Correspondent Banking & AML/CFT : BCBS

By

 



 According to the FATF glossary, “correspondent banking is the provision of banking services by one bank (the ‘correspondent bank’) to another bank (the ‘respondent bank’)”. For the purpose of its guidance on correspondent banking (hereafter “the FATF guidance”), the FATF does not include one-off transactions or the mere exchange of messaging capabilities  but rather states that correspondent banking is characterised by its ongoing, repetitive nature. Like the FATF guidance, this Annex 2 to BCBS paper titled " Sound Management of Risks related to Money Laundering & Terrorism"  2017 duly revised in July 2020 focuses on higher-risk correspondent banking relationships, in particular cross border correspondent banking involving the execution of third-party payments. Indeed, in line with FATF Recommendation 13, cross border correspondent relationships (as opposed to domestic relationships) are the ones that should prompt additional customer due diligence measures.

Used by banks throughout the world, correspondent banking services enable respondent banks to conduct business and provide services43 that they cannot offer otherwise (owing to the lack of an international presence and cross-border payment systems). As noted by the Financial Stability Board, the ability to make and receive international payments via correspondent banking is vital for businesses and individuals, and for the G20’s goal of strong, sustainable, balanced growth.

 Correspondent banks that execute and/or process transactions for customers of respondent banks generally do not have direct business relationships with these customers, which may be individuals, corporations or financial services firms, established in jurisdictions other than that of the correspondent bank. Thus the customers of the correspondent bank are the respondent banks.

Correspondent banks are therefore required to conduct appropriate due diligence on the respondent banks and are not generally required to do so on the respondent banks’ customers.

 Because of the structure of this activity and the limited information available regarding the nature or purpose of the underlying transactions, correspondent banks may be exposed to money laundering and financing of terrorism (ML/FT) risks.

Respondent banks are the ones responsible for conducting due diligence on their customers using correspondent banking services. The present guidance addresses both correspondent banks that provide the services and respondent banks that use the services.

 If the respondent bank is an affiliate of the correspondent bank, the AML/CFT policies and procedures applicable at the consolidated group level apply to the respondent bank.



Risk-based approach in the context of providing correspondent banking services

The FATF guidance clarifies that, while additional customer due diligence (CDD) measures are required for cross-border correspondent banking, not all such correspondent banking services carry the same level of ML/FT risks. The FATF guidance focuses on higher-risk correspondent banking relationships, in particular, cross-border correspondent banking relationships involving the execution of third-party payments. This section provides factors that banks should consider when assessing the level of risk of a particular correspondent banking relationship.


A    Risk Indicators and Risk Assessment

 Banks that undertake correspondent banking activities should assess the ML/FT risks associated with the relationship.

 


Risk indicators that correspondent banks should consider in their risk assessment include:

 

1. The inherent risk resulting from the nature of services provided, in particular:



 (a) the purpose of the services provided to the respondent bank (eg foreign exchange services for respondents’ proprietary trading, securities trading on recognised exchanges or payments between a respondent’s group within the same jurisdiction may constitute indicators of lower risk);

(b) whether the banking services will be used, via nested (downstream) correspondent(s), by either the respondent bank’s affiliates or other third parties, and the different risks these parties entail (see paragraph 12 below);

(c)  whether the banking services will be used, via payable-through-account(s) activity, by either the respondent bank’s affiliates or other third parties, and the different risks these parties entail (see paragraph on Ongoing Monitoring).

 

 2. The characteristics (and information on) of the respondent bank, in particular: 



(d) the respondent bank’s major business activities including target markets and overall types of customers served in key business lines;48

(e) the respondent bank’s management and ownership (including the beneficial owners) and whether they represent specific ML/FT risks (eg politically exposed persons (PEPs));

(f)  the respondent bank’s money laundering prevention and detection policies and procedures, including a description of the CDD measures applied by the respondent bank to its customers and the correspondent bank’s ability to obtain information on a particular transaction as specified in paragraphs 32–3 of the FATF guidance;

(g) whether any civil, administrative or criminal actions or sanctions, including public reprimands, have been applied by any court or supervisory authority to the respondent bank, when it occurred, the severity, and how the respondent bank addressed the identified shortcomings.

