Correspondent Banking & AML/CFT: Global Regulators

By

Global Standards in Financial Communication

Society for Worldwide Interbank Financial Telecommunications (SWIFT)

SWIFT is a global messaging network that is widely used by financial institutions to send and receive money transfer orders. It is a cooperative society owned by member financial institutions and has offices worldwide. The SWIFT network assigns a unique code of eight or 11 characters to each financial institution, which is alternately called a bank identification code (BIC), SWIFT code, SWIFT ID, or ISO 9362 code. The code helps banks and money Transfer Services determine where to send money on a global scale. In addition to its core functions, SWIFT also plays a pivotal role in safeguarding the integrity of financial transactions through essential processes like AML name screening. By incorporating robust compliance measures, SWIFT ensures that each transaction is subject to rigorous scrutiny, further reinforcing its status as a trusted partner in the world of international finance. Since its inception in 1973, SWIFT has continuously evolved, and as of 2018, nearly half of the high-value cross-border payments worldwide have relied on the SWIFT network for their secure and efficient processing. 

Although SWIFT was only used for treasury transactions when it was first established, it has gradually developed and serves many sectors today. These sectors include treasury market participants and service providers, banks, exchanges, trading services, securities dealers, corporate business houses, asset management companies, depositories, brokerage institutes and trading houses, foreign exchange, and money brokers.

A BIC number, also known as a SWIFT code, is a critical component of international bank transactions in banks and financial organizations. The general messaging system is called SWIFT, which stands for "Society for Worldwide Interbank Financial Telecommunication." The code used in the system is called BIC, which refers to the "Business Identifier Code." Currently, BIC and SWIFT are practically interchangeable. As codes or numbers, they represent the recipient bank in a money transaction.

BIC is the International ISO standard ISO 9362. This standard defines the components and structure of a universal identifier code, known as a business identifier code (BIC), for financial and non-financial organizations that require such an international identity to simplify automated information processing.

There are two types: connected BICs with SWIFT network access and non-connected BICs with no access and just used for reference.

 

  • AAAA - A four-character bank code that appears to be a truncated form of the bank's name.
  • BB - A two-character country code that indicates the nation in which the bank is located.
  • CC - A two-character geographic code that indicates the location of the bank's headquarters.
  • DDD - 3-character branch code (optional) indicating the location of the specific branch

Some banks will have a shorter (8-character) BIC code since they do not employ the 3-character branch code. The branch code for these banks may be substituted by a triple X (i.e. MIDLGB22XXX) or eliminated completely.

Global Standards in AML/CFT

A number of international organisations, including the Basel Committee for Banking Supervision (BCBS), Committee on Payments and Market Infrastructures (CPMI), Financial Action Task Force (FATF), International Monetary Fund (IMF), Legal Entity Identifier Regulatory Oversight Committee (LEI ROC) and World Bank work in tandem with FSB for addressing issues related to correspondent banking.

The Basel Committee on Banking Supervision (BCBS) is the primary global standard setter for the prudential regulation of banks and provides a forum for regular cooperation on banking supervisory matters. Its 45 members comprise central banks and bank supervisors from 28 jurisdictions.

The Committee on Payments and Market Infrastructures (CPMI) is an international standard setter that promotes, monitors and makes recommendations about the safety and efficiency of payment, clearing, settlement and related arrangements, thereby supporting financial stability and the wider economy. The CPMI also serves as a forum for central bank cooperation in related oversight, policy and operational matters, including the provision of central bank services.

The Regulatory Oversight Committee (ROC) is a group of more than 65 financial markets regulators and other public authorities and 19 observers from more than 50 countries. It promotes the broad public interest by improving the quality of data used in financial data reporting, improving the ability to monitor financial risk, and lowering regulatory reporting costs through the harmonization of these standards across jurisdictions.

The ROC was established in November 2012 to coordinate and oversee a worldwide framework of legal entity identification, the Global LEI System (GLEIS). In October 2020 the ROC expanded its mandate to become the International Governance Body (IGB) of the globally harmonised Unique Transaction Identifier (UTI), the Unique Product Identifier (UPI) and the Critical Data Elements (CDE) for derivatives transactions. As IGB of the UTI, UPI and CDE, the ROC is the overseer of the designated UPI service provider, The Derivatives Service Bureau (DSB).

