ResourcesPractical guidance and standards for financial crime compliance practitioners

Wolfsberg Group Transaction Monitoring Request for Information Best Practice Guidance

Download Wolfsberg RFI Best Practice Guidance
PDF923.4 KB

August 2022

Table of Contents
1 Purpose of Guidance Document p.3
2 Definitions p.4
3 Benefit and Value of RFIs p.5
4 Drivers for RFIs p.6
5 Roles and Responsibilities p.7-8
6 Timelines and Expectations p.9
7 Actions on Insufficient/Non-Responses p.10
Appendix Guidance on RFI questions and expected responses p.11-30

Purpose of this Guidance Document

  • This Request For Information (RFI) guidance document is focused primarily on inquiries initiated as a result of transaction monitoring and is not intended to address inquiries issued in relation to transactions blocked or rejected as a result of sanctions screening or payment transparency events1.
  • An important goal of this guidance document is to improve the awareness about the value that RFIs (or inquiries) provide in a correspondent banking relationship, to present best practice guidance for both issuing and Respondent Institutions2, and to improve the overall effectiveness of the RFI process. While this document deals with correspondent banking, the guidance applies to other payments-based relationships.
  • The document also aims to add to Financial Institutions’ (FIs’) understanding of how RFIs should be handled, what types of questions are being asked, the purpose of the question, the role of RFIs in mitigating financial crime risks, and the benefits of effective RFIs and responses.
  • There are many elements of the inquiry process that impact the effectiveness of RFIs, such as a lack of inquiry response, insufficient or incomplete responses, privacy concerns restricting information-sharing, delayed responses to RFIs, and/or misunderstanding of the purpose of the RFI or the RFI process.
  • Ineffective RFIs or incomplete RFI responses can lead to increased compliance costs, inefficient utilisation of resources (i.e. time spent on follow-up questions to get full and/or clear answers), increased risk for the parties involved, defensive Suspicious Activity/Transaction Report (SAR/STR) filings, and further reviews of correspondent relationships, potentially resulting in restrictions in payment processing.
  • The Appendix includes a list of commonly asked RFI questions and expected responses from the Respondent FIs. The aim is to serve as a guide to both Correspondent Banks and Respondent FIs. It is not a prescriptive list of questions to be asked by Correspondent Banks.

Definitions

Correspondent Bank and Respondent Financial Institution

  • For the purpose of this document, Correspondent Banking activity is the provision of banking-related services by one Bank (the Correspondent) to another Bank (the Respondent), for the execution of third-party payments, trade transactions and processing of paper clearing needs in a particular currency. These services may include provision of a current or other liability account and related services.
  • A Correspondent Bank enables its Respondent clients to provide their own customers with cross-border products and services. The Correspondent is effectively acting as the Respondent’s agent or conduit, executing payments or other transactions for the Respondent’s customers. These customers may be individuals, legal entities, or FIs.
  • The diagram below shows a typical Correspondent Banking Transaction and the relationships between the parties.

Diagram 1: Typical Correspondent Banking Transaction

  • Ordering Party
  • Correspondent Banking Relationship
  • Respondent Bank A (Originating Bank)
  • Respondent A’s Correspondent
  • Respondent B’s Correspondent
  • Correspondent Banking Relationship
  • Respondent Bank B (Beneficiary Bank)
  • Beneficiary Party

Benefit and Value of RFIs

  • In a Correspondent Banking relationship, the Correspondent Bank will monitor the Respondent’s transactions to detect any unusual or potentially suspicious activity.
  • Such activity of concern relates mainly to the customers of the Respondent, whose Know Your Customer (KYC) information is usually not available to the Correspondent Bank. One primary way in which banks can mitigate transactional risk is through RFIs. The more information that can be obtained via RFIs as part of the transaction monitoring process, the more comfort can be obtained in understanding the purpose of a payment or a set of payments. RFIs also evidence the Respondent’s ability to manage risk and provide comfort around its controls to the Correspondent Bank.
  • RFIs are issued to Respondents with the aim of obtaining information, including, but not limited to, the following:
    • KYC information or background profile of the underlying customer;
    • Summary of account relationship;
    • Background or purpose of the transaction(s) under review;
    • Nature of the activity pattern; and/or
    • Details relating to the counterparty of the underlying customer.
  • When RFIs are used effectively by both the issuing and the Respondent Institutions, RFIs are a valuable tool to assist in resolving an alert from the transaction monitoring process, making a SAR/STR determination or taking a risk mitigating action.
  • In addition to the operational processes on receipt of RFI, the Respondent may consider the RFI as potential input to its transaction monitoring process or potential manual trigger for a local investigation if not investigated previously, based on the intelligence and the insights gathered.

