Pomegra Wiki

KYC Requirements in Correspondent Banking

Correspondent banking—one bank holding an account for another bank to facilitate international payments—carries heightened KYC (Know Your Customer) obligations. A correspondent bank must conduct rigorous due diligence on the respondent bank it serves, including governance, sanctions exposure, and its own AML procedures, because a respondent bank’s misconduct can become the correspondent’s liability.

What correspondent banking is and why KYC applies

Correspondent banking is the infrastructure of international payments. When a company in Germany needs to send money to a supplier in Indonesia, the German bank does not have its own account at Indonesian banks. Instead, it routes the payment through a correspondent bank—often a large global bank—that maintains accounts (called nostro and vostro accounts) in Indonesia and other countries.

The correspondent bank is the gateway. It bears the regulatory risk of the relationship. If the respondent bank (the Indonesian bank receiving the nostro account) launders money, evades sanctions, or facilitates terrorism financing, the correspondent can face fines, enforcement action, and reputational damage. This is why correspondent banking has become subject to particularly strict KYC rules.

A correspondent bank must know who owns the respondent bank, who governs it, which regulator oversees it, and whether it has a clean compliance history. This goes well beyond standard KYC. A correspondent cannot simply accept a business-school biography of the respondent’s CEO; it must verify the respondent’s beneficial ownership, regulatory standing, and historical sanctions findings.

Enhanced due diligence on respondent banks

KYC in correspondent banking typically requires:

Ownership and governance: The correspondent must identify the beneficial owners of the respondent bank. If the respondent is a subsidiary of a larger holding company, the correspondent must trace that structure. If the respondent has a complex ownership pyramid with trusts or intermediaries, the correspondent must pierce through them.

Regulatory status: The correspondent must verify that the respondent is licensed and supervised by a credible banking regulator. Banks regulated by well-resourced authorities (UK FCA, Swiss FINMA, U.S. Federal Reserve) are viewed as lower-risk; banks in jurisdictions with weak supervision or known AML gaps are higher-risk.

Sanctions and enforcement history: The correspondent must check whether the respondent (or its parent company, executives, or major shareholders) appears on sanctions lists (OFAC, EU, UN) or has been subject to regulatory enforcement. If the respondent was fined for AML breaches in the past, the correspondent must assess whether it has genuinely reformed.

AML and transaction monitoring: The correspondent must understand the respondent’s own anti-money-laundering procedures. Does the respondent screen customers against sanctions lists? Does it monitor for suspicious patterns? Does it investigate and report suspicious activity to its regulator? If the respondent’s AML function is weak, the correspondent is facilitating high-risk payments.

Politically exposed persons (PEPs): The correspondent must determine whether the respondent’s major shareholders, owners, or directors are or have been politically exposed persons (e.g., former government officials, military leaders, family members of ruling elites). PEPs carry elevated AML risk because they may have obtained wealth through corruption or may be used to hide illicit proceeds.

The role of due diligence questionnaires

In practice, much of this verification happens through a due diligence questionnaire—a lengthy form the correspondent sends to the prospective respondent. The respondent completes it, certifying its ownership, governance, regulatory history, AML procedures, and customer base. The correspondent then independently verifies key claims: checking regulators’ websites for enforcement actions, searching sanctions lists, reviewing media for adverse findings.

This process is labor-intensive and can take months for a new respondent relationship. Large global banks maintain dedicated correspondent banking compliance teams that field these questionnaires, conduct searches, and make go/no-go decisions.

The questionnaire typically asks:

  • Organizational structure (parent company, subsidiaries, branches)
  • Board of directors and beneficial owners
  • Primary banking regulator(s) and any enforcement history
  • AML policies, staffing, and audit findings
  • Major customer categories (governments, NGOs, high-risk jurisdictions)
  • Prior sanctions violations or regulatory concerns
  • Insurance and legal litigation history

The respondent’s answers are memorialized in writing. If the respondent later turns out to have misrepresented its ownership or regulatory status, the correspondent has documentation of reliance.

Ongoing monitoring and relationship management

KYC in correspondent banking is not a one-time event. Correspondents must monitor respondents on an ongoing basis, watching for:

  • Changes in ownership or board composition
  • New regulatory enforcement actions or fines
  • Sanctions designations
  • Major customer scandals or criminal investigations
  • Significant changes in the respondent’s business model or geographic focus

If a respondent bank’s primary regulator issues a consent order requiring improved AML controls, the correspondent should learn about it and adjust its monitoring accordingly. If a respondent’s former president is convicted of corruption, the correspondent may need to reassess beneficial ownership and political exposure.

Most large correspondents conduct annual reviews of key respondent relationships, updating due diligence files and confirming that nothing material has changed.

The de-risking phenomenon

Since the 2008 financial crisis and especially after high-profile AML enforcement actions (like the $1.9 billion fine against Standard Chartered for sanctions evasion, or the $262 million fine against HSBC for AML failures), large correspondent banks have become extremely risk-averse.

Many have de-risked—exiting correspondent relationships with banks in jurisdictions deemed higher-risk. Banks in:

  • Countries subject to broad international sanctions (Iran, Syria, North Korea)
  • Jurisdictions with weak AML regimes or high corruption (countries on FATF gray lists)
  • Small island nations with opaque banking sectors
  • Countries with unstable governance or civil conflict

…have found themselves unable to find correspondents willing to maintain accounts. This creates a payments crisis: if no major bank will be a correspondent, a bank becomes isolated from the global financial system.

De-risking is technically optional, but regulators implicitly encourage it by aggressively prosecuting correspondent banks that knowingly maintained accounts for higher-risk respondents. A correspondent facing a $1 billion fine for AML lapses loses appetite for borderline cases.

The consequence is that financial inclusion declines for banks in riskier jurisdictions. Legitimate banks—those with real compliance programs—cannot access global payments corridors and must rely on informal remittance channels or bilateral relationships that are themselves less transparent.

The tension between compliance and access

Regulators acknowledge the de-risking problem but are reluctant to relax KYC standards. The solution, in principle, is for banks in higher-risk jurisdictions to improve their own AML frameworks, regulators, and governance—making themselves credible respondents. In practice, this takes years.

Some international bodies—the World Bank, the IMF, the Federal Reserve—have issued guidance asking correspondents not to de-risk indiscriminately but to apply graduated risk levels. A respondent in a high-risk jurisdiction that has demonstrably strong AML controls might be manageable, even if the jurisdiction itself is weak. But this requires detailed assessment and more correspondent bank staff, which most large banks are unwilling to fund.

The result is a bifurcated global banking system: large banks in well-regulated jurisdictions have broad correspondent access, while smaller and regional banks in higher-risk areas face constant relationship attrition.

Documentation and audit trails

Regulators expect correspondents to maintain robust documentation of KYC decisions. Files should include:

  • The due diligence questionnaire and respondent’s signed responses
  • Independent verification records (regulator searches, sanctions list checks, media reviews)
  • Risk ratings and periodic review memos
  • Board approvals for opening high-risk relationships
  • Monitoring summaries and any remedial actions taken

When regulators examine a correspondent bank, they review these files to check whether the bank conducted adequate diligence before opening the relationship and appropriate monitoring during it. A bank that cannot produce a clear paper trail faces enforcement risk.

See also

Wider context