Bank Secrecy Act
Foreign Correspondent Account Recordkeeping and Due Diligence—Overview
Objective. Assess the bank’s compliance with statutory and regulatory requirements for correspondent accounts for foreign shell banks, foreign correspondent account recordkeeping, and due diligence programs to detect and report money laundering and suspicious activity. Refer to the expanded sections of the manual for discussions and examination procedures regarding specific money laundering risks associated with foreign correspondent accounts.
One of the central goals of the USA PATRIOT Act was to protect access to the U.S. financial system by requiring certain records and due diligence programs for foreign correspondent accounts. In addition, the USA PATRIOT Act prohibits accounts with foreign shell banks. Foreign correspondent accounts, as noted in past U.S. Senate investigative reports 105 are a gateway into the U.S. financial system. This section of the manual covers the regulatory requirements established by sections 312, 313, and 319(b) of the USA PATRIOT Act and by the implementing regulations at 31 CFR 103.175, 103.176, 103.177, and 103.185. Additional discussions and procedures regarding specific money laundering risks for foreign correspondent banking activities, such as bulk shipments of currency, pouch activity, U.S. dollar drafts, and payable through accounts, are included in the expanded sections.
Foreign Shell Bank Prohibition and Foreign Correspondent Account Recordkeeping
For purposes of 31 CFR 103.177 and 103.185, a "correspondent account" is an account established by a bank for a foreign bank to receive deposits from, or to make payments or other disbursements on behalf of the foreign bank, or to handle other financial transactions related to the foreign bank. An "account" means any formal banking or business relationship established to provide regular services, dealings, and other financial transactions. It includes a demand deposit, savings deposit, or other transaction or asset account and a credit account or other extension of credit (31 CFR 103.175(d)). Accounts maintained by foreign banks for financial institutions covered by the rule are not "correspondent accounts" subject to this regulation.106
Under 31 CFR 103.177 a bank is prohibited from establishing, maintaining, administering, or managing a correspondent account in the United States for, or on behalf of, a foreign shell bank. A foreign shell bank is defined as a foreign bank without a physical presence in any country.107 An exception, however, permits a bank to maintain a correspondent account for a foreign shell bank that is a regulated affiliate.108 31 CFR 103.177 also requires that a bank take reasonable steps to ensure that any correspondent account established, maintained, administered, or managed in the United States for a foreign bank is not being used by that foreign bank to provide banking services indirectly to foreign shell banks.
A bank that maintains a correspondent account in the United States for a foreign bank must maintain records in the United States identifying the owners of each foreign bank.109 A bank must also record the name and street address of a person who resides in the United States and who is authorized, and has agreed, to be an agent to accept service of legal process.110 Under 31 CFR 103.185, a bank must produce these records within seven days upon receipt of a written request from a federal law enforcement officer.
The U.S. Treasury, working with the industry and federal banking and law enforcement agencies, developed a "certification process" to assist banks in complying with the recordkeeping provisions. This process includes certification and recertification forms. While banks are not required to use these forms, a bank will be "deemed to be in compliance" with the regulation if it obtains a completed certification form from the foreign bank and receives a recertification on or before the three-year anniversary of the execution of the initial or previous certification. 111
The regulation also contains specific provisions as to when banks must obtain the required information or close correspondent accounts. Banks must obtain certifications (or recertifications) or otherwise obtain the required information within 30 calendar days after the date an account is established and at least once every three years thereafter. If the bank is unable to obtain the required information, it must close all correspondent accounts with the foreign bank within a commercially reasonable time.
A bank should review certifications for reasonableness and accuracy. If a bank at any time knows, suspects, or has reason to suspect that any information contained in a certification (or recertification), or that any other information it relied on is no longer correct, the bank must request that the foreign bank verify or correct such information, or the bank must take other appropriate measures to ascertain its accuracy. Therefore, banks should review certifications for potential problems that may warrant further review, such as use of post office boxes or forwarding addresses. If the bank has not obtained the necessary or corrected information within 90 days, it must close the account within a commercially reasonable time. During this time, the bank may not permit the foreign bank to establish any new financial positions or execute any transactions through the account, other than those transactions necessary to close the account. Also, a bank may not establish any other correspondent account for the foreign bank until it obtains the required information.
