What Does it Mean for Banks?

The Wolfsberg Group is a non-governmental association of thirteen global banks. Their goal is to develop financial industry standards for Anti-Money Laundering (AML), Know Your Customer (KYC), and Counter Terrorist Financing (CTF) policies. The work this organisation does is not only hugely influential, but it also serves as a cornerstone to most banks’ financial crime compliance programmes.  
 

On October 28th, 2022, for the first time since 2014, the Group published an updated version of its Financial Crime Principles for Correspondent Banking. Considering how much this sector has transformed in the past decade, and how criminal activity has evolved in tandem, this is a much-welcome development.  

With these updated principles, the Wolfsberg Group aims to “promote effective risk management and enable Institutions to exercise sound business judgement with respect to their correspondent banking customers.” At the same time, it says, “adherence to these Principles will support the aim of Group members and the wider industry to prevent the use of global networks for criminal purposes.” 

Who do these principles apply to? 

The Wolfsberg Financial Crime Principles in Correspondent Banking apply specifically to financial institutions that provide banking-related services between banks, such as executing third-party payments, trade transactions, and processing paper clearing needs in a particular currency. Incidentally, this is how the Wolfsberg Group defines correspondent banking activity.  

The group recognises that processing third party transactions is no longer the exclusive dominion of banks and indicates that, dependent on their risk appetite, financial institutions can extend correspondent banking services to other entities such as:  
 

• Non-Bank Financial Institutions and Payments Service Providers  
• Money Services Businesses/Money or Transfer of Value Businesses  
• Fintechs  
• Virtual Asset Service Providers  

 
What do correspondent banks need to do?  
 
The three main areas to which financial institutions need to adhere are (and it’s also important to note, as a theme throughout these principles, that the Wolfsberg Group recommends a risk-based approach. This simply means identifying the level of risk and reacting appropriately):

1. Risk appetite  
2. Risk-based due diligence  
3. Monitoring and review  
   

1. Risk Appetite

Banks offering correspondent banking services need to define their risk appetite through a formal governance body, subject to specific oversight, which is to be approved by the bank’s board.   

This risk appetite should set out the different types of parties and transactional activity that the correspondent bank prohibits or limits from being processed.   
 

2. Risk-Based Due Diligence
   Under the revised rules, banks should also perform due diligence on their correspondent banking customers, also known as respondents, to establish whether they meet the criteria defined in the risk policy. The Wolfsberg Group highlights that even relationships with branches or subsidiaries of the same banking group should be reviewed against these same criteria.  
    

The level of risk of a relationship with a respondent can be dependent on:  
 

• Geographic risk  
• Ownership and management structures  
• The products and services offered by and to the respondent  

• The respondent bank’s customer base  
• Their regulatory status and history  
• Their maturity in terms of financial crime controls  

 
Correspondent banks should further ensure that they are not conducting any business with shell banks  and perform customer visits whenever possible. When a respondent presents greater risks, the correspondent bank should perform an Enhanced Due Diligence, which is performing additional research on the nature of politically exposed persons (in other words, figures with prominent roles who are more likely to be targeted with bribes or involved in corruption) or downstream financial institutions. The onboarding of such customers is subject to higher levels of approval within the bank.  

3. Monitoring and Review
   Correspondent banks need to implement policies and procedures to detect and investigate unusual or suspicious activity. This includes monitoring the respondent’s transactions and reviewing that these are in line with the information collected during customer due diligence. There should be a feedback loop between due diligence information and transaction monitoring, to ensure that risks are communicated and effectively managed between Know Your Client and Know Your Transaction processes.  

The relationships with respondent banks should be reviewed on an ongoing basis, particularly for customers that present a higher level of risk, or when there’s an indication of suspicious activity. This could come in the form of materially adverse media reports, sanctions, or the detection of transactions that indicate elevated risk levels.  

Looking ahead

The Wolfsberg Group provides a clear and widely adopted approach for banks to identify and manage the risks associated with correspondent banking activities – and we are happy to see that they have updated their principles to reflect today’s changed environment.   

When banks become too risk-averse and the costs of customer due diligence spiral out of control, they tend to reduce the number of correspondent banking relationships they maintain. This ends up hurting financial inclusion by closing certain payment corridors. The realities of this phenomenon have been clearly documented by the Bank of International Settlements.  

We hope that these updated principles will better enable banks to strike the right balance between fighting financial crime and maintaining financial inclusion.   

Have you already adapted your policies to these revised principles? If not, RedCompass Labs team can help.