The Financial Stability Board is an international body that monitors and makes recommendations about the global financial system. It was established in the 2009 G20 Pittsburgh Summit as a successor to the Financial Stability Forum. The Board includes all G20 major economies, FSF members, and the European Commission.

The FSB will continue to work in partnership with these organisations to address this issue through a 4-point action plan:

 1) Further examine the dimensions and implications of the issue: The World Bank is publishing in November the results of its correspondent banking survey, together with a report commissioned by the G20 on remittances. The survey provides information on the scale of reduction in correspondent banking, regions and types of customer most affected, and the causes of the decline. The withdrawal of services is apparently continuing. The FSB will continue to encourage the collection of information by the World Bank and other international organisations on the scale of withdrawal, its causes and effects. National authorities should also improve their own data collection. The work to date and needed next steps are described in Section I below.

2) Clarifying regulatory expectations, as a matter of priority, including more guidance by the FATF on the application of standards for anti-money laundering and combating the financing of terrorism (AML/CFT) to correspondent banking, especially on the customer due diligence expectations for correspondent banks when faced with respondent banks in “high-risk scenarios”, as well as additional work on remittances, financial inclusion and non-profit organisations. The FATF aims to complete its work on these four projects at its Plenary meetings of June and October 2016. Work in this area by the FATF and other bodies is described in Section II.

3) Domestic capacity-building in jurisdictions that are home to affected respondent banks, building upon assessments and technical assistance from the international financial institutions, the FATF and FATF-style regional bodies and the sharing of best practices within the financial industry, including by global correspondent banks with local banks. Areas for such assistance are summarised in SectionIII.

4) Strengthening tools for due diligence by correspondent banks. This includes correspondent bank information sharing, through Know Your Customer facilities and broader use of the global LEI. The CPMI and the LEI ROC have made proposals in these areas, set out in Section IV

FATF guidance on Correspondent Banking Services

FATF guidance on correspondent banking services was released on October 2016Analytical work undertaken so far by different bodies, including the FATF,1 shows that derisking is a complex issue driven by various considerations including: profitability; reputational and liability risks; changes in banks’ financial risk appetites; the amount of financial penalties imposed by supervisory and law enforcement authorities, increased compliance costs associated with implementing conflicting regulatory requirements, including anti-money laundering and counterterrorist financing (AML/CFT) and confusion caused by the term Know-Your-Customer’s-Customer (KYCC). A recent survey2 also shows that in some cases, banks will exit the relationship solely on the basis of profits (“de-marketing”), irrespective of the risk context and of market circumstances.

Correspondent banking is an activity that has been negatively impacted by de-risking in certain regions6 and sectors. This is of concern to the international community, as correspondent banking is an important means of facilitating cross-border movements of funds, and enabling financial institutions to access financial services in different currencies and foreign jurisdictions, thereby supporting international trade, charitable giving, commerce and remittances flows, all of which contributing to promoting financial inclusion.

The purpose of this Guidance is to address de-risking by clarifying the application of the FATF standards in the context of correspondent banking relationships and money or value transfer service (MVTS) providers rendering similar services (i.e. MVTS acting as intermediaries in processing and/or executing the transactions of their own customers through accounts – see II d) below) by:

a) supporting the development of a common understanding of what the RBA entails for banks engaged in correspondent banking activity and MVTS providers rendering similar services; respondent institutions with MVTS providers as customers; and financial institutions relying on third-party MVTS providers, in their role as intermediaries, to execute payment transactions,

b) clarifying the interplay between the FATF standards on cross-border correspondent banking (Recommendation 13) and MVTS providers acting as intermediaries, and the FATF standards on customer due diligence (Recommendation 10) and wire transfers (Recommendation 16), as well as on targeted financial sanctions (Recommendations 6 and 7),

c) highlighting the extent to which correspondent institutions and MVTS providers offering similar services may gain a sufficient understanding of the customers of the respondent institutions and the associated risks, and

d) clarifying the expectations for correspondent institutions when dealing with respondents whose customer bases include MVTS providers.


Recommendation 16: Wire transfers

Countries should ensure that financial institutions include required and accurate originator information, and required beneficiary information, on wire transfers and related messages, and that the information remains with the wire transfer or related message throughout the payment chain.

