Assessing Compliance with BSA Regulatory Requirements
DUE DILIGENCE PROGRAMS FOR CORRESPONDENT ACCOUNTS FOR FOREIGN FINANCIAL INSTITUTIONS
Objective: Assess the bank’s compliance with the Bank Secrecy Act (BSA) regulatory requirements regarding due diligence programs for correspondent accounts established, maintained, administered, or managed for foreign financial institutions, to detect and report money laundering and any potential suspicious activity.
Regulatory Requirements for Due Diligence Programs for Correspondent Accounts for Foreign Financial Institutions
This section outlines the regulatory requirements for banks in 31 CFR Chapter X regarding due diligence requirements for correspondent accounts established, maintained, administered, or managed by U.S. banks for foreign financial institutions. Specifically, this section covers:
- 31 CFR 1010.605 (Definitions)
- 31 CFR 1010.610
These regulatory requirements implement section 312 of the USA PATRIOT Act. The goal of section 312 is to help prevent money laundering through accounts that give foreign financial institutions a base for moving funds through the U.S. financial system 1 FinCEN, Final rule “ Special Due Diligence Programs for Certain Foreign Accounts ,” 71 Fed. Reg. 496, 499, (Jan. 4, 2006). by requiring financial institutions to establish due diligence programs consisting of policies, procedures, and controls for correspondent accounts for foreign financial institutions.
Foreign financial institutions maintain accounts at U.S. banks to access the U.S. financial system, obtain products and services that may not be available in the foreign financial institution’s jurisdiction, or for other reasons, such as to facilitate international trade. The global financial system, trade flows, and economic development rely on correspondent banking relationships. 2 U.S. Department of the Treasury and Federal Banking Agencies (2016), “Joint Fact Sheet on Foreign Correspondent Banking: Approach to BSA/AML and OFAC Sanctions Supervision and Enforcement.” Correspondent accounts for foreign financial institutions present varying levels of money laundering, terrorist financing (ML/TF), and other illicit financial activity risks, depending upon the facts and circumstances specific to individual customer relationships. Banks that establish, maintain, administer, or manage correspondent accounts in the United States for foreign financial institutions are required to comply with certain specific anti-money laundering (AML) measures that are detailed in this section. Banks are required to establish general due diligence programs for correspondent accounts for foreign financial institutions 3 31 CFR 1010.610(a). and enhanced due diligence (EDD) procedures for certain foreign banks. 4 31 CFR 1010.610(b).
The Financial Stability Board 5The Financial Stability Board (FSB) is an international body that monitors and makes recommendations about the global financial system. The FSB promotes international financial stability; it does so by coordinating national financial authorities and international standard-setting bodies as they work toward developing strong regulatory, supervisory, and other financial sector policies. the Financial Action Task Force 6The Financial Action Task Force (FATF) is an intergovernmental body established to set standards and promote implementation of legal, regulatory, and operational measures to combat ML/TF and other threats to the international financial system. The FATF has developed a series of recommendations on various ML/TF issues. First published in 1990, the FATF Recommendations are frequently revised to ensure they remain up to date and relevant. and the Basel Committee on Banking Supervision 7The Basel Committee on Banking Supervision (BCBS) is a committee of central banks and bank supervisors and regulators from numerous jurisdictions that meets at the Bank for International Settlements in Basel, Switzerland to discuss issues related to prudential banking supervision. The Basel Committee formulates broad standards and guidelines and makes recommendations regarding sound banking practices, including those on customer due diligence. have issued reports and guidance related to foreign correspondent accounts. The Wolfsberg Group 8The Wolfsberg Group is an association of thirteen global banks that aims to develop frameworks and guidance for the management of financial crime risks. has published industry standards pertaining to foreign correspondent banking relationships. Refer to Appendix C of this Manual for a detailed listing of these documents and other Bank Secrecy Act (BSA)/AML reference materials.
Definitions
For purposes of these requirements, the term “foreign financial institution” 9 31 CFR 1010.605(f). is defined as:
- A foreign bank.