3).The environment in which the respondent bank operates, in particular:

 


(h)  the jurisdiction in which the respondent bank (and its parent company when the respondent bank is an affiliate) is located;

(i) the jurisdictions in which subsidiaries and branches of the group may be located, possibly using the group structure available in the Legal Entity Identifier (LEI) system, as well as the jurisdictions in which third parties using the correspondent banking relationship may be located;

(j) the quality and effectiveness of banking regulation and supervision in the respondent’s country (especially AML/CFT laws and regulations)  and the respondent’s parent company country when the respondent is an affiliate.

B. Nested (downstream) Correspondent Banking 


Nested, or downstream, correspondent banking refers to the use of a bank’s correspondent relationship by a number of respondent banks through their relationships with the bank’s direct respondent bank to conduct transactions and obtain access to other financial services.

 

Downstream correspondent banking relationships are an integral and generally legitimate part of correspondent banking. Nesting may be a way for regional banks to help small local banks within the respondent’s region obtain access to the international financial system or to facilitate transactions where no direct relationship exists between banks.

 

Providing access to third-party foreign financial institutions that are not the customer of the correspondent bank, and so not necessarily known, can obscure financial transparency and increase ML/FT risks. As a result, correspondent banks should require that respondent banks disclose whether accounts include nested relationships as part of account opening and ongoing risk profile reviews. Respondent banks should disclose accurate information regarding the existence of nested relationships.

 

Correspondent banks should assess the ML/TF risk associated with customers which are respondent banks with nested relationships on an individual case by case basis, consistent with the risk based approach. The level of risk may vary depending on the nature of nested foreign financial institutions served by respondent banks, including size and geographical location, products and services offered, markets and customers served, and the degree of transparency provided by the respondent bank (eg in formatting payment transactions).

 

In order to assess the ML/FT risks associated with a nested relationship, correspondent banks should understand the purpose of the nested relationship. To this end, they may consider the following factors, among others:

 (a) The number and type of financial institutions a respondent bank serves;

 (b) Whether the nested banks are located in the same jurisdiction as the respondent (considering the knowledge a respondent bank might have of its own jurisdiction) or a different country;

 (c) Whether the jurisdiction of the nested bank and the areas the nested bank serves have adequate AML/CFT policies according to available public information (eg FATF information); the types of services the respondent offers to nested banks (proprietary only or customer services such as correspondent banking);

 (d) The length of the relationship between the correspondent and respondent banks (eg a long standing relationship which enables the correspondent bank to have a good understanding of the ML/FT risk associated with the relationship versus a new one);

 (e) The adequacy of the due diligence programme of the respondent bank to evaluate the AML/CFT controls on its nested banks.

 (f) The due diligence programme should be updated periodically and provided to the correspondent bank at its request.

 

 Respondent banks should promptly respond to requests for information from correspondent banks (see FATF guidance, paragraphs 32–3) related to transactions through respondent banks, as appropriate.

 

C. Information-gathering


 Before entering into a business relationship with a respondent bank, correspondent banks should gather sufficient information to understand the nature of the respondent’s business and assess ML/FT risks both at the outset and on an ongoing basis. There is no requirement or expectation for a correspondent bank to apply CDD measures to customers of the respondent bank or to duplicate the data on its customers obtained and stored by the respondent bank.

 

Information on a respondent bank’s AML/CFT policies and procedures may be obtained from the respondent bank, for example via a questionnaire, or from publicly available information (such as financial information or any mandatory supervisory information relating to the respondent bank). An industry-wide questionnaire may be useful, provided it is used as a starting point for the risk assessment. The correspondent bank should verify the identity of the respondent bank using reliable, independent source documents, data or information (see Annex 4) and take measures to verify other CDD information on the respondent bank obtained on a risk-sensitive basis and identify any beneficial owners.

 

At account opening, banks may collect – and subsequently update – respondent banks’ information by using third-party databases that contain relevant information on banks (often referred to as “KYC utilities”). KYC utilities may provide efficiency gains for both correspondent and respondent banks to gather and provide information, especially with regard to standardisation and interoperability (eg the ability of different systems to share data). From the correspondent bank perspective, using a KYC utility could in particular be useful for gathering information on the respondent bank, especially to assess the risk indicators listed in paragraph 9. If banks see benefits in using KYC utilities for obtaining information from the respondent bank, supervisors see in principle no objection to the use of utilities in correspondent banking risk assessment processes, provided the conditions and factors described in paragraphs 6bis and 6ter of Annex 4 are met and the final responsibility for CDD remains with the correspondent.

