The role of correspondent banking in combatting financial crime

It typically works like this:

Step 1: The client bank enters into an agreement with the correspondent bank to use its cash management services. This agreement outlines the terms and conditions of the arrangement, including fees, service levels, and responsibilities.

Step 2: The correspondent bank provides a range of cash management services to the client bank, which may include cash deposits, withdrawals, currency exchange, and cash vault services. These services enable the client bank to offer its customers access to physical cash without the need for its own cash handling infrastructure.

Step 3: The client bank maintains an account with the correspondent bank to facilitate cash transactions. Funds deposited by the client bank’s customers are held in this account, and withdrawals are made from this account to meet customer cash requests.

Step 4: As with other types of correspondent banking relationships, cash correspondent banking involves transaction monitoring to detect and prevent suspicious activity. Both the client bank and the correspondent bank are responsible for implementing transaction monitoring systems and procedures to identify potentially illicit transactions, such as large or unusual cash withdrawals or deposits.

Step 5: Cash correspondent banking is subject to the same regulatory requirements and compliance obligations as other correspondent banking relationships. Both the client bank and the correspondent bank must adhere to anti-money laundering (AML) and know your customer (KYC) regulations, conduct due diligence on their customers, and report suspicious activity to the relevant authorities.

That all sounds very helpful – and necessary. So why is correspondent banking such a high-risk activity?

Correspondent banking – whether cash or digital – plays a significant and essential role in the global financial system, but it also poses a significant risk due to the potential for respondent banks to use the correspondent bank’s services to launder money or finance illegal activities. By its very nature, it creates a complex web of cross-border transactions that can obscure the true origin and destination of funds, making it easier for shady or outright criminal organisations and individuals to launder money.

Banks often rely on their correspondent banking partners to perform due diligence on the customers of the other bank. However, this reliance introduces third-party risk, as the originating bank may not have the same level of scrutiny or AML controls as the receiving bank.

Correspondent banking often spans multiple jurisdictions, each with its own AML regulations and enforcement mechanisms. These jurisdictional differences can create gaps in oversight and enforcement, allowing illicit funds to move across borders more easily, even though AML regulations require banks to implement robust KYC procedures to verify the identities of their customers and assess the risk of money laundering.

That’s why, in correspondent banking, this KYC obligation extends to verifying the identities of not only the bank’s direct customers but also the ultimate beneficiaries of transactions, which can be challenging given the layers of intermediaries involved.

Banks must also implement transaction monitoring systems to detect suspicious activity, such as large or unusual transactions that may indicate money laundering. Transaction monitoring involves analysing customer transactions, including the source and destination of funds, transaction amounts, frequency, and other relevant factors, to identify patterns or behaviours that deviate from normal or expected activities.

However, the volume and complexity of transactions in correspondent banking can overwhelm these systems to the point where there is no direct oversight, leading to false positives or missed red flags. Financial institutions must also establish thresholds for reporting suspicious activity to their financial intelligence unit (FIU) or other relevant authorities.

Given the higher risk associated with correspondent banking, banks are expected to conduct enhanced due diligence (EDD) on their correspondent banking relationships and maintain ongoing monitoring and. This may include ongoing monitoring of transactions, periodic reviews of the correspondent bank’s AML controls, risk assessments of these relationships and additional documentation requirements.

Regulatory authorities also play a crucial role in overseeing and enforcing compliance with AML regulations in the correspondent banking sector.

Does that mean transaction monitoring is a legal requirement for financial institutions?

Yes, it typically is – especially if the financial institution is subject to AML regulations (and it’s hard to think of one that isn’t). The primary purpose of transaction monitoring is to detect and report suspicious activities that may indicate money laundering, terrorist financing, or other illicit or criminal financial activities.

The specific requirements for transaction monitoring may vary depending on the jurisdiction, the type of financial institution, and the products and services offered. However, in general, transaction monitoring is a critical component of AML compliance programmes and is required by law in many countries around the world. Failure to comply with these requirements can result in regulatory penalties, fines, and reputational damage for financial institutions and their employees.

United States

The Bank Secrecy Act (BSA) is one of the most significant pieces of legislation related to AML in the United States. It requires financial institutions to establish AML programmes that include policies, procedures, and controls for monitoring and reporting suspicious transactions. The BSA also mandates the filing of suspicious activity reports (SARs) for transactions that may involve money laundering or other illegal activities.