Drivers for RFIs

Below is a non-exhaustive list of key reasons for Correspondent Banks to issue a RFI:

  • Transaction monitoring Anti-Money Laundering or Combatting Terrorist Financing (AML/CTF) concerns;
  • Financial Intelligence Unit (FIU) review projects;
  • Internal escalation/unusual activity referrals;
  • Account activity reviews;
  • Other financial crime risk factors of concern.

Roles and Responsibilities

The Correspondent Bank should:

  1. Avoid unnecessary RFIs or RFI questions by reviewing alternative options (including internal documentation, public domain searches, review of prior RFIs as applicable, etc.) needed to answer a material investigative question before issuing an RFI. An initial review or analysis should be completed prior to RFI issuance.

  2. Issue an RFI only to a Respondent that is their customer. The transaction(s) in question could be directly related to the underlying customer of the Respondent, or where a downstream relationship is involved, the underlying customer of the downstream Bank.

  3. Only request information that is pertinent to the investigation of financial crime-related concerns, with a brief rationale for the request. The nature of the Correspondent’s investigation will determine how many questions it deems necessary.

  4. Draft a clear and succinct RFI so that all questions are well structured and can be understood easily by the recipient (recognizing linguistic and cultural differences), to ensure that sufficient and meaningful, but not excessive, information has been requested to reduce the need for follow-up RFIs.

  5. Ensure RFIs are sent to the established points of contact and set up expected timelines for receiving RFI responses from the Respondent (refer to section on Timelines and Expectations).

  6. Make Respondents aware of its risk appetite and expectations in information-sharing before a Correspondent Banking relationship is established. An example is laying out such expectations in the form of a policy statement regarding the operation of the Correspondent Bank account.

  7. Encourage collaborative discussion with the Respondent, with the aim of gaining better knowledge of the latter’s underlying customer base that transacts through the correspondent relationship.

  8. Establish feedback loops within internal financial crime compliance teams so that its coverage/advisory teams are aware of any potential risk concerns noted from RFI responses, or when insufficient/no responses have been provided by the Respondent.

There is no expectation or requirement for the Correspondent Bank to conduct due diligence on the Respondent’s customers (sometimes referred to as Know Your Customer’s Customer (KYCC))3.

The Respondent Financial Institution should:

  1. Establish clear point of contacts for receiving RFIs and assign RFIs to the responsible, accountable person promptly. Where possible, any expected delays should be communicated to the Correspondent Bank in a timely manner.
  2. Determine information availability in internal systems and documents to provide a meaningful response keeping in view any applicable regulatory limitations. When sufficient information is not available, the Respondent should initiate customer contact to obtain the information requested by the Correspondent Bank. If the subject of RFI is the customer of a downstream Bank, the Respondent is expected to request the relevant details from the downstream Bank.
  3. Gather relevant information from internal sources and/or the customer within a reasonable period (refer to section on timelines and expectations) and, if necessary, update Customer Due Diligence (CDD) records, as required.
  4. Structure the response in a way that answers respond to all the questions and that they are easy to understand (recognising linguistic and cultural differences). The responses should be sufficient and meaningful to reduce the necessity of follow-up RFIs.
  5. Where possible and appropriate (considering the Respondent’s risk tolerance, customer confidentiality obligations/banking secrecy and/or concerns around tipping off under certain country regulations), inform the Correspondent Bank if the subject of the RFI is/was already under internal investigation or has been exited.
  6. Establish terms and conditions with underlying customers for permitting the sharing of information with Correspondent Banks (refer to section on “Actions on Insufficient/Non-Responses”).