 

Banks should also consider gathering information from public sources. These may include the website of the supervisory authority of the respondent bank, for cross-checking identification data with the information obtained by the supervisor in the licensing process, or with regard to potential AML/CFT administrative sanctions that have been imposed on the respondent bank. This may also include public registries (see FATF guidance, paragraph 25).

 

In assessing whether to enter into a correspondent banking relationship, the correspondent bank should also consider relevant information on the jurisdiction in which the respondent operates, for instance from international bodies or other sources listed in paragraph 25 of the FATF guidance. Where deficiencies are identified in certain jurisdictions, correspondent banks should also take into account the corrective measures under way to strengthen the jurisdiction’s AML/CFT controls, as well as efforts by domestic authorities to instruct respondent banks on how to strengthen their controls and mitigate ML/FT risks. This would be relevant especially where a correspondent bank is considering whether an existing correspondent banking relationship could be subject to additional monitoring or restrictions, rather than termination.


Assessment of the Respondent Bank’s AML/CFT Controls

 

All correspondent banking relationships should be subject to an appropriate level of due diligence following a risk-based approach, as presented above. The level of due diligence should be proportionate to the respondent bank’s risk profile and consistent with paragraph 14 of the FATF guidance. Banks should not treat the CDD process as a “paper-gathering exercise” but as an essential step to support assessment of ML/FT risk, as described in paragraphs 9–11. This involves the correspondent bank assessing the respondent bank’s AML/CFT controls on a risk-sensitive basis (for example, receiving a description of the respondent bank’s AML/CFT procedures and systems, including sanctions screening, checking if the internal audit function regularly reviews the adequacy of the respondent bank’s AML/CFT controls) consistent with the FATF guidance and the main body of the present guidelines. Based on the correspondent’s own risk assessment, the information-gathering should be complemented by liaising

directly (eg by phone or videoconference) with the respondent bank’s local management and compliance officer, or potentially by an on-site visit.

 

CDD information should also be reviewed and updated regularly, in accordance with the risk based approach. The updating could be based on changes to risks associated with the respondent relationship. This information should be used to update the bank’s risk assessment process.

 

Customer Acceptance and Retention

 

The decision to enter into a correspondent banking relationship with a respondent bank should be approved by the relevant senior management of the correspondent bank. When significant ML/FT risk factors emerge in an existing correspondent banking relationship, the correspondent should review the relationship. Following the review, the decision to continue the relationship with additional risk mitigation measures or to terminate it should be escalated to the relevant senior management.

Pursuant to the FATF standards (Recommendation 13), correspondent banks should refuse to enter into or continue correspondent banking relationships with “shell” banks (ie banks incorporated in a jurisdiction in which they have no physical presence and which is unaffiliated with a regulated financial group).Correspondent banks should not enter into correspondent banking relationships if they are not satisfied, based on the information gathered or received, that the respondent bank is not a shell bank.


Ongoing Monitoring

 

Correspondent banks should establish appropriate policies, procedures and systems to detect financial activity that is not consistent with the purpose of the services provided to respondent banks or any financial activity that is contrary to commitments that may have been concluded between the correspondent bank and the respondent bank. The level of ongoing monitoring should be commensurate with respondent banks’ risk profiles.

 Respondent banks should ensure that full and accurate originator and beneficiary information is included in payment messages sent to correspondent banks, in accordance with FATF Recommendation 16 and to enable correspondent banks to screen sanctions and monitor transactions.


If a correspondent bank decides to allow correspondent accounts to be used directly by third parties to transact business on their own behalf (payable-through accounts), it should conduct enhanced monitoring of these activities in line with the specific risks assessed. The correspondent bank should satisfy itself that the respondent bank has conducted adequate CDD on the customers with direct access to correspondent accounts and that the respondent bank can provide relevant CDD information upon request.

 As part of ongoing monitoring, if there are doubts after analysing unusual activity alerts generated by the monitoring process, the correspondent bank could issue a Request for Information on that particular transaction to the respondent bank.

Before considering withdrawing from a correspondent banking relationship, the correspondent bank may consider additional measures such as limiting the services provided, real-time monitoring, sample testing of transactions or on-site visits.

