4 risk management trends to help banks prepare for a U.S. correspondent banking relationship

May 4, 2023

Risk management is critical for foreign banks that want to establish a banking relationship in the United States (U.S.). This is because the banking sector in the U.S. is stringently regulated; therefore, failure to effectively manage any and all risks can result in serious losses – both financial and reputational.

For example, say a foreign bank opens a corresponding relationship with a U.S. bank for the purpose of enabling its customers to conduct US-dollar denominated transactions between the two countries. Now imagine if the bank outside of the U.S. has not conducted adequate due diligence of its customers, and one of the customers is engaging in illicit activities such as money laundering. The event could lead to a termination of the correspondent relationship between the two banks, disruption to the foreign bank’s business customers, potential damage to each institution’s reputation, potential fines and penalties against the U.S. bank, among other consequences.

To avoid such circumstances, proactive and ongoing mitigation of risks must be put into practice. The following are four risk management trends that foreign banks can adopt as they seek to establish a U.S. banking relationship.

Trend 1: Regulatory Compliance Assurance

One of the most critical aspects of risk management when considering a relationship with a U.S. bank is remaining up to date with regulatory compliance. Creating a strong compliance culture among banking employees can help mitigate risks.

In addition to strict U.S. federal laws, there are state laws and regulations to navigate. Those who fail to understand and incorporate U.S. regulatory requirements risk losses in both finances and good standing with customers that need to make payments to U.S. suppliers.

The focus on regulatory requirements is drawn from three main pieces of U.S. laws and regulations:

Bank Secrecy Act (BSA) The requirement to establish anti-money laundering (AML) processes through reporting, recordkeeping and monitoring programs

USA Patriot Act A law that empowers the U.S. government to detect and prevent terrorism through information sharing and surveillance techniques.

Foreign Account Tax Compliance Act (FATCA) A requirement by the U.S. government to ensure foreign banks disclose details about U.S. persons who maintain accounts at their institutions.

“Foreign banking entities that ignore U.S. regulatory compliance requirements are subject to far-reaching implications and reputational damage,” said Alberto de la Portilla, CEO of Integro Advisers. “That is why it is crucial to work with experts in the industry who are well-versed in the laws and best practices and committed to staying current with any updates in legal and regulatory affairs affecting the financial services industry.” Mr. de la Portilla says it is also imperative to have a third-party assessment of a foreign bank’s compliance program and its alignment with industry best practices that may go beyond local norms and regulations. “More and more, U.S. banks are seeking this type of independent assurance.”

Trend 2: Ongoing Due Diligence

Ongoing due diligence is another crucial component of a sound risk management plan. Often described as Enhanced Due Diligence or annual high-risk reviews, it involves implementing advanced procedures and processes on customers that present a higher risk to the financial institution on a regular basis. U.S. banks anticipate that foreign banks looking to establish a corresponding relationship will have adequate ongoing due diligence policies and procedures.

Some of the more effective strategies include:

  • Transactional history analysis of customer activity
  • Documented site visits of commercial customer’s operation
  • Financial statement reviews
  • Negative news searches of all parties of an account
  • Conclusions outlined in a report that is reviewed and approved by the Compliance Officer

Enhanced due diligence processes allow banks to identify red flags that the entity may not be in full compliance to proactively ward off risks. Knowledge of a potential problem before establishing the relationship can help a foreign bank improve their perception among U.S. banks.

Trend 3: OFAC compliance

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) enforces economic and trade sanctions against targeted foreign countries and regimes, terrorists, international narcotics traffickers, and since the Russian invasion of Ukraine, it has taken on particular importance as a top priority among U.S. banks and the expectation is that their foreign correspondent banking customers will make it a priority as well. The need for a sanctions’ compliance program is critical. There has been guidance provided by both OFAC and the Office of the Controller of the Currency (OCC) on these measures. Essentially, a separate program will require a risk assessment, the implementation of internal controls, independent testing and validation of those controls, and ongoing training. Searches of the OFAC Specially Designated Nationals (SDN) List are simply not enough. Sanction risk assessment are proving to be a necessary step and a path forward to properly documenting risks, the direction of the risk, and the quality of the mitigating controls.

Financial technology that supports OFAC/sanction list screening should also be validated by an objective and independent third party that can test logic settings and thresholds and ensure that whatever interdiction software is used by the foreign bank is updated and reconciled with the bank’s core and monitoring systems.

Trend 4: Technology for Cybersecurity

Cybersecurity is critical when it comes to risk management for any industry, but especially for the financial sector. And when problems occur, they can be incredibly costly.

According to a 2022 report, globally, banks lose more than $1 trillion in cybercrimes annually.

Because banks are prime targets for cybercriminals, the more expansive the financial institution is, the greater the risk. Risks include data breaches or attempts to steal personal data through phishing attacks. A privacy invasion through ransomware can be catastrophic.

Effectively mitigating cybersecurity risks begins with the implementation of strong policies and procedures. Technological advancements enable banks to protect sensitive data with encryption and firewalls. Employee training to best support the technology and other policies is imperative as are regular cybersecurity risk assessments to identify any weaknesses within its control system.

Technological developments like artificial intelligence (AI) and machine-learning are making cybersecurity measures more robust. Foreign banks that rely on technology experts as third-party vendors must also have a risk management program in place to recognize and manage risks with those entities as well.

As U.S. banks continue to survey the foreign correspondent banking market for potential customers, foreign banks would benefit from implementing these trends to improve their risk profile and overall business growth opportunities. Key risk management strategies would ensure they remain in good financial standing and elevate their reputation in the industry.