Timelines and Expectations

  • The Correspondent Bank requesting information expects the Respondent to respond to an RFI within a reasonable period of time and with a sufficient level of detail. Depending on different Correspondent Banks’ expectations and the level of detail required, the timeline for response would generally range between 10 to 30 business days. Note that this serves as an indicative timeframe only and may vary according to the complexity of the RFI, when the transactions took place, and/or the regulatory rules/regulations/expectations
  • The Correspondent Bank requesting information should specify the expected timeline for response upon issuing the RFI. This timeline should allow sufficient time for the investigation to be concluded after the receipt of the response from the Respondent.
  • The Respondent may experience delays in processing RFIs due to internal process, communication issues, aged transactions and challenges related to cross-border information-sharing. This might require the Respondent to retrieve historical records, conduct further analysis/review of their underlying customers and/or send its own RFI to another party. In these situations, and where permitted by regulatory considerations and internal investigation requirements, the Respondent should be allowed more time by the Correspondent Bank. The Respondent should also inform the Correspondent Bank if it requires longer processing time where information is not readily available due to reasons mentioned above.
  • In line with the roles and responsibilities set out earlier in this document, the Respondent should respond in a timely fashion and provide information to the level of detail requested as permissible and appropriate.
  • The Respondent should process incoming RFIs without delay, to ensure information collection is initiated as soon as possible. This is particularly relevant in cases where customer contact is required by the Respondent because customers must be given a reasonable amount of time to provide a response.
  • The Respondent should ensure that it answers the RFI questions to allow the Correspondent to evaluate the underlying activity as well as the Respondent’s controls and thereby form an understanding of the level of risk posed by the underlying activity. The Respondent should understand that this evaluation is likely to form part of the Correspondent’s overall assessment of the risk of the relationship.

Actions on Insufficient/Non-Responses

  • For cases where an RFI response contains insufficient/incomplete information or was not responded to at all, the Correspondent Bank should adopt a risk-based approach in disposing the case. In many jurisdictions, inadequate or missing information about the underlying activity may result in the need to file a SAR/STR with the local FIU.
  • Respondents that fail consistently to respond to RFIs in a timely fashion should recognise that this may trigger additional concerns by the Correspondent Bank. Insufficient responses or failures to respond can indicate that the Respondent is unable to manage its risks sufficiently and may lead to the filing of a SAR/STR by the Correspondent Bank.
  • Correspondent Banks should have metrics, governance and an internal escalation process for issues concerning timeliness and quality of RFI responses provided by the Respondent. Trends related to missing or insufficient responses and their impact on case disposition should be reviewed in appropriate governance forums for suitable follow-on actions. Where required, the Correspondent Bank may initiate a reassessment of the Respondent’s relationship, risk profile and control environment.
  • Actions may also be taken concerning the RFI subject in situations where the RFI response is incomplete or inadequate. Potential measures that Correspondent Banks may choose to take would include issuing notices to the Respondent to restrict payments from/to the RFI subject until a sufficient RFI response has been received.
  • One approach FIs may consider to address insufficient/non-responses and manage associated risks proactively is for Correspondent Banks to enter into a written agreement with the Respondent before establishing a Correspondent relationship. The agreement can include explicit expectations on comprehensiveness and timeliness of responses as well as details on how the Correspondent Bank will monitor responses to evaluate the Respondent’s effectiveness in applying its own CDD measures and implementing AML/CTF controls.
  • If the Respondent is located in a jurisdiction that requires customer consent for disclosure of information, it is recommended that the Respondent have the relevant terms and conditions in place with their customers to permit appropriate sharing of information with service providers, including Correspondent Banks.

Appendix - Guidance on RFI questions and expected responses

  • Below is a list of frequently asked questions during the RFI process and expected response from the Respondent. The list of RFI questions serves as a guide only and is not a prescriptive list of mandatory questions to be asked by Correspondent Banks. Correspondent Banks should tailor the questions based on their investigations (refer to section “Roles and Responsibilities” on best practice). These questions should not be used as a template and Correspondents should ensure that their questions are directly relevant to their investigation.
  • Where a Correspondent Bank has provided the underlying reason for the RFI, the Respondent is expected to provide a detailed response to address these questions adequately, where permissible under local law.
  • If the Respondent is unable to provide detailed response(s) due to data privacy laws or other legal restrictions, the response should indicate the reason why such information cannot be provided.
  • Where a Respondent has not answered all the questions but has provided broader information addressing the transaction(s) under review, answers should be evaluated by the team/person familiar with the case before approaching the Respondent again.

Section 1 Account Specific Information

Category Questions Guidance
Account Relationship 1    How long has the customer maintained a relationship with your Institution? Why is this question being asked?
A long-established relationship enables the Respondent to conduct thorough due diligence and monitoring against past transaction data of the underlying customer, leading to a better understanding of their business background and transaction pattern(s) over time.

