The FinCEN Files and the Risk of Correspondent Banking

The Financial Crimes Enforcement Network (FinCEN) Files investigation is the latest publication by the International Consortium of Investigative Journalists (ICIJ) that reveals how certain flows of funds are suspected to be connected to financial crime, money laundering, terrorist financing and/or corruption.

The FinCEN Files are comprised of data derived from 2,100 suspicious activity reports (SARs)1 reported by global banks to FinCEN. However, this is just a sample representing a mere 0.02% of over 12 million SARs that were reported from 2011 to 2017. The ICIJ’s investigation found that from 1999 to 2017, banks executed two trillion US dollars’ worth of transactions2 that were internally flagged as suspicious.

This article provides an overview of correspondent banking risks, how they relate to the FinCEN Files and recommendations on how to address these risks.

The Significant and Inherent Risks of Correspondent Banking

Correspondent banking is seen as an inherently high-risk business area that requires enhanced due diligence in addition to standard customer due diligence (CDD) measures. The following are some of the risks that correspondent banks identify on their associated business risk profile.

Compliance Risk

According to FATF Recommendation 13,3 correspondent banks must ensure an effective anti-money laundering/counter-terrorist financing (AML/CTF) framework is implemented within its respondent banks. A correspondent bank will generally enter into a contractual agreement with a respondent bank to define rights and responsibilities, day-to-day operational procedures, AML/CTF expectations as well as compliance with relevant sanctions/embargoes. The expected CDD measures to be performed by the respondent bank are of utmost importance for the correspondent bank. The latter must rely on the level of details known by the former on the underlying clients, also known as know your customer’s customer (KYCC).

The respondent bank’s jurisdiction, corporate governance, ownership and controls structure, AML assessment via internal/external audits and scope of the correspondent banking relationship are some of the aspects that are reviewed during the correspondent bank’s initial risk assessment and are subjected to ongoing monitoring.

When nested correspondent banking occurs―where several respondent banks bundle their transactions via one respondent bank―the risk assessment becomes even more challenging. For each wire transfer, the completeness of information must be ensured. The required and accurate originator of information as well as the required beneficiary information must remain with the wire transfer throughout the process chain.4

Financial Risk

High compliance costs are met with low margins at the transaction level. European and American banks were subject to fines in the millions to billions of US dollars due to violations of sanctions regimes, money laundering via correspondent banking relationships, non-satisfactory monitoring of correspondent banking relationships, as well as the underlying transactions. However, as significant transaction volumes are being processed and as the ongoing focus is on a few global banks only, correspondent banking remains profitable despite low margins and the potential for high fines.

Reputational Risk

Articles in the press reporting on banks processing shadowy funds or paying significant fines, the implementation of a monitor ordered by a supervisory authority and publications such as the FinCEN Files can have a high reputational risk for banks. This might result in a share price adjustment of the bank in the spotlight—though only for a short period.

Insights From the FinCEN Files

Incomplete Information

The FinCEN Files revealed that on half of the 2,100 SARs filed, the information of at least one participating entity was missing. This is noticeable as correspondent banks are required to monitor the transactions for unusual activity or deviations from the expected risk profile. Incomplete information on the underlying entities prevents the correspondent bank from performing the required risk assessment.

In the case of internal alerts, the correspondent bank may request complementing information to allow for risk assessment, and the respondent bank must provide such information upon request. Contrary to this standard, the FinCEN Files show that requests for information in connection with corporate vehicles remained unanswered for 160 of the 1,200 SARs filed. Yet despite these shortcomings, the funds were processed.

The correspondent bank is not required to perform due diligence on the underlying clients of the respondent bank. In a recent publication,5 the Basel Committee on Banking Supervision clarified that KYCC procedures do not apply to correspondent banks. Certainly, the respondent bank remains responsible for effective due diligence on the originator and the verification of the correctness of the originator’s information.

SARs Submitted

Based on the SARs reported by the global banks with the largest stake in the FinCEN Files, SARs were submitted post-transaction only and with significant delays. On average, the time span between processing a transaction and submitting a SAR to FinCEN took anywhere from three months (136 days) to three years (1,205 days).

Should timely reporting become mandatory? At the same time, should transactions be put on hold or even rejected?

Ignored Red Flags

The FinCEN Files illustrated examples of banks ignoring red flags such as court proceedings, deferred prosecution agreements, indictments and fines, failure to implement a monitor by the supervisory authority and continuing to process funds for entities with shadowy or criminal backgrounds.

Shell Companies and Secrecy Jurisdictions

Anonymous shell companies, specifically in the UK where they were exploiting a loophole in regulation, contribute significantly to hiding the background of transactions. The FinCEN Files revealed that just nine agencies established the 2,447 shell companies mentioned. Moreover, clients registered in the British Virgin Islands make up 20% of the SARs filed.

