Thursday, October 06, 2016 6.55AM / Office Of The Comptroller Of The Currency Bulletin
The Office of the Comptroller of the Currency (OCC) is issuing guidance to national banks, federal savings associations, and federal branches and agencies (collectively, banks) regarding periodic evaluation of the risks related to correspondent accounts for foreign financial institutions (foreign correspondent accounts). This guidance describes corporate governance best practices for banks’ consideration when conducting these periodic evaluations of risk and making account retention or termination decisions relating to their foreign correspondent accounts. This guidance also reiterates the OCC’s supervisory expectation that, in connection with implementing the requirement that banks have established policies and procedures for conducting risk assessments for foreign correspondent accounts, banks should periodically evaluate and reassess this risk (risk reevaluation) as part of their ongoing risk management and due diligence practices.1
Note for Community Banks
This risk management guidance is applicable to all OCC-supervised banks that maintain foreign correspondent banking relationships. Community banks and federal savings associations that engage in foreign correspondent banking and have relatively small portfolios may have different risk considerations than banks with larger correspondent banking portfolios. Those considerations, as well as the nature of smaller banks’ compliance functions or reporting hierarchies, may warrant modifications to these best practices in line with the bank’s particular risk considerations.
The OCC’s supervisory expectation that banks conduct periodic risk reevaluations of their customer portfolios applies to all banks. This guidance focuses on the periodic risk reevaluation expectation for portfolios that contain foreign correspondent accounts; these risk management expectations include measures taken by banks to ensure that risk profiles of their foreign financial institution customers are periodically updated. In conducting risk evaluations of foreign correspondent accounts, banks should confirm that procedures for reevaluating foreign correspondent account risks and making account-related decisions are implemented. Banks also should ensure that decisions to terminate foreign correspondent accounts, which result from risk reevaluations, are based on analysis of the risks presented by individual foreign financial institutions and the bank’s ability to manage those risks.
Below are examples of best practices observed by the OCC, for banks to consider when conducting periodic reevaluations of the risks related to foreign correspondent accounts and making account retention or termination decisions. Banks that engage in foreign correspondent banking and have smaller portfolios, including community banks and federal savings associations, may have different risk management considerations than banks with large correspondent banking portfolios, which may warrant modifications to these best practices in line with the bank’s particular risk considerations. Best practices include:
In carrying out the agency’s mission, the OCC requires OCC-supervised banks to manage their risks appropriately, to comply with laws and regulations, and to provide fair access to financial services and fair treatment of their customers. As a general matter, the OCC does not direct banks to open, close, or maintain individual accounts, nor does the agency encourage banks to engage in the termination of entire categories of customer accounts without considering the risks presented by an individual customer or the bank’s ability to manage the risk.2 A decision to terminate a banking relationship or to exit a line of business generally resides with the bank.
Banks must choose whether to enter into or maintain business relationships based on their business objectives; evaluation of the risks associated with particular products or services; evaluation of customers’ expected and actual activity; and banks’ ability to manage those risks effectively. In doing so, banks must comply with national anti-money laundering (AML) and countering the financing of terrorism requirements set forth in applicable laws, including the Bank Secrecy Act (BSA).3 A bank’s safety and soundness can be threatened when it fails to identify risks in the products or activities the bank provides or in the customers it serves. Further, a bank’s safety and soundness can be threatened if it lacks comprehensive risk management systems and controls to mitigate identified risks. For BSA/AML, effective risk management should be an ongoing process, not a one-time exercise, and each bank’s risk assessment should be periodically updated to identify changes in the bank’s risk profile.4 A bank’s failure to conduct periodic risk reevaluations, including the review of risks posed by bank customers, can give money launderers, fraudsters, terrorists, and other criminals access to the U.S. financial system.
Foreign correspondent accounts are established by a bank for a foreign financial institution to receive deposits from, to make payments or other disbursements on behalf of, or to handle other financial transactions related to the foreign financial institution.5 With regard to foreign correspondent accounts, each bank’s due diligence program must include policies and procedures to assess risks posed by a foreign financial institution and consider all relevant factors including the foreign financial institution’s business and markets; the type, purpose and anticipated activity of the account; the nature and duration of the relationship with the foreign financial institution; the supervisory regime of the jurisdiction in which the foreign financial institution is licensed; and information known or reasonably available about the foreign financial institution’s AML record.6 Based on these assessments, banks are expected to design and implement controls to manage these risks effectively. These factors are particularly relevant in the context of performing periodic risk reevaluations of foreign correspondent customers. Banks with a clear understanding of the risk profiles of these customers may be more capable of providing banking services to such customers that historically have been considered higher risk.