A recently opened account can be an indication that the underlying customer is a newly set up company or has been exited by other banks in the market. A long-established relationship should also mean the Respondent has a history of knowledge and information on the customer to help provide their Correspondent Bank with sufficient assurance over the activity.

What is the expected response?
The Respondent can either provide the account opening date or the approximate years/months of relationship duration with the underlying customer.
Account purpose & anticipated transactional activity 2    What is the purpose of the account(s) and what are the types of accounts being maintained? Why is this question being asked?
For legal entity customers, this may be asked to determine whether observed usage is commensurate with the line of business of the underlying customer.

For individual customers, this may be asked in order to understand whether this is an account for personal use or used for business purpose.

What is the expected response?
The Respondent should indicate the types of accounts maintained for the subject customer (e.g. business operating accounts, investment accounts, asset management accounts, trust accounts etc.), and the respective account purpose based on KYC information on file.
Account purpose & anticipated transactional activity (continued) 3    What are the anticipated values and volumes across the account(s) and is the activity is in line with the expected behaviour? Why is this question being asked?
This can assist the Correspondent Bank in assessing whether the transaction(s) under review fall(s) within the anticipated account activity.

What is the expected response?
Where permitted, anticipated values and volumes should be provided for the account(s) in question.

If the transaction(s) under review represent a notable deviation from the anticipated values and volumes, the Respondent should indicate whether they are comfortable with the activity and provide a rationale for the view (also see Q22).
4    Reason why the entity maintains account outside of the domiciled jurisdiction (if applicable)? Why is this question being asked?
Non-resident accounts (NRA) may pose additional financial crime and sanctions risks; hence, it is important to understand any business purpose for an account to be maintained outside of the underlying customer’s jurisdiction of domicile.

What is the expected response?
If the underlying customer is domiciled in another jurisdiction, the Respondent should provide the rationale, business purpose or any additional information that can justify an NRA being opened.
Account Status 5    Is the account still open? If not, what was the reason for closure and when was the account closed? Why is this question being asked?

Providing account status and account closure date (where applicable) can assist the Correspondent Bank in anticipating any future transactions, and in turn any risks that would stem from the underlying customer.

The reason for account closure is also a key piece of information. If the account has been closed due to risk concerns, commercial or other reasons, this can assist the Correspondent Bank in its investigation and risk mitigation process.

What is the expected response?

The Respondent should indicate whether the account is still open and active. If the account has been closed, provide the account closure date and, when possible, reason for closure.

Where appropriate and permitted, the Respondent should provide insight if any account restrictions have been placed on the underlying customer and the rationale of those restrictions.

Section 2 Background KYC

Category Questions Guidance
Individuals 6

Please provide the following background KYC information for underlying individual customer(s):
  • Full legal name
  • Permanent address:
  • Date of Birth
  • Nationality
  • Gender
  • Occupation
  • Employment details: Employer name, business activity and address
 Why is this question being asked?
This information can assist the Correspondent Bank in understanding the profile of the Respondent’s underlying customer(s) and assess whether the transaction(s) under review are consistent with the Respondent’s knowledge of the customer’s profile and business.

What is the expected response?
The Respondent is expected to provide profile details as available from its KYC records and customer outreach as necessary.

Where the Respondent is unable to provide detailed customer information due to data privacy laws or other legal restrictions, it is expected that the response indicates the reason why such information cannot be provided. In such instances, the Respondent should confirm that they have reviewed the customer profile information and, if appropriate and permitted, whether there are concerns/risks noted.
Legal Entity Customers 7    Please provide the following background KYC information for underlying customer:
  • Legal name of business
  • Principal place of business operations
  • Business address
  • Business activities including types of goods/services that are offered
  • Corporate website or public media presence (if available)
 Why is this question being asked?
The question can assist the Correspondent Bank in understanding the profile of the Respondent’s customer to assess whether the transaction(s) under review are consistent with the Respondent’s knowledge of the customer’s business and profile.

What is the expected response?
The Respondent is expected to provide profile details as available in KYC records and customer outreach as necessary.

