AMLComplianceCorrespondent BankingFinancial IndustryMoney Laundering

Risk Factors for Correspondent Banking

Correspondent Banking Risk

This post has already been read 275 times!

What are the risk factors for correspondent banking and what can we do to mitigate them? The following is advice taken from a range of EU institutes, including the European Banking Authority. The advice is best practice no matter the region it could be applied to.

Sectoral guidelines for correspondent banks

This post provides guidelines on correspondent banking as defined in Article 3(8)(a) of Directive (EU) 2015/849. Firms offering other correspondent relationships as defined in Article 3(8)(b) of Directive (EU) 2015/849 should apply these guidelines as appropriate.

In a correspondent banking relationship, the correspondent provides banking services to the respondent, either in a principal-to-principal capacity or on the respondent’s customers’ behalf. The correspondent does not normally have a business relationship with the respondent’s customers and will not normally know their identity or the nature or purpose of the underlying transaction, unless this information is included in the payment instruction.

Banks should consider the following risk factors and measures alongside those set out in our generic risk post.

Risk factors

Product, service and transaction risk factors

The following factors may contribute to increasing risk:

  • The account can be used by other respondent banks that have a direct relationship with the respondent but not with the correspondent (‘nesting’, or downstream clearing), which means that the correspondent is indirectly providing services to other banks that are not the respondent.
  • The account can be used by other entities within the respondent’s group that have not themselves been subject to the correspondent’s due diligence.
  • The service includes the opening of a payable-through account, which allows the respondent’s customers to carry out transactions directly on the account of the respondent.

The following factors may contribute to reducing risk:

  • The relationship is limited to a SWIFT RMA capability, which is designed to manage communications between financial institutions. In a SWIFT RMA relationship, the respondent, or counterparty, does not have a payment account relationship.
  • Banks are acting in a principal-to-principal capacity, rather than processing transactions on behalf of their underlying clients, for example in the case of foreign exchange services between two banks where the business is transacted on a principal- to-principal basis between the banks and where the settlement of a transaction does not involve a payment to a third party. In those cases, the transaction is for the own account of the respondent bank.
  • The transaction relates to the selling, buying or pledging of securities on regulated markets, for example when acting as or using a custodian with direct access, usually through a local participant, to an EU or non-EU securities settlement system.

Customer risk factors

The following factors may contribute to increasing risk:

  • The respondent’s AML/CFT policies and the systems and controls the respondent has in place to implement them fall short of the standards required by Directive (EU) 2015/849.
  • The respondent is not subject to adequate AML/CFT supervision.
  • The respondent, its parent or a firm belonging to the same group as the respondent has recently been the subject of regulatory enforcement for inadequate AML/CFT policies and procedures and/or breaches of AML/CFT obligations.
  • The respondent conducts significant business with sectors that are associated with higher levels of ML/TF risk; for example, the respondent conducts significant remittance business or business on behalf of certain money remitters or exchange houses, with non-residents or in a currency other than that of the country in which it is based.
  • The respondent’s management or ownership includes PEPs, in particular where a PEP can exert meaningful influence over the respondent, where the PEP’s reputation, integrity or suitability as a member of the management board or key function holder gives rise to concern or where the PEP is from a jurisdictions associated with higher ML/TF risk. Firms should pay particular attention to those jurisdictions where corruption is perceived to be systemic or widespread.
  • The history of the business relationship with the respondent gives rise to concern, for example because the amount of transactions are not in line with what the correspondent would expect based on its knowledge of the nature and size of the respondent.

The following factors may contribute to reducing risk: The correspondent is satisfied that:

  • The respondent’s AML/CFT controls are not less robust than those required by Directive (EU) 2015/849;
  • The respondent is part of the same group as the correspondent, is not based in a jurisdiction associated with higher ML/TF risk and complies effectively with group AML standards that are not less strict than those required by Directive (EU) 2015/849.

Country or geographical risk factors

The following factors may contribute to increasing risk:

  • The respondent is based in a jurisdiction associated with higher ML/TF risk. Firms should pay particular attention to those jurisdictions
    • with significant levels of corruption and/or other predicate offences to money laundering;
    • without adequate capacity of the legal and judicial system effectively to prosecute those offences; or
    • without effective AML/CFT supervision.
  • The respondent conducts significant business with customers based in a jurisdiction associated with higher ML/TF risk.
  • The respondent’s parent is headquartered or is incorporated in a jurisdiction associated with higher ML/TF risk.

The following factors may contribute to reducing risk:

  • The respondent is based in an EEA member country.
  • The respondent is based in a third country that has AML/CFT requirements not less robust than those required by Directive (EU) 2015/849 and effectively implements those requirements (although correspondents should note that this does not exempt them from applying EDD measures set out in Article 19 of Directive (EU) 2015/849).

All correspondents must carry out CDD on the respondent, who is the correspondent’s customer, on a risk-sensitive basis. This means that correspondents must:

  • Identify, and verify the identity of, the respondent and its beneficial owner. As part of this, correspondents should obtain sufficient information about the respondent’s business and reputation to establish that the money-laundering risk associated with the respondent is not increased. In particular, correspondents should:
    • obtain information about the respondent’s management and consider the relevance, for financial crime prevention purposes, of any links the respondent’s management or ownership might have to PEPs or other high-risk individuals; and
    • consider, on a risk-sensitive basis, whether obtaining information about the respondent’s major business, the types of customers it attracts, and the quality of its AML systems and controls (including publicly available information about any recent regulatory or criminal sanctions for AML failings) would be appropriate. Where the respondent is a branch, subsidiary or affiliate, correspondents should also consider the status, reputation and AML controls of the parent.
  • Establish and document the nature and purpose of the service provided, as well as the responsibilities of each institution. This may include setting out, in writing, the scope of the relationship, which products and services will be supplied, and how and by whom the correspondent banking facility can be used (e.g. if it can be used by other banks through their relationship with the respondent).
  • Monitor the business relationship, including transactions, to identify changes in the respondent’s risk profile and detect unusual or suspicious behaviour, including activities that are not consistent with the purpose of the services provided or that are contrary to commitments that have been concluded between the correspondent and the respondent. Where the correspondent bank allows the respondent’s customers direct access to accounts (e.g. payable-through accounts, or nested accounts), it should conduct enhanced ongoing monitoring of the business relationship. Due to the nature of correspondent banking, post-execution monitoring is the norm.
  • Ensure that the CDD information they hold is up to date.

