- Cross-border Correspondent Relationships
- EBA „The ML/TF Risk Factors Guidelines“ (EBA/GL/2021/02)
- Correspondent relationships
- Guideline 8: Sectoral guideline for correspondent relationships
- Risk factors
- The respondent is based in an EEA member country.
- Respondents based in non-EEA countries
- Respondents based in EEA countries
- Section 15 (3) no. 4 of the GwG
- Section 15 (7) of the GwG
- BaFin-Interpretation and Application Guidance on the German Money Laundering Act (GwG)
- EBA „The ML/TF Risk Factors Guidelines“ (EBA/GL/2021/02)
Cross-border Correspondent Relationships
EBA „The ML/TF Risk Factors Guidelines“ (EBA/GL/2021/02)
4.58. To comply with Article 19 of Directive (EU) 2015/849, firms must take specific EDD measures where they have a cross-border correspondent relationship with a respondent based in a third country. Firms must apply all of these measures and should adjust the extent of these measures on a risk-sensitive basis.
4.59. Firms should refer to Title II for guidelines on EDD in relation to correspondent banking relationships; these guidelines may also be useful for firms in other correspondent relationships.
Guideline 8: Sectoral guideline for correspondent relationships
8.1. Guideline 8 provides guidelines on correspondent banking as defined in Article 3(8)(a) of Directive (EU) 2015/849. Firms offering other correspondent relationships as defined in Article 3(8)(b) of Directive (EU) 2015/849 should apply these guidelines as appropriate.
8.2. Firms should take into account that, in a correspondent banking relationship, the correspondent provides banking services to the respondent, either in a principal-toprincipal capacity or on the respondent’s customers’ behalf. The correspondent does not normally have a business relationship with the respondent’s customers and will not normally know their identity or the nature or purpose of the underlying transaction, unless this information is included in the payment instruction.
8.3. Firms should consider the following risk factors and measures alongside those set out in Title I of these guidelines.
Product, service and transaction risk factors
8.4. The following factors may contribute to increasing risk:
The account can be used by other respondent banks that have a direct relationship with the respondent but not with the correspondent (‘nesting’, or downstream clearing), which means that the correspondent is indirectly providing services to other banks that are not the respondent.
The account can be used by other entities within the respondent’s group that have not themselves been subject to the correspondent’s due diligence.
The service includes the opening of a payable-through account, which allows the respondent’s customers to carry out transactions directly on the account of therespondent.
8.5. The following factors may contribute to reducing risk:
The relationship is limited to a SWIFT Risk Management Application (RMA) capability, which is designed to manage communications between financial institutions. In a SWIFT RMA relationship, the respondent, or counterparty, does not have a payment account relationship.
Banks are acting in a principal-to-principal capacity, rather than processing transactions on behalf of their underlying clients, for example in the case of foreign exchange services between two banks where the business is transacted on a principal- to-principal basis between the banks and where the settlement of a transaction does not involve a payment to a third party. In those cases, the transaction is for the own account of the respondent bank.
The transaction relates to the selling, buying or pledging of securities on regulated markets, for example when acting as or using a custodian with direct access, usually through a local participant, to an EU or non-EU securities settlement system.
Customer risk factors
8.6. The following factors may contribute to increasing risk:
The respondent’s AML/CFT policies and the systems and controls the respondent has in place to implement them fall short of the standards required by Directive (EU) 2015/849.
The respondent is not subject to adequate AML/CFT supervision.
The respondent, its parent or a firm belonging to the same group as the respondent has recently been the subject of regulatory enforcement for inadequate AML/CFT policies and procedures and/or breaches of AML/CFT obligations.
The respondent conducts significant business with sectors that are associated with higher levels of ML/TF risk; for example, the respondent conducts significant remittance business or business on behalf of certain money remitters or exchange houses, with non-residents or in a currency other than that of the country in which it is based.