Where the Respondent is unable to provide detailed customer information due to data privacy laws or other legal restrictions, it is expected that the response indicates the reason why such information cannot be provided. In such instances, the Respondent should confirm that they have reviewed the customer profile information and if appropriate and permitted, whether there are concerns/risks noted.
Source of Wealth 8    Please provide the source of wealth of the underlying customer.4 Why is this question being asked?
Understanding the source of wealth or origin of the income of the underlying customer enables the Correspondent Bank to understand better whether the underlying customer is engaged in transactions consistent with the referred income or wealth.

What is the expected response?
The Respondent is expected to provide details on the source of wealth as available in KYC records. Examples include but are not limited to salary from employment, business revenue, inheritance, etc. The Respondent is also expected to describe the underlying customer’s occupation or business activities.
Key Controller information 9    Please provide details regarding ultimate beneficial owners and authorised signatories for account of the underlying customer:
  • Name
  • Address
  • Occupation
  • Employer name and employer address
 Why is this question being asked?
This information assists the Correspondent Bank to understand better the beneficial owners and/or key controllers exercising direct control over the entity, as well as the risk profile of the legal persons, arrangements, and intermediaries involved in the transaction(s) to understand if there are any additional risks associated with the customer.

What is the expected response?
Where permitted, the Respondent is expected to provide information that has been collected as part of its KYC processes and procedures. The information provided should enable the Correspondent Bank to understand the ultimate beneficial owner(s) and authorised signatories of the underlying customer.
10    Please provide details of underlying customer's parent organisation:
  • Legal name of business
  • Physical location
  • Type of business/Industry in which the entity conducts business
 Why is this question being asked?
In situations where there is a parent or holding company, the question aims to seek information on that entity to be able to assess if there are additional risks or mitigants involved.

What is the expected response?
The Respondent is expected to provide information that has been collected as part of its KYC processes and procedures. The information provided should enable the Correspondent Bank to understand details of the parent organisation of the underlying customer.

Section 3 Transactional Details

Category Questions Guidance
Transaction purpose 11
Please explain the business rationale for the transaction(s) between the underlying customer and the counterparty.		 Why is this question being asked?
To understand the reasonableness of the transactions between transacting parties and determine if this is commensurate with the anticipated account activities, business activities and/or occupation of the underlying customer.

What is the expected response?
The Respondent is expected to provide details as available in its records and confirm if such transactions are consistent with its knowledge of the customer profile and business with the counterparty. Customer outreach is expected by the Respondent if such information is not available in its KYC records.
12
Please explain the goods and/or services that are being provided, or if the payment does not involve goods or services, please provide details of the transaction(s) under review.		 Why is this question being asked?
To understand if the transactions under review carry any increased risk because of the nature of goods and/or services involved and whether they are commensurate with the underlying customer’s line of business.

What is the expected response?
The Respondent is expected to provide details of goods and services involved in the transaction(s) under review and confirm if such transactions are consistent with the Respondent’s knowledge of the customer profile and business.
Transaction purpose
(continued)		 13    Please provide the ultimate origin and destination of goods. Why is this question being asked?
To understand if ultimate origin and destination of goods involves countries subject to Sanctions or any locations with increased geographical risk, thereby requiring further examination.

What is the expected response?
The Respondent is expected to provide details as available in its records and confirm if the origin and destination of the goods/service are consistent with its knowledge of the underlying customer and its business. Customer outreach is expected by the Respondent if such information is not available in its KYC records.
14    Please explain the relationship between the originator and beneficiary. Why is this question being asked?
To access information on the relationship between the originator and beneficiary to gain an understanding of the reasonableness of the transaction(s). The aim is to understand whether the transaction is consistent with the relationship between the originator and beneficiary.

What is the expected response?
The Respondent is expected to provide the relationship between the originator and beneficiary as available in its records to help identify if the transaction is consistent with the line of business for both parties and whether a commercial rationale has been established. Respondents are also expected to indicate whenever a third party is involved in the transaction (see also Q17). Customer outreach by the Respondent is expected if such information is not available in its KYC records.
Transaction purpose
(continued)		 15    Is your customer or counterparty of the customer performing transactions on behalf of a third party? If yes, please provide the following information:
  • Nature of relationship between the customer, counterparty of the customer and the third party
  • Reason why the payment was made on behalf of a third party
 Why is this question being asked?
To understand whether the customer or counterparty of the customer is transacting on behalf of a third party. In addition, depending on the nature of the third-party payment (e.g. involvement of payment service providers), the Correspondent Bank needs to be aware whether the Respondent is offering downstream payments to assess the risk from a ‘nesting’ perspective.5

Involvement of a third party poses additional risks and may hinder the Correspondent Bank’s ability to see the entire customer relationship. It is, therefore, important to understand the relationship between the parties involved and the rationale for involvement of a third party.

