Bank Secrecy Act
Foreign Correspondent Account Recordkeeping, Reporting, and Due Diligence—Overview
Objective. Assess the bank’s compliance with statutory and regulatory requirements for correspondent accounts for foreign shell banks, foreign correspondent account recordkeeping, and due diligence programs to detect and report money laundering and suspicious activity. Assess the bank's compliance with the Comprehensive Iran Sanctions, Accountability, and Divestment Act (CISADA), if applicable. Refer to the expanded sections of the manual for discussions and examination procedures regarding specific money laundering risks associated with foreign correspondent accounts.
One of the central goals of the USA PATRIOT Act was to protect access to the U.S. financial system by requiring certain records, reports, and due diligence programs for foreign correspondent accounts. In addition, the USA PATRIOT Act prohibits accounts with foreign shell banks. Foreign correspondent accounts, as noted in past U.S. Senate investigative reports,117Correspondent Banking: A Gateway for Money Laundering. Refer to Senate Hearing 107-84. The report appears on page 273 of volume 1 of the hearing records entitled Role of U.S. Correspondent Banking in International Money Laundering, held on March 1, 2, and 6, 2001. are a gateway into the U.S. financial system. This section of the manual covers the regulatory requirements established by sections 312, 313, and 319(b) of the USA PATRIOT Act and by the implementing regulations at 31 CFR 1010.100, 1010.610, 1010.630, and 1010.670. Additional discussions and procedures regarding specific money laundering risks for foreign correspondent banking activities, such as bulk shipments of currency, pouch activity, U.S. dollar drafts, and payable through accounts, are included in the expanded sections.
Foreign Shell Bank Prohibition and Foreign Correspondent Account Recordkeeping
For purposes of 31 CFR 1010.630 and 1010.670, a "correspondent account" is an account established by a bank for a foreign bank to receive deposits from, or to make payments or other disbursements on behalf of the foreign bank, or to handle other financial transactions related to the foreign bank. An "account" means any formal banking or business relationship established to provide regular services, dealings, and other financial transactions. It includes a demand deposit, savings deposit, or other transaction or asset account and a credit account or other extension of credit (31 CFR 1010.605(c)). Accounts maintained by foreign banks for financial institutions covered by the rule are not "correspondent accounts" subject to this regulation.11871 Fed. Reg. 499. FinCEN has issued interpretive guidance, Application of Correspondent Account Rules to the Presentation of Negotiable Instruments Received by a Covered Financial Institution for Payment,FIN-2008-G001, January 30, 2008, which states, "In the ordinary course of business, a covered financial institution may receive negotiable instruments for payment from a foreign financial institution with which it maintains a correspondent relationship. FinCEN does not view the transaction-by-transaction presentation of a negotiable instrument to a foreign paying institution—either directly or through a clearing facility — to be the establishment of a formal banking or business relationship by a covered financial institution for purposes of complying with the correspondent account rule."
Under 31 CFR 1010.630 a bank is prohibited from establishing, maintaining, administering, or managing a correspondent account in the United States for, or on behalf of, a foreign shell bank. A foreign shell bank is defined as a foreign bank without a physical presence in any country.119"Physical presence" means a place of business that:
- Is maintained by a foreign bank.
- Is located at a fixed address (other than solely an electronic address or a post office box) in a country in which the foreign financial institution is authorized to conduct banking activities, at which location the foreign financial institution:
- Employs one or more persons on a full-time basis.
- Maintains operating records related to its banking activities.
- Is subject to inspection by the banking authority that licensed the foreign financial institution to conduct banking activities. An exception, however, permits a bank to maintain a correspondent account for a foreign shell bank that is a regulated affiliate.120A "regulated affiliate" is a shell bank that is affiliated with a depository institution, credit union, or foreign bank that maintains a physical presence in the United States or in another jurisdiction. The regulated affiliate shell bank must also be subject to supervision by the banking authority that regulates the affiliated entity. 31 CFR 1010.630 also requires that a bank take reasonable steps to ensure that any correspondent account established, maintained, administered, or managed in the United States for a foreign bank is not being used by that foreign bank to provide banking services indirectly to foreign shell banks.
