24.1 WHAT ARE THE MONEY-LAUNDERING RISKS IN CORRESPONDENT BANKING?

The correspondent often has no direct relationship with the underlying parties to a transaction and is therefore not in a position to verify their identities. Correspondents often have limited information regarding the nature or purpose of the underlying transactions, particularly when processing electronic payments or clearing cheques. For these reasons, correspondent banking is, in the main, non-face-to-face business and must be regarded as high risk from a money-laundering and/or terrorist-financing perspective. In such cases, firms undertaking such business are generally required by local regulations to apply, on a risk-sensitive basis, enhanced customer due diligence measures.

Correspondent banking relationships, if poorly controlled, can allow other financial services firms with inadequate systems and controls, and customers of those firms, direct access to international banking systems. This can undermine the objectives of the money-laundering-deterrence and counter-terrorist-financing regime implemented globally.

Any correspondent bank which handles transactions representing the proceeds of criminal activity or terrorist financing risks regulatory fines and/or damage to its reputation.

24.2 HOW TO ASSESS THE ELEMENTS OF RISK IN CORRESPONDENT BANKING

For any correspondent bank, the highest risk respondents are those that:

• Are offshore banks that are limited to conducting business with non-residents or in non-local currency, and are not subject to robust supervision of their money-laundering-deterrence or counter-terrorist-financing controls; or
• Are domiciled in jurisdictions with weak regulatory controls or where there exist other significant reputational risk factors, e.g. rampant institutionalised corruption.

Correspondent banks must not maintain relationships with respondents that are shell banks (i.e. banks that have no legitimate purpose) nor any respondent which provides banking services to such shell banks.

Enhanced customer due diligence must be undertaken on respondents (and/or third parties authorised exceptionally to provide instructions to the correspondent, for example other entities within a respondent group) using a risk-based approach. The following risk indicators should be considered both when initiating a relationship and on a continuing basis thereafter, to determine the levels of risk-based due diligence that should be undertaken:

1. The respondent's domicile: The jurisdiction where the respondent is based and/or where its ultimate parent is headquartered may present greater risk or may mitigate the risk, depending on the circumstances.

   Certain jurisdictions are recognised internationally as having inadequate anti-money-laundering standards, insufficient regulatory supervision or presenting greater risk for crime, corruption or terrorist financing. Other jurisdictions, however, such as many members of the Financial Action Task Force (FATF), have more robust regulatory environments and may, therefore, be considered to represent lower risks. Correspondent banks should review pronouncements from regulatory agencies and international bodies such as the FATF, to evaluate the degree of risk presented by the jurisdiction in which the respondent and/or its parent is based.

2. The respondent's ownership and management structures: The location of owners, their corporate legal form and/or a lack of transparency of the ultimate beneficial ownership are all indicative that the respondent may present enhanced risk.

   Account should be taken of whether the respondent is publicly or privately owned. If the respondent's equity is publicly held, whether its shares are traded on a recognised market or some form of exchange in a jurisdiction with a satisfactory regulatory regime, then it will have been required to comply with the rules of the exchange. This clearly provides the correspondent bank with information and evidence to reduce the level of risk perceived as being posed by the relationship.

   Clearly, for a privately or family-owned institution, additional procedures should be conducted to establish the identity of any beneficial owners and controllers. Similarly, the location and experience of management may indicate additional concerns, as would unduly frequent management turnover. The involvement of PEPs in the management or ownership of certain respondents will also increase the risk, and will alone result in the respondent being subject to enhanced due diligence.

3. The respondent's business and customer base: The type of business the respondent engages in, as well as the type of markets it serves, is indicative to the correspondent as to the risk that the respondent presents. Involvement in certain business segments that are recognised internationally as particularly vulnerable to money laundering, corruption or terrorist financing may also present additional concerns.