- A foreign branch or office of a U.S. bank, broker/dealer in securities, futures commission merchant, introducing broker, or mutual fund.
- Any other person organized under foreign law that, if located in the United States, would be a broker/dealer in securities, futures commission merchant, introducing broker, or mutual fund.
- Any person organized under foreign law that is engaged in the business of, and is readily identifiable as, a dealer in foreign exchange or a money transmitter.
A “foreign bank” is defined as a bank organized under foreign law, or an agency, branch, or office located outside the United States of a bank. 10 31 CFR 1010.100(u). The term “foreign bank” does not include an agent, agency, branch, or office within the United States of a bank organized under foreign law. Rather, such agent, agency, branch, or office is considered a U.S. bank. To the extent that a foreign agent, agency, branch, or office located in the United States maintains accounts for its foreign bank affiliates, the due diligence requirements described in this section apply to those accounts.
A “person” is defined as an individual, a corporation, a partnership, a trust or estate, a joint stock company, an association, a syndicate, joint venture, or other unincorporated organization or group, an Indian Tribe (as that term is defined in the Indian Gaming Regulatory Act), and all entities cognizable as legal personalities. 11 31 CFR 1010.605(k).
A “correspondent account” is defined as an account established by a bank for a foreign financial institution (which includes a foreign bank) to receive deposits from, or to make payments or other disbursements on behalf of, the foreign financial institution or to handle other financial transactions related to the foreign financial institution. 12 31 CFR 1010.605(c)(1).
For purposes of the definition of correspondent account, the term “account,” as applied to banks, means any formal banking or business relationship established to provide regular services, dealings, and other financial transactions and includes a demand deposit, savings deposit, or other transaction or asset account, and a credit account or other extension of credit. 13 31 CFR 1010.605(c)(2)(i). Correspondent accounts may include, but are not limited to, the following:
- Cash management services, including bulk shipments of currency.
- International funds transfers.
- Check clearing, including U.S. dollar drafts.
- Payable-through accounts.
- Pouch activities.
- Foreign exchange services.
- Overnight investment accounts (sweep accounts).
- Loans and lines of credit.
- Trade finance activities, including letters of credit.
Refer to the Risks Associated with Money Laundering and Terrorist Financing section of this Manual for additional information and procedures regarding ML/TF and other illicit financial activity risks for certain types of correspondent banking activities.
A key aspect of a bank’s due diligence program is to determine if and when a formal relationship has been established with a foreign financial institution based on regular services, dealings, and other financial transactions. Use of the word “regular” in the definition of account is intended to limit the application of these regulatory requirements to those correspondent relationships where there is an arrangement to provide ongoing services, excluding isolated or infrequent transactions. 14 FinCEN, Final rule “ Special Due Diligence Programs for Certain Foreign Accounts ,” 71 Fed. Reg. 496, 500-501, (Jan. 4, 2006). For example, financial transactions may take place between the U.S. bank and a foreign financial institution without necessarily establishing a formal relationship because the transactions are a one-time trade or sale and, therefore, not regular transactions. If a formal banking or business relationship is not established, then there is no “account” or “correspondent account” for purposes of the regulation and, therefore, the due diligence requirements of this section do not apply.
FinCEN has issued guidance regarding whether a correspondent account is established by the presentation of a negotiable instrument for payment by a covered financial institution to a foreign financial institution on which the instrument is drawn. The transaction-by-transaction presentation of a negotiable instrument to a foreign-paying institution (either directly or through a clearing facility) is not considered the establishment of a formal banking or business relationship for purposes of complying with the due diligence requirements for correspondent accounts for foreign financial institutions. 15 FinCEN (January 30, 2008), FIN-2008-G001 “ Application of Correspondent Account Rules to the Presentation of Negotiable Instruments Received by a Covered Financial Institution for Payment .