The respondent’s management or ownership includes PEPs, in particular where a PEP can exert meaningful influence over the respondent, where the PEP’s reputation, integrity or suitability as a member of the management board or key function holder gives rise to concern or where the PEP is from a jurisdictions associated with higher ML/TF risk. Firms should pay particular attention to those jurisdictions where corruption is perceived to be systemic or widespread.
The history of the business relationship with the respondent gives rise to concern, for example because the amount of transactions is not in line with what the correspondent would expect based on its knowledge of the nature and size of the respondent.
The respondent´s failure to provide the information requested by the correspondent for CDD and EDD purposes, and information on the payer or the payee that is required under Regulation (EU) 2015/847. For this purpose, the correspondent should consider the quantitative and qualitative criteria set out in the Joint Guidelines JC/GL/2017/16.17
8.7. The following factors may contribute to reducing risk. The correspondent is satisfied that :
the respondent’s AML/CFT controls are not less robust than those required by Directive (EU) 2015/849;
the respondent is part of the same group as the correspondent, is not based in a jurisdiction associated with higher ML/TF risk and complies effectively with group AML standards that are not less strict than those required by Directive (EU) 2015/849.
Country or geographical risk factors
8.8. The following factors may contribute to increasing risk:
a) The respondent is based in a jurisdiction associated with higher ML/TF risk. Firms should pay particular attention to those jurisdictions:
identified as high-risk third countries pursuant to Article 9(2) of Directive (EU) 2015/849;
with significant levels of corruption and/or other predicate offences to money laundering;
without adequate capacity of the legal and judicial system effectively to prosecute those offences;
with significant levels of terrorist financing or terrorists activities; or
without effective AML/CFT supervision.
b) The respondent conducts significant business with customers based in a jurisdiction associated with higher ML/TF risk.
c) The respondent’s parent is headquartered or is incorporated in a jurisdiction associated with higher ML/TF risk.
8.9. The following factors may contribute to reducing risk:
The respondent is based in an EEA member country.
The respondent is based in a third country that has AML/CFT requirements not less robust than those required by Directive (EU) 2015/849 and effectively implements those requirements (although correspondents should note that this does not exempt them from applying EDD measures set out in Article 19 of Directive (EU) 2015/849).
8.10. All correspondents should carry out CDD measures set out in Article 13 of Directive (EU) 2015/849 on the respondent, who is the correspondent’s customer, on a risk-sensitive basis.
This means that correspondents should:
Identify, and verify the identity of, the respondent and its beneficial owner. As part of this, correspondents should obtain sufficient information about the respondent’s business and reputation to establish that the money-laundering risk associated with the respondent is not increased. In particular, correspondents should:
obtain information about the respondent’s management and consider the relevance, for financial crime prevention purposes, of any links the respondent’s management or ownership might have to PEPs or other high-risk individuals; and consider, on a risk-sensitive basis, whether obtaining information about the respondent’s major business, the types of customers it attracts, and the quality of its AML systems and controls (including publicly available information about any recent regulatory or criminal sanctions for AML failings) would be appropriate.
Where the respondent is a branch, subsidiary or affiliate, correspondents should also consider the status, reputation and AML controls of the parent.
Establish and document the nature and purpose of the service provided, as well asthe responsibilities of each institution. This may include setting out, in writing, the scope of the relationship, which products and services will be supplied, and how and by whom the correspondent banking facility can be used (e.g. if it can be used by other banks through their relationship with the respondent).
Monitor the business relationship, including transactions, to identify changes in the respondent’s risk profile and detect unusual or suspicious behaviour, including activities that are not consistent with the purpose of the services provided or that are contrary to commitments that have been concluded between the correspondent and the respondent. Where the correspondent bank allows the respondent’s customers direct access to accounts (e.g. payable-through accounts, or nested accounts), it should conduct enhanced ongoing monitoring of the business relationship. Owing to the nature of correspondent banking, post-execution monitoring is the norm. Ensure that the CDD information they hold is up to date.
