In October 2022, the Wolfsberg Group, a non-governmental association of global banks, published an updated version of its Financial Crime Principles for Correspondent Banking. Originally published in 2014, the Wolfsberg Group compiled the document to provide “guidance and best practices” for correspondent banks, including setting out a distinction between “correspondent banking” and “correspondent relationships”. The new “Principles” also integrates a Frequently Asked Questions section that was previously not part of the same document.
Given the influence that the Wolfsberg Group has on global banking regulation, and anti-money laundering (AML) and counter-financing of terrorism (CFT) policy, it is important that correspondent banking service providers become familiar with the updated principles, and use them to update their AML/CFT solutions. With that in mind, let’s take a look at the key points from the updated document.
Who are the Financial Crime Principles for?
The updated Principles set out the risk-based due diligence measures that correspondent banks must implement when onboarding new customers or handling transactions for existing customers. More specifically, the Principles enable banks to conduct effective risk assessments of customers involved in correspondent banking relationships, and establish and maintain accurate risk profiles. The document also includes information for respondent banks, outlining what they should expect from their correspondent banking relationship.
The major focus of the updated document is on the types of activity that present the most risk for correspondent banks. The update introduces “the concept of a defined risk appetite for correspondent banking activity” and details factors that should be considered during periodic reviews of correspondent banking relationships, as they pertain to a service provider’s risk appetite.
What are the Correspondent Banking Financial Crime Principles?
Central to the updated financial crime principles is the need for correspondent banks to apply risk-based due diligence to their respondents. In practice this means that banks must assess each respondent to determine the level of risk they present, and then deploy AML compliance measures commensurate with that risk.
Under the Principles, the key risk indicators to consider during the due diligence process are as follows:
Geographic risk: Jurisdictions that have inadequate financial crime standards or poor regulatory supervision present a higher AML/CFT risk. Correspondent banks may refer to guidance from international regulatory bodies, such as the Financial Action Task Force (FATF) to determine what level of risk a particular jurisdiction presents, and factor that information into a risk assessment.
Branches, subsidiaries, affiliates: Where a correspondent bank provides services to its own affiliates, the level of due diligence applied should reflect the level of control the parent institution exerts. Banks should consider risk factors unique to its branches, subsidiaries, and affiliates when conducting risk assessments. The same principle should be applied to respondents that are not affiliates of a correspondent bank, where they have their own parent institutions.
Ownership and management: A respondent’s ownership and management structure typically affect its financial crime risk. Salient factors include whether a respondent is state or publicly owned, and the level of transparency with which management personnel operate. Executives should also be considered when assessing risk: politically exposed persons (PEP), for example, pose an elevated AML/CFT risk.
Products and services: The products and services that respondents offer to customers affect their financial crime risk. Works of art, for example, pose a higher level of AML risk than other types of goods and services, while a respondent’s ability to monitor their own transactions may also be relevant Similarly, the products and services that the correspondent bank offers to its respondents also affect financial crime risk: banks should consider their ability to monitor respondent transactions when assessing this risk factor.
Respondent customer base: The type of customers that a respondent serves can elevate its AML/CFT risk, especially when a “substantial part of its business income” is drawn from high risk customers. Correspondent banks must be able to assess the risk posed by respondent customers against their risk appetite.
Regulatory status and history: Correspondent banks should take “reasonable measures” to ensure that respondents are subject to suitable regulatory oversight within their jurisdiction. If the respondent has been subject to previous regulatory actions, such as criminal investigations, the correspondent bank should factor that information into their risk assessment.
Financial crime controls: Respondents that operate in jurisdictions with poor financial crime controls (FCC) pose a high AML/CFT risk. Correspondent banks should consider whether a jurisdiction’s FCC meet international standards and how effectively they counter the risk presented by other factors (such as customer base).
Shell Banks: Correspondent banks should confirm that a respondent is not a shell bank – that is, a bank with no physical presence in the country in which it is incorporated. Similarly, correspondent banks should confirm that the respondent does not provide services to, or have business arrangements with, shell banks.
Site visits: Correspondent banks should arrange a visit to a respondent bank’s premises “prior to or within a reasonable period of time” after establishing a business relationship, in order to “support the customer due diligence process”. If necessary, financial crime experts should also conduct visits.
Enhanced Due Diligence
Where correspondent banks deal with higher risk respondents, the Principles advise that they apply enhanced due diligence (EDD) in order to establish a greater understanding of the risks involved in the relationship. EDD measures typically involves a more intensive evaluation of the following factors:
- Politically Exposed Persons: If PEPs are involved in the management or ownership of a Respondent, the correspondent bank should take steps to understand the PEP and the nature of their role.
- Downstream FIs: Where a respondent offers its services to financial institutions (FI) that are domiciled within the same country as a respondent, that relationship is referred to as a “downstream FI”. Correspondent banks should “take reasonable steps” to understand the FIs that are downstream from respondents since each FI in the relationship will impact the risk assessment.
The Wolfsberg Group incorporated a set of FAQs that were previously available in a separate document, into the updated 2022 Financial Crime Principles. The FAQs offer detailed information about correspondent AML/CFT measures, based on the Group’s perspective on current best practices. The FAQs also set out the Group’s perspective on how correspondent banking AML/CFT best practice should develop in the future.
The FAQs topics include reasons for the intensive regulatory scrutiny of correspondent banking, how the Principles apply to affiliates and EU member banks, and how to treat high risk respondents.
How to Comply with the Financial Crime Principles
The Financial Crime Principles heavily emphasise the importance of the risk-based approach to effective AML/CFT. That approach relies on the creation of accurate customer risk profiles, which means correspondent banking service providers must collect and analyse customer data on an ongoing basis. Given the sheer amount of customer data involved in correspondent banking AML/CFT, it is vital that service providers use suitable automated software to capture the relevant information.
Ripjar’s Labyrinth Screening platform gives correspondent banks the power and resources they need to manage their data challenges, and meet the standards set out by the Financial Crime Principles. Using Labyrinth, correspondent banks can screen their respondents against thousands of data sources, including sanctions lists, watchlists, and PEP lists, along with global adverse media in over 20 languages. Labyrinth integrates machine learning technology to blend structured and unstructured data in real time, and generate actionable intelligence to ensure that changes to respondent risk profiles are detected and flagged as soon as possible.