A bank that maintains a correspondent account in the United States for a foreign bank must maintain records in the United States identifying the owners of each foreign bank.121To minimize the recordkeeping burdens, ownership information is not required for foreign financial institutions that file a form FR Y-7 (Annual Report of Foreign Banking Organizations) with the Federal Reserve or for those foreign financial institutions that are publicly traded. "Publicly traded" refers to shares that are traded on an exchange or an organized over-the-counter market that is regulated by a foreign securities authority as defined in section 3(a)(50) of the Securities Exchange Act of 1934. A bank must also record the name and street address of a person who resides in the United States and who is authorized, and has agreed, to be an agent to accept service of legal process.122"Service of legal process" means that the agent is willing to accept legal documents, such as subpoenas, on behalf of the foreign bank. Under 31 CFR 1010.670, a bank must produce these records within seven days upon receipt of a written request from a federal law enforcement officer.
The U.S. Treasury, working with the industry and federal banking and law enforcement agencies, developed a "certification process" to assist banks in complying with the recordkeeping provisions. This process includes certification and recertification forms. While banks are not required to use these forms, a bank will be "deemed to be in compliance" with the regulation if it obtains a completed certification form from the foreign bank and receives a recertification on or before the three-year anniversary of the execution of the initial or previous certification.123Refer to Frequently Asked Questions, Foreign Bank Recertifications under 31 CFR 103.177, FIN-2006-G003, February 3, 2006.
The regulation also contains specific provisions as to when banks must obtain the required information or close correspondent accounts. Banks must obtain certifications (or recertifications) or otherwise obtain the required information within 30 calendar days after the date an account is established and at least once every three years thereafter. If the bank is unable to obtain the required information, it must close all correspondent accounts with the foreign bank within a commercially reasonable time.
A bank should review certifications for reasonableness and accuracy. If a bank at any time knows, suspects, or has reason to suspect that any information contained in a certification (or recertification), or that any other information it relied on is no longer correct, the bank must request that the foreign bank verify or correct such information, or the bank must take other appropriate measures to ascertain its accuracy. Therefore, banks should review certifications for potential problems that may warrant further review, such as use of post office boxes or forwarding addresses. If the bank has not obtained the necessary or corrected information within 90 days, it must close the account within a commercially reasonable time. During this time, the bank may not permit the foreign bank to establish any new financial positions or execute any transactions through the account, other than those transactions necessary to close the account. Also, a bank may not establish any other correspondent account for the foreign bank until it obtains the required information.
A bank must also retain the original of any document provided by a foreign bank, and retain the original or a copy of any document otherwise relied on for the purposes of the regulation, for at least five years after the date that the bank no longer maintains any correspondent account for the foreign bank.
Under section 319(b) of the USA PATRIOT Act, the Secretary of the Treasury or the U.S. Attorney General may issue a subpoena or summons to any foreign bank that maintains a correspondent account in the United States to obtain records relating to that account, including records maintained abroad, or to obtain records relating to the deposit of funds into the foreign bank. If the foreign bank fails to comply with the subpoena or fails to initiate proceedings to contest that subpoena, the Secretary of the Treasury or the U.S. Attorney General (after consultations with each other) may, by written notice, direct a bank to terminate its relationship with a foreign correspondent bank. If a bank fails to terminate the correspondent relationship within ten days of receipt of notice, it could be subject to a civil money penalty of up to $10,000 per day until the correspondent relationship is terminated.
Requests for AML Records by Federal Regulator
Also, upon request by its federal regulator, a bank must provide or make available records related to AML compliance of the bank or one of its customers, within 120 hours from the time of the request (31 USC 5318(k)(2)).