General Due Diligence Program
Banks that establish, maintain, administer, or manage correspondent accounts in the United States for foreign financial institutions are required to establish a due diligence program. This due diligence program must include appropriate, specific, risk-based, and, where necessary, enhanced policies, procedures, and controls that are reasonably designed to enable the bank to detect and report, on an ongoing basis, any known or suspected ML activity conducted through or involving such correspondent accounts. 16 31 CFR 1010.610(a).
The due diligence policies, procedures, and controls must include the following:
- Determining whether any such correspondent account is subject to EDD procedures 17 31 CFR 1010.610(c) explains the categories of foreign banks that are subject to EDD procedures. (refer to Enhanced Due Diligence for Certain Foreign Banks below).
-
Assessing the ML risks presented by such correspondent account, based on a consideration of all relevant factors, which must include, as appropriate:
- The nature of the foreign financial institution’s business and the markets it serves.
- The type, purpose, and anticipated activity of such correspondent account.
- The nature and duration of the bank’s relationship with the foreign financial institution (and any of its affiliates).
- The AML and supervisory regime of the jurisdiction that issued the charter or license to the foreign financial institution and, to the extent that information regarding such jurisdiction is reasonably available, of the jurisdiction in which any company that is an owner of the foreign financial institution is incorporated or chartered.
- Information known or reasonably available to the bank about the foreign financial institution’s AML record.
- Applying to each such correspondent account risk-based procedures and controls reasonably designed to detect and report known or suspected ML activity, including a periodic review of the correspondent account activity sufficient to determine consistency with information obtained about the type, purpose, and anticipated activity of the account.
Enhanced Due Diligence for Certain Foreign Banks
Banks are required to establish EDD procedures when a correspondent account is established, maintained, administered, or managed in the United States for foreign banks operating under any one or more of the following: 18 31 CFR 1010.610(c).
- An offshore banking license. 19 31 CFR 1010.605(i) An offshore banking license is defined as a license to conduct banking activities that prohibits the licensed entity from conducting banking activities with the citizens, or in the local currency of, the jurisdiction that issued the license.
- A banking license issued by a foreign country that has been designated as non-cooperative with international AML principles or procedures by an intergovernmental group or organization of which the United States is a member and with which designation the U.S. representative to the group or organization concurs.
- A banking license issued by a foreign country that has been designated by the Secretary of the Treasury as warranting special measures due to ML concerns. 20 FinCEN’s 311 Special Measures Page: Special Measures for Jurisdictions, Financial Institutions, or International Transactions of Primary Money Laundering Concern.
If a correspondent account is established, maintained, administered, or managed in the United States for a foreign bank as described above, the U.S. bank’s due diligence program must include EDD procedures designed to ensure that the U.S. bank, at a minimum, takes reasonable steps to: 21 31 CFR 1010.610(b).
-
Conduct enhanced scrutiny of such correspondent account to guard against ML and to identify and report any suspicious transactions in accordance with applicable law and regulation.This enhanced scrutiny must reflect the risk assessment of the account and include, as appropriate:
- Obtaining and considering information relating to the foreign bank’s AML program to assess the risk of ML presented by the foreign bank’s correspondent account.
- Monitoring transactions to, from, or through the correspondent account in a manner reasonably designed to detect ML and suspicious activity.
- Obtaining information from the foreign bank about the identity of any person with authority to direct transactions through any correspondent account that is a payable-through account 22 31 CFR 1010.610(b)(1)(iii)(B). For purposes of EDD for certain foreign banks, a “payable-through account” means a correspondent account maintained by a covered financial institution for a foreign bank by means of which the foreign bank permits its customers to engage, either directly or through a subaccount, in banking activities usually in connection with the business of banking in the United States. and the sources and the beneficial owner of funds or other assets in the payable-through account.
