 139-164.
University of Ghana http://ugspace.ug.edu.gh
199
Havenga, A. H. S. (2006). Value of enterprise risk management in the South Africa
business environment.
Hoyt, R. E., & Liebenberg, A. P. (2006). Determinants of Risk Management adoption
among the insurance companies. Journal of Business Social Science, 128(4), 213-
230.
Hoyt, R. E., & Liebenberg, A. P. (2006). The value of enterprise risk management:
Evidence from the US insurance industry. University of Georgia. Working paper.
Hoyt, R. E., & Liebenberg, A. P. (2008). The value of enterprise risk management:
evidence from the US insurance industry. Retrieved
from:http://www.risknet.de/typo3conf/ext/bx_elibrary/elibrarydownload.phd?&do
wnload.
Hoyt, R. E., & Liebenberg, A. P. (2009).The value of enterprise risk management.
Working Paper.
Hoyt, R. E., & Liebenberg, A.P. (2011). The value of enterprise risk management. The
Journal of Risk and Insurance, 78 (4), 795–822. Retrieved from:
http://www.kpmg.com/SG/en/IssuesAndInsights/ArticlesPublications/Documents/
EnterpriseRiskMgmtTheoryPractice.pdf.
International Federation of Accountants. (2007). Information Technology for Professional
Accountants. In I.E.P.S. 2. New York: International Federation of
Accountants (IFAC). Implementation. McGraw-Hill.
International Monetary Fund & World Bank (2001). Enhancing Contributions To
Combating Money Laundering. Policy Paper, International Monetary Fund and
World Bank.
University of Ghana http://ugspace.ug.edu.gh
200
International Standard Organization. (2009). ISO 31000 Risk Management — Principles
and guidelines, Retrieved from:
http://www.iso.org/iso/home/standards/iso31000.htm
Jablonowski, M. (2007). The real value of ERM. Risk Management Magazine, 16-21.
Johnson, J. (2001). In Pursuit of Dirty Money: Identifying Weaknesses in the Global
Financial System. Journal of Money Laundering Control, 5(2), 22–132.
Kaplan, R.S., & A. Mikes. 2012. Managing risks: A new framework. Harvard Business
Review, 90 (6), 48-60.
Kaspersen, H. W. K. (2005). De Wet op kansspelen en handhaving in Cyber space,
Presentation held at the seminar Gokken en georganiseerde criminaliteit, 6 April
2005, Centre for Information and Research on Organized Crime, Amsterdam, Vrije
Universiteit.
Keh, D. I. (1996). Drug Money in a Changing World: Economic Reform and Criminal
Finance, UNODC, 1996–4.
Keh, D. I. (1996). Economic Reform and Criminal Finance. Transnational Organized
Crime, 2(1), 66–80.
Kleemans, E. R., Brienen, M. E. I., & van de Bunt, H. G. (Eds.) (2002). Georganiseerde
criminalit eit in Nederland, tweede rapportage op basis van de WODC – monitor.
Ministerie van Justitie, Wetenschappelijk Onderzoek- en Documentatiecentrum
Kleffner, A. E., Lee, R. B., & McGannon, B. (2003). The Effect of Corporate Governance
on the Use of Enterprise Risk Management: Evidence from Canada. Risk
Management Insurance Review, 6(1), 53-73.
University of Ghana http://ugspace.ug.edu.gh
201
KPMG. 2010. Enterprise Risk Management—From Theory to Practice: Insurance.
Retrieved
from:http://www.kpmg.com/SG/en/IssuesAndInsights/ArticlesPublications/Docum
ents/EnterpriseRiskMgmtTheoryPractice.pdf.
Krzanowski, W. J. (1983). Cross-validatory choice in principal components analysis:
Somesampling results. Journal of Statistics Computation and Simulation, 18, 299 –
314.
Kucuk-Yilmaz, A. (2009). The Management Strategies for Resource Dependency Risk
and Research Agenda. Enterprise Risk Management, 1(2).
Lai, W., & Azizan, N. A. (2011). Critical review of literature on enterprise risk
management and the cost of capital: The value creation perspective. African
Journal of Business Management, 6 (9), 3126-3133.
Lam, J. (2001). The CRO is here to stay. Risk Management, 48(4), 16-22.
Lam, J. (2003). Enterprise risk management: from incentives to controls. Canada: John
Wiley & Sons, Inc.
Lam, J. C. (2000). Enterprise - Wide Risk Management and the role of the Chief Risk
Officer. Retrieved from
http://www.erisk.com/learning/research/011_lamriskoff.pdf.