Senior management should be regularly informed of high-risk correspondent banking relationships and how they are monitored, particularly where risks are considered very high.


The Role of banks processing Cross-Border Wire Transfers

 

The Committee document Due diligence and transparency regarding cover payment messages related to cross-border wire transfers sets supervisory expectations concerning the respective roles of the originator’s bank, the intermediary banks and the beneficiary’s bank in processing a cross-border payment for a wire transfer. Although the document focuses on cover payments, most of the expectations apply more widely to all payment messages, as described below. Originating banks are responsible for using the right format for payment messages. They should require that information on the originator and beneficiary accompanies wire transfers, while others in the payment chain are required to monitor the payments they process based on this information. The Committee encourages all banks to apply high transparency standards, in full compliance with FATF Recommendation 16, and applicable national laws and regulations.

 

In particular, the quality of information provided in payment messages should be part of ongoing monitoring. Indeed, as mentioned in the Committee guidance on payment messages,55 the correspondent bank as an intermediary should monitor the payment messages transmitted by the respondent bank for the purpose of detecting those which lack required originator and/or beneficiary information, including meaningless fields,56 consistent with FATF Recommendation 16 and straight through processing. and verify the reliability of the respondent’s controls, for instance via sample testing (ie a closer look at a few transactions to identify cases where they do not comply with the wire transfer information requirements).

Sample testing may also help the correspondent bank to adjust the level and type of monitoring, including the timing of ex post reviews.

The respondent bank, acting as the ordering financial institution, remains responsible for performing customer due diligence on the originator and must verify originator information for accuracy and maintain this information in accordance with local regulatory requirements implementing FATF Recommendation 16.

As recommended by the CPMI, the use of the LEI as additional information in payment messages should be possible on an optional basis in the current relevant payment messages (ie MT 202 COV and MT 103). Where available, the use of the LEI would facilitate the determination by the correspondent bank that the information in the message is sufficient to unambiguously identify the originator and beneficiary of a transfer.


Group-wide and cross-border considerations

 

If a respondent bank has correspondent banking relationships with several entities belonging to the same group (case 1), the head office of the group should ensure that the assessments of the risks by the different entities of the group are consistent with the group-wide risk assessment policy. The group’s head office should coordinate the monitoring of the relationship with the respondent bank, particularly in the case of a high-risk relationship, and make sure that adequate information-sharing mechanisms inside the group are in place.

 

source: BCBS, BIS 

Financial group supervised on a consolidated basis or on an under consolidated basis

 

If a correspondent bank has business relationships with several entities belonging to the same group but established in different host countries (case 2), the correspondent bank should take into account the fact that these entities belong to the same group. Nevertheless, the correspondent bank should also independently assess the ML/FT risks presented by each business relationship.




Source: BCBS,BIS

Business relationships should be formalised in written agreements that clearly define the roles and responsibilities of the banking partners.

 

Including notice periods for terminating or limiting the business relationships in the terms and conditions governing the correspondent banking relationship is recommended as it should be part of the correspondent bank’s risk management procedures. From the respondent bank’s perspective, such notice periods should inform banks’ business continuity plans.57 As part of contingency planning for critical functions under operational risk management, a respondent bank may consider having more than one correspondent banking account for its payment services, where necessary for its continued operation.

Senior management should also be aware of the roles and responsibilities of the different services within the bank (eg business lines, compliance officers (including the chief or group AML/CFT officer), audit) pertaining to correspondent banking activities.

A bank’s internal audit and compliance functions58 have important responsibilities in evaluating and ensuring compliance with procedures related to correspondent banking activities. Internal controls should cover identification measures of the respondent banks, the collection of information, the ML/FT risk assessment process, ongoing monitoring of correspondent banking relationships and compliance with the duties to detect and report suspicions (about respondents and/or possible underlying subjects involved in the transactions).


List of relevant FATF recommendations

 

FATF new recommendations (including their interpretative notes) 


    •    R. 1: Assessing risks and applying a risk-based approach

    •    R. 2: National cooperation and coordination

·         R. 9: Financial institution secrecy law

·         R. 10: Customer due diligence

·         R. 11: Record-keeping

·         R. 12: PEPs

·         R. 13: Correspondent banking

·         R. 15: New technologies

·         R. 16: Wire transfers

·         R. 17: Reliance on third parties

·         R. 18: Internal controls and foreign branches and subsidiaries

·         R. 20: Reporting of suspicious transactions

·         R. 26: Regulation and supervision of financial institutions

·         R. 40: International cooperation


Happy Reading.