- Determine whether the foreign bank for which the correspondent account is established or maintained in turn maintains correspondent accounts for other foreign banks that use the foreign bank’s correspondent account established or maintained at the U.S. bank. 23 The concept is generally referred to as a downstream or nested account. The terms “downstream” and “nested” are further discussed in the Nested (Downstream) Correspondent Banking subsection below. If so, the U.S. bank must take reasonable steps to obtain information relevant to assess and mitigate ML risks associated with the foreign bank’s correspondent accounts for other foreign banks, including, as appropriate, the identity of those foreign banks.
- Determine, for any correspondent account established or maintained for a foreign bank whose shares are not publicly traded, 24 31 CFR 1010.610(b)(3)(ii)(B). “Publicly traded” means shares that are traded on an exchange or an organized over-the-counter market that is regulated by a foreign securities authority, as defined in section 3(a)(50) of the Securities Exchange Act of 1934 (15 USC 78c(a)(50)). the identity of each owner 25 31 CFR 1010.610(b)(3)(ii)(A). For the purpose of this requirement, an “owner” is any person who directly or indirectly owns, controls, or has the power to vote 10 percent or more of any class of securities of a foreign bank. In addition, members of the same family are to be considered as one person. 31 CFR 1010.605(j)(2)(ii) defines the term “same family” as parents, spouses, children, siblings, uncles, aunts, grandparents, grandchildren, first cousins, stepchildren, stepsiblings, parents-in-law, and spouses of any of the foregoing. of the foreign bank, and the nature and extent of each owner’s ownership interest. 26 A foreign bank may be excluded from the definition of legal entity customer under 31 CFR 1010.230 if it is established in a jurisdiction where the regulator of the foreign bank maintains beneficial ownership information regarding such bank. However, the requirement under 31 CFR 1010.610(b)(3) to determine owners and ownership interest for foreign banks that are not publicly traded still applies.
Special Procedures When Due Diligence or Enhanced Due Diligence Cannot Be Performed
A bank’s due diligence program for foreign financial institutions must include procedures to be followed in circumstances when appropriate due diligence or EDD cannot be performed with respect to a correspondent account, including when the bank should: 27 31 CFR 1010.610(d).
- Refuse to open the account.
- Suspend transaction activity.
- File a Suspicious Activity Report (SAR).
- Close the account.
Examiner Assessment of the Compliance with Due Diligence Program Requirements for Correspondent Accounts for Foreign Financial Institutions 28The subsections under the Examiner Assessment of the Compliance with Due Diligence Program Requirements for Correspondent Accounts for Foreign Financial Institutions heading provide additional information that may be useful to examiners when assessing the due diligence programs for correspondent accounts for foreign financial institutions.
Examiners should assess the adequacy of the bank’s policies, procedures, and controls related to due diligence for correspondent accounts for foreign financial institutions. These internal controls should be designed to ensure ongoing compliance with regulatory requirements, as well as the requirements for suspicious activity reporting compliance obligations; and should be commensurate with the bank’s risk profile. The assessment of the adequacy of the bank’s due diligence program, especially for those correspondent accounts that the bank determines to be higher-risk, may include understanding the responsibilities, authority, and independence of staff in areas such as opening, managing, reviewing, and closing accounts, as well as reevaluating and approving changes to risk profiles. Examiners may review information, such as independent testing or audit reports, to aid in their assessment of the bank’s internal controls for the due diligence program for correspondent accounts for foreign financial institutions. Refer to the Assessing the BSA/AML Compliance Program - BSA/AML Internal Controls , and Assessing Compliance with BSA Regulatory Requirements - Suspicious Activity Reporting sections of this Manual for more information.
Risk-Based Due Diligence Policies, Procedures, and Controls
As stated previously, a bank’s general due diligence program must include an assessment of the ML risk presented by each foreign correspondent account based on the bank’s consideration of all relevant risk factors, as appropriate. 29 31 CFR 1010.610(a)(2). The assessment assists banks in applying risk-based policies, procedures, and controls to each correspondent account for foreign financial institutions to detect and report any known or suspected ML activity. 30 31 CFR 1010.610(a)(3).