A Holistic View on the Root Causes

International money flows are undeniably an essential factor for the global financial system and the interconnected complex economic processes. Stakeholders such as the United Nations Office on Drugs and Crime (UNODC), politics and public opinion, banks, supervisory authorities and prosecutors generally agree on the adverse effects of money laundering and financial crime on society at large. There are international standards in place to combat money laundering, financial crime and terrorist financing; however, as recently as 2018 the UNDOC estimated that between 800 billion US dollars to two trillion US dollars are laundered globally each year.6

The results from FATF’s fourth round of mutual evaluations include 279 reports, updated 9 March 2021, that received ‘good’ marks for technical compliance with Recommendation 13 (Correspondent Banking). Seventy-three percent of the reports were rated as compliant/largely compliant.

However, the implementation of the requirements related to beneficial ownership as expressed in the Immediate Outcome 5 (IO5) is far from being effective. Only 8% of the 279 reports confirmed a substantial level of effectiveness, the second-best rating. Forty-two percent of the reports highlighted the need for major improvements (a moderate level of effectiveness) whilst in 49% of the reports, even fundamental improvements were required and effectiveness was not achieved (a low level of effectiveness).

Recommendations to Address Risks

International dialogue is needed to identify the root cause for not achieving an effective implementation of relevant AML/CTF standards, including transparency on beneficial ownership. Standards, laws or regulations per se, do not guarantee an effective implementation. To be effectively enforced, they need to be complemented by an effective control framework, transparent assignment of responsibilities and noticeable fines for non-compliance.

Regulatory arbitrage must be prevented. Correspondent banking is a cross-border business. One transaction might affect several jurisdictions. Could cross-country responsibilities as defined in FATF Recommendations 36 to 40 be mutually improved to become effective and time-efficient to overcome silos and gaps that could be exploited by criminals? Which areas require alignment of regulations to provide a level-playing field for all stakeholders, thus effectively hindering regulatory arbitrage?

Transparency around correspondent banking transactions could be improved with a mandatory requirement to include information on the ultimate beneficial owner (UBO) in payment instructions. Consequently, knowing the UBO could enhance the effectiveness of correspondent banks’ transaction monitoring controls.

Currently, FATF Recommendation 167 targets the availability of basic information on the originator, the account holder (i.e. who allows the wire transfer) and the beneficiary. Therefore, the natural person who acts on behalf, and controls legal persons8/legal arrangements9 or corporate vehicles, might be concealed to remain unknown.

Should the interpretive notes to Recommendation 13 be specified to include details on the ultimate beneficial owner (as per Recommendation 24 and 25) beyond mere information on the originator and beneficiary? Could such requirements be supported by SWIFT’s Multiple Customer Credit Transfer (MT 102) format? From 2023 onward, the new SWIFT ISO Standard 20022, a standard for electronic data interchange between financial institutions, will be implemented and is expected to facilitate far-reaching analytical capabilities. Could a pre-check on completeness and plausibility of payment instruction data in general, and information on the UBO specifically be incorporated?

An effective control framework for national registers on beneficial ownership should be in place to ensure accuracy as well as completeness and continuing updates of data.

The individual responsibility of management and the board to comply with relevant regulations should be emphasised by the correspondent bank’s internal governance and control framework. Deviation from policies, risk-taking or exceeding risk-appetite must be pre-approved by members of the executive leadership team and/or risk committee and reported to the board.

The FinCEN Files bring to light financial crime by exploiting correspondent banking. Progress in combatting such crimes can only be achieved when the stakeholders work together to implement AML/CTF standards effectively, when the value of social responsibility is higher than profitability and when violations are met with drastic fines. FinCEN Files 2.0 should be avoided through a concerted effort. 

Patricia Kordesch, CAMS, CIA, CRMA, CCEP-I

  1. FATF Recommendation 13 (Reporting suspicious transactions): If a financial institution suspects or has reasonable grounds to suspect that funds are the proceeds of a criminal activity, or are related to terrorist financing, it should be required, by law, to report promptly its suspicions to the financial intelligence unit (FIU).
  2. Fergus Shiel, Dean Starkman, “About the FinCEN Files investigation,” International Consortium of Investigative Journalists, 19 September 2020,
  3. “Guidance on Correspondent Banking Services,” FATF, October 2016,
  4. “International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation, The FATF recommendations,” FATF, October 2020
  5. Rodrigo Celho, Jonathan Fishman, Amer Hassan, Rastko Vrbaski, “Closing the loop: AML/CFT supervision of correspondent banking,” Bank for International Settlements, 3 September 2020,
  6. “Geschätztes Volumen der Geldwäsche weltweit im Jahr 2018,“ Statista, 23 June 2020,
  7. “FATF 40 Recommendations,” FATF-GAFI, October 2013,
  8. Ibid.
  9. Ibid.

Leave a Reply