Monday, January 23, 2017

De-risking correspondent banking – The FATF demystifies KYC obligations.

The Financial Action Task Force (FATF) has recently published a guidance on correspondent banking services. As a reminder, the FATF is an inter-governmental organization developing global anti-money laundering and counter-terrorist financing standards.

At the heart of the guidance are FATF’s worries about “de-risking”. This is a practice that consists of banks avoiding risk instead of managing it. Specifically in the context of correspondent banking, it refers to banks fully terminating business relationships with a specific country or class of customer.

Can anyone wonder why banks do so, given the industry’s obsession for compliance and U.S. fines counting in billions of dollars?

Beyond, why does de-risking actually matter? According to the FATF, it matters because de-risking means less cross-border movements of funds and a more difficult access to financial services across countries and, ultimately, less international trade.

What is correspondent banking?

Correspondent banking is the ongoing provision of banking services by one bank (the “correspondent bank”) to another bank (the “respondent bank”).

In other words, the correspondent bank provides banking services to the respondent bank (and its clients). The focus of a correspondent banking relationship is on the continuing character, as opposed to simple one-off transactions.

Initial compliance obligations of the correspondent bank

The FATF guidance specifies the compliance obligations of the correspondent bank with regard to the respondent bank.

Generally speaking,

  • a simplified due diligence is never appropriate in cross-border correspondent banking because such relationship is, by definition, inherently higher risk;
  • the due diligence should be adapted the degree of risk involved in different types of banking activities.

This seems actually not a good start to counter “de-risking”.

The main general factors that the correspondent bank should consider are the following:

  • Money laundering and anti-terrorism financing risk mitigation measures implemented by the respondent bank;
  • Respondent institution’s jurisdiction;
  • Respondent bank’s products and services;
  • Respondent bank’s customer base.

There is no conclusive list of relevant risk factors and their mitigation. Given the range of relationships and products at hand, this seems obvious. Interesting is, however, why the FATF writes this: “Any effort to define what constitutes a higher risk relationship could have the unintended consequence of encouraging rather than discouraging de-risking by promoting a more rules-based and tick-the-box approach to risk management.”

Beyond general risk factors, the correspondent bank should

  • identify and verify the identity of the respondent institution and its beneficial owner;
  • understand the purpose and intended nature of the correspondent banking relationship;
  • understand what types of customers the respondent institution intends to service through the correspondent banking relationship;
  • evaluate the reputation of the respondent institution and the quality of its supervision;
  • evaluate the respondent bank’s AML/CFT (Anti-Money Laundering / Combating the Financing of Terrorism) systems and controls framework;
  • understand the respondent institution’s business (target markets, customers segments, products and services).

Besides, the correspondent bank should also evaluate the way the respondent institution offers the banking services to its customers:

  • Ultimate clients can do business with the correspondent bank indirectly, through an account which is held by the respondent bank with the correspondent bank.
  • In case of a nested relationship (also called downstream banking), the respondent bank opens an account with the correspondent bank and this account is then used by several “sub-respondent banks”, on behalf of their respective clients.
  • Payable-through-accounts (= pass-by accounts) are directly used by customers of the respondent bank to conduct business in a domestic banking market.

Here we are with a nice list of risk factors, which, in my view, rather encourage “de-risking” than actually discourage it.

KYCC – Know you customer’s customer?

That is one of the really useful clarifications of the FATF guide: No, as a correspondent bank, you don’t have to know your customer’s customer”. Banks are supposed to know and monitor their banking partner (and their business, reputation, and quality of supervision) but not their banking partner’s customers.

Ongoing compliance obligations of the correspondent bank

If you want to lose weight, it’s not enough to skip the dessert once; you have to do it every day. KYC is similar: Any correspondent banking relationship should be monitored throughout its lifetime. Risk management strategies should be adjusted over time and relationships be altered or terminated if they cannot be managed in line with the risk-based approach.

Is that really worth specifying?

Unfortunately, the FATF guidance has a major down-side: It is non-binding and, therefore, subject to national legislation that might overrule it. That is, indeed, the main disadvantage of this kind of guideline: It’s good to know to know them but actually not sufficient. Long live the banking regulation!


FATF Guidance – Correspondent Banking Services – October 2016