8.11. Correspondents must also establish that the respondent does not permit its accounts to be used by a shell bankin line with Article 24 of Directive (EU) 2015/849. This may include asking the respondent for confirmation that it does not deal with shell banks, having sight of relevant passages in the respondent’s policies and procedures, or considering publicly available information, such as legal provisions that prohibit the servicing of shell banks.
8.12. There is no requirement in Directive (EU) 2015/849 for correspondents to apply CDD measures to the respondent’s individual customers.
8.13. Correspondents should take into account that CDD questionnaires provided by international organisations are not normally designed specifically to help correspondents comply with their obligations under Directive (EU) 2015/849. When considering whether to use these questionnaires, correspondents should assess whether they will be sufficient to allow them to comply with their obligations under Directive (EU) 2015/849 and should take additional steps where necessary.
Respondents based in non-EEA countries
8.14. To discharge their obligation under Article 19 of Directive (EU) 2015/849, where the correspondent relationship involves the execution of payments with a third country respondent institution, correspondents should apply specific EDD measures in addition to the CDD measures set out in Article 13 of Directive (EU) 2015/849 but can adjust those measures on a risk sensitive basis. In all other situations, firms should apply at least guideline 8.10 to 8.13.
8.15. Correspondents must apply each of these EDD measures to respondents based in a non-EEA country, but correspondents can adjust the extent of these measures on a risk- sensitive basis. For example, if the correspondent is satisfied, based on adequate research, that the respondent is based in a third country that has an effective AML/CFT regime, supervised effectively for compliance with these requirements, and that there are no grounds to suspect that the respondent’s AML/CFT policies and procedures are, or have recently been deemed, inadequate, then the assessment of the respondent’s controls may not necessarily have to be carried out in full detail.
8.16. Correspondents should always adequately document their CDD and EDD measures and decision-making processes.
8.17. To comply with Article 19 of Directive (EU) 2015/849, the risk-sensitive measures firms take should enable them to:
Gather sufficient information about a respondent institution to understand fully the nature of the respondent’s business, in order to establish the extent to which the respondent’s business exposes the correspondent to higher money-laundering risk. This should include taking steps to understand and risk-assess the nature of respondent’s customer base, if necessary by asking the respondent about its customers, and the type of activities that the respondent will transact through the correspondent account.
Determine from publicly available information the reputation of the institution and the quality of supervision. This means that the correspondent should assess the extent to which the correspondent can take comfort from the fact that the respondent is adequately supervised for compliance with its AML obligations.
A number of publicly available resources, for example FATF or FSAP assessments, which contain sections on effective supervision, may help correspondents establish this.
Assess the respondent institution’s AML/CFT controls. This implies that the correspondent should carry out a qualitative assessment of the respondent’s AML/CFT control framework, not just obtain a copy of the respondent’s AML policies and procedures. This assessment should be documented appropriately. In line with the risk-based approach, where the risk is especially high and in particular where the volume of correspondent banking transactions is substantive, the correspondent should consider on-site visits and/or sample testing to be satisfied that the respondent’s AML policies and procedures are implemented effectively.
Obtain approval from senior management, as defined in Article 3(12) of Directive (EU) 2015/849 before establishing new correspondent relationships and where material new risks emerge, such as because the country in which the respondent is based is designated as high risk under provisions in Article 9 of Directive (EU) 2015/849.. The approving senior manager should not be the officer sponsoring the relationship and the higher the risk associated with the relationship, the more senior the approving senior manager should be.
Correspondents should keep senior management informed of high-risk correspondent banking relationships and the steps the correspondent takes to manage that risk effectively.
