By: Dan Frechtling, SVP of Marketing and Chief Product Officer
Last week, five heavy-hitters of US banking regulations released a joint fact sheet on Foreign Correspondent Banking. They took care to emphasize one flavor of KYCC — know-your-correspondent’s-customer in the case of foreign banks — is not required. Yet by avoiding comment on other forms of KYCC applicable to money service businesses (MSBs) and third-party payment processors (TPPPs), the regulators suggested those KYCC obligations are alive and well.
Guidance on KYCC for foreign correspondent banks
The US Department of the Treasury co-developed the guidance with the Federal Reserve Board (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA) and the Office of the Comptroller of the Currency (OCC). The text focuses on foreign financial institutions (FFIs).
First, the good news for banks
Under existing US regulations, there is no general requirement for US depository institutions to conduct due diligence on an FFI’s customers.
Second, the cautionary news for banks
In determining the appropriate level of due diligence necessary for an FFI relationship, US depository institutions should consider the extent to which information related to the FFI’s markets and types of customers is necessary to assess the risks posed by the relationship, satisfy the institution’s obligations to detect and report suspicious activity, and comply with US economic sanctions.
So banks still need to monitor transactions, report suspicious activities and perform other surveillance commensurate with the risk posed by the FFI. This is all based on size, location, products, and types of customers served.
Finally, the regulators remind readers of the consequences of lax oversight
Enforcement tools may vary and can include informal memoranda of understanding, or formal, public, written agreements, and cease-and-desist orders. When corrective action has not been achieved within a reasonable amount of time or serious violations or unsafe or unsound practices or breaches of fiduciary duty have been identified, the FBAs also have the authority to assess civil money penalties (CMPs).
Having said that, the text points out regulators resolve about 95% of compliance failures without penalties. Like a rehash of old news, the information is helpful but not enlightening.
“There is nothing new,” in the fact sheet, beyond current interagency guidance, said Kim Manchester, managing director of Toronto-based ManchesterCF, a financial crime advisory and training firm. It’s a “statement of the patently obvious. Why do they have to restate the patently obvious? Because everyone is getting themselves all worked into a frenzy and retracting from all corners of the planet.”
The timing of the release was presumably pre-meditated. The Wall Street Journal noted the publication precedes the Group of 20 summit in China this week, as well as recent criticism from the International Monetary Fund that emerging markets could face systemic disruptions if the “derisking” trend isn’t reversed.
But what about the other kinds of KYCC?
Previously issued guidance requires banks to know the customers of their payment service providers, especially TPPPs and third-party senders. Based on clear prior direction and omission in the just-released narrative, that obligation remains.
Here are some useful materials outlining expectations:
- FDIC FIL-127-2008: Managing Risks in 3rd-Party Payment Processors
- CFPB 2012-03: Service Providers, OCC 2006-39: Risk Management Guidance
- Page 235 of the FFIEC Manual
G2 Web Services’ KYC Solutions have been built to suit the needs of banks serving TPPPs, TPSs, and MSBs — where KYCC remains paramount. Find out how business classification, reputation monitoring, customer monitoring and related services can help you by viewing our video or by contacting us at info@G2llc.com.
