“Banking is special.” / “Banking is complex.”
I
hear those statements all the time. And I always wonder whether this
is really true. Indeed, those statements seem sometimes rather
self-directed in that they enhance one’s own importance. The
underlying message is more “I am special and complex.” than the
primary reference to banks.
When
the Basel Committee on Banking Supervision recently published a
document revising an annex on correspondent banking to the guidelines
of sound management of risks related to money laundering and
financing of terrorism, I
was
reminded of the above.
Imagine
you are a website hosting company. You are basically providing people
access to the Internet by storing their content and making it
accessible through a website. You are basically providing a service
to your customers without knowing in detail how and for what purpose
they will use it.
Correspondent
banking is the same: You (the correspondent bank) provide banking
services to another bank (the respondent bank) without exactly
knowing what the respondent bank is doing with them. In the end, if
you knew that precisely, you would perhaps carry out the activities
yourself!
Back
to our website hosting company: When accepting clients, there are two
extreme approaches which you probably cannot run:
-
“I don’t care who publishes what through my platform as long as I am paid.”
-
“I need to know exactly who provides which content to whom and for what purpose.”
The
first approach is, at least, unethical, and might as well end up
being illegal, for example if you host a platform for the sale of
stolen cars. The second would be neither profitable nor feasible in
practice. So you will end up in the middle, doing some checks but not
monitoring everything.
Because
banking is “special”, we call this middle a “risk-based
approach”, a “holistic view of risk factors and mitigants”
and the like.
I
render a service to you and get paid for it.
Now
you will rightfully reply to me that it is not enough to know the
extremes in order to find the middle.
Let’s
go back to the start then and think it over again:
-
I: You are a website hosting company. You should definitely know who you are.
-
render a service: You know what service you are providing; otherwise it would be difficult to sell it. What you don’t know exactly is what your buyer will do with it.
-
to you: You should know who your client is. (Be careful, we are getting closer to banking jargon here!) By contrast, it is not necessary (and probably only feasible to a certain extend) to know who is visiting your client’s website.
-
and get paid for it: Again, you would be a bad seller if you did not know how much money you get in return. Money can obviously take different forms and channels (currency, payment mechanics, maturities, etc.) but let’s leave that aside for now.
If
you think about these four elements, you will most likely come very
close to the middle.
In
the jargon of banking regulators, the formula “I render a
service to you and get paid for it.” is called differently:
They
rather talk about the following:
-
I: Sorry, the BIS paper doesn’t actually help you to figure out who you are.
-
render a service: “inherent risks resulting from the nature and purpose of services provided”
-
to you: The customer due diligence is about the characteristics of the respondent bank (major business activities, target markets, types of customers served, management and ownership, AML policies in place, level of civil, administrative, or criminal actions) and the environment in which it operates (namely quality and effectiveness of banking regulation and supervision). Regarding the respondent bank’s customer, knowing them is referred to as “KYCC – Know your customer’s customer” and is actually not required.
-
and get paid for it: No comment here from the BIS. This is actually commercial, not regulatory.
Tomorrow
is different than today.
Correspondent
banking or website hosting is not like selling bananas. If you buy
bananas, you can eat them only within the next few days and there is
only a limited number of recipes for which you can use your bananas
(At least, I think so…). Website hosting is different: Your
customer uses it every day and modifies the published content all the
time.
This
is why, to know the middle, it’s actually not enough to determine
your middle once. You have to do it all the time or, at least, in
regular intervals.
Bank
regulators find other words:
“The
correspondent bank should have policies in place to ensure ongoing
monitoring of the correspondent banking relationship. Above all,
inconsistent financial activity and activities contrary to
commitments taken by the respondent bank, should be possible to
detect.”
Beyond
all critics, the BIS paper is useful, I think. Setting standards for
compliance checks is perhaps difficult but, if actually applied, can
make your day-to-day life in banking much easier.
Resource:
Basel
Committee on Banking Supervision – Revised Annex on Correspondent
Banking – November 2016