Due Diligence and Ongoing Monitoring

 View Only
  • 1.  Correspondent Bank

    This message was posted by a user wishing to remain anonymous
    Posted 09-01-2022 08:27 AM
    This message was posted by a user wishing to remain anonymous

    We are getting pushback from our business owners around due diligence on correspondent banks.  How are other banks handling them, do you assess them or consider them outside the scope?


  • 2.  RE: Correspondent Bank

    Posted 09-06-2022 12:29 PM

    There is widespread recognition that correspondent banking relationships can be exploited for money laundering and terrorism financing (ML/TF). Correspondent banking relationships that are poorly managed can give access to countries with inadequate anti-money laundering and counter-terrorism controls directly. The regulatory guidelines governing foreign financial institutions may differ from those that govern U.S. banks. For this reason, due diligence on correspondent banks is essential. Furthermore, it is required by U.S. Banking regulations. (Examples listed below)

    https://bsaaml.ffiec.gov/manual/RisksAssociatedWithMoneyLaunderingAndTerroristFinancing/02

    https://occ.gov/news-issuances/bulletins/2016/bulletin-2016-32.html

    7500 - FRB Regulations PART 206-LIMITATIONS ON INTERBANK LIABILITIES (REGULATION F) Section 206.3 Prudential Standards

    https://www.ffiec.gov/press/PDF/FFIEC%20BSA-AML%20Exam%20Manual.pdf

     

    A lack of diligence is alleged to have led to hundreds of millions of dollars of suspicious funds flowing into the U.S. financial system. Several U.S. regulators, including FinCEN ( Treasury Department), have brought enforcement actions against U.S. banks, as well as domestic branches of foreign financial institutions ("FFIs"), for anti-money laundering ("A ML") violations related to foreign correspondent banking services.

    So yes, due diligence is required for correspondent banks. Your TPRM program should assess correspondent banks with the same risk-based rigor you would for any vendor providing a product or service to you or your customers. Cybersecurity, OFAC, privacy, financial health, business continuity, and disaster recovery should all be considered.

    But when it comes to compliance, additional specific considerations may sit outside your current TPRM scope. So, you will need to coordinate your due diligence efforts with your compliance department to focus on AML (anti-money laundering) and KYC (know your customer) due diligence. Other due diligence components will also be out of scope for most TPRM programs, such as including foreign correspondent financial institution relationships in suspicious activity monitoring and reporting systems.

    TPRM can be used to implement due diligence for correspondent banks. Still, the due diligence must be coordinated across multiple risk domains, not just third-party risk, to be comprehensive and effective.

    I hope this answer is helpful, but I would love to hear from other members on this topic.