Lawrence, P. R., & Lorsch, J. W. (1967). Differentiation and integration in complex
organizations. Administrative science quarterly, 1-47.
Levi, M. (2002). Money Laundering and Its Regulation. Annals of the American Academy
of Political and Social Science, 582.
University of Ghana http://ugspace.ug.edu.gh
202
Liebenberg, A., & Hoyt, R. (2003). The determinants of enterprise risk management:
Evidence from the appointment of chief risk officers. Risk Management and
Insurance Review, 6 (1), 37-52.
Liebenberg, A., & Hoyt, R. (2003). The determinants of enterprise risk management:
evidence from the appointment of chief risk officers. Risk Management and
Insurance Review, 6 (1), 37–52.
Liu, F., Narayanan, A., & Bai, Q. (2000). Real-time systems. Management. Business
Management Dynamics, 1 (5), 8-16.
Liu, H., & Li, Y. (2002). From Strategic Risk Measurement to Strategic Risk Management
—A Resource Based View. USA - China Business Review, 2(2).
Mackrell, N. (1997). Economic Consequences of Money Laundering, in Graycar, A., &
Grabosky, P (eds), Money Laundering in the 21st Century: Risks and
Countermeasures. Australian Institute of Criminology, Research and Public Policy
Series, Seminar held on 7 February 1996, Canberra, Australia.
Manab, N. A., Hussin, M. R., & Kassim, I. (2007). Empirical study on theory and practice
of enterprise-wide risk management functions of public listed companies in
Malaysia. Retrieved
from:http/rmi.nccu.edu.tw/apria/docs/concurrent%20iv/session%201/14707EWR
M_2007_New.doc.
Mango, D. F. (2007). An Introduction to Insurer Strategic Risk Topic 1: Risk Management
of an Insurance Enterprise. Retrieved from
www.actuaries.org/ASTIN/Colloquia/Orlando/Papers/Mango1.pdf
University of Ghana http://ugspace.ug.edu.gh
203
Masciandaro, D., & Portlano, A. (2004). Terrorism and Organised crime, Financial
Regulation and non-Cooperative countries: inside the Black (List) Box. University
of Lecce Economics, 32(14).
Masciandaro, D., Nieto, M. J., & Prast, H. (2007). Who pays for banking supervision?
Principles and trends. Journal of Financial Regulation and Compliance, 15(3), 303-
326.
Massart, D. L., & Kaufman, L. (1983). The interpretation of analytical chemical data by
the use of cluster analysis. Wiley.
McDonell, R. (1998). Money Laundering Methodologies and International and Regional
Counter-Measures, Presented at: Gambling, Technology and Society, Regulatory
Challenges for the 21st Century, Rex Hotel, Sydney.
McDowell, J. (2001). The Consequences of Money Laundering and Financial Crime,
Economic Perspectives. Economic Perspectives, an Electronic Journal of the U.S.
Department of State, 6 (2).
McShane, M. K., Nair, A., & Rustambekov, E. (2011). Does Enterprise Risk Management
Increase Firm Value? Journal of Accounting - Auditing & Finance, 16(4), 641-
658.
Meloen, J., Landman, R., de Miranda, H., van Eekelen, J., & van Soest, S. (2003). Buit en
Besteding, Een empirisch onderzoek naar de omvang, de kenmerken en de
besteding van misdaadgeld, Den Haag: Reed Business Information.
Melyn, W., & Moesen, W. (1991). Towards a synthetic indicator of macroeconomic
performance: unequal weighting when limited information is available. Public
economics research papers, 1-24.
University of Ghana http://ugspace.ug.edu.gh
204
Meulbrock, L. (2002). A Senior Manager’s Guide to Integrated Risk Management. Journal
of Applied Corporate Finance, 14(4), 56-70.
Ministry of Finance and Economic Planning. (2012). Financial Sector Strategic Plan II.
Accra, Ghana.
Mishkin, F. S. (1996). Understanding financial crises: a developing country perspective
(No. w5600). National Bureau of Economic Research.
Modigliani, F., & Miller, M. H. (1958). The cost of capital, corporate finance and the
theory of investment. American Economic Review Retrieved from:
http://www.econ.uiuc.edu/...files/PalgraveRev_ModiglianiMiller_Villamil.pdf.
Moeller, R. R. (2007). COSO Enterprise Risk Management: Understanding The New
Integrated ERM Framework. John Wiley & Sons, Inc., Hoboken, New Jersey.
Myers, M. D., Gordon, L. A., & Hamer, M. M. (1991). Post auditing capital assets and
firm performance: an empirical investigation. Managerial and Decision
Economics, 12(4), 317-327.