Nonetheless, in recent years, banks conducting periodic risk reevaluations of foreign correspondent accounts have sometimes determined that particular accounts pose risks that cannot be mitigated in accordance with that bank’s risk profile and have withdrawn from those relationships. In some cases, the closure of foreign correspondent accounts is required by law.7 These account closures may negatively affect access to financial services in the home country of the foreign financial institution, potentially resulting in financial inclusion concerns for that country.8 In addition, because the processes used by banks for risk reevaluation, and specifically for making account termination decisions, are not always clear to foreign financial institutions that are customers of the banks, the decisions may be perceived by those customers or others as arbitrary or lacking a sound basis. Those perceptions may pose reputation and litigation risk to the banks.
OCC-supervised banks are among the major providers of U.S. dollar-based foreign correspondent banking activity. Before this issuance, there has been no specific OCC guidance related to the management of foreign correspondent accounts that would provide assistance to banks when conducting risk reevaluations and making account retention or termination decisions. As part of its examination activities, the OCC has reviewed policies, procedures, and criteria used by some banks when conducting risk reevaluations and making account retention or termination decisions related to foreign correspondent accounts. The OCC has observed a range of practices that banks use in evaluating the risks in this area, consistent with safety and soundness.9 After summarizing existing supervisory expectations in this area, this guidance describes certain corporate governance practices that, in the OCC’s supervisory judgment, constitute best practices for risk reevaluation of foreign correspondent accounts. Banks should consider using these best practices to make decisions about foreign correspondent account risk reevaluations and closures.
Supervisory Expectations for Periodic Risk Reevaluations
As part of sound risk management, the OCC expects banks to conduct periodic risk reevaluations of their foreign correspondent account customer relationships. Banks’ risk reevaluations should consider risks present in the foreign financial institutions’ business and markets, as well as the anticipated account activity and the supervisory regime of the geographic location in which the foreign financial institution is licensed.10 Banks should give foreign financial institutions an opportunity to provide sufficient and transparent information to allow banks to make informed risk assessment decisions. The OCC expects banks to include the following practices in their risk reevaluations.
· Ensure that periodic risk reevaluations are conducted and decisions regarding the treatment of foreign correspondent accounts are based on the periodic risk reevaluations.11
Banks should have established processes for periodic risk reevaluations and account decisions resulting from the updated risk assessments, including account terminations, that
o address the bank’s risk appetite with respect to the quantity of BSA/AML compliance risk the bank is willing to accept and can effectively manage.
o identify the risk factors to consider when reevaluating foreign correspondent account relationships, including an assessment of the risks posed by the foreign correspondent account relationship, based on a consistent, risk-rating methodology, and determine whether the bank can effectively manage the risk.
o address ongoing due diligence processes for foreign correspondent account relationships, which may include periodic site visits based on risk.
o provide for follow-up by bank personnel on activity that does not comport with the foreign financial institution’s risk profile, customer due diligence information, or expected account activity.
o provide for an assessment of the implications of account closure on managing overall exposure to BSA/AML compliance risk that is consistent with the bank’s articulated risk appetite.
o specify the length of time that foreign correspondent accounts can remain dormant before being subject to closure.
· Confirm that procedures for reevaluating foreign correspondent account risks and making account-related decisions are implemented.12
In determining whether to close an account based on BSA/AML compliance risk or any other risk category or level of risk the bank finds to be unacceptable, banks should
o perform periodic risk reevaluations for all foreign correspondent accounts.
o make reasonable determinations about the bank’s exposure to BSA/AML compliance risk, taking into account the bank’s risk appetite for each foreign correspondent account relationship.
o escalate recommendations for foreign correspondent account closure to appropriate levels of management.
o execute foreign correspondent account closure processes.
· Ensure that decisions to terminate foreign correspondent accounts resulting from risk reevaluation are based on analysis of the risks presented by individual foreign financial institutions and the bank’s ability to manage those risks.13
o Account termination decisions should be based on the unique facts and circumstances of each bank and foreign financial institution, such as the level of risk that the bank’s systems and controls are designed to manage or mitigate, strength of the bank’s systems and controls, and specific foreign financial institution attributes, including the AML and supervisory regime of the jurisdiction that issued the charter or license to the foreign financial institution.
o Account termination practices that lack the appropriate risk assessment and consideration include
• terminating foreign correspondent account relationships without a careful analysis of the risks presented by the individual foreign financial institution and the bank’s ability to manage those risks.
• terminating entire categories of foreign correspondent account relationships without regard to the risks presented by individual foreign financial institutions, unless specifically required by law.
Best Practices for Account Retentions or Terminations
Banks that maintain foreign correspondent accounts should consider the following, which the OCC believes in its supervisory judgment to be best practices, when updating their customer risk assessments. These considerations, which are reflective of sound risk management, may be applicable to active and dormant foreign correspondent accounts that the bank has determined require closure.