Countries should ensure that financial institutions monitor wire transfers for the purpose of detecting those which lack required originator and/or beneficiary information, and take appropriate measures.

Countries should ensure that, in the context of processing wire transfers, financial institutions take freezing action and should prohibit conducting transactions with designated persons and entities, as per the obligations set out in the relevant United Nations Security Council resolutions, such as resolution 1267 (1999) and its successor resolutions, and resolution 1373(2001), relating to the prevention and suppression of terrorism and terrorist financing.

The Interpretive Note 16 give further explanation.


The FATF recommends using a risk-based approach to correspondent banking arrangements. According to the report, the following steps should be taken to prevent money laundering through correspondent banking.

  • Respondent institution due diligence: The FATF advises that cross-border correspondent banking arrangements be subjected to extra due diligence. Because cross-border correspondent banking connections are seen to be intrinsically riskier than local correspondent customer interactions, such additional safeguards are necessary.
  • Gathering sufficient information to understand the nature of the respondent institution's business in relation to the risks identified: The correspondent organization should also gather sufficient knowledge to know the nature of the complainant institution's business in relation to the risks recognized.
  • Validating respondent organization information and assessing/documenting greater risks: The correspondent organization may acquire the information directly from the respondent entity when establishing new correspondent banking connections. However, independent sources of information such as corporate registers, registries maintained by competent authorities on the founding or licensing of respondent institutions, and registries of beneficial ownership must be used to verify this data.
  • Continuous transaction monitoring:  Continuous AML Monitoring of correspondent banking account activity is required to ensure compliance with aimed financial sanctions and to detect any changes in the respondent institutions' facilitate that could indicate suspicious activity or potential variations from the correspondent partnership.
  • Demand for transaction information: If the correspondent institution's tracking system flagsa transaction that may indicate unusual activity, the correspondent organization should have inner processes to investigate further, including requesting transaction information from the respondent institution to clear up the confusion and possibly clear the flag.
  • Clearly defined terms for the correspondent banking relationship: Correspondent institutions can better control their vulnerabilities by engaging in a formal agreement with the respondent institution before receiving correspondent services.
  • Ongoing communication and dialogue: Correspondent institutions should maintain an open and ongoing conversation with respondent organizations, including assisting them in understanding the correspondent's AML/CFT legislation and desires and engaging with them to improve their AML/CFT controls and processes as needed.
  • Adapting mitigation measures to risk evolution: The amount and kind of AML/CFT risk might evolve throughout the life of a connection, and the correspondent institution's risk management approach should be adjusted to reflect these changes.

While correspondent banking is essential for the efficient operation of international commerce and transactions, both respondent banks and correspondent banks should have effective anti-money laundering and counter-terrorist financing compliance procedures in place to reduce risks.  AML Software that is both efficient and effective is critical to the success of any AML/CFT compliance program.


Wolfsberg Group

The key purpose of a money laundering risk assessment is to drive improvements in financial crime risk management through identifying the general and specific money laundering risks a FI is facing, determining how these risks are mitigated by a firm’s AML programme controls and establishing the residual risk that remains for the FI. The results of a risk assessment can be used for a variety of reasons, including to:

· Identify gaps or opportunities for improvement in AML policies, procedures and processes

· Make informed decisions about risk appetite and implementation of control efforts, allocation of resources, technology spend

 · Assist management in understanding how the structure of a business unit or business line’s AML compliance programme aligns with its risk profile

 · Develop risk mitigation strategies including applicable internal controls and therefore lower a business unit or business line’s residual risk exposure

 · Ensure senior management are made aware of the key risks, control gaps and remediation efforts

· Assist senior management with strategic decisions in relation to commercial exits and disposals

· Ensure regulators are made aware of the key risks, control gaps and remediation efforts across the FI

 · Assist management in ensuring that resources and priorities are aligned with its risks.



Correspondent Banking Due Diligence Questions

 

In April 2020, the Wolfsberg Group also released a revised version of the correspondent banking due diligence questionnaire (CBDDQ). Designed to provide a reasonable and enhanced view of a FI’s FCC policies and practices, the CBDDQ should be used to fulfill due diligence requirements when working with cross-border and/or higher-risk respondents.

