General
s.1(1), Sch. 2 11.1 In the AMLO, correspondent banking is defined as the provision of banking services by an AI (the correspondent bank) to another institution (the respondent bank) to enable the latter to provide services and products to its own customers.
11.2 A correspondent banking relationship is also a type of business relationship, so it does not include occasional transactions or the mere exchange of SWIFT Relationship Management Application (RMA) keys in the context of non-customer relationships, but rather is characterized by its on-going, repetitive nature.
11.3 An AI may act as a correspondent for thousands of other banks around the world. The respondent bank may be provided with a wide range of services, including cash management (e.g. interest-bearing accounts in a variety of currencies), cross-border wire transfers, cheque clearing, payable-through accounts and foreign exchange services.
11.4 Correspondent banking services do not all carry the same level of ML/TF risks. Therefore, in assessing the ML/TF risks of a respondent bank56, an AI should take into account all the relevant risk factors and any applicable risk mitigation measures in order to form an accurate and comprehensive picture of the risks.
11.5 An AI is only required to conduct appropriate due diligence on the respondent bank, which is its customer, but is not required to do so on the respondent bank’s customers.
Cross-border correspondent banking relationships57 Additional measures
s.14(1), s.14(2)(a),
(b) & (c), Sch. 2 11.6 In addition to the CDD measures set out in Chapter 4, an AI should carry out the following additional measures when it establishes a correspondent banking relationship with a respondent bank:
(a) collecting sufficient information about the respondent bank to enable it to understand fully the nature of the respondent bank’s business;
56 In assessing the ML/TF risks associated with correspondent banking relationships, an AI should refer to Annex II – Correspondent banking in the Basel Committee on Banking Supervision’s Guidelines on “Sound management of risks related to money laundering and financing of terrorism” issued in June 2017.
57 For the purposes of this section, correspondent banking relationships refer to cross-border correspondent banking relationships unless otherwise specified. However, an AI may consider applying the same measures in relation to correspondent banking relationships with other AIs.
(b) determining from publicly available information the reputation of the respondent bank and the quality of its supervision by authorities in that place that perform functions similar to those of the HKMA;
(c) assessing the AML/CFT controls of the respondent bank;
(d) being satisfied that the AML/CFT controls of the respondent bank are adequate and effective;
(e) obtaining approval from its senior management; and
(f) understanding and documenting clearly its responsibilities and the responsibilities of the respondent bank, including AML/CFT responsibilities.
s.15, Sch. 2 11.7 The extent of additional measures set out in paragraph 11.6 will depend on the nature and characteristics of the correspondent banking services provided and the assessed ML/TF risks presented by the respondent bank. For the avoidance of doubt, an AI should also apply appropriate EDD measures if the correspondent banking relationship with a respondent bank is assessed to be of high ML/TF risk in accordance with the guidance provided in paragraph 4.9.
11.8 Other factors that an AI should consider in determining the extent of additional measures set out in paragraph 11.6 include, but are not limited to:
(a) the respondent bank’s major business activities, target markets, customer base and their locations;
(b) the ownership and management structures of the respondent bank;
(c) the business group to which the respondent bank belongs;
(d) the jurisdictions in which the respondent bank, and where applicable, the parent company, subsidiaries and branches of the respondent bank, are located;
(e) the quality and effectiveness of AML/CFT and banking regulation as well as supervision in the jurisdictions58of the respondent bank;
(f) the nature of the services provided to the respondent bank;
(g) how the respondent bank will offer services through the correspondent relationship to its customers, including the nature, expected activity level, volume and value of the transactions; and
58 In assessing levels of regulation and supervision, consideration may be given to country assessment reports or other information published by international bodies which measures compliance and addresses ML/TF risks (including the FATF, FSRBs, BCBS, IMF and World Bank), lists issued by the FATF in the context of its International Cooperation Review Group process, national risk assessments, public information from national authorities and any restrictive measures imposed on a country, particularly prohibitions on providing correspondent banking services.
(h) the potential use of the account by other respondent banks in a “nested” correspondent banking relationship59, including the purpose of the nested relationship and the respondent bank’s control framework with respect to the relationship.
s.7 & s.14, Sch. 2 11.9 Unless an AI has carried out the measures set out in paragraph 11.6 and, if applicable, paragraph 11.13, the AI should not establish a correspondent banking relationship with any institution, or if a correspondent banking relationship has been established, the AI should terminate the relationship with the respondent bank.
11.10 An AI may collect, and subsequently update, the respondent bank’s information by using third-party databases that contain relevant information (i.e. KYC utilities). However, the ultimate responsibility for ensuring that CDD requirements are met remains with the AI.
11.11 An AI may use an industry questionnaire as a starting point to facilitate the information collection and risk assessment processes.
Payable-through accounts
11.12 Particular care should be exercised where the respondent bank allows direct use of the correspondent account by its customers to transact business on their own behalf (i.e. payable-through account). An AI should therefore ascertain whether the correspondent banking services will be used, via payable-through account, by the respondent bank’s customers.
s.14(2)(d), Sch. 2 11.13 If a respondent bank allows its customers to directly operate the correspondent accounts maintained with an AI, the AI should be satisfied that the respondent bank:
(a) will perform CDD on the customers, including verifying the identities of, and continuously monitoring its business relationships with those customers, in accordance with requirements similar to those imposed under the AMLO; and (b) will be able to provide to the AI, on request, the documents, data or information obtained by the respondent bank in relation to those customers in accordance with requirements similar to those imposed under the AMLO.