Community banks and federal savings associations that engage in foreign correspondent banking and have relatively small portfolios may have different risk considerations than banks with larger correspondent banking portfolios. Those considerations, as well as the nature of smaller banks’ compliance functions or reporting hierarchies, may warrant modifications to these best practices in line with the bank’s particular risk considerations.
Best practices include:
· Establishing and maintaining an effective governance function to review the method for risk reevaluation and to monitor the appropriateness of recommendations regarding foreign correspondent account retention or termination.
This governance function may take the form of an oversight committee or another format, depending on the bank’s general governance structure. This governance function may
o review the bank’s policies and procedures for periodic risk reevaluations and foreign correspondent account retentions or terminations, and recommend enhancements as needed.
o evaluate the method the bank uses in making foreign correspondent account retention and termination decisions to determine if the bank’s methodology reflects safe and sound banking practices, and is current and commensurate with the bank’s articulated risk appetite.
o monitor customer due diligence performed by the bank on its foreign correspondent account relationship as the due diligence practices relate to periodic risk reevaluations and for making foreign correspondent account retention and termination recommendations.
o review the appropriateness of foreign correspondent account closure recommendations.
· Communicating foreign correspondent account termination decisions regularly to senior management.
Policies and procedures for account terminations may clearly define the steps required to elevate recommendations for account closure to the bank’s senior management for their consideration and awareness. Particular consideration may be given to
o establishing a formal process for escalating changes in the risk rating of the foreign correspondent account relationship that results in more severe ratings being escalated to an appropriate management level for review.
o communicating to senior management whether, and to what extent, account closures may have an adverse impact on access to financial services for an entire group of customers or potential customers, or an entire geographic location, including any alternative banking relationships that the foreign financial institution may have with other U.S. banks.
o communicating to senior management whether there are actions that could be taken to manage or mitigate the identified risks with less impact than foreign correspondent account closure, such as placing temporary or additional restrictions on the account. In doing so, banks may
• ensure that the need for any such restrictions are well-supported.
• ensure that the restrictions can be effectively implemented to mitigate the identified risks.
• provide mechanisms to communicate any such restrictions to foreign financial institutions.
· Communicating with foreign financial institutions, considering specific mitigating information these institutions may provide, and providing sufficient time to establish alternative banking relationships before terminating accounts, unless doing so would be contrary to law or pose an additional risk to the bank,14 national security, or reveal law enforcement activity.
The communication to foreign financial institutions may
o articulate the bank’s concerns and reasons for considering account closure, without disclosing the existence of suspicious activity report filings if the concerns are based on potentially suspicious activity.
o give foreign financial institutions the opportunity to provide any additional customer-specific information to the bank that might address these concerns before the bank makes a final determination to close the foreign correspondent account.
o in cases when the bank has decided to terminate the foreign correspondent account, provide sufficient time for the foreign financial institution to establish an alternative banking relationship with other U.S. banks.
· Ensuring a clear audit trail of the reasons and method used for account closure.
1 This guidance does not create, change, or supersede legal requirements.
2 See OCC Bulletin 2014-58, “Banking Money Services Businesses: Statement on Risk Management.”
3 Other applicable legal requirements are found in sections 312-313 of the USA PATRIOT Act of 2001 and its implementing regulations at 31 CFR 1010.610(d) and 31 CFR 1010.630(d)(2). See also FFIEC Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Examination Manual, p. 5.
4 FFIEC BSA/AML Examination Manual, p. 24.
5 FFIEC BSA/AML Examination Manual, p. 111.
6 See 31 CFR 1010.610(a). In addition, banks are required to conduct enhanced due diligence for certain foreign correspondent accounts. See 31 CFR 1010.610(b).
7 See footnote 3.
8 As used in this guidance, “financial inclusion” refers to access to financial services through formal accounts. See http://www.worldbank.org/en/topic/financialinclusion/overview.
9 Although many of the governance principles outlined in this bulletin could be applicable to account closures of customers in general, this guidance specifically focuses on foreign correspondent bank accounts.
10 See 31 CFR 1010.610(a). See also FFIEC BSA/AML Examination Manual, p. 18.
11 FFIEC BSA/AML Examination Manual, pp. 23-24 and 179.
12 See 31 CFR 1010.610(a)(3) and (d). See also FFIEC BSA/AML Examination Manual, pp. 23, 25, 115, and 179.
13 See 31 CFR 1010.610(a)(2)(i-v). See also FFIEC BSA/AML Examination Manual, p. 114.
14 There may be instances when providing customers with notice of account closure or sufficient time to establish an alternative banking relationship would expose the bank to increased BSA/AML compliance risk or cause harm to the bank’s safety and soundness, such as when the bank has identified suspected money laundering or terrorist financing-type activities.