Special Due Diligence Program for Foreign Correspondent Accounts
Section 312 of the USA PATRIOT Act added subsection (i) to 31 USC 5318 of the BSA. This subsection requires each U.S. financial institution that establishes, maintains, administers, or manages a correspondent account in the United States for a foreign financial institution to take certain AML measures for such accounts. In addition, section 312 of the USA PATRIOT Act specifies additional standards for correspondent accounts maintained for certain foreign banks.
General Due Diligence
31 CFR 1010.610(a) requires banks to establish a due diligence program that includes appropriate, specific, risk-based, and, where necessary, enhanced policies, procedures, and controls that are reasonably designed to enable the bank to detect and report, on an ongoing basis, any known or suspected money laundering activity conducted through or involving any correspondent account established, maintained, administered, or managed by the bank in the United States for a foreign financial institution124The term "foreign financial institution" as defined in 31 CFR 1010.605(f) generally includes:
- A foreign bank.
- A foreign branch or office of a U.S. bank, broker/dealer in securities, futures commission merchant, introducing broker, or mutual fund.
- Any other person organized under foreign law that, if located in the United States, would be a broker/dealer in securities, futures commission merchant, introducing broker, or mutual fund.
- Any person organized under foreign law that is engaged in the business of, and is readily identifiable as, a currency dealer or exchanger or a money transmitter. ("foreign correspondent account").
Due diligence policies, procedures, and controls must include each of the following:
- Determining whether each such foreign correspondent account is subject to EDD (refer to "Enhanced Due Diligence" below).
- Assessing the money laundering risks presented by each such foreign correspondent account.
- Applying risk-based procedures and controls to each such foreign correspondent account reasonably designed to detect and report known or suspected money laundering activity, including a periodic review of the correspondent account activity sufficient to determine consistency with information obtained about the type, purpose, and anticipated activity of the account.
Risk assessment of foreign financial institutions. A bank’s general due diligence program must include policies, procedures, and processes to assess the risks posed by the bank’s foreign financial institution customers. A bank’s resources are most appropriately directed at those accounts that pose a more significant money laundering risk. The bank’s due diligence program should provide for the risk assessment of foreign correspondent accounts considering all relevant factors, including, as appropriate:
- The nature of the foreign financial institution’s business and the markets it serves.
- The type, purpose, and anticipated activity of the foreign correspondent account.
- The nature and duration of the bank’s relationship with the foreign financial institution (and, if relevant, with any affiliate of the foreign financial institution).
- The AML and supervisory regime of the jurisdiction that issued the charter or license to the foreign financial institution and, to the extent that information regarding such jurisdiction is reasonably available, of the jurisdiction in which any company that is an owner of the foreign financial institution is incorporated or chartered.
- Information known or reasonably available to the bank about the foreign financial institution’s AML record, including public information in standard industry guides, periodicals, and major publications.
Banks are not required to evaluate all of the above factors for every correspondent account.
Monitoring of foreign correspondent accounts. As part of ongoing due diligence, banks should periodically review their foreign correspondent accounts. Monitoring will not, in the ordinary situation, involve scrutiny of every transaction taking place within the account, but, instead, should involve a review of the account sufficient to ensure that the bank can determine whether the nature and volume of account activity is generally consistent with information regarding the purpose of the account and expected account activity and to ensure that the bank can adequately identify suspicious transactions.
An effective due diligence program will provide for a range of due diligence measures, based upon the bank’s risk assessment of each foreign correspondent account. The starting point for an effective due diligence program, therefore, should be a stratification of the money laundering risk of each foreign correspondent account based on the bank’s review of relevant risk factors (such as those identified above) to determine which accounts may require increased measures. The due diligence program should identify risk factors that would warrant the institution conducting additional scrutiny or increased monitoring of a particular account. As due diligence is an ongoing process, a bank should take measures to ensure account profiles are current and monitoring should be risk-based. Banks should consider whether risk profiles should be adjusted or suspicious activity reported when the activity is inconsistent with the profile.