Document the responsibilities of each institution. If not already specified in ist standard agreement, the correspondents should conclude a written agreement including at least the following:
i. the products and services provided to the respondent,
ii. how and by whom the correspondent banking facility can be used (e.g. if it can be used by other banks through their relationship with the respondent), what the respondent’s AML/CFT responsibilities are;
iii. how the correspondent will monitor the relationship to ascertain the respondent complies with its responsibilities under this agreement (for example through ex post transaction monitoring);
iv. the information that should be supplied by the respondent at the correspondent’s request (in particular for the purpose of monitoring the correspondent relationship) and a reasonable deadline by which the information should be provided (taking into account the complexity of the payment chain or the correspondent chain).
With respect to payable-through accounts and nested accounts, be satisfied that the respondent credit or financial institution has verified the identity of and performed ongoing due diligence on the customer having direct access to accounts of the correspondent and that it is able to provide relevant CDD data to the correspondent institution upon request. Correspondents should seek to obtain confirmation from the respondent that the relevant data can be provided upon request.
Respondents based in EEA countries
8.18. Where the respondent is based in an EEA country, Article 19 of Directive (EU) 2015/849 does not apply. The correspondent is, however, still obliged to apply risk-sensitive CDD measures pursuant to Article 13 of Directive (EU) 2015/849.
8.19. Where the risk associated with a respondent based in an EEA Member State is increased, correspondents must apply EDD measures in line with Article 18 of Directive (EU) 2015/849. In that case, correspondents should consider applying at least some of the EDD measures described in Article 19 of Directive (EU) 2015/849, in particular Article 19(a) and (b). Respondents established in high-risk third countries, and correspondent relationships involving high-risk third countries
8.20. Correspondents should determine which of their relationships involve high-risk third countries, identified pursuant to Article 9(2) of Directive (EU) 2015/849.
8.21. Correspondents should also, as part of their standard CDD measures, determine the likelihood of the respondent initiating transactions involving high-risk third countries, including where a significant proportion of the respondent’s own customers maintain relevant professional or personal links to high-risk third countries.
8.22. To discharge their obligation under Article 18a, firms should ensure that they also apply Article 13 and 19 of Directive (EU) 2015/849.
8.23. Unless the correspondent has assessed ML/TF risk arising from the relationship with the respondent as particularly high correspondents should be able to comply with the requirements in Article 18a(1) by applying Article 13 and 19 of Directive (EU) 2015/849.
8.24. To discharge their obligation under Article 18a(1)(c) of Directive (EU)2015/849, correspondents should apply guideline 8.17(c) and take care to assess the adequacy of the respondent’s policies and procedures to establish their customers’ source of funds and source of wealth, carry out onsite visits or sample checks, or ask the respondent to provide evidence of the legitimate origin of a particular customer’s source of wealth or source of funds, as required.
8.25. Where Members States require firms to apply additional measures in line with article 18a)(2)correspondents should apply one or more of the following:
Increasing the frequency of reviews of CDD information held on the respondent, and the risk assessment of that respondent;
Requiring a more in-depth assessment of the respondent´s AML/CFT controls. In these higher risk situations, correspondents should consider reviewing the independent audit report of the respondent’s AML/CFT controls, interviewing the compliance officers, commissioning a third party review or conducting an onsite visit.
Requiring increased and more intrusive monitoring. Real-time monitoring of transactions is one of the EDD measures banks should consider in situations where the ML/TF risk is particularly increased. As part of this, correspondents should consider maintaining an ongoing dialogue with the respondent to develop a better understanding of the risks associated with the correspondent relationship and facilitate the rapid exchange of meaningful information, if necessary.
Requiring increased monitoring on transfers of funds to ensure detection of missing or incomplete information on the payer and or the payee under Regulation (EU) 2015/847 and in line with the Joint Guidelines JC/GL/2017/16.
Limiting business relationships or transactions involving high-risk third countries in terms of nature, volume or means of payment, after a thorough assessment of the residual risk posed by the correspondent relationship.
Section 15 (3) no. 4 of the GwG
(3) A higher risk arises in particular
4. in cases where obliged entities under section 2 (1) nos. 1 to 3 and 6 to 8 are in cross-border correspondent relationships with third-country respondents or, if the obliged entities identify a heightened risk, with respondents from a country in the European Economic Area.