Correspondents must also establish that the respondent does not permit its accounts to be used by a shell bank, in line with Article 24 of Directive (EU) 2015/849. This may include asking the respondent for confirmation that it does not deal with shell banks, having sight of relevant passages in the respondent’s policies and procedures, or considering publicly available information, such as legal provisions that prohibit the servicing of shell banks.

In cases of cross-border correspondent relationships with respondent institutions from third countries, Article 19 of Directive (EU) 2015/849 requires that the correspondent also apply specific EDD measures in addition to the CDD measures set out in Article 13 of Directive (EU) 2015/849.

There is no requirement in Directive (EU) 2015/849 for correspondents to apply CDD measures to the respondent’s individual customers.

Correspondents should bear in mind that CDD questionnaires provided by international organisations are not normally designed specifically to help correspondents comply with their obligations under Directive (EU) 2015/849. When considering whether to use these questionnaires, correspondents should assess whether they will be sufficient to allow them to comply with their obligations under Directive (EU) 2015/849 and should take additional steps where necessary.

Respondents based in non-EEA countries

Where the respondent is based in a third country, Article 19 of Directive (EU) 2015/849 requires correspondents to apply specific EDD measures in addition to the CDD measures set out in Article 13 of Directive (EU) 2015/849.

Correspondents must apply each of these EDD measures to respondents based in a non-
EEA country, but correspondents can adjust the extent of these measures on a risk- sensitive basis. For example, if the correspondent is satisfied, based on adequate research, that the respondent is based in a third country that has an effective AML/CFT regime, supervised effectively for compliance with these requirements, and that there are no grounds to suspect that the respondent’s AML policies and procedures are, or have recently been deemed, inadequate, then the assessment of the respondent’s AML controls may not necessarily have to be carried out in full detail.

Correspondents should always adequately document their CDD and EDD measures and decision-making processes.

Article 19 of Directive (EU) 2015/849 requires correspondents to take risk-sensitive measures to:

  • Gather sufficient information about a respondent institution to understand fully the nature of the respondent’s business, in order to establish the extent to which the respondent’s business exposes the correspondent to higher money-laundering risk. This should include taking steps to understand and risk-assess the nature of respondent’s customer base and the type of activities that the respondent will transact through the correspondent account.
  • Determine from publicly available information the reputation of the institution and the quality of supervision. This means that the correspondent should assess the extent to which the correspondent can take comfort from the fact that the respondent is adequately supervised for compliance with its AML obligations. A number of publicly available resources, for example FATF or FSAP assessments, which contain sections on effective supervision, may help correspondents establish this.
  • Assess the respondent institution’s AML/CFT controls. This implies that the correspondent should carry out a qualitative assessment of the respondent’s AML/CFT control framework, not just obtain a copy of the respondent’s AML policies and procedures. This assessment should be documented appropriately. In line with the risk-based approach, where the risk is especially high and in particular where the volume of correspondent banking transactions is substantive, the correspondent should consider on-site visits and/or sample testing to be satisfied that the respondent’s AML policies and procedures are implemented effectively.
  • Obtain approval from senior management, as defined in Article 3(12) of Directive (EU) 2015/849, before establishing new correspondent relationships. The approving senior manager should not be the officer sponsoring the relationship and the higher the risk associated with the relationship, the more senior the approving senior manager should be. Correspondents should keep senior management informed of high-risk correspondent banking relationships and the steps the correspondent takes to manage that risk effectively.
  • Document the responsibilities of each institution. This may be part of the correspondent’s standard terms and conditions but correspondents should set out, in writing, how and by whom the correspondent banking facility can be used (e.g. if it can be used by other banks through their relationship with the respondent) and what the respondent’s AML/CFT responsibilities are. Where the risk associated with the relationship is high, it may be appropriate for the correspondent to satisfy itself that the respondent complies with its responsibilities under this agreement, for example through ex post transaction monitoring.
  • With respect to payable-through accounts and nested accounts, be satisfied that the respondent credit or financial institution has verified the identity of and performed ongoing due diligence on the customer having direct access to accounts of the correspondent and that it is able to provide relevant CDD data to the correspondent institution upon request. Correspondents should seek to obtain confirmation from the respondent that the relevant data can be provided upon request.

Respondents based in EEA countries

Where the respondent is based in an EEA country, Article 19 of Directive (EU) 2015/849 does not apply. The correspondent is, however, still obliged to apply risk-sensitive CDD measures pursuant to Article 13 of Directive (EU) 2015/849.

Where the risk associated with a respondent based in an EEA Member State is increased, correspondents must apply EDD measures in line with Article 18 of Directive (EU) 2015/849. In that case, correspondents should consider applying at least some of the EDD measures described in Article 19 of Directive (EU) 2015/849, in particular Article 19(a) and (b).

Register for our newsletter today

close

Register for our newsletter today