Enhanced Due Diligence
31 CFR 1010.610(b) requires banks to establish risk-based EDD policies, procedures, and controls when establishing, maintaining, administering, or managing a correspondent account in the United States for certain foreign banks (as identified in 31 CFR 1010.610(c) operating under any one or more of the following:
- An offshore banking license.125The USA PATRIOT Act (31 USC 5318(i)(4)(A) and 31 CFR 1010.605(i) define an offshore banking license as a license to conduct banking activities that, as a condition of the license, prohibits the licensed entity from conducting banking activities with the citizens, or in the local currency of, the jurisdiction that issued the license.
- A banking license issued by a foreign country that has been designated as noncooperative with international AML principles or procedures by an intergovernmental group or organization of which the United States is a member, and with which designation the United States representative to the group or organization concurs.126The Financial Action Task Force (FATF) is the only intergovernmental organization of which the United States is a member that has designated countries as noncooperative with international anti-money laundering principles. The United States has concurred with all FATF designations to date.
- A banking license issued by a foreign country that has been designated by the Secretary of the Treasury as warranting special measures due to money laundering concerns.
If such an account is established or maintained, 31 CFR 1010.610(b) requires the bank to establish EDD policies, procedures, and controls to ensure that the bank, at a minimum, takes reasonable steps to:
- Determine, for any such foreign bank whose shares are not publicly traded, the identity of each of the owners of the foreign bank, and the nature and extent of the ownership interest of each such owner.127An "owner" is any person who directly or indirectly owns, controls, or has the power to vote 10 percent or more of any class of securities of a foreign bank (31 CFR 1010.610(b)(3). "Publicly traded" means shares that are traded on an exchange or an organized over-the-counter market that is regulated by a foreign securities authority, as defined in section 3(a)(50) of the Securities Exchange Act of 1934 (15 USC 78c(a)(50)) (1010.610(b)(3). Guidance on Obtaining and Retaining Beneficial Ownership Information, was issued by FinCEN, Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, Office of Thrift Supervision, and Securities and Exchange Commission, in consultation with the Commodity Futures Trading Commission, in May 2010, The guidance consolidates existing regulatory expectations for obtaining beneficial ownership information for certain accounts and customer relationships.
- Conduct enhanced scrutiny of such account to guard against money laundering and to identify and report any suspicious transactions in accordance with applicable laws and regulations. This enhanced scrutiny is to reflect the risk assessment of the account and shall include, as appropriate:
- Obtaining and considering information relating to the foreign bank’s anti-money laundering program to assess the risk of money laundering presented by the foreign bank’s correspondent account.
- Monitoring transactions to, from, or through the correspondent account in a manner reasonably designed to detect money laundering and suspicious activity.
- Obtaining information from the foreign bank about the identity of any person with authority to direct transactions through any correspondent account that is a payable through account, and the sources and the beneficial owner of funds or other assets in the payable through account.
- Determine whether the foreign bank for which the correspondent account is maintained in turn maintains correspondent accounts for other foreign banks that use the foreign bank’s correspondent account and, if so, take reasonable steps to obtain information relevant to assess and mitigate money laundering risks associated with the foreign bank’s correspondent accounts for other foreign banks, including, as appropriate, the identity of those foreign banks.
In addition to those categories of foreign banks identified in the regulation as requiring EDD, banks may find it appropriate to conduct additional due diligence measures on foreign financial institutions identified through application of the bank’s general due diligence program as posing a higher risk for money laundering. Such measures may include any or all of the elements of EDD set forth in the regulation, as appropriate for the risks posed by the specific foreign correspondent account.