A bank must also retain the original of any document provided by a foreign bank, and retain the original or a copy of any document otherwise relied on for the purposes of the regulation, for at least five years after the date that the bank no longer maintains any correspondent account for the foreign bank.
Under section 319(b) of the USA PATRIOT Act, the Secretary of the Treasury or the U.S. Attorney General may issue a subpoena or summons to any foreign bank that maintains a correspondent account in the United States to obtain records relating to that account, including records maintained abroad, or to obtain records relating to the deposit of funds into the foreign bank. If the foreign bank fails to comply with the subpoena or fails to initiate proceedings to contest that subpoena, the Secretary of the Treasury or the U.S. Attorney General (after consultations with each other) may, by written notice, direct a bank to terminate its relationship with a foreign correspondent bank. If a bank fails to terminate the correspondent relationship within ten days of receipt of notice, it could be subject to a civil money penalty of up to $10,000 per day until the correspondent relationship is terminated.
Requests for AML Records by Federal Regulator
Also, upon request by its federal regulator, a bank must provide or make available records related to AML compliance of the bank or one of its customers, within 120 hours from the time of the request (31 USC 5318(k)(2)).
Special Due Diligence Program for Foreign Correspondent Accounts
Section 312 of the USA PATRIOT Act added subsection (i) to 31 USC 5318 of the BSA. This subsection requires each U.S. financial institution that establishes, maintains, administers, or manages a correspondent account in the United States for a foreign financial institution to take certain AML measures for such accounts. In addition, section 312 of the USA PATRIOT Act specifies additional standards for correspondent accounts maintained for certain foreign banks.
On January 4, 2006, FinCEN published a final regulation (31 CFR 103.176) implementing the due diligence provisions of 31 USC 5318(i)(1). Subsequently, on August 9, 2007, FinCEN published an amendment to that final regulation, implementing the EDD provisions of 31 USC 5318(i)(2) with respect to correspondent accounts established or maintained for certain foreign banks.
General Due Diligence
31 CFR 103.176(a) requires banks to establish a due diligence program that includes appropriate, specific, risk-based, and, where necessary, enhanced policies, procedures, and controls that are reasonably designed to enable the bank to detect and report, on an ongoing basis, any known or suspected money laundering activity conducted through or involving any correspondent account established, maintained, administered, or managed by the bank in the United States for a foreign financial institution112 ("foreign correspondent account").
Due diligence policies, procedures, and controls must include each of the following:
- Determining whether each such foreign correspondent account is subject to EDD (refer to "Enhanced Due Diligence" below).
- Assessing the money laundering risks presented by each such foreign correspondent account.
- Applying risk-based procedures and controls to each such foreign correspondent account reasonably designed to detect and report known or suspected money laundering activity, including a periodic review of the correspondent account activity sufficient to determine consistency with information obtained about the type, purpose, and anticipated activity of the account.
Risk assessment of foreign financial institutions. A bank’s general due diligence program must include policies, procedures, and processes to assess the risks posed by the bank’s foreign financial institution customers. A bank’s resources are most appropriately directed at those accounts that pose a more significant money laundering risk. The bank’s due diligence program should provide for the risk assessment of foreign correspondent accounts considering all relevant factors, including, as appropriate:
- The nature of the foreign financial institution’s business and the markets it serves.
- The type, purpose, and anticipated activity of the foreign correspondent account.
- The nature and duration of the bank’s relationship with the foreign financial institution (and, if relevant, with any affiliate of the foreign financial institution).
- The AML and supervisory regime of the jurisdiction that issued the charter or license to the foreign financial institution and, to the extent that information regarding such jurisdiction is reasonably available, of the jurisdiction in which any company that is an owner of the foreign financial institution is incorporated or chartered.
- Information known or reasonably available to the bank about the foreign financial institution’s AML record, including public information in standard industry guides, periodicals, and major publications.
Banks are not required to evaluate all of the above factors for every correspondent account.
Monitoring of foreign correspondent accounts. As part of ongoing due diligence, banks should periodically review their foreign correspondent accounts. Monitoring will not, in the ordinary situation, involve scrutiny of every transaction taking place within the account, but, instead, should involve a review of the account sufficient to ensure that the bank can determine whether the nature and volume of account activity is generally consistent with information regarding the purpose of the account and expected account activity and to ensure that the bank can adequately identify suspicious transactions.
