18 November 2025
FATF ¦ R.13 Correspondent Banking
Recommendation 13: Strengthening Controls to Combat Financial Crime
Correspondent banking is the backbone of international finance, enabling cross-border settlements, trade, and liquidity. But it also presents elevated exposure to money laundering and terrorist financing. When one institution (the correspondent) provides services to another (the respondent), risk can propagate across jurisdictions, regulatory regimes, and customer bases. To mitigate this, financial institutions must go beyond standard customer due diligence and apply robust, relationship-specific controls.
What Robust Due Diligence Looks Like in Practice
A strong correspondent banking framework starts with comprehensive knowledge of the respondent institution. Financial institutions should gather sufficient information to fully understand the respondent’s business model, product suite, geographic footprint, and risk profile. This means verifying the institution’s reputation using public sources — such as regulatory publications, sanctions lists, enforcement actions, and credible media — and evaluating the quality of its supervision. It is essential to determine whether the respondent has been subject to investigations or regulatory action related to money laundering or terrorist financing.
Risk assessment must extend to the respondent’s AML/CFT program, focusing on governance, independent testing, transaction monitoring, screening, customer due diligence practices, and the effectiveness of suspicious activity reporting. This assessment should be anchored in documented evidence — policies and procedures, program audits, board oversight materials, and regulator feedback — rather than assurances alone.
Senior management involvement is non-negotiable. Institutions should require formal approval at the executive level before establishing new correspondent relationships. This governance step ensures accountability for risk appetite decisions and evidences informed consideration of cross-border risk factors.
Clear delineation of responsibilities between the correspondent and respondent institutions is vital. Both parties must document who does what across onboarding, screening, monitoring, information sharing, and escalation. This reduces ambiguity, prevents control gaps, and facilitates timely responses to requests for customer due diligence or transaction information.
Payable‑Through Accounts: A High-Risk Channel Requiring Tighter Controls
Payable-through accounts — correspondent accounts used directly by third parties to transact for themselves — amplify risk. Before permitting such arrangements, the correspondent must be satisfied that the respondent has conducted customer due diligence on the direct-access customers and can provide relevant CDD information promptly upon request. Without assured transparency and data access, monitoring becomes ineffective and the risk of abuse increases. If those assurances are not credible or cannot be operationalized, payable-through access should not be allowed.
Zero Tolerance for Shell Banks
Entering into or maintaining relationships with shell banks is prohibited. A shell bank lacks a physical presence and substantive mind-and-management, making it inherently opaque and vulnerable to misuse. Financial institutions must also ensure that their respondents do not allow shell banks to use their accounts indirectly. This requires proactive checks, covenant-like undertakings in contracts, and ongoing surveillance to detect and prevent nested relationships with shell entities.
Extending These Standards Beyond Banking
The same criteria apply to similar cross-border financial relationships, such as those established for securities transactions or funds transfers, whether the financial institution is acting as principal or on behalf of its customers. The core risks — third-party dependence, jurisdictional fragmentation, and information asymmetry — are present across these channels, so consistent controls are necessary.
Operationalizing the Controls: From Policy to Execution
Policies should mandate (enhanced) due diligence for all new and existing correspondent relationships, with risk ratings driving depth and frequency of reviews. Contracts should embed rights to information, audit, and termination if controls degrade. Monitoring should include behavior-based analytics tailored to correspondent traffic — nested payments, unusual routing patterns, and bursts of activity inconsistent with profile. Escalation protocols must support rapid information requests and timely filing of suspicious activity reports.
Governance and reporting to senior management and the board should cover the inventory of correspondent relationships, risk ratings, material issues, remediation status, testing results, and regulatory developments. Institutions should align their approach with global standards and local regulatory expectations, ensuring that variations in jurisdiction do not dilute control effectiveness.
Conclusion: Raising the Bar for Cross‑Border Integrity
Correspondent banking is indispensable but vulnerable. The measures outlined — thorough respondent understanding, AML/CFT assessment, senior approval, clear allocation of responsibilities, strict control of payable-through accounts, and categorical exclusion of shell banks — form a practical and defensible framework. Applying these standards consistently across analogous financial relationships helps protect the system from abuse, supports regulatory compliance, and preserves trust in cross-border finance.
Dive deeper
- FATF ¦ The FATF Recommendations ¦ Link
What else?