As also noted in the above section on general due diligence, a bank’s resources are most appropriately directed at those accounts that pose a more significant money laundering risk. Accordingly, where a bank is required or otherwise determines that it is necessary to conduct EDD in connection with a foreign correspondent account, the bank may consider the risk assessment factors discussed in the section on general due diligence when determining the extent of the EDD that is necessary and appropriate to mitigate the risks presented. In particular, the anti-money laundering and supervisory regime of the jurisdiction that issued a charter or license to the foreign financial institution may be especially relevant in a bank’s determination of the nature and extent of the risks posed by a foreign correspondent account and the extent of the EDD to be applied.
Special Procedures When Due Diligence Cannot Be Performed
A bank’s due diligence policies, procedures, and controls established pursuant to 31 CFR 1010.610 must include procedures to be followed in circumstances when appropriate due diligence or EDD cannot be performed with respect to a foreign correspondent account, including when the bank should:
- Refuse to open the account.
- Suspend transaction activity.
- File a SAR.
- Close the account.
Comprehensive Iran Sanctions, Accountability, and Divestment Act of 2010 Reporting Requirements
The Comprehensive Iran Sanctions, Accountability, and Divestment Act (CISADA) was signed into law on July 1, 2010.128Pub. L. No. 111-195, 124 Stat. 1312 (2010). CISADA authorizes the Secretary of the Treasury to prohibit or impose strict conditions on the opening or maintaining in the United States of correspondent accounts and payable through accounts for foreign financial institutions that the Secretary determines have knowingly engaged in sanctionable activities.
On October 11, 2011, FinCEN issued a final rule implementing reporting requirements under section 104(e)(1)(B) of CISADA (31 CFR 1060.300).129Refer to 76 Fed. Reg. 62607 (October 11, 2011). Also available at the FinCEN Web site. It is important to note that FinCEN will invoke CISADA reporting requirements in very limited instances, as necessary, to elicit valuable information. The final rule requires U.S. banks to report the following information upon receiving a written request from FinCEN:
- Whether the foreign bank maintains a correspondent account for an Iranian-linked financial institution designated under the International Emergency Economic Powers Act ("IEEPA");
- Whether the foreign bank has processed one or more transfers of funds within the preceding 90 calendar days for or on behalf of, directly or indirectly, an Iranian-linked financial institution designated under IEEPA, other than through a correspondent account; and
- Whether the foreign bank has processed one or more transfers of funds within the preceding 90 calendar days for or on behalf of, directly or indirectly, Iran's Islamic Revolutionary Guard Corps ("IRGC") or any of its agents or affiliates designated under IEEPA.
The U.S. bank must report to FinCEN within 45 calendar days regardless of the foreign bank's response (e.g. positive response, negative response, incomplete response, or no response). If information is received from a foreign bank after the 45 calendar day deadline, the U.S. bank must report to FinCEN within 10 calendar days after receipt. The rule also requires the U.S. bank to report to FinCEN instances in which it does not maintain a correspondent account for the specified foreign bank.
In addition, the rule requires the U.S. bank to request the foreign bank to agree to notify them if the foreign bank subsequently establishes a new correspondent account for an Iranian-linked financial institution designated under IEEPA at any time within 365 calendar days from the date of the foreign bank's initial response. Reports regarding new correspondent accounts for an Iranian-linked financial institution designated under IEEPA are due within 10 calendar days after receipt.
FinCEN has developed a model certification form for a U.S. bank to provide to the foreign bank when making its inquiry required by the rule.130 See the document on the FinCEN Web site. The use of the model certification form is optional. However, any alternative form used by a U.S. bank should request the same information as the model certification form.
The rule does not require a bank to take any actions other than those relating to the collection of information regardless of the response received from the foreign bank and the request for information from FinCEN does not relieve the bank of any other regulatory requirement. A bank should assess all of the information it knows about its customer in accordance with its risk-based BSA/AML compliance program to determine whether additional actions should be taken or filing a SAR is warranted.
The bank shall maintain a copy of any report filed with FinCEN and any supporting documentation, including the foreign bank certification, or other responses to an inquiry for a period of five years.