Due diligence of correspondent banking relationships

You must undertake a due diligence assessment prior to entering into a correspondent banking relationship and conduct ongoing due diligence assessments throughout the period of the relationship.

Why additional due diligence is required for correspondent banking relationships

Correspondent banking relationships are recognised globally as being vulnerable to exploitation for money laundering and terrorism financing (ML/TF) purposes. They involve a financial institution carrying out transactions on behalf of another financial institution’s customers, often with very limited information about those end customers.

The correspondent bank often has no direct relationship with the underlying parties to a transaction and is therefore not able to verify their identities. Correspondents often have limited information about the nature or purpose of the underlying transactions, particularly when processing electronic payments.

The ML/TF risks and vulnerabilities may be higher where the respondent financial institution is located in a foreign country which has been assessed under the Financial Action Task Force’s (FATF) Mutual Evaluation processes as having weak AML/CTF laws, or poor or limited supervision of those laws.

When entering or continuing a correspondent banking relationship you should have regard to ML/TF risks presented by the jurisdiction and any measures implemented by the respondent institution to mitigate these risks (e.g. by applying systems and controls consistent with global AML/CTF standards).

Correspondent banking relationships, if poorly managed, can allow other financial services firms with inadequate AML/CTF systems and controls, and customers of those firms, direct access to international banking systems.

For any correspondent bank, the highest risk correspondent banking relationships are those that involve the provision of a vostro account to respondents that:

  • are offshore banks that are limited to conducting business with non-residents or in another non-local currency, and are not subject to appropriate supervision of their AML/CTF controls
  • offer nesting (or downstream correspondent clearing services)
  • are domiciled in jurisdictions with weak regulatory frameworks or AML/CTF controls, or other significant risk factors such as corruption.

Callout box: Downstream correspondent clearance

Downstream correspondent clearance (or nesting) refers to the use of a bank's correspondent relationship by a number of underlying banks or financial institutions through their relationships with the correspondent bank’s direct customer. The underlying respondent banks or financial institutions conduct transactions and obtain access to other financial services without being direct customers of the correspondent bank.

When these services are offered to a respondent that is itself a downstream correspondent clearer, you should use a risk-based approach, take reasonable steps to understand the types and risks of financial institutions to whom the respondent offers such services, take special care to ensure there are no shell bank customers, and consider the degree to which the respondent examines the AML/CTF controls of those financial institutions. Refer to the Wolfsberg Correspondent Banking Due Diligence Questionnaire (February 2018).

Factors to consider when conducting initial and ongoing due diligence assessments

You must consider the factors listed below in your due diligence assessment before entering and during the life of your correspondent banking relationship.

The assessment must be based on information reasonably available when assessing the ML/TF and other serious crime risks.

Ownership, control and management structures

The ownership, control and management structures of the respondent and those of its ultimate parent (if any), including:

  • if publicly owned, whether its shares are traded on a recognised market or exchange in a jurisdiction with a satisfactory regulatory regime, or, if privately owned, the identity of any beneficial owners and controllers
  • location, structure and experience of the board of directors and executive management including whether any of these key personnel are identified as politically exposed persons (PEPs)
  • any relevant information from the respondent’s website and latest annual return.

Nature of the business

The nature, size and complexity of the respondent’s business, including:

  • its products, services, delivery types and customer types
  • the types of transactions carried out on behalf of underlying customers as part of the correspondent banking relationship and the services provided to underlying customers that relate to such transactions.

The type of business the respondent engages in and the type of markets it serves, will be indicative of the risk the respondent presents.

