On August 30, 2016, the U.S. Department of the Treasury and the federal banking agencies (the “Agencies”) issued a “Joint Fact Sheet on Foreign Correspondent Banking: Approach to BSA/AML and OFAC Sanctions Supervision and Enforcement” (the “Fact Sheet”). While the Fact Sheet contains no new rules, it does summarize “key aspects of federal supervisory and enforcement strategy and practices in the area of correspondent banking” and clarifies regulatory expectations with regard to rules around correspondent banking and compliance with the Bank Secrecy Act and anti-money laundering regulations.
Banks in the U.S. may maintain certain types of correspondent accounts for foreign financial institutions (“FFIs”). Banks that maintain such accounts in the U.S. are required under existing rules to establish specific, risk-based due diligence policies, procedures and processes “reasonably designed” to manage the risks associated with such accounts held by the bank. The extent and design of such policies, procedures and processes will depend on the risks presented by the FFI for which such an account is held. While this level of detail to specific risks posed by specific FFI correspondent customers of the bank can be helpful, it can also present compliance challenges to a bank with numerous correspondent FFI customers.
For example, the Agencies expect U.S. banks to develop a “clear understanding of FFI risk profiles and expected account activity.” To do this, and in order to determine how to manage such risks, the Fact Sheet confirms that U.S. banks are “expected to obtain and review sufficient information about their FFI relationships, including the types of customers the FFI serves and the markets in which the FFI is active.” Despite this statement, the Fact Sheet specifically states that there is “no general requirement for U.S. depository institutions to conduct due diligence on an FFI’s customers.”
Instead, U.S. banks need to consider the extent to which the information related to an FFI’s markets and types of customers is necessary to assess risks posed by the relationship, satisfy obligations to report suspicious activity and comply with BSA/AML and OFAC obligations. However, for many banks, this has felt like an expectation to know your customer’s customer.
Despite the Fact Sheet’s indication that 95% of compliance deficiencies are resolved through the supervisory process without the need for an enforcement action or penalty, banks with these relationships should be reviewing their policies, procedures and processes for correspondent banking. Releases like these that “summarize” expectations and existing obligations tend to follow observations of non-compliance in the subject matter summarized.