Correspondent accounts for foreign financial institutions present varying levels of ML/TF and other illicit financial activity risks. Not all correspondent accounts for foreign financial institutions automatically represent a uniformly higher risk of ML/TF and other illicit financial activity risks. The potential risk depends on the facts and circumstances specific to each customer relationship, such as size and complexity, geographic locations, products and services offered, markets and customers served, strength of the bank’s AML policies and procedures, and effectiveness of banking regulation and supervision in the country(ies) in which the bank operates.
Assessing the risk of correspondent accounts for foreign financial institutions also assists banks in identifying any account that may warrant the application of increased due diligence measures, even if EDD procedures are not required by the regulation. 31 FinCEN, Final rule “ Special Due Diligence Programs for Certain Foreign Accounts ,” 71 Fed. Reg. 496, 503 (Jan. 4, 2006). For some correspondent accounts of foreign financial institutions that a bank determines to have a high risk of ML, these increased due diligence measures may include any or all the elements required by regulation for EDD. 32 Id. For an example of an increased due diligence measure, refer to Nested (Downstream) Correspondent Banking below.
Risk-based due diligence policies, procedures, and controls for correspondent accounts for foreign financial institutions vary by bank and may include:
- Appropriate account opening criteria and on-boarding procedures, such as minimum levels of documentation, account review, approval process, and a description of circumstances in which the bank would not open an account.
- Communication to customers regarding AML risk management expectations related to the account.
- Standards for conducting and documenting analysis associated with the due diligence process, including guidance for resolving issues when insufficient, contradictory, or inaccurate information is obtained.
- Management and staff responsibilities, including procedures, authority, and responsibility for opening and reviewing accounts; reevaluating and approving changes to risk profiles; and other controls related to managing these accounts, as applicable. 33 For more information, see e.g ., OCC Bulletin 2016-32 (October 5, 2016), “Risk Management Guidance on Foreign Correspondent Banking: Risk Management Guidance on Periodic Risk Reevaluation of Foreign Correspondent Banking.”
- Sufficient details to distinguish between varying levels of ML and other illicit financial activity risks of these accounts, including whether the foreign financial institution has implemented acceptable AML compliance processes and controls.
- Incorporation of the bank’s assessment of the ML risk presented by these accounts into the suspicious activity monitoring system(s).
- Appropriate account closing criteria and procedures.
Under existing U.S. regulations, there is no general requirement for the bank to conduct due diligence on a foreign financial institution’s customers. In determining the appropriate level of due diligence necessary for a foreign financial institution relationship, the bank may consider the extent to which information related to the foreign financial institution’s customers is useful to assess the risks posed by the relationship. This information may also be useful to meet other obligations, such as to detect and report any known or suspected suspicious activity and to comply with U.S. sanctions. The bank may need to request additional information concerning the activity underlying the foreign financial institution’s transactions in accordance with suspicious activity reporting rules and sanctions compliance obligations. 34 U. S. Department of the Treasury and Federal Banking Agencies (2016), “ Joint Fact Sheet on Foreign Correspondent Banking: Approach to BSA/AML and OFAC Sanctions Supervision and Enforcement . Refer to the Office of Foreign Assets Control section of this Manual for more information regarding sanctions compliance obligations.
Ongoing Monitoring and Periodic Review of Correspondent Account Activity
As stated previously, banks must apply to each foreign correspondent account ongoing risk-based procedures and controls that are reasonably designed to detect and report known or suspected ML activity. 35 31 CFR 1010.610(a)(3). These procedures may include following up on account activity and transactions that are inconsistent with the foreign financial institution’s business and the market it serves (i.e., transactions involving customers, industries, or products that are not generally part of that foreign financial institution’s customer base or market) and escalating suspicious information to an appropriate level for review.