   Consequently, a respondent that derives a substantial part of its business income from higher-risk customers may present greater risk and require the correspondent to conduct enhanced due diligence on all business conducted. Higher-risk customers are those customers that may be involved in activities, or are connected to jurisdictions, that are identified by credible sources as activities or countries being especially susceptible to money laundering, terrorist financing or corruption.

4. Downstream correspondent clearing: A downstream correspondent clearer is a respondent that receives correspondent banking services from a correspondent and itself provides correspondent banking services to other financial institutions in the same currency as the account it maintains with its correspondent. When these services are offered to a respondent that is itself a downstream correspondent clearer, a correspondent should, on a risk-based approach, take reasonable steps to understand the types and risks of financial institutions to which the respondent offers such services.

   Special care should be taken to ensure there are no shell bank customers, and also the correspondent should consider the degree to which the respondent examines the anti-money-laundering and terrorist-financing controls of those financial institutions.

Generally, all correspondent banking clients shall be subjected to appropriate due diligence that will seek to ensure that an institution is comfortable conducting business with a particular client given the client's risk profile. It may be appropriate for an institution to consider the fact that a correspondent banking client (as opposed to the respondent) appears to operate in, or is subjected to, a regulatory environment that is internationally recognised as adequate in the fight against money laundering. In these instances, an institution may also rely on publicly available information obtained either from the respondent or from reliable third parties (regulators, exchanges, etc.) to satisfy its due diligence requirements.

24.3 CLIENT VISIT

Unless other measures suffice, a representative of the institution should visit the respondent at their premises prior to, or within a reasonable period of time after, establishing a relationship, amongst other things to confirm that the respondent is not itself a shell bank.

24.4 ENHANCED DUE DILIGENCE

In addition to due diligence, each institution will also subject those respondents that present greater risks to enhanced due diligence.

The enhanced due diligence process will involve further consideration of the following elements, designed to ensure that the institution has secured a greater level of understanding.

1. Ownership and management: For all significant controlling interests, the owners' sources of wealth and background, including their reputation in the marketplace, as well as recent material ownership changes (e.g. in the last five years). Similarly, a more detailed understanding of the experience of each member of the executive management as well as recent material changes in the executive management structure (e.g. within the last two years).
2. PEP involvement: If a PEP appears to have an interest or management role in a respondent, then the institution shall ensure it has an understanding of that person's role in the respondent and consider the implications on the due diligence to be conducted on an ongoing basis.
3. Correspondent banking clients' anti-money-laundering controls: The extent of the work which an institution will require to be conducted will depend upon the risks presented. Additionally, the institution may speak with representatives of the respondent to obtain assurance that its senior management recognises the importance of anti-money-laundering controls.
4. Central banks and supranational organisations: The concerns regarding correspondent banking generally do not apply to relationships with central banks and monetary authorities of FATF-member countries or supranational, regional development or trade banks (e.g. European Bank for Reconstruction and Development, International Monetary Fund, the World Bank), at least insofar as the relationship with that entity involves the provision of products and services that are in keeping with that entity's primary activities.

5. Branches, subsidiaries and affiliates: The determination of the level and scope of due diligence that is required on a respondent should be made after considering the relationship between the respondent and its ultimate parent (if any).

   In general, in situations involving branches, subsidiaries or affiliates, the parent of the respondent should be considered in determining the extent of required due diligence. In instances when the respondent is an affiliate that is not substantively and effectively controlled by the parent, then both the parent and respondent banking client should generally be reviewed. However, certain facts unique to the branch, subsidiary or affiliate may dictate that enhanced due diligence may still be required to be performed.

6. Application to client base: Where an institution has not applied these concepts to respondents previously, it should undertake a risk-based review of its existing respondent base to determine whether additional due diligence is necessary to achieve the level of due diligence required.
7. Updating client files: The institution's policies and procedures shall require that the respondent's information is reviewed and updated on a periodic basis or when a material change in the risk profile of the respondent occurs. A periodic review of the respondent should be conducted on a risk-assessed basis.