Foreign countries

The foreign countries in which the respondent operates or resides, including:

  • whether the ultimate parent company of the respondent has group-wide AML/CTF systems and controls, and whether the respondent operates within the requirements of those controls
  • the existence and quality of any AML/CTF laws, regulations and supervision in any foreign countries in which the respondent and the parent resides, and the respondent’s compliance practices in relation to those laws and regulations
    • for example, consider the quality of supervision by the primary regulatory body responsible for overseeing or supervising the respondent. If circumstances warrant, you should also consider publicly available materials to ascertain whether the respondent has been the subject of any criminal case or adverse regulatory action in the recent past.
  • establish whether the respondent is regulated for AML/CTF and, if so, whether the respondent is required to verify the identity of its customers and apply other AML/CTF controls to FATF or equivalent standards
  • if you are undertaking due diligence on a branch, subsidiary or affiliate, consideration may be given to the parent having robust group-wide controls, and whether the parent is regulated for AML/CTF to FATF or equivalent standards.

AML/CTF regulations and supervision

You should assess the adequacy and effectiveness of the respondent’s AML/CTF controls and compliance practices in relation to AML/CTF regulations and supervision.

You may also wish to use established industry questionnaires (for example, the Wolfsberg Correspondent Banking Due Diligence Questionnaire) or similar tools to meet this requirement. Additionally, you may also wish to speak with representatives of the respondent to reassure yourself that senior management recognise the importance of AML/CTF controls.

Company reputation

Publicly available information relating to the reputation of the respondent and any related company concerning its compliance history. This includes whether the respondent has been the subject of an investigation, adverse regulatory action in relation to implementation of AML/CTF or sanctions obligations, or criminal or civil proceedings relating to money laundering, terrorism financing or other serious crimes.

Vostro account information

If you provide a vostro account that can be directly accessed by the customers of the respondent (that is, payable through accounts), you must assess whether the respondent:

  • verifies their customer’s identity and subjects them to ongoing customer due diligence
  • is able to provide documents, data or other information relating to the verification and ongoing customer due diligence on request.

Note: If the respondent is unable to provide this data and documentation, then you must not provide a payable-through-account.

Callout box: Documentation

In addition to the requirements for initial and ongoing due diligence assessments, the responsibilities of each party to the correspondent banking relationship must be clearly documented. This includes any other AML/CTF-related expectations you have concerning your respondent institutions. What these expectations are will depend on your particular circumstances, including the size, nature and complexity of your respondent’s business, and the results of your due diligence assessments.

Senior officer approval

A senior officer of your financial institution must approve you entering into a correspondent banking relationship.

For the purposes of correspondent banking relationships, a senior officer does not have to be a person in executive management. The financial institution can determine who is a senior officer, depending on the size and complexity of the organisation.

The senior officer should have sufficient knowledge of your ML/TF and serious crime risk exposure, and have sufficient authority to make decisions affecting your risk exposure.

Written record of the correspondent banking relationship

Within 20 business days after the day of entering into a correspondent banking relationship that involves a vostro account, you must prepare a written record of the arrangement and include details of the responsibilities of each party to the correspondent banking relationship. For example, in the documentation establishing the correspondent banking relationship.

Ongoing due diligence assessments of correspondent banking relationships

Your ongoing due diligence assessments should address the factors outlined above and set out in Chapter 3 of the AML/CTF Rules. Additionally, you must also consider and address any material changes to those risks (for example, changes in the respondent bank’s business model) or to your business relationship with the respondent, including the types of transactions carried out as part of the relationship.

You should be satisfied that the respondent continues to have in place and maintain appropriate risk-based systems and controls to mitigate and manage ML/TF and serious crime risks.

Other factors to consider include, but are not limited to:

  • changes in behaviour or activity, for example, sudden or significant changes in transaction activity by value or volume, or unusual transactions
    • you should conduct transaction monitoring on the respondent institution and the associated underlying transactions
  • significant increases of activity or consistently high levels of activity with higher risk geographic jurisdictions or entities
  • activity that may, in the absence of other explanation, indicate possible money laundering, such as the structuring of transactions under reporting thresholds
  • material changes in ownership or management structure
  • re-classification of the jurisdiction where the respondent institution is located
  • identification of relationships with politically exposed persons (PEPs), either as customers or through involvement in the ownership and control structures
  • adverse media coverage of the respondent institution.