What is the expected response?
The Respondent is expected to provide details of such relationship, reason for such ‘on-behalf-of’ transactions and if they are in line with its knowledge of the customer’s underlying business practices. The Respondent may also provide information about any additional controls or checks it conducts on such third-party payments, e.g. checking if third party involvement is evidenced in the underlying invoice, contracts etc. Customer outreach by the Respondent is expected if such information is not available in its KYC records.
16    For business payments involving personal accounts, please advise:
  • The purpose of transaction;
  • The rationale for the use of a personal account for business purposes;
  • Relationship between the individual(s) and the business involved
 Why is this question being asked?
Usage of personal accounts for business purposes can reduce transparency. The intention is to understand better the rationale of personal accounts being used for business payments.

What is the expected response?
The Respondent is expected to provide details available in its records, the reason for business payments involving personal accounts and inconsistencies, if any, observed in the transaction(s). Customer outreach by the Respondent is expected if such information is not available in its KYC records.
Transaction Pattern 17    Please explain the reason for the following transaction pattern:
  • Multiple transactions involving the same originator/ beneficiary conducted on the same day or within a short time span.
  • Repeat payments between this originator and beneficiary.
  • Transactions conducted in round amounts.
  • Round trip transactions (e.g. A to B and then B to A).
  • Multiple individuals/entities remitting funds to the same beneficiary or receiving funds from the same remitter on the same/consecutive days.
  • Issuing multiple sequential numbered cheques on same day to same payee.
* Note that this list is not exhaustive and only includes some of the most common transaction patterns.		 Why is this question being asked?
The listed transactional patterns exhibit potential money laundering risks and/or are designed to circumvent reporting requirements.

The question aims to understand why underlying customer is transacting in such a manner, assess if it is inconsistent with their transaction patterns, and determine whether further examination is required.

What is the expected response?
The Respondent is expected to provide details as available to help the Correspondent Bank identify the reason for such patterns and highlight if these are consistent with its knowledge of the customer and its business. Customer outreach by the Respondent is expected if such information is not available in its KYC records.
Transaction Pattern (continued) 18    Does this transaction appear to be conducted in a manner consistent with currency or country transfer restrictions? Why is this question being asked?
Specific regulatory or exchange restrictions are sometimes implemented to limit the ability to convert and transfer associated currencies outside of host country.

The aim of the question is to understand if the transaction under review is a result of such restrictions, which may call for further examination.

What is the expected response?
The Respondent is expected to provide details as available to help the Correspondent Bank understand the transaction further and if the transaction is seen is the result of any such regulatory restrictions.
Others 19    Please provide the source of funds for the transaction(s) under review.6 Why is this question being asked?
Understanding the origin of funds enables the assessment of legitimacy and determining whether the funds are consistent with the risk profile of the underlying customer.

What is the expected response?
The Respondent is expected to provide details on the source of funds for the transactions under review, and whether this is in line with the expected account activity and business profile of the customer. Examples include but are not limited to salary from employment, business revenue, inheritance, etc. The Respondent is also expected to elaborate on the underlying customer’s occupation/business activities.

Section 4 Counterparty /Third Party Details

Category Questions Guidance
Counterparty / Third party KYC information 20

Please provide details on the counterparty and/or third party if applicable:

Counterparty is the entity with which the Respondent’s customer is transacting

Third Party is an entity on whose behalf the Respondent’s customer or the Counterparty is transacting.

Individual
  • Address
  • Citizenship
  • Country of Residence
  • Gender
  • Source of wealth
  • Occupation and Employment details
  • Details of Employer (industry, address)
Legal entity customers:
  • Physical location
  • Type of business/Industry in which the entity conducts business
  • Public media presence or Corporate Website (if applicable)
 Why is this question being asked?
To assist the Correspondent Bank to understand profile of the counterparty or third party (where the counterparty is transacting on behalf of the ultimate originator/beneficiary) and assess if the transaction(s) under review are consistent with the Respondent’s knowledge of the counterparty’s profile and business.7

What is the expected response?
The Respondent is expected to provide on a best effort basis, the requested details as available on the counterparty and/or third party and highlight any notable deviations observed in relation to the transaction.