Section 15 (7) of the GwG
(7) In the case set out in subsection (3) no. 4, obliged entities under section 2 (1) nos. 1 to 3 and 6 to 9 are required to fulfil at least the following enhanced due diligence requirements when establishing a business relationship:
- sufficient information about the respondent must be obtained so that the nature of their business can be fully understood and their reputation, their controls for preventing money laundering and terrorist financing and the quality of supervision can be assessed,
- the approval of a member of senior management must be obtained before a business relationship with the respondent is established,
- before such a business relationship is established, the respective responsibilities of participants with regard to the fulfilment of due diligence requirements must be determined and documented in accordance with section 8,
- measures must be taken to ensure that the obliged entity does not establish or continue a business relationship with a respondent whose accounts are known to be used by a shell bank, and
- measures must be taken to ensure that the respondent does not permit payments through payable-through accounts.
BaFin-Interpretation and Application Guidance on the German Money Laundering Act (GwG)
Unlike in the case of section 25 (k) of the KWG, old version, correspondent relationships are, on the one hand, business relationships within the scope of which the obliged entities provide specific banking services in accordance with section 2 (1) no. 1 of the GwG (correspondents). This includes the operation of a current account or another payment account and provision of related services (e.g. cash management, carrying out international funds transfers or foreign exchange transactions and cheque clearing) for CRR credit institutions, credit institutions within the meaning of the KWG or for undertakings in a third country that engage in activities equivalent to those of such credit institutions (respondents).
“Banking services” are not all of the banking business listed in section 1 (1) sentence 2 of the KWG and instead only comprise those associated with payment transactions (cf. in particular the services indicated in section 1 (1) sentence 2 of the ZAG).
On the other hand, correspondent relationships within the meaning of the GwG include business relationships where obliged entities under section 2 (1) nos. 1 to 3 and 6 to 9 of the GwG (correspondents), in accordance with the statutory provisions applicable for them, provide services similar to banking services
a. for other CRR credit institutions, credit institutions within the meaning of the KWG or financial institutions within the meaning of Article 3(2) of the amended Fourth Money Laundering Directive or
b. for undertakings or persons in a third country that engage in activities equivalent to those of such
credit institutions or financial institutions, (respondents). This includes business relationships whose purpose is the provision of securities transactions or funds transfers.
The obliged entities under section 2 (1) nos. 1 to 3 and 6 to 8 of the GwG must comply with enhanced due diligence obligations pursuant to section 15 (3) no. 4 of the GwG where they are in cross-border
correspondent relationships with third-country respondents.
In relation to correspondent relationships with respondents seated in a country of the European Economic Area, the above-mentioned obliged entities are only obliged to comply with enhanced due diligence obligations where the obliged entity has previously established that the relevant country is a high-risk country or in the cases stipulated in section 15 (8) of the GwG where this country has been included in a corresponding FATF list (see below for details).
Measures to be implemented
Under section 15 (7) of the GwG, in the cases outlined above the above-mentioned obliged entities must, as minimum measures, implement the following measures before establishing a business relationship with the respondent, in addition to the general due diligence obligations:
- Obtaining sufficient information about the respondent, in order that the nature of its business can be fully understood and its reputation, its controls for preventing money laundering and terrorist financing and the quality of its supervision can be assessed;
The volume of information required will depend on the degree of increased risk. As well as the risk assessment for the home country of the respondent, the volume and nature of the services provided for the respondent and the transparency of the payments made in this respect must also be taken into consideration.
- Obtaining the consent of a member of the management (cf. section 1 no. 15 of the GwG) regarding
the establishment of the business relationship;
- Determining the respective responsibilities of the involved parties with regard to the fulfilment of
due diligence obligations and their documentation in accordance with section 8 of the GwG.