Correspondent banking relationships with shell banks
s.17, Sch.2 11.14 An AI should not establish or continue a correspondent banking relationship with a shell bank. The AI should also take
59 Nested correspondent banking relationship refers to the use of an AI’s correspondent relationship by a number of respondent banks through their relationships with the AI’s direct respondent bank to conduct transactions and obtain access to other financial services.
appropriate measures to satisfy itself that its respondent banks do not permit their accounts to be used by shell banks.
s. 17(1), Sch. 2 11.15 A shell bank is a corporation that
(a) is incorporated in a place outside Hong Kong;
(b) is authorised to carry on banking business in that place;
(c) does not have a physical presence in that place; and
(d) is not affiliated with a regulated financial services group which is subject to effective consolidated supervision.
s. 17(2), Sch. 2 11.16 A corporation has a physical presence60 in a place or jurisdiction if
(a) the corporation carries on banking business at any premises in that place or jurisdiction; and
(b) at least one full-time employee of the corporation performs banking-related duties at those premises.
Ongoing monitoring
s.5(1)(a), Sch.2 11.17 Following paragraph 5.2, an AI should conduct ongoing CDD of its correspondent banking relationships to ensure that the documents, data and information obtained in relation to the respondent banks are up-to-date and relevant. The AI should undertake reviews of the existing records of the respondent banks on a regular basis and upon trigger events. The frequency of periodic review should be determined using an RBA. If the correspondent banking relationship presents high ML/TF risks, it should be subject to a minimum of annual review.
11.18 An AI should conduct transaction monitoring of its correspondent banking relationships for compliance with targeted financial sanctions and to detect changes in the respondent bank’s transaction pattern or any unusual activities61. The level and nature of transaction monitoring should be commensurate with the risks and the nature of the correspondent banking services being provided. An AI may refer to Chapter 5 for details.
11.19 Where, in the course of any review, a respondent bank refuses to provide the required due diligence or transaction information or where the level of risks become higher, an AI should take reasonable measures (e.g. performing more enhanced measures by
60 In general, physical presence means meaningful mind and management located within a country. The existence simply of a local agent or low level staff does not constitute physical presence.
61 Where any unusual activities or transactions on the respondent bank are detected, the AI will follow up with the respondent bank by making a request for information, possibly leading to more information being required on a specific customer or customers of the respondent bank. However, there is no expectation, intention or requirement for the AI to conduct CDD on its respondent bank’s customers.
limiting the services provided, or restricting individual products/transactions, and/or filing a suspicious transaction report) to mitigate the ML/TF risks before considering to terminate the relationship. The AI should consider communicating their concerns to senior management of the respondent bank.
Group-wide considerations
11.20 If an AI relies on its parent bank, head office or foreign branch in establishing a correspondent banking relationship, and the parent bank, head office or foreign branch perform the due diligence and assume responsibilities to conduct assessments and reviews on the correspondent banking relationship, the AI should ensure that the assessments and reviews adopted take into account its own specific circumstances and business arrangements, and the particular correspondent banking relationship in Hong Kong. The AI should still ensure that it complies with the requirements set out in this Guideline and the ultimate responsibility for implementing AML/CFT measures remains with it.
11.21 If an AI is the head office of a financial group, it should ensure that the ML/TF risk assessments conducted by different group entities are consistent with its group AML/CFT policy. The AI should also coordinate among different group entities the monitoring of the correspondent banking relationships with the same respondent bank, particularly in the case of a high-risk relationship, and ensure that adequate information-sharing mechanism is in place within the group.
11.22 If an AI has correspondent banking relationships with several respondent banks in different jurisdictions but belonging to the same financial group, the AI should take into account that these respondent banks belong to the same financial group in its ML/TF risk assessment. Nevertheless, the AI should also independently assess each correspondent banking relationship.
Other similar relationships
11.23 While the AMLO only requires an AI to conduct additional measures set out in paragraph 11.6 and 11.13 (if applicable) when it establishes a cross-border correspondent banking relationship with a respondent bank, the AI should also conduct these additional measures when it provides services that are similar to correspondent banking to other FIs (e.g. money or value transfer service (MVTS) providers) located outside Hong Kong.
11.24 Where a customer is an FI located outside Hong Kong, an AI should ascertain whether the FI intends to use the account maintained with the AI for its own corporate or settlement purposes, or whether it intends to use the account to provide
correspondent services to its own customers. Where the FI offers correspondent services for its own customers through its account, the AI should carry out additional measures on the FI set out in paragraph 11.6 and 11.13 (where applicable).
11.25 To facilitate effective monitoring of these two types of activities which present different levels of ML/TF risks, an AI could consider encouraging or requiring a customer that is an FI located outside Hong Kong to open one account for conducting its own corporate or settlement activities, and another separate account for providing correspondent banking services for its customers.
Non-customer SWIFT RMA relationships
11.26 While the mere exchange of SWIFT RMA keys in the context of non-customer relationships is not a correspondent banking relationship, an AI should have appropriate policies and procedures to manage its non-customer SWIFT RMA relationships on an ongoing basis.