An effective due diligence program will provide for a range of due diligence measures, based upon the bank’s risk assessment of each foreign correspondent account. The starting point for an effective due diligence program, therefore, should be a stratification of the money laundering risk of each foreign correspondent account based on the bank’s review of relevant risk factors (such as those identified above) to determine which accounts may require increased measures. The due diligence program should identify risk factors that would warrant the institution conducting additional scrutiny or increased monitoring of a particular account. As due diligence is an ongoing process, a bank should take measures to ensure account profiles are current and monitoring should be risk-based. Banks should consider whether risk profiles should be adjusted or suspicious activity reported when the activity is inconsistent with the profile.
Enhanced Due Diligence
31 CFR 103.176(b) requires banks to establish risk-based EDD policies, procedures, and controls when establishing, maintaining, administering, or managing a correspondent account in the United States for certain foreign banks (as identified in 31 CFR 103.176(c) operating under any one or more of the following:
- An offshore banking license.113
- A banking license issued by a foreign country that has been designated as noncooperative with international AML principles or procedures by an intergovernmental group or organization of which the United States is a member, and with which designation the United States representative to the group or organization concurs.114
- A banking license issued by a foreign country that has been designated by the Secretary of the Treasury as warranting special measures due to money laundering concerns.
If such an account is established or maintained, 31 CFR 103.176(b) requires the bank to establish EDD policies, procedures, and controls to ensure that the bank, at a minimum, takes reasonable steps to:
- Determine, for any such foreign bank whose shares are not publicly traded, the identity of each of the owners of the foreign bank, and the nature and extent of the ownership interest of each such owner.115
- Conduct enhanced scrutiny of such account to guard against money laundering and to identify and report any suspicious transactions in accordance with applicable laws and regulations. This enhanced scrutiny is to reflect the risk assessment of the account and shall include, as appropriate:
- Obtaining and considering information relating to the foreign bank’s anti-money laundering program to assess the risk of money laundering presented by the foreign bank’s correspondent account.
- Monitoring transactions to, from, or through the correspondent account in a manner reasonably designed to detect money laundering and suspicious activity.
- Obtaining information from the foreign bank about the identity of any person with authority to direct transactions through any correspondent account that is a payable through account, and the sources and the beneficial owner of funds or other assets in the payable through account.
- Determine whether the foreign bank for which the correspondent account is maintained in turn maintains correspondent accounts for other foreign banks that use the foreign bank’s correspondent account and, if so, take reasonable steps to obtain information relevant to assess and mitigate money laundering risks associated with the foreign bank’s correspondent accounts for other foreign banks, including, as appropriate, the identity of those foreign banks.
In addition to those categories of foreign banks identified in the regulation as requiring EDD, banks may find it appropriate to conduct additional due diligence measures on foreign financial institutions identified through application of the bank’s general due diligence program as posing a higher risk for money laundering. Such measures may include any or all of the elements of EDD set forth in the regulation, as appropriate for the risks posed by the specific foreign correspondent account.
As also noted in the above section on general due diligence, a bank’s resources are most appropriately directed at those accounts that pose a more significant money laundering risk. Accordingly, where a bank is required or otherwise determines that it is necessary to conduct EDD in connection with a foreign correspondent account, the bank may consider the risk assessment factors discussed in the section on general due diligence when determining the extent of the EDD that is necessary and appropriate to mitigate the risks presented. In particular, the anti-money laundering and supervisory regime of the jurisdiction that issued a charter or license to the foreign financial institution may be especially relevant in a bank’s determination of the nature and extent of the risks posed by a foreign correspondent account and the extent of the EDD to be applied.
Special Procedures When Due Diligence Cannot Be Performed
A bank’s due diligence policies, procedures, and controls established pursuant to 31 CFR 103.176(a) must include procedures to be followed in circumstances when appropriate due diligence or EDD cannot be performed with respect to a foreign correspondent account, including when the bank should:
- Refuse to open the account.
- Suspend transaction activity.
- File a SAR.
- Close the account.