An official website of the United States government
Parts of this site may be down for maintenance from Thursday, December 19, 9:00 p.m. Sunday, December 22, 9:00 a.m. (Eastern).
OCC Bulletin 2016-32 | October 5, 2016
Share This Page:
Chief Executive Officers, BSA Officers, and Compliance Officers of All National Banks, Federal Savings Associations, and Federal Branches and Agencies; Department and Division Heads; All Examining Personnel; and Other Interested Parties
The Office of the Comptroller of the Currency (OCC) is issuing guidance to national banks, federal savings associations, and federal branches and agencies (collectively, banks) regarding periodic evaluation of the risks related to correspondent accounts for foreign financial institutions (foreign correspondent accounts). This guidance describes corporate governance best practices for banks' consideration when conducting these periodic evaluations of risk and making account retention or termination decisions relating to their foreign correspondent accounts. This guidance also reiterates the OCC's supervisory expectation that, in connection with implementing the requirement that banks have established policies and procedures for conducting risk assessments for foreign correspondent accounts, banks should periodically evaluate and reassess this risk (risk reevaluation) as part of their ongoing risk management and due diligence practices.1
This risk management guidance is applicable to all OCC-supervised banks that maintain foreign correspondent banking relationships. Community banks and federal savings associations that engage in foreign correspondent banking and have relatively small portfolios may have different risk considerations than banks with larger correspondent banking portfolios. Those considerations, as well as the nature of smaller banks' compliance functions or reporting hierarchies, may warrant modifications to these best practices in line with the bank's particular risk considerations.
The OCC's supervisory expectation that banks conduct periodic risk reevaluations of their customer portfolios applies to all banks. This guidance focuses on the periodic risk reevaluation expectation for portfolios that contain foreign correspondent accounts; these risk management expectations include measures taken by banks to ensure that risk profiles of their foreign financial institution customers are periodically updated. In conducting risk evaluations of foreign correspondent accounts, banks should confirm that procedures for reevaluating foreign correspondent account risks and making account-related decisions are implemented. Banks also should ensure that decisions to terminate foreign correspondent accounts, which result from risk reevaluations, are based on analysis of the risks presented by individual foreign financial institutions and the bank's ability to manage those risks.
Below are examples of best practices observed by the OCC, for banks to consider when conducting periodic reevaluations of the risks related to foreign correspondent accounts and making account retention or termination decisions. Banks that engage in foreign correspondent banking and have smaller portfolios, including community banks and federal savings associations, may have different risk management considerations than banks with large correspondent banking portfolios, which may warrant modifications to these best practices in line with the bank's particular risk considerations. Best practices include:
In carrying out the agency's mission, the OCC requires OCC-supervised banks to manage their risks appropriately, to comply with laws and regulations, and to provide fair access to financial services and fair treatment of their customers. As a general matter, the OCC does not direct banks to open, close, or maintain individual accounts, nor does the agency encourage banks to engage in the termination of entire categories of customer accounts without considering the risks presented by an individual customer or the bank's ability to manage the risk.2 A decision to terminate a banking relationship or to exit a line of business generally resides with the bank.
Banks must choose whether to enter into or maintain business relationships based on their business objectives; evaluation of the risks associated with particular products or services; evaluation of customers' expected and actual activity; and banks' ability to manage those risks effectively. In doing so, banks must comply with national anti-money laundering (AML) and countering the financing of terrorism requirements set forth in applicable laws, including the Bank Secrecy Act (BSA).3 A bank's safety and soundness can be threatened when it fails to identify risks in the products or activities the bank provides or in the customers it serves. Further, a bank's safety and soundness can be threatened if it lacks comprehensive risk management systems and controls to mitigate identified risks. For BSA/AML, effective risk management should be an ongoing process, not a one-time exercise, and each bank's risk assessment should be periodically updated to identify changes in the bank's risk profile.4 A bank's failure to conduct periodic risk reevaluations, including the review of risks posed by bank customers, can give money launderers, fraudsters, terrorists, and other criminals access to the U.S. financial system.
Foreign correspondent accounts are established by a bank for a foreign financial institution to receive deposits from, to make payments or other disbursements on behalf of, or to handle other financial transactions related to the foreign financial institution.5 With regard to foreign correspondent accounts, each bank's due diligence program must include policies and procedures to assess risks posed by a foreign financial institution and consider all relevant factors including the foreign financial institution's business and markets; the type, purpose and anticipated activity of the account; the nature and duration of the relationship with the foreign financial institution; the supervisory regime of the jurisdiction in which the foreign financial institution is licensed; and information known or reasonably available about the foreign financial institution's AML record.6 Based on these assessments, banks are expected to design and implement controls to manage these risks effectively. These factors are particularly relevant in the context of performing periodic risk reevaluations of foreign correspondent customers. Banks with a clear understanding of the risk profiles of these customers may be more capable of providing banking services to such customers that historically have been considered higher risk.
