Measure – Sectoral guidelines for correspondent banks
Measure – Sectoral guidelines for correspondent banks
EBA has published the final Guidelines under Articles 17 and 18(4) of Directive (EU) 2015/849 on simplified and enhanced customer due diligence. The Risk Factors guidelines give an overview on the factors credit and financial institutions should consider when assessing the money laundering and terrorist financing risk associated with individual business relationships and occasional transactions.
All correspondents must carry out CDD on the respondent, who is the correspondent’s customer, on a risk-sensitive basis.20 This means that correspondents must:
- Identify, and verify the identity of, the respondent and its beneficial owner. As part of this, correspondents should obtain sufficient information about the respondent’s business and reputation to establish that the money-laundering risk associated with the respondent is not increased. In particular, correspondents should:
obtain information about the respondent’s management and consider the relevance, for financial crime prevention purposes, of any links the respondent’s management or ownership might have to PEPs or other high-risk individuals; and
consider, on a risk-sensitive basis, whether obtaining information about the respondent’s major business, the types of customers it attracts, and the quality of its AML systems and controls (including publicly available information about any recent regulatory or criminal sanctions for AML failings) would be appropriate. Where the respondent is a branch, subsidiary or affiliate, correspondents should also consider the status, reputation and AML controls of the parent.
- Establish and document the nature and purpose of the service provided, as well as the responsibilities of each institution. This may include setting out, in writing, the scope of the relationship, which products and services will be supplied, and how and by whom the correspondent banking facility can be used (e.g. if it can be used by other banks through their relationship with the respondent).
Monitor the business relationship, including transactions, to identify changes in the respondent’s risk profile and detect unusual or suspicious behaviour, including activities that are not consistent with the purpose of the services provided or that are contrary to commitments that have been concluded between the correspondent and the respondent. Where the correspondent bank allows the respondent’s customers direct access to accounts (e.g. payable-through accounts, or nested accounts), it should conduct enhanced ongoing monitoring of the business relationship. Due to the nature of correspondent banking, post-execution monitoring is the norm.
- Ensure that the CDD information they hold is up to date.
Correspondents must also establish that the respondent does not permit its accounts to be used by a shell bank,21 in line with Article 24 of Directive (EU) 2015/849. This may include asking the respondent for confirmation that it does not deal with shell banks, having sight of relevant passages in the respondent’s policies and procedures, or considering publicly available information, such as legal provisions that prohibit the servicing of shell banks.
In cases of cross-border correspondent relationships with respondent institutions from third countries, Article 19 of Directive (EU) 2015/849 requires that the correspondent also apply specific EDD measures in addition to the CDD measures set out in Article 13 of Directive (EU) 2015/849.
There is no requirement in Directive (EU) 2015/849 for correspondents to apply CDD measures to the respondent’s individual customers.
Correspondents should bear in mind that CDD questionnaires provided by international organisations are not normally designed specifically to help correspondents comply with their obligations under Directive (EU) 2015/849.
When considering whether to use these questionnaires, correspondents should assess whether they will be sufficient to allow them to comply with their obligations under Directive (EU) 2015/849 and should take additional steps where necessary.
Respondents based in non-EEA countries
Where the respondent is based in a third country, Article 19 of Directive (EU) 2015/849 requires correspondents to apply specific EDD measures in addition to the CDD measures set out in Article 13 of Directive (EU) 2015/849.
90. Correspondents must apply each of these EDD measures to respondents based in a non- EEA country, but correspondents can adjust the extent of these measures on a risk- sensitive basis. For example, if the correspondent is satisfied, based on adequate research, that the respondent is based in a third country that has an effective AML/CFT regime, supervised effectively for compliance with these requirements, and that there are no grounds to suspect that the respondent’s AML policies and procedures are, or have recently been deemed, inadequate, then the assessment of the respondent’s AML controls may not necessarily have to be carried out in full detail.
Correspondents should always adequately document their CDD and EDD measures and decision-making processes.