Where the Respondent is unable to provide additional information (due to privacy laws, jurisdictions, etc.), it is expected that the response indicate the reason why such information cannot be provided. At minimum, the Respondent should confirm that the details have been reviewed and whether they are in line with expectations. Where the details are outside expectations and/or risk concerns are noted, the Respondent should confirm that appropriate actions have been/will be taken.
Account relationship with Counterparty /Third Party 21    Does your Institution maintain any accounts with the Counterparty and/or third party? If yes:
  • How long has the entity/individual been a customer of your Institution?
  • Has your Institution performed an Enhanced Due Diligence review on the entity/individual and if so, has the customer’s risk rating been elevated?
  • Are the transactions within the business account in line with the expected activity?
 Why is this question being asked?
A long-established relationship enables the Respondent to conduct thorough due diligence and monitoring against past transactions of the underlying customers. This also provides a better understanding of the business background and transaction pattern over time as compared to a recent relationship.

The purpose of the question is to understand if the underlying customer is covered by the Respondent’s Enhanced Due Diligence program and if the transactions are commensurate with the expected business activity.

What is the expected response?
The Respondent is expected to provide the account opening date or the approximate period of relationship establishment with the underlying customer and if the customer’s risk rating has been elevated as a result. The Respondent is also expected to provide details enabling the Correspondent Bank to understand if the transactions under review are in line with what is expected for the account.

Section 5 Respondent’s View and Actions Taken

Category Questions Guidance
Respondent’s
view		 22

Is your Institution comfortable with the detailed activity and overall activities of the underlying customer? Please provide a rationale for your view.		 Why is this question being asked?
This is for the Respondent to provide their views on their underlying customer and transactions under review, based on information available on KYC record, additional due diligence conducted, customer outreach and/or result of a triggered review.

The Respondent can assist the Correspondent Bank with their investigation process, by noting any risk concerns or the rationale for why the Respondent is comfortable with the underlying customer and overall transactional activities.

What is the expected response?
Respondent is expected to confirm that the transactions under review have been reviewed and indicate whether they are comfortable with the transaction(s) and overall activities of their underlying customer, and the rationale that led to the conclusion.

If the Respondent is comfortable, the following details should be provided:
  • Reason why the transaction is considered legitimate and confirm whether this is commensurate with the anticipated account activities, business activities and/or occupation of the customer
  • Details of due diligence conducted on the underlying customer or to validate the transaction (as applicable)
If the Respondent is not comfortable, details should be provided to the extent appropriate and permitted:
  • The concerns noted on their underlying customer and/or transaction(s).
  • Actions taken/to be taken with the underlying customer (e.g., account restrictions or terminate relationship).
  • Any other information or documentation that can assist the Correspondent Bank’s investigation process.
Respondent’s view
(continued)		 23    Are the transactions within the account in line with the expected activity? Why is this question being asked?
To assist the Correspondent Bank to understand whether the transaction(s) under review is/are in line with the expected activity based on Respondent’s understanding of their customer.

Factors to consider include but are not limited to comparison between actual vs anticipated account activity, and whether the goods transacted/ services provided are consistent with the underlying customer’s line of business.

What is the expected response?
As well as indicating whether the transaction(s) under review are in line with the anticipated activity, the Respondent is expected to provide the rationale for their view.
24    Is similar activity expected to continue in future? If yes, how frequently are such payments expected and what is the expected range of values involved? Why is this question being asked?
To assist the Correspondent Bank to understand whether the activity is of a one-off nature or expected to be ongoing.

If the activity under review is expected to be ongoing, the expected range and value involved can assist the Correspondent Bank by providing a reference point for current and/or future investigation, and to assess upcoming exposure the Correspondent Bank may face with respect to this underlying customer. This information may also avoid unnecessary repeat RFIs.

What is the expected response?
The Respondent is expected to provide details with consideration of the transactional nature and historical transaction pattern.
Actions taken by the Respondent 25    When was the last periodic review performed on the underlying customer? Why is this question being asked?
Periodic KYC reviews refresh the Respondent's understanding of the underlying customers, ensuring any changes are being identified (including but not limited to Politically Exposed Person (PEP)/Sanctions status, business activity or potential negative media8), and allows the opportunity for the Respondent to identify potential risks.