Nonetheless, in recent years, banks conducting periodic risk reevaluations of foreign correspondent accounts have sometimes determined that particular accounts pose risks that cannot be mitigated in accordance with that bank's risk profile and have withdrawn from those relationships. In some cases, the closure of foreign correspondent accounts is required by law.7 These account closures may negatively affect access to financial services in the home country of the foreign financial institution, potentially resulting in financial inclusion concerns for that country.8 In addition, because the processes used by banks for risk reevaluation, and specifically for making account termination decisions, are not always clear to foreign financial institutions that are customers of the banks, the decisions may be perceived by those customers or others as arbitrary or lacking a sound basis. Those perceptions may pose reputation and litigation risk to the banks.
OCC-supervised banks are among the major providers of U.S. dollar-based foreign correspondent banking activity. Before this issuance, there has been no specific OCC guidance related to the management of foreign correspondent accounts that would provide assistance to banks when conducting risk reevaluations and making account retention or termination decisions. As part of its examination activities, the OCC has reviewed policies, procedures, and criteria used by some banks when conducting risk reevaluations and making account retention or termination decisions related to foreign correspondent accounts. The OCC has observed a range of practices that banks use in evaluating the risks in this area, consistent with safety and soundness.9 After summarizing existing supervisory expectations in this area, this guidance describes certain corporate governance practices that, in the OCC's supervisory judgment, constitute best practices for risk reevaluation of foreign correspondent accounts. Banks should consider using these best practices to make decisions about foreign correspondent account risk reevaluations and closures.
As part of sound risk management, the OCC expects banks to conduct periodic risk reevaluations of their foreign correspondent account customer relationships. Banks' risk reevaluations should consider risks present in the foreign financial institutions' business and markets, as well as the anticipated account activity and the supervisory regime of the geographic location in which the foreign financial institution is licensed.10 Banks should give foreign financial institutions an opportunity to provide sufficient and transparent information to allow banks to make informed risk assessment decisions. The OCC expects banks to include the following practices in their risk reevaluations.
Banks that maintain foreign correspondent accounts should consider the following, which the OCC believes in its supervisory judgment to be best practices, when updating their customer risk assessments. These considerations, which are reflective of sound risk management, may be applicable to active and dormant foreign correspondent accounts that the bank has determined require closure.
Community banks and federal savings associations that engage in foreign correspondent banking and have relatively small portfolios may have different risk considerations than banks with larger correspondent banking portfolios. Those considerations, as well as the nature of smaller banks' compliance functions or reporting hierarchies, may warrant modifications to these best practices in line with the bank's particular risk considerations.
Best practices include:
Please contact the OCC's Compliance Risk Division at (202) 649-5470.
Grovetta N. Gardineer Senior Deputy Comptroller for Compliance and Community Affairs
1 This guidance does not create, change, or supersede legal requirements.
2 See OCC Bulletin 2014-58, “Banking Money Services Businesses: Statement on Risk Management.”
3 Other applicable legal requirements are found in sections 312-313 of the USA PATRIOT Act of 2001 and its implementing regulations at 31 CFR 1010.610(d) and 31 CFR 1010.630(d)(2). See also FFIEC Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Examination Manual, p. 5.
4 FFIEC BSA/AML Examination Manual, p. 24.
5 FFIEC BSA/AML Examination Manual, p. 111.
6 See 31 CFR 1010.610(a). In addition, banks are required to conduct enhanced due diligence for certain foreign correspondent accounts. See 31 CFR 1010.610(b).
7 See footnote 3.
8 As used in this guidance, “financial inclusion” refers to access to financial services through formal accounts. See http://www.worldbank.org/en/topic/financialinclusion/overview.
9 Although many of the governance principles outlined in this bulletin could be applicable to account closures of customers in general, this guidance specifically focuses on foreign correspondent bank accounts.
10 See 31 CFR 1010.610(a). See also FFIEC BSA/AML Examination Manual, p. 18.
11 FFIEC BSA/AML Examination Manual, pp. 23-24 and 179.
12 See 31 CFR 1010.610(a)(3) and (d). See also FFIEC BSA/AML Examination Manual, pp. 23, 25, 115, and 179.
13 See 31 CFR 1010.610(a)(2)(i-v). See also FFIEC BSA/AML Examination Manual, p. 114.
14 There may be instances when providing customers with notice of account closure or sufficient time to establish an alternative banking relationship would expose the bank to increased BSA/AML compliance risk or cause harm to the bank's safety and soundness, such as when the bank has identified suspected money laundering or terrorist financing-type activities.