More recently, in August 2022, the Group also issued best practice guidance on requests for information (RFI). Following the completion of the CBDDQ, the RFI process allows the correspondent to see how the respondent’s anti-money laundering (AML) and know your Customer (KYC) programs work in practice, allowing the respondent to demonstrate how elements of its program functions. 

 

According to the Wolfsberg Group, correspondent banks should issue an RFI if:

 

·         Concerns arise around transaction monitoring and/or AML and combatting the financing of terrorism (CFT) measures

·         Financial Intelligence Units (FIUs) need to review projects

·         Account activity requires a review due to unusual or suspicious activity


On October 28, the Wolfsberg Group issued updated guidelines and best practices for financial institutions (FIs) involved in correspondent banking. The guidance replaces the Group’s 2014 edition and widens its scope to address entities other than banks, such as non-bank financial institutions (NBFIs) and payment service providers (PSPs), that may also have correspondent relationships. 

According to the Financial Action Task Force (FATF), “Correspondent banking is essential in the global payment system and vital to international trade and the global economy as a whole.” Owing to the crucial role of correspondent banking worldwide, the Wolfsberg Group aims to provide guidance for FIs to prevent these global networks from being used for criminal purposes.

 Updated Correspondent Banking Principles

The updated principles promote effective risk management and enable FIs to exercise sound business judgment regarding their correspondent banking customers. Throughout the report, the Wolfsberg Group advocates FIs adopt a risk Based Approach to each principle – allocating their resources and level of response according to the level of risk presented. 

Applicable to all correspondent banking relationships that an FI establishes or maintains for a respondent, the Wolfsberg Group’s principles include:

 

·         Defining policies and procedures that require specified personnel to be responsible for ensuring compliance with all correspondent banking activity

·         Identifying and defining an acceptable risk appetite that has been approved by the Board or other similar senior stakeholders

·         Undertaking appropriate due diligence, assessing factors such as geographic location, ownership and management structures, and the quality of the respondent’s financial crime controls (FCC) program

·         Applying enhanced due diligence (EDD) to respondents that pose more significant risks, such as Politically exposed Persons(PEPs)

·         Implementing procedures to detect, investigate, and report unusual or suspicious activity

·         Reviewing relationships with the respondents on an ongoing basis



Frequency of Risk assessment

 Undertaking an enterprise-wide risk assessment is a complex and resource-intensive task but nonetheless a necessary one in order to understand a FI’s risk environment. The periodicity of the enterprise-wide risk assessment will depend upon a number of factors including the methodology employed, the type and extent of interim validation/verification that is undertaken, the results of the risk assessment, as well as internal or external risk events. FIs should decide on the appropriate frequency of the risk assessment in order to maintain the relevance of their findings and risk mitigation programme. Some FIs will refresh their risk assessments annually, however, if there are no material changes to the risk environment, some may choose to undertake their risk assessments less frequently. In exceptional circumstances, such as regulatory intervention for example, a risk assessment may be conducted more frequently than annually. Regardless of the frequency with which an enterprise-wide risk assessment is undertaken, FIs are usually required to report annually on the status of the money laundering risk environment. This can take the form of an Annual Report or other types of reports. As such, one approach is to undertake a trigger-based interim validation of the most recent risk assessment, looking to highlight whether there has been any change to the previously identified risk environment. These changes could stem from internal (e.g. significant increase in suspicious activity reports) or external (e.g. significant enforcement action against a peer institution) drivers. Any changes may result in the initiation of additional action plans or highlight a need to undertake a more in-depth assessment in certain areas.

 

Additionally, ad hoc risk assessments may be performed, focusing on higher risk areas and the specific controls that have been implemented to address the given risk. The results from these ad hoc risk assessments can then be incorporated into the next regular ML risk assessment.

 

 FIs should review their methodology on a regular basis (most likely annually) to ensure that any changes in internal or external factors are incorporated appropriately in order to arrive at the most accurate picture of risk possible. Any changes in the methodology employed from one year to the next will need to be clearly documented and approved by the relevant governance function (e.g. senior management, Financial Crime Executive Committee). Changes will need to be assessed in terms of a FI’s ability to compare results year on year, otherwise potentially significant changes in the results may not be justifiable, clearly explained or understood. FIs may also choose to have their methodology reviewed regularly by an independent testing function, e.g. audit or an independent third party. This should allow for consistency of risk management within the FI as well as provide a view of how the methodology compares across the industry.