The risk-based procedures and controls must include a periodic review of the correspondent account activity sufficient to determine consistency with information obtained about the type, purpose, and anticipated activity of the account. 36 31 CFR 1010.610(a)(3). The bank’s assessment of the risk presented by the foreign correspondent account should be used to determine the frequency and extent of these reviews. The periodic review may not ordinarily involve scrutiny of every transaction taking place within the account. However, the review must be sufficient for the bank to determine whether the nature and volume of account activity is consistent with information obtained about the type, purpose, and anticipated activity of the correspondent account to enable the bank to adequately detect and report suspicious transactions. 37 31 CFR 1010.610(a)(3).
Nested (Downstream) Correspondent Banking
Nested, or downstream, correspondent banking refers to the use of a bank’s correspondent relationship by one or more financial institutions through their relationship with the bank’s direct customer (i.e., the bank’s direct respondent bank) to conduct transactions and obtain access to other financial services. 38 BCBS (January 2014 (rev. July 2020)), “ Guidelines: Sound Management of Risks Related to Money Laundering and Financing of Terrorism ,” Annex 2, B.12, p. 27. A foreign bank that has a correspondent account at a U.S. bank may make the account services available to other foreign banks that are the foreign (respondent) bank’s customers. By doing so, the foreign bank is in effect serving as a conduit through which the correspondent banking services of the U.S. bank are being provided. This Manual will use the term “nested” to refer to a party indirectly receiving services from a U.S. bank through a foreign bank’s correspondent account at the U.S. bank.
Nested correspondent relationships may be a way for smaller foreign financial institutions to obtain access to the international financial system or to facilitate transactions where no direct relationship exists between banks. 39 BCBS (January 2014 (rev. July 2020)), “ Guidelines: Sound Management of Risks Related to Money Laundering and Financing of Terrorism ,” Annex 2, B.13, p. 27. Indicators of nested activity may include transactions to or from jurisdictions in which the bank’s foreign financial institution customer has no known business activities or transactions and in which the total volume and frequency significantly exceed expected or usual activity for the foreign financial institution customer. Providing access to third-party foreign financial institutions that are not customers of the bank, and so are not necessarily known, can obscure financial transparency and increase ML/TF and other illicit financial activity risks. 40 BCBS (January 2014 (rev. July 2020)). “ Guidelines: Sound Management of Risks Related to Money Laundering and Financing of Terrorism ,” Annex 2, B.14, p. 27. The level of ML/TF and other illicit financial activity risk presented by nested relationships varies depending on the characteristics of other foreign financial institutions using the foreign financial institution customer’s correspondent account, including size or complexity, geographic location, products and services offered, markets and customers served, and the degree of transparency (e.g., in format of payment transactions).
If a foreign correspondent account is subject to EDD procedures, a bank is required to determine whether the foreign bank for which the correspondent account is established or maintained in turn maintains nested accounts at the U.S. bank. A similar determination of nested activity may also be a relevant factor in assessing the risk presented by the foreign correspondent account under the general due diligence program. To aid in the assessment of ML risk, a bank may choose to request that the foreign financial institution customer disclose whether the foreign correspondent account includes nested relationships. Examples of factors that may be considered when analyzing nested relationships may be found in the Basel Committee on Banking Supervision (January 2014 (rev. July 2020)), “Guidelines: Sound Management of Risks Related to Money Laundering and Financing of Terrorism .”
Contractual Agreements
A correspondent agreement or contract is not required but may be used by a U.S. bank to govern its relationship with a foreign financial institution. Each agreement may vary based on the nature and risks of the correspondent relationship. An agreement typically describes each party’s responsibilities (e.g., AML compliance requirements and compliance with information requests); and account purpose, use, and restrictions (e.g., third-party access and applicable internal controls, transaction types and/or volumes, acceptance of deposits, item clearing, payment forms, and acceptable forms of endorsement). An agreement may also include other significant relationship details (e.g., acceptable products and services; and limiting, changing, or terminating the relationship).
< Previous Page Funds Transfers Recordkeeping - Examination Procedures |
Next Page > Due Diligence Programs for Correspondent Accounts for Foreign Financial Institutions - Examination Procedures |