Introduction
Correspondent banking makes the global financial system work. Without it, a regional bank in Colombia couldn't settle a trade payment in euros, and a fintech in London couldn't route a wire to a customer in Southeast Asia. It's also one of the most consistently exploited entry points for money laundering — a risk the Financial Action Task Force has flagged in nearly every global mutual evaluation cycle for the past decade.
The core problem is inherited risk. When a correspondent bank processes transactions on behalf of a respondent bank, it's effectively extending services to customers it has never onboarded, verified, or assessed. Those customers sit behind the respondent — sometimes behind multiple nested institutions — and the correspondent may have limited visibility into who they actually are.
Regulators in the US, UK, EU, and Canada have sharpened their expectations — and