Thursday, January 26, 2017

Money laundering & Financing of terrorism - What correspondent banks and website hosting companies have in common.

Banking is special.” / “Banking is complex.”

I hear those statements all the time. And I always wonder whether this is really true. Indeed, those statements seem sometimes rather self-directed in that they enhance one’s own importance. The underlying message is more “I am special and complex.” than the primary reference to banks.

When the Basel Committee on Banking Supervision recently published a document revising an annex on correspondent banking to the guidelines of sound management of risks related to money laundering and financing of terrorism, I was reminded of the above.

Imagine you are a website hosting company. You are basically providing people access to the Internet by storing their content and making it accessible through a website. You are basically providing a service to your customers without knowing in detail how and for what purpose they will use it.

Correspondent banking is the same: You (the correspondent bank) provide banking services to another bank (the respondent bank) without exactly knowing what the respondent bank is doing with them. In the end, if you knew that precisely, you would perhaps carry out the activities yourself!

Back to our website hosting company: When accepting clients, there are two extreme approaches which you probably cannot run:

  • “I don’t care who publishes what through my platform as long as I am paid.”
  • “I need to know exactly who provides which content to whom and for what purpose.”

The first approach is, at least, unethical, and might as well end up being illegal, for example if you host a platform for the sale of stolen cars. The second would be neither profitable nor feasible in practice. So you will end up in the middle, doing some checks but not monitoring everything.

Because banking is “special”, we call this middle a “risk-based approach”, a “holistic view of risk factors and mitigants” and the like.

I render a service to you and get paid for it.

Now you will rightfully reply to me that it is not enough to know the extremes in order to find the middle.

Let’s go back to the start then and think it over again:

  • I: You are a website hosting company. You should definitely know who you are.
  • render a service: You know what service you are providing; otherwise it would be difficult to sell it. What you don’t know exactly is what your buyer will do with it.
  • to you: You should know who your client is. (Be careful, we are getting closer to banking jargon here!) By contrast, it is not necessary (and probably only feasible to a certain extend) to know who is visiting your client’s website.
  • and get paid for it: Again, you would be a bad seller if you did not know how much money you get in return. Money can obviously take different forms and channels (currency, payment mechanics, maturities, etc.) but let’s leave that aside for now.

If you think about these four elements, you will most likely come very close to the middle.

In the jargon of banking regulators, the formula “I render a service to you and get paid for it.” is called differently:

They rather talk about the following:

  • I: Sorry, the BIS paper doesn’t actually help you to figure out who you are.
  • render a service: “inherent risks resulting from the nature and purpose of services provided”
  • to you: The customer due diligence is about the characteristics of the respondent bank (major business activities, target markets, types of customers served, management and ownership, AML policies in place, level of civil, administrative, or criminal actions) and the environment in which it operates (namely quality and effectiveness of banking regulation and supervision). Regarding the respondent bank’s customer, knowing them is referred to as “KYCC – Know your customer’s customer” and is actually not required.
  • and get paid for it: No comment here from the BIS. This is actually commercial, not regulatory.

Tomorrow is different than today.

Correspondent banking or website hosting is not like selling bananas. If you buy bananas, you can eat them only within the next few days and there is only a limited number of recipes for which you can use your bananas (At least, I think so…). Website hosting is different: Your customer uses it every day and modifies the published content all the time.

This is why, to know the middle, it’s actually not enough to determine your middle once. You have to do it all the time or, at least, in regular intervals.

Bank regulators find other words:

The correspondent bank should have policies in place to ensure ongoing monitoring of the correspondent banking relationship. Above all, inconsistent financial activity and activities contrary to commitments taken by the respondent bank, should be possible to detect.”

Beyond all critics, the BIS paper is useful, I think. Setting standards for compliance checks is perhaps difficult but, if actually applied, can make your day-to-day life in banking much easier.


Basel Committee on Banking Supervision – Revised Annex on Correspondent Banking – November 2016