Article 19 of Directive (EU) 2015/849 requires correspondents to take risk-sensitive measures to:
- Gather sufficient information about a respondent institution to understand fully the nature of the respondent’s business, in order to establish the extent to which the respondent’s business exposes the correspondent to higher money-laundering risk. This should include taking steps to understand and risk-assess the nature of respondent’s customer base and the type of activities that the respondent will transact through the correspondent account.
- Determine from publicly available information the reputation of the institution and the quality of supervision. This means that the correspondent should assess the extent to which the correspondent can take comfort from the fact that the respondent is adequately supervised for compliance with its AML obligations. A number of publicly available resources, for example FATF or FSAP assessments, which contain sections on effective supervision, may help correspondents establish this.
- Assess the respondent institution’s AML/CFT controls. This implies that the correspondent should carry out a qualitative assessment of the respondent’s AML/CFT control framework, not just obtain a copy of the respondent’s AML policies and procedures. This assessment should be documented appropriately. In line with the risk-based approach, where the risk is especially high and in particular where the volume of correspondent banking transactions is substantive, the correspondent should consider on-site visits and/or sample testing to be satisfied that the respondent’s AML policies and procedures are implemented effectively.
- Obtain approval from senior management, as defined in Article 3(12) of Directive (EU) 2015/849, before establishing new correspondent relationships. The approving senior manager should not be the officer sponsoring the relationship and the higher the risk associated with the relationship, the more senior the approving senior manager should be. Correspondents should keep senior management informed of high-risk correspondent banking relationships and the steps the correspondent takes to manage that risk effectively.
- Document the responsibilities of each institution. This may be part of the correspondent’s standard terms and conditions but correspondents should set out, in writing, how and by whom the correspondent banking facility can be used (e.g. if it can be used by other banks through their relationship with the respondent) and what the respondent’s AML/CFT responsibilities are. Where the risk associated with the relationship is high, it may be appropriate for the correspondent to satisfy itself that the respondent complies with its responsibilities under this agreement, for example through ex post transaction monitoring.
- With respect to payable-through accounts and nested accounts, be satisfied that the respondent credit or financial institution has verified the identity of and performed ongoing due diligence on the customer having direct access to accounts of the correspondent and that it is able to provide relevant CDD data to the correspondent institution upon request. Correspondents should seek to obtain confirmation from the respondent that the relevant data can be provided upon request.
Respondents based in EEA countries – Measure – Sectoral guidelines for correspondent banks
Where the respondent is based in an EEA country, Article 19 of Directive (EU) 2015/849 does not apply. The correspondent is, however, still obliged to apply risk-sensitive CDD measures pursuant to Article 13 of Directive (EU) 2015/849.
Where the risk associated with a respondent based in an EEA Member State is increased, correspondents must apply EDD measures in line with Article 18 of Directive (EU) 2015/849. In that case, correspondents should consider applying at least some of the EDD measures described in Article 19 of Directive (EU) 2015/849, in particular Article 19(a) and (b).
Unsere Praxisseminare Geldwäsche und Fraud – Basisseminar, Geldwäsche und Fraud – Aufbauseminar, Geldwäsche & Fraud – Update und Geldwäsche & Fraud – Forum verschaffen Ihnen einen umfassenden Überblick zu den aktuellen gesetzlichen Neuerungen und unterstützen Sie dabei, Geldwäsche- und Betrugsstrukturen zu erkennen, zu bewerten und rechtzeitig zu verhindern. In den Compliance-Seminaren wie Compliance, Compliance für Vertriebsbeauftragte, Neue Compliance-Funktion gemäß MaRisk oder auch Compliance im Fokus der Bankenaufsicht werden Ihnen die Ausgestaltung der Schnittstellen zwischen Compliance, Datenschutz, IT, Zentrale Stelle und Interner Revision näher gebracht. Auch die Mindestanforderungen zum Aufbau eines Gesamt-IKS werden hier beispielsweise näher erläutert.