Those who read this, also read:

1. Correspondent Banking & AML/CFT : RBI, India

2. Correspondent Banking & AML/CFT: Global Regulators

Formerly Faculty for Finance & Associate Dean, IBS-Kochi MBA (Banking & Finance – CUSAT);CFA. Accredited Management Teacher from CME of AIMA, Delhi has been in Management Education from 1988. Exposure is in the field of Mutual Funds, Market Research, Project Report preparation & evaluation, Advertising & NGO Activities. This Chief Manager, UTI Asset Management Co Pvt. Ltd(1992-2003), Mumbai. Undergone training in Case Study method of teaching under Mr. Trevor Williams and Mr. Scott M Andrews conducted by the ECCH, UK . Published Books & Book Review, Series of academic articles and maintains a column on MFs under "Fund scan" in Business Manorama since January 2007,Contributes "Portfolio Doctor" column for 'Sampadyam' a wealth mgt publication in Malayalam from manorama group since February 2007, Listed her case studies at asiacase.com.Presented papers in national & international conferences on Mutual Funds. Faculty Member @ ASIET, Kalady from 2010 to June 2019. Dean @ SNGIST, N Paravur, Ernakulam from Sep 2019 -Jan 2021, I continue my efforts to spread the knowledge in area of Finance and contribute to Management Education

Comments

Post a Comment

Popular posts from this blog

National Risk Assessment (NRA): India

By
  India's National Risk Assessment (NRA) is  an ongoing exercise to identify sectors that are vulnerable to money laundering and terrorist financing (ML/TF) .  The NRA is based on recommendations from the Financial Action Task Force (FATF) and helps inform policy-making, resource allocation, and the implementation of effective AML/CFT measures. The NRA also ensures that national strategies address both domestic and international threats. The NRA provides a foundation for informed policy-making, resource allocation, and the implementation of effective AML/CFT measures . It ensures that national strategies are aligned with the specific risk landscape of the country and that they address both domestic and international threats. The subject matter of NRA  was discussed in the Anti-Money Laundering Steering Committee (AMLSC) set up with the approval of Finance Minister, and it was decided to conduct the NRA following the World Bank methodology. The Methodology requi...
Read more

Customer Due Diligence(CDD) : Individuals

By
Image
This post is based on RBI Master Circular dated Feb 25, 2016 updated on Jan 04, 2024  Part I - Customer Due Diligence (CDD) Procedure in case of Individuals For undertaking CDD, REs shall obtain the following from an individual while establishing an account-based relationship or while dealing with the individual who is a beneficial owner, authorised signatory or the power of attorney holder related to any legal entity: (a)     the Aadhaar number where,   (i) He is desirous of receiving any benefit or subsidy under any scheme notified under section 7 of the Aadhaar (Targeted Delivery of Financial and Other subsidies, Benefits and Services) Act, 2016 (18 of 2016); or (ii) He decides to submit his Aadhaar number voluntarily to a bank or any RE notified under first proviso to sub-section (1) of section 11A of the PML Act; or (aa) the proof of possession of Aadhaar number where offline verification can be carried out; or (ab) the proof of possession of Aa...
Read more

Periodic Updation of Customer Risk Profile

By
1. Preparation of Customer Profile from KYC Data In the initial years of KYC, RBI has been following a handholding approach as can be seen from their circular dated July 2009 and that of Feb 25, 2016 as updated on Jan 04, 2024. RBI requires REs to conduct risk profiling and risk categorization and periodic updation.  Extracts from RBI MD dated July 01, 2009 under Customer Acceptance Policy a)ii) Parameters of risk perception are clearly defined in terms of the nature of business activity , location of customer  and his clients, mode of payments, volume of turnover, social and financial status etc. to enable categorisation of customers into low, medium and high risk (banks may choose any suitable nomenclature viz. level I, level II and level III). Customers requiring very high level of monitoring, e.g. Politically Exposed Persons (PEPs) may, if considered necessary, be categorised even higher; b). Banks should prepare a profile for each new customer based on risk categorisatio...
Read more