Happy reading,


Those who read this, also read


1. AML/CFT: International Cooperation

2. Correspondent Banking & AML/CFT: RBI, India

Formerly Faculty for Finance & Associate Dean, IBS-Kochi MBA (Banking & Finance – CUSAT);CFA. Accredited Management Teacher from CME of AIMA, Delhi has been in Management Education from 1988. Exposure is in the field of Mutual Funds, Market Research, Project Report preparation & evaluation, Advertising & NGO Activities. This Chief Manager, UTI Asset Management Co Pvt. Ltd(1992-2003), Mumbai. Undergone training in Case Study method of teaching under Mr. Trevor Williams and Mr. Scott M Andrews conducted by the ECCH, UK . Published Books & Book Review, Series of academic articles and maintains a column on MFs under "Fund scan" in Business Manorama since January 2007,Contributes "Portfolio Doctor" column for 'Sampadyam' a wealth mgt publication in Malayalam from manorama group since February 2007, Listed her case studies at asiacase.com.Presented papers in national & international conferences on Mutual Funds. Faculty Member @ ASIET, Kalady from 2010 to June 2019. Dean @ SNGIST, N Paravur, Ernakulam from Sep 2019 -Jan 2021, I continue my efforts to spread the knowledge in area of Finance and contribute to Management Education

Comments

Post a Comment

Popular posts from this blog

National Risk Assessment (NRA): India

By
  India's National Risk Assessment (NRA) is  an ongoing exercise to identify sectors that are vulnerable to money laundering and terrorist financing (ML/TF) .  The NRA is based on recommendations from the Financial Action Task Force (FATF) and helps inform policy-making, resource allocation, and the implementation of effective AML/CFT measures. The NRA also ensures that national strategies address both domestic and international threats. The NRA provides a foundation for informed policy-making, resource allocation, and the implementation of effective AML/CFT measures . It ensures that national strategies are aligned with the specific risk landscape of the country and that they address both domestic and international threats. The subject matter of NRA  was discussed in the Anti-Money Laundering Steering Committee (AMLSC) set up with the approval of Finance Minister, and it was decided to conduct the NRA following the World Bank methodology. The Methodology requi...
Read more

Customer Due Diligence(CDD) : Individuals

By
Image
This post is based on RBI Master Circular dated Feb 25, 2016 updated on Jan 04, 2024  Part I - Customer Due Diligence (CDD) Procedure in case of Individuals For undertaking CDD, REs shall obtain the following from an individual while establishing an account-based relationship or while dealing with the individual who is a beneficial owner, authorised signatory or the power of attorney holder related to any legal entity: (a)     the Aadhaar number where,   (i) He is desirous of receiving any benefit or subsidy under any scheme notified under section 7 of the Aadhaar (Targeted Delivery of Financial and Other subsidies, Benefits and Services) Act, 2016 (18 of 2016); or (ii) He decides to submit his Aadhaar number voluntarily to a bank or any RE notified under first proviso to sub-section (1) of section 11A of the PML Act; or (aa) the proof of possession of Aadhaar number where offline verification can be carried out; or (ab) the proof of possession of Aa...
Read more

Periodic Updation of Customer Risk Profile

By
1. Preparation of Customer Profile from KYC Data In the initial years of KYC, RBI has been following a handholding approach as can be seen from their circular dated July 2009 and that of Feb 25, 2016 as updated on Jan 04, 2024. RBI requires REs to conduct risk profiling and risk categorization and periodic updation.  Extracts from RBI MD dated July 01, 2009 under Customer Acceptance Policy a)ii) Parameters of risk perception are clearly defined in terms of the nature of business activity , location of customer  and his clients, mode of payments, volume of turnover, social and financial status etc. to enable categorisation of customers into low, medium and high risk (banks may choose any suitable nomenclature viz. level I, level II and level III). Customers requiring very high level of monitoring, e.g. Politically Exposed Persons (PEPs) may, if considered necessary, be categorised even higher; b). Banks should prepare a profile for each new customer based on risk categorisatio...
Read more