Namwongse, P., & Limpiyakorn, Y. (2012) Developing Portfolio Risk Index System of
Expressway Enterprise. Interdisciplinary Journal of Contemporary Research in
Business, 3, 9.
Nocco, B. W., & Stulz, R. M. (2006). Enterprise risk management: Theory and practice.
Journal of Applied Corporate Finance, 18(4), 8-20.
Nunnally, J. C. (1978). Psychometric theory. McGraw-Hill, New York.
University of Ghana http://ugspace.ug.edu.gh
205
Paauw, K. (2005). Witwassen in een Nederlands casino. Presentation held at the seminar
Gokken en georganiseerde criminaliteit. Centre for Information and Research on
Organized Crime, Amsterdam, Vrije Universiteit.
Pagach, D., & R. Warr, R. (2010). The effects of enterprise risk management on firm
performance. Retrieved from
:http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1155218.
Pagach, D., & Warr, R. (2007). An empirical investigation of the characteristics of firms
adopting enterprise risk management. North Carolina State University working
paper.
Pagach, D., & Warr, R. (2009). The effects of enterprise risk management on firm
performance. Working Paper, North Carolina State University.
Pagach, D., & Warr, R. (2011). The Characteristics of Firms That Hire Chief Risk
Officers, Journal of Risk and Insurance, 78(1), 185-211.
Passas, N. (2004). Informal Value Transfer Systems and their Mechanics. Presentation at a
2004 APEC conference in Tokyo.
Pottier, S. W., & Sommer, D. W. (2002). The Effectiveness of Public and Private Sector
Summary.
Powell, J. H. (2013, November). Advanced economy monetary policy and emerging
market economies. In speech delivered at the Federal Reserve Bank of San
Francisco 2013 Asia Economic Policy Conference, San Francisco, 4.
Putnam, R. D. (1988). Diplomacy and domestic politics: the logic of two-level games.
International organization, 42(3), 427-460.
University of Ghana http://ugspace.ug.edu.gh
206
Quirk, P. J. (1996). Macroeconomic Implications of Money Laundering, IMF Working
Paper, International Monetary Fund, 96(66).
Quirk, P. J. (1997). Money Laundering: Muddying the Macroeconomy. Finance &
Development, 34 (1), 7–9.
Rawlings, G., & Unger, B. (2005). Competing for Criminal Money. Paper prepared for the
Society for the Advancement of Socio-economics, Budapest.
Raykov, T. (1998). Cronbach’s Alpha and Reliability of Composite with Interrelated
Nonhomogenous Items. Applied Psychological Measurement, 22, 375-385.
Razali, A. R., & Tahir, I. M. (2011). Review of the Literature on Enterprise Risk
Razali, A. R., Yazid, A. S., & Tahir, I. M. (2011). The Determinants of Enterprise Risk
Management (ERM) Practices in Malaysian Public Listed Companies, Journal of
Social and Development Sciences, 1(5), 202-207.
Reuter, P., & Truman, E.M. (2004). Chasing Dirty Money. The Fight Against Money
Laundering Washington: Institute for International Economics. Washington, DC.
Robinson, M. S. (2001). The microfinance revolution: sustainable finance for the poor (1).
World Bank Publications.
Saltelli A. & Tarantola S. (2002). On the relative importance of input factors in
mathematical models: safety assessment for nuclear waste disposal. Journal of
American Statistical Association, 97 (459), 702-709.
Saltelli, A. (2007) Composite indicators between analysis and advocacy, Social Indicators
Research, 81, 65-77
University of Ghana http://ugspace.ug.edu.gh
207
Sapir, A. (2005). Globalisation and the Reform of European Social Models. Retrieved
from:http://www.bruegel.org/
Savona, E.U. (1997). Responding to Money Laundering, International Perspectives.
London, Harwood Academic Publishers.
Schneider, F., & Enste, D. H. (2000). ‘Shadow Economies: Size, Causes, and
Consequences. Journal of Economic Literature, 38, 77-114.
Schroeder, W. R. (2001). Money Laundering. FBI Law Enforcement Bulletin, 70(5), 1-12.
Sen, A. (1998). Tachyon condensation on the brane anticrime system. Journal of High
Energy Physics, 8.
Smithson, C., & Simkins, B. J. (2005). Does Risk Management Add Value? A Survey of
the Evidence. Journal of Applied Corporate Finance 17(3), 8–17.