Callout box: Initial and ongoing due diligence assessments

When conducting initial and ongoing due diligence assessments, consider both the direct use accounts and other exchange relationships or other types of accounts that can be transacted through.

Examples to consider include:

  • accounts posing a high risk of money laundering, terrorism financing or serious crime
  • the expected activity through each account
  • deposit accounts (or equivalent) held by higher-risk financial institutions
  • accounts used to provide services to third parties, for example, cash management trusts
  • accounts held for foreign embassies or consulates, which may pose higher risks (for example, personal transactions through an embassy account)
  • nested accounts, which occur when a foreign financial institution accesses the Australian financial system in effect anonymously, by operating through the correspondent banking account belonging to another foreign financial institution
  • payable-through accounts, requiring you to being satisfied that the other financial institution has verified the identity of and performed ongoing due diligence on customers that have direct access to accounts of the other financial institution and is able to provide relevant customer identification information upon request.

Frequency of assessments of correspondent banking relationships

Ongoing due diligence assessments of your correspondent banking relationships must be undertaken at least every two years.

If your respondent has been subject to an investigation or regulatory action, which leads to a material change in the ML/TF or serious crime risk, or there has been any other material change that impacts on the relationship, then these are a trigger event to conduct a due diligence assessment and review of the correspondent banking relationship.

See Chapter 3 of the AML/CTF Rules.

  • Your policies, controls and procedures relating to your correspondent banking relationship should be reviewed and updated at regular intervals.

Assessment of pre-existing correspondent banking relationships

Section 17(4) of the Anti-Money Laundering and Counter-Terrorism Financing and Other Legislation Amendment Act 2020 states that the new ongoing due diligence requirements apply on and after the commencement of the new requirements for pre-existing correspondent banking relationships. Therefore:

  • any correspondent banking relationships with existing due dates for review that occur between 17 June 2021 and 16 June 2023 should be reviewed when they fall due and then at least every two years after that, and
  • the review of any correspondent banking relationship with existing due dates after 16 June 2023 must be brought forward to ensure they are reviewed within two years of the commencement of the new ongoing due diligence requirements and then at least every two years after that.

Recording your assessments of the correspondent banking relationship

You must prepare a written record on completion of each ongoing due diligence assessment of your correspondent banking relationships within 10 business days.

Due diligence assessments and the provision of a vostro account

The requirement to conduct due diligence assessments under Part 8 of the AML/CTF Act is triggered by the provision of a vostro account. The due diligence assessment is focused on ensuring that you understand the ownership and control of the respondent institution, the AML/CTF context in which it operates, and the effectiveness of its AML/CTF systems and controls.

Correspondent banking due diligence complements, and is in addition to, other AML/CTF obligations such as customer due diligence undertaken when the correspondent provides designated services to the respondent as its customer.

For example, opening a vostro account involves the provision of a designated service under Item 1 of Table 1 in subsection 6(2) of the AML/CTF Act (e.g. opening an account as an ADI). The provision of other services under a correspondent banking relationship may constitute other designated services. For these services you must carry out the applicable customer identification procedure in respect of the respondent and its beneficial owners, if any.

However, under Chapter 35 of the AML/CTF Rules, a correspondent is exempt from carrying out the applicable customer identification procedure in respect of signatories to a vostro account where those signatories are employees of the respondent.

The correspondent must also comply with other AML/CTF obligations including transaction monitoring and other ongoing customer due diligence measures, and submit suspicious matter reports when required.

Additional resources

The following international organisations publish material which may assist in the formation of due diligence processes for correspondent banking relationships.

The content on this website is general and is not legal advice. Before you make a decision or take a particular action based on the content on this website, you should check its accuracy, completeness, currency and relevance for your purposes. You may wish to seek independent professional advice.

Last updated: 23 Jan 2024
Page ID: 688

Was this page helpful?

Was this page helpful?
Please note that feedback you provide here will be used only for the purpose of improving our website. If you have a specific question about your AML/CTF obligations, please contact us.