The Financial Crimes Enforcement Network (FinCEN) is a bureau that sits within the US Department of the Treasury. It issues regulations to implement the BSA and other AML laws. The FinCEN Regulations provide detailed requirements for financial institutions regarding customer identification, recordkeeping, and reporting of suspicious transactions – including the use of transaction monitoring systems.

Multi-jurisdictional bodies, rules and guidelines

The Financial Action Task Force (FATF) is an intergovernmental organisation that sets global standards for combatting money laundering, terrorist financing, and other threats to the integrity of the international financial system.

There are currently 38 FATF member countries, though as with any international organisation geopolitics can affect the membership list in interesting ways. The Russian Federation, for example, is still technically an FATF member even though its membership was suspended in February 2023. And “Hong Kong, China” is listed as an active FATF member, though mainland China itself is not.

The FATF black and grey lists

The FATF Recommendations provide guidance on AML and other ‘combatting the financing of terrorism’ (CFT) measures, including transaction monitoring, that countries should implement to fight financial crime successfully. Failure to follow these recommendations can see countries appear on the dreaded ‘grey list.’

The grey list – or, to give it its formal name, the list of ‘Jurisdictions Under Increased Monitoring’ – is of those countries that are working with FATF to address ‘strategic deficiencies’ in their AML/CFT regimes. Being grey listed carries real consequences for the affected markets, as they become no-go areas for most legitimate investors until their issues are resolved to FATF’s satisfaction.

There is also a blacklist (properly, ‘High-Risk Jurisdictions Subject to a Call for Action’), though it is both much shorter than the grey list and much harder to be removed from. There are only three countries FATF blacklisted at present: Iran; North Korea; and Myanmar, and it is unlikely that any of them are prioritising a review and strengthening of their AML/CFT measures right now.

In the European Union, AML regulations are harmonised through directives such as the Fourth and Fifth Anti-Money Laundering Directives (AMLD). These directives require financial institutions to implement AML controls, including transaction monitoring, to identify and report suspicious activities. The directives also establish requirements for customer due diligence (CDD), enhanced due diligence (EDD), and the reporting of suspicious transactions.

In 1974, the Group of Ten (G10) countries established the Basel Committee on Banking Supervision (BCBS) as a way of aligning its banking supervisory authorities. Membership has since grown (first in 2009 and again in 2014). The BCBS issues guidelines and standards for banking supervision, including recommendations for AML/CFT controls. These guidelines may include principles and best practices for transaction monitoring, as well as expectations for the effectiveness of AML programmes in banks.

It is important to bear in mind that while the world’s regulators may not be in lockstep, their various approaches to fighting financial crime are, broadly speaking, fairly consistent.

Failure to implement effective transaction monitoring systems and procedures can therefore result in regulatory sanctions, reputational damage, and increased exposure to financial crime risks in multiple jurisdictions. Financial institutions must stay abreast of relevant legislation, regulations, and best practices to ensure compliance with AML requirements.

The emphasis seems to be on combatting money laundering. What’s the difference between AML monitoring and transaction monitoring?

This is where it gets slightly complex. Transaction monitoring is a technical process within AML compliance that is specific to the ongoing surveillance and analysis of financial transactions to detect anything that looks suspicious. So, while it’s true that AML and transaction monitoring are connected, in terms of financial compliance they are also distinct concepts.

AML refers to the set of laws, regulations, and procedures designed to prevent, detect, and report activities associated with money laundering, terrorist financing, and other financial crimes. It encompasses a broad range of measures, including customer due diligence (CDD), know your customer (KYC) requirements, risk assessment, sanction screening, suspicious activity reporting (SAR), and the development of internal policies and procedures to identify and mitigate money laundering risks.

It aims to ensure that financial institutions have effective controls in place to prevent their services from being used for illegal purposes and to safeguard the integrity of the financial system.

Transaction monitoring is a specific component of AML compliance that involves the ongoing surveillance and analysis of financial transactions to identify potentially illicit or illegal activity.

There are automated transaction monitoring systems that analyse transactional data in real-time (or near-real-time) to detect patterns, anomalies, and other indicators of anything untoward. The primary purpose of transaction monitoring is to identify transactions that may warrant further investigation or reporting as suspicious to the appropriate authorities.

Software systems cannot be wholly relied on to carry out accurate transaction monitoring – human oversight and intervention is also needed to review and investigate flagged transactions, determine whether they are truly suspicious, and take appropriate action as necessary.

The key thing to remember is that transaction monitoring is an essential component of an effective AML programme, but it is only one tool that financial institutions can use to weed out money laundering risks.