Standard & Poor’s, (2005). Insurance Criteria: Evaluating The Enterprise Risk
Management Practices of Insurance Companies, October 17.
Stulz, R. (1996). Rethinking Risk Management. Journal of Applied Corporate Finance,
9(3), 8-24.
Stulz, R. (2003). Rethinking Risk Management: The Revolution in Corporate Finance.
(4th ed). Blackwell Publishing, 367–384.
Subbotina, N. (2009). Challenges that Russian banks face implementing the AML
regulations. Journal of Money Laundering Control, 12(1), 19-32.
Sullivan, M. A. (2004). US Multinationals Move More Profits to Tax Havens. Tax Notes
International, 27(4), 589-593.
University of Ghana http://ugspace.ug.edu.gh
208
Sveiby, K. E. (2001). A knowledge-based theory of the firm to guide in strategy
formulation. Journal of intellectual capital, 2(4), 344-358.
Tahir, I. M., & Razali, A. R. (2011). The Relationship between enterprise risk
management (ERM) and firm value: Evidence from Malaysian public listed
companies. International Journal of Economics and Management, 32-41.
Tanzi, V. (1997). Macroeconomic Implications of Money Laundering, in E.U. Savona,
Responding to Money Laundering, International Perspectives.
Taylor, J. B. (2007). Housing and monetary policy (No. w13682). National Bureau of
Economic Research.
Thony, J. F. (2002), Money Laundering and Terrorism Financing – An Overview,
Prepared for the IMF Seminar on Current Developments in Monetary and
Financial Law, Washington D.C.
Tufano, P., (1996). Who manages risk? An empirical examination of risk management
practices in the gold mining industry. Journal of Finance, 51(4), 1097-1137.
Unger, B., & van Waarden, F. (2009). How to dodge drowning in data? Rule-and risk-
based anti-money laundering policies compared. Review of Law & Economics,
5(2), 953-985.
United Nations Development Programme. (1996). Human Development Report 1996.
New York, Oxford University Press.
Vafeas, N., (1999). Board meeting frequency and firm performance. Journal of Financial
Economics, 53(1), 113–142.
University of Ghana http://ugspace.ug.edu.gh
209
Valentine, S., Godkin, L., & Lucero, M. (2002). Ethical context, organizational
commitment, and person-organization fit. Journal of Business Ethics, 41(4), 349-
361.
Walker, J. (1995). Estimates of the Extent of Money Laundering in and through Australia,
Paper Prepared for the Australian Transaction Reports and Analysis Centre,
September 1995, Queanbeyan: Jonh Walker Consulting Services.
Walker, J. (1999). How Big is Global Money Laundering?’ Journal of Money Laundering
Control, 3(1).
Walker, J. (1999). Measuring the Extent of International Crime and Money Laundering.
Prepared for Kriminál Expo, Budapest.
Walker, J. (2002). Just How Big is Global Money Laundering? Sydney: Australian
Institute of Criminology Seminar.
Ward Jr, J. H. (1963). Hierarchical grouping to optimize an objective function. Journal of
the American statistical association, 58(301), 236-244.
Weaver, G. R., Trevino, L. K., & Cochran, P. L. (1999). Corporate ethics programs as
control systems: Influences of executive commitment and environmental factors.
Academy of Management Journal, 42(1), 41-58.
Weaver, G. R., Trevino, L.K., & Cochran, P. L. (1999). Integrated and decoupled
corporate social performance: Management commitments, external pressures and
corporate ethics practices. Academy of Management Journal, 42(5), 539-553.
University of Ghana http://ugspace.ug.edu.gh
210
Welbeck, J. N. O. (2013). Developing an effective risk assessment plan that meets
regulatory expectations, conference proceedings, ACAMS 3rd AML & Financial
Crime Conference Africa, Accra, Ghana.
Welbeck, J.N.O. (2008). Competition and Performance in the Ghanaian Banking Industry.
(Unpublished master’s thesis) University of Ghana, Ghana.
White, T. (2009). Hadoop: the definitive guide: the definitive guide. O’Reilly Media, Inc..
William, C. G. (1999). Dirty money: The evolution of money maundering
countermeasures. Council of Europe Publishing, 125 - 157.
Wooldridge, J. M. (2002). Econometric Analysis of Cross Section and Panel Data.
Cambridge, Mass. MIT Press.
Woon, L. F., Azizan, N. A., & Samad, F. A. (2011). A Strategic Framework for Value
Enhancing Enterprise Risk Management. Journal of Global Business and
Economics, 2(1), 23-47.