What is the expected response?
Respondent is expected to share the last periodic review date of their customer.
26    Has the underlying customer’s risk profile recently changed? If yes, please provide the rationale for this change and details of the additional due diligence conducted. Why is this question being asked?
A recent change in the underlying customer’s risk profile may indicate potential risk concerns noted by the Respondent.

Sharing the background and rationale for the change can assist the Correspondent Bank in assessing the risk exposure of the underlying customer.

What is the expected response?
The Respondent is expected to provide details on what triggered the change of their customer’s risk profile.

If the risk profile has been elevated, the Respondent should also provide details on the additional due diligence conducted and any enhanced controls applied to the customer.

Section 6 Adverse Media or Sanctions related

Category Questions Guidance
Adverse Media related 27

Please confirm from your records that entity/individual involved in the transactions and entity/individual identified from adverse information of public domain are the same?		 Why is this question being asked?
The Correspondent Bank would normally provide the source of adverse media and request the Respondent to confirm if the entity/individual identified from the media is a true match to the underlying customer.

What is the expected response?
The Respondent is expected to provide confirmation if their underlying customer is the same entity/individual that is the subject of the identified adverse media.

Where concerns on the customer are noted, the Respondent is expected to share, as appropriate and where legally permissible, the actions taken with regard to their underlying customer.
Sanctions related 28

Does the underlying customer transact with Sanctioned parties or parties domiciled in Sanctioned jurisdictions that fall under broadly adopted sanctions regimes (e.g. OFAC, UN, EU, HMT)? If so, please provide a rationale for being comfortable with the activities of the underlying customer.		 Why is this question being asked?
To understand if the Respondent’s underlying customer might have any potential Sanctions nexus in relation to broadly adopted sanctions regimes including but not limited to OFAC, UN, EU, and HM Treasury UK Sanctions list and any other lists relevant to the transaction.

What is the expected response?
The Respondent is expected to provide confirmation whether their underlying customer has transacted with parties domiciled in Sanctioned jurisdictions.

If yes, the Respondent is also expected to provide reasons why they are comfortable with such transactions, including but not limited to sharing copies of licenses permitting such transactions and involved currencies.

Section 7 Supporting Documents & Other Information

Category Questions Guidance
Supporting documents 29 Please provide supporting documents for the transactions, including but not limited to:
  • Details of the contract
  • Copies of invoices
  • Other documents for showing proof of transactions
 Why is this question being asked?
This question would usually be asked during follow-up RFIs, where provision of supporting documents such as invoices, contracts, and bills of lading etc., would give the Correspondent Bank a fuller understanding of the transaction background.

Correspondent Banks should also consider seeking legal advice on any potential obligation (for example, suspicion requiring reporting to relevant authorities) that may arise upon gaining knowledge of transactions, post receipt of such supporting documents.

What is the expected response?
The Respondent is expected to provide the supporting documents of the transaction(s) under review where legally permissible.

In situations where supporting documents cannot be provided due to data privacy laws or other legal restrictions, the Respondent is expected to provide either a redacted version or confirmation that they have reviewed the supporting documents and whether they are in line with the transaction(s) under review.
Other Information 30 Is there any other relevant information you can share without violating any confidentiality guidelines? Why is this question being asked?
To provide relevant information or documentation that was not covered in Correspondent Bank’s RFI questions.

What is the expected response?
The Respondent is expected to provide any additional information or documentation that can assist the Correspondent Bank’s investigation process and further understanding on the background of their underlying customer or transactions under review.

Footnotes

  1. See Wolfsberg Group Payment Transparency Standards.

  2. In this document an Issuing Institution is a bank that issues the RFI in a correspondent banking relationship, whereas Respondent Institutions are banks that receive the RFI.

  3. See FATF Guidance - Correspondent Banking Services (Oct 2016).

  4. The Wolfsberg Group Frequently Asked Questions (FAQs) on Source of Wealth and Source of Funds (2020).

  5. Additional guidance materials in relation to downstream relationships, payment service providers, and on-behalf payments:
    a. The Wolfsberg Correspondent Banking Due Diligence Questionnaire (CBDDQ).
    b. The Wolfsberg Group Payment Transparency Standards.

  6. The Wolfsberg Group FAQs on Source of Wealth and Source of Funds (2020).

  7. See FATF Guidance - Correspondent Banking Services (Oct 2016).

  8. See The Wolfsberg Group FAQs on Negative News Screening (2022).

Back to