World Bank (2006). The International Bank for Reconstruction and Development/The
World Bank/The International Monetary Fund (2006). Reference Guide to Anti-
Money Laundering and Combating the Financing of Terrorism. 2nd Edition
www.amlcft.org
Yazid A. S. (2001). Perceptions and practices of financial risk management in Malaysia.
Glasgow Caledonian University, Scotland. PhD Thesis.
Yazid, A. S., Hussin, M. R., & Razali, A. R. (2008). A cross-sectional study on foreign
exchange risk management by Malaysian manufacturers. International Business
Management Journal, 2(2), 28-32.
University of Ghana http://ugspace.ug.edu.gh
211
Yazid, A. S., Hussin, M. R., & Razali, A. R. (2009). An Empirical Study of Risk
Management Best Practices in Public Limited Companies in Malaysia. The Journal
of Risk Management and Insurance, 13, 1-22
Yazid, A. S., Hussin, M. R., and Daud, W. N. W. (2011). An Examination of Enterprise
Risk Management (ERM) Practices among the Government-Linked Companies
(GLCs) in Malaysia, International Business Research, 4(4), 94-103.
Yepes, C. V. (2011). Compliance with the AML/CFT International Standard: Lessons
from a Cross-Country Analysis. IMF Working Paper WP/11/177 (Washington:
International Monetary Fund).
Yermack, D. (1996). Higher market valuation of companies with a small board of
directors. Journal of Financial Economics, 40(2), 185-211.
Yongsheng, L., & Li, J. (2009). Design of early warning indicator system of enterprise
logistics risk based on supply chain management. Proceedings of Second
International Conference on Intelligent Computation Technology and Automation
(ICICTA), China, 918-923. doi: 10.1109/ICICTA.2009.687
Young, S.D., and O'Byrne, S.F. 2000. EVA and Value-Based Management: A Practical
Guide. McGraw-Hill, NY.
Zhang, C., Yang, R., Cheng, M., & Pan, C. (2010). Research on strategic risk based on
resource-based view. Proceedings of International Conference on Management and
Service Science (MASS), China, 1-4. doi: 10.1109/ICMSS.2010.5576858
Ziorklui, S. Q. (2001). The Impact of Financial Sector Reform on Bank Efficiency and
Financial Deepening for Savings Mobilisation in Ghana.
University of Ghana http://ugspace.ug.edu.gh
212
Appendix A: Questionnaire on Enterprise Risk Management and Anti-Money
Laundering in the Ghanaian banking sector
BACKGROUND INFORMATION:
Please take a few minutes to complete this questionnaire. The data collected is solely used
for academic purpose and industry-wide analysis. Your specific answer will be completely
confidential and anonymous, but your views, in combination with those of others, are
extremely important to measure the level of Enterprise risk management (ERM) and
Anti-money laundering (AML) compliance in banks and non-bank financial institutions
in Ghana. I do not retain personal data and will not give personal information to anyone.
Thank you very much for your time and valuable contribution.
Directions: Tick, Mark, circle or write the most appropriate response
Enterprise risk management A structured, consistent and continuous process across the
whole organisation for identifying, assessing, deciding on
responses to and reporting on opportunities and threats
that affect the achievement of its objectives.
Money laundering The process by which criminals attempt to conceal the
illegal origin and/or illegitimate ownership of property
and assets that are the proceeds of their criminal activities.
This indicates that the crime of money laundering is
University of Ghana http://ugspace.ug.edu.gh
213
Operational definitions of terms used in this survey
SECTION 1: BASIC PROFILE
1. Bank name…………………………………………………………………………
2. Name of Auditor: ……………………………………………………………….
derived from an underlying crime.
Anti-money laundering This is a set of procedures, laws or regulations designed
to stop the practice of generating income through
illegal/criminal actions
University of Ghana http://ugspace.ug.edu.gh
214
SECTION 2: ENTERPRISE RISK MANAGEMENT
Please indicate your degree of agreement with the indicators provided in the relevant box
below.
(1)SD= strongly disagree (2) SWD= Somewhat Disagree (3) D=
Disagree
(4)I = Indifferent (5) SWA = Somewhat Agree (6) A = Agree
(7) SA = Strongly Agree
3.1 Internal Environment 1 2 3 4 5 6 7
3.1.1 The firm has integrity and ethical behaviour standards
clearly enshrined in its code of ethics
3.1.2 The board of directors exercise their oversight duties
without external interferences
3.1.3 The entities structure clearly shows reporting lines and
responsibilities in the pursuit of firms’ objectives
3. 1.4 The firm is committed to attract, develop, and retain
competent individuals
3.1.5 The firm holds individuals accountable for their
internal control duties in the pursuit of set objectives
3.2 Objective Setting 1 2 3 4 5 6 7
3.2.1 Senior management defines objectives at the strategic
level, establishing a basis for operations, reporting and
compliance objectives.
University of Ghana http://ugspace.ug.edu.gh
215
3.2.2 An effective strategic planning process is in place to
formulate strategies that enable the organisation to achieve its
business objectives.
3.2.3 Objectives selected support and are aligned with the
organisation’s risk appetite, which drives risk tolerance levels
for the organisation’s activities.
3.2.4. Resources are allocated within the entity with
consideration to the entity’s risk appetite and strategies for
growth and return.
3.2.5. Objectives selected by senior management are
communicated throughout the entity to ensure that staff
understand them and knows what is to be accomplished and
are aware of the means of measuring what is to be done.
3.2.6. Objectives cascade down the entity and are aligned at
each level with relevant strategies.
3.2.7. Senior management establishes risk tolerances relative
to the importance of related objectives and aligns risk
tolerances with risk appetite.
3.3 Event Identification 1 2 3 4 5 6 7
3.3.1. Management identifies potential events, affected by
both internal and external factors that affect the ability of the
entity to implement strategies to achieve its objectives.
3.3.2 Management systematically receives information about
changes in the environment from key points of the entity,
including from knowledgeable individuals, to ensure that all
University of Ghana http://ugspace.ug.edu.gh
216
significant events are appropriately identified and considered.
3.3.3. Management systematically assesses the environment
for significant changes in competitors, markets, customers,
regulations, and other factors using techniques like industry
analysis, competitor analysis, market analysis, benchmarking,
scenario analysis and other practices.
3.3.4. Events are linked to and risk evaluated by individual
objective.
3.3.5 Management groups potential events into categories via
horizontal aggregation across the organisation and vertically
within operating units to reinforce the entity’s
portfolio view of events across the organisation
3.3.6. Management categorises events between those that
potentially pose risks and those that potentially offer
opportunities. Negative events are then taken by Management
for assessment and response. Potential events are channeled
back into management’s strategy or objective-setting process.
3.4 Risk Assessment 1 2 3 4 5 6 7
3.4.1 The firm clearly specifies and links its objectives to risks
identification and assessment
3.4.2 The firm identifies, analysis and manages risks to
achieve its objectives across the entity
3.4.3 The fi
rm considers the potential for fraud in assessing risks in
University of Ghana http://ugspace.ug.edu.gh
217
achieving its objectives
3.4.4The firm identifies and assesses changes that could
significantly impact the system of internal control.
3.5 Risk Response 1 2 3 4 5 6 7
3.5.1 Senior management continuously assesses the effects
of changes in the environment and significant process risks on
the entity’s existing risk management strategies, formulates
updated strategies to respond to changes in risks by aligning
the entity’s strategies through resource allocation and
performance measurement process.
3.5.2 Managers and activity owners throughout the entity
develop both effective early-warning systems to monitor
changes in risk factors in order to support the continuous
assessment of risk management strategies.
3.5.3 Appropriate risk management options are considered for
significant risk, including risk avoidance (avoid), pricing for
risk retained (price), risk transfer (e.g. insure, hedge, strategic
alliances, joint ventures, contractual risk sharing provisions,
etc.) (transfer), risk reduction to an acceptable level
(accept/control) or risk acceptance at present level (self-insure
risk) (accept).
3.5.4 Management understands gathers and uses best practice
standards for managing and controlling risk.
University of Ghana http://ugspace.ug.edu.gh
218
3.5 Risk Response 1 2 3 4 5 6 7
3.5.5 Management takes appropriate action on risk
management strategies formulated in response to new risks or
changes in risks and monitors the actions taken.
3.5.6. Policies for managing significant risks are approved by
the board and implemented at the direction of an executive
committee and/or a senior executive reporting directly to the
CEO.
3.5.7. Emerging risks are defined or changes in risks
significant to the entity on a timely basis.
3.5.8. Senior management periodically assesses the
implementation of risk management strategies for all
significant risks by assigning risk management ownership.
3.5.9. Selection of managers and activity owners responsible
for managing significant risks is reported to and approved by
senior management.
3.5.10. Performance accountability is established at all levels
for continuous risk controls.
3.5.11Performance appraisals and appropriate oversight and
supervision reinforce significant entity-level risk management
priorities and strategies.
3.5.12The executive committee and/or a senior executive
reporting directly to the CEO monitors all aspects of
implementing the policy and key risk management strategies
in accordance with established accountabilities.
University of Ghana http://ugspace.ug.edu.gh
219
3.6 Control Activities 1 2 3 4 5 6 7
3.6.1 The firm has a range of manual and automated activities
as diverse as approvals, authorizations, verifications,
reconciliations, reviews of business performance, security of
assets and segregation of duties.
3.6.2 The firm selects and develops a set of activities to
mitigate risk.
3.6.3 The firm selects and develops a set of activities over
technology to support the achievement of objectives.
3.6.4The firm selects and develops policies and procedures to
establish what is expected to achieve set objectives.
3.7 Information and communication 1 2 3 4 5 6 7
3.7.1 The firm obtains and/or generates quality data to support
the function of internal control.
3.7.2 The firm internally communicates information, including
objectives and duties for internal control and support of
internal control.
3.7.3The firm communicates with external parties on matters
affecting the functioning of its internal controls.
3.7.4 The firm emphasizes the importance of timely
information and communication to its overall risk
management process.
University of Ghana http://ugspace.ug.edu.gh
220
3. 8 Monitoring and Evaluation 1 2 3 4 5 6 7
3.8.1 The firm elects, develops, and performs ongoing and/or
separate evaluations to
ascertain whether components of internal control are present
and functioning
3.8.2The firm evaluates and communicates internal control
deficiencies in a timely manner to parties responsible for
taking corrective action, including senior management and the
board of directors, as appropriate.
3.8.3 The board meets at least twice in a year to deliberate on
strategies to mitigate risks on an enterprise-wide basis.
3.9 Organisational culture 1 2 3 4 5 6 7
3.9.1 Firm demonstrate homogeneity (the degree to which the
organisation culture favors process oriented verses resulted
oriented cultured )
3.9.2 Firm demonstrate job performance as against employee
welfare
3.9.3 Firm espouses rigid control structures
3.9.4 Firm’s employees espouse long term orientation. (The
degree of a firm’s long-term devotion to traditional values)
3.9.5 Firm espouses adaptation to environment (that is the
degree the firm to which firm applies intended rules)
3.9.6 Firm employees demand loyalty to organisation
University of Ghana http://ugspace.ug.edu.gh
221
SECTION 3: ANTI-MONEY LAUNDERING (AML) COMPLIANCE
Please indicate your degree of agreement with the indicators provided in the relevant box
below.
(1)SD= strongly disagree (2) SWD= Somewhat Disagree (3) D= Disagree
(4) I = Indifferent (5) SWA = Somewhat Agree (6) A = Agree
(7) SA = Strongly Agree
4.1 Money laundering risk assessment (MLRA) 1 2 3 4 5 6 7
4.1.1 Bank identifies politically exposed persons (PEPs) board and
continuous review strategic focus to avoid business/individuals
prone to money laundering risk.
4.1.2 The bank identifies vulnerabilities in relation to its size, board
and management structure as well as the ultimate beneficial owner.
4.1.3 Bank conducts risk assessment of its business relations and
channels of distribution of its product and services to assess its
money laundering risk linked with a business relationship.
4.2 Records management (RM) 1 2 3 4 5 6 7
4.2.1. The firm produces records and information for determining
compliance to AML framework.
4.2.2. The firm consider record keeping and management reporting
in the AML
Framework
University of Ghana http://ugspace.ug.edu.gh
222
4.2.3 The firm ensures that clear and adequate records and
documents relating to AML are kept by competent officers, stored
and made readily accessible to stakeholders upon request in a timely
manner.
4.2.4 The firm has appointed a competent and autonomous anti-
money laundering reporting officer (AMLRO) at the management
level to produce and submit to board regular and extensive reports
on all ML related issues.
4.2.5 The firm files appropriate suspicious transaction reports to
the Financial Intelligence Centre
4.3 Compliance Program 1 2 3 4 5 6 7
4.3.1 The firm has explicit policies and procedures for proper
customer identification and verification.
4.3.2 The firm policies and procedures which embodies customer
acceptance criteria as well as segments customers into risk bands
4.3.3The firm ensures periodic updating of client files and customer
due diligence
4.3.4The firm has tools to conduct enhanced monitoring for higher
risk customers, products or services and channels of delivery.
4.3.5 The firm has institutionalized its internal audit function to
establish effective means of testing for AML compliance.
4.3.6The firm ensures ongoing training to keep staff abreast with
developments on AML policies, procedures, systems and controls;
trends and techniques as well as staff have easy access to relevant
University of Ghana http://ugspace.ug.edu.gh
223
Thank you!
AML policies and procedures with acknowledged understanding and
receipt to raise red flags to insulate employers from ML risks.
4.4 Corporate Governance 1 2 3 4 5 6 7
4.4.1 The firms’ board of directors has approved an AML
framework.
4.4.2 Board of directors receive regular comprehensive AML
training.
4.4.3 Management adhere to both administrative and internal
auditing procedures
4.4.4 Management and board of directors of the firm are subjected to
AML risk Assessment.
4.4.5 My bank’s AML compliance efforts have evolved to have
KYC standards
4.4.6 My bank has internal audit department to ensure adherence to
AML
4.4.7 My bank is audited by one of the big top four firms?
University of Ghana http://ugspace.ug.edu.gh
224
Appendix B: Rescaled scores: ERM Adoption and AML compliance
Industry
ERM Adoption
score
ERM
Label
AML
compliance
score AML Label Industry
1 968.44 strong 984.39 high 1
1 961.17 strong 984.39 high 1
1 946.46 strong 984.39 high 1
1 902.34 good 984.39 high 1
1 896.70 good 984.39 high 1
1 866.05 good 959.01 high 1
1 864.92 good 944.29 high 1
1 849.85 good 929.87 high 1
1 824.00 good 927.33 high 1
2 795.75 good 926.74 high 1
1 776.18 good 898.88 high 1
1 761.02 good 862.47 high 1
1 756.03 good 861.57 high 1
1 753.87 good 846.01 high 1
1 735.25 good 842.17 high 1
1 729.77 good 831.28 high 1
2 718.22 good 810.38 high 1
2 710.20 good 748.32 high 1
2 691.89 good 731.95 high 1
2 670.71 good 716.47 high 1
University of Ghana http://ugspace.ug.edu.gh
225
2 666.51 good 696.04 high 1
2 653.27 good 681.29 high 1
2 644.47 good 660.18 high 1
2 621.73 good 617.94 high 1
2 606.78 good 514.77 high 1
1 599.94 good 243.86 medium 1
2 575.00 good 974.19 high 2
2 574.12 good 833.40 high 2
2 567.59 good 814.12 high 2
1 560.20 good 701.58 high 2
2 558.62 good 696.36 high 2
1 547.09 good 655.08 high 2
2 540.98 good 654.61 high 2
1 520.51 good 642.89 high 2
2 518.06 good 583.39 high 2
2 488.62 good 574.17 high 2
2 476.91 good 487.17 high 2
1 473.81 good 462.12 medium 2
2 473.64 good 422.25 medium 2
1 466.76 fair 408.44 medium 2
2 465.15 fair 359.07 medium 2
2 458.71 fair 343.64 medium 2
2 454.01 fair 320.69 medium 2
2 446.39 fair 319.45 medium 2
University of Ghana http://ugspace.ug.edu.gh
226
2 443.64 fair 313.65 medium 2
2 440.41 fair 288.11 medium 2
2 433.54 fair 278.44 medium 2
2 433.09 fair 272.75 medium 2
1 411.90 fair 250.95 medium 2
2 385.16 fair 102.72 medium 2
2 380.47 fair 706.27 high 2
1 378.00 fair 648.91 high 2
2 377.32 fair 594.93 high 2
2 377.25 fair 452.31 medium 2
2 367.06 fair 444.89 medium 2
2 359.49 fair 442.67 medium 2
2 342.81 fair 341.06 medium 2
2 341.75 fair 321.45 medium 2
2 340.15 fair 236.13 medium 2
2 339.69 fair 232.95 medium 2
2 334.36 fair 219.56 medium 2
2 334.27 fair 204.75 medium 2
2 317.88 fair 196.71 medium 2
2 304.16 fair 188.26 medium 2
2 296.51 fair 174.46 medium 2
2 265.96 fair 163.81 medium 2
2 263.84 fair 159.36 medium 2
2 251.90 fair 151.66 medium 2
University of Ghana http://ugspace.ug.edu.gh
227
2 242.90 fair 124.22 medium 2
1 236.52 fair 116.52 medium 2
2 221.99 fair 85.67 medium 2
2 219.40 fair 73.96 medium 2
2 211.64 fair 72.08 medium 2
2 204.17 fair 65.97 medium 2
2 196.91 fair 54.99 medium 2
2 143.43 weak 44.92 low 2
2 107.42 weak 29.37 low 2
1 39.83 weak 18.08 low 2
1 17.46 weak 2.07 low 2
Legend: 1-universal banks 2-NBFIs
University of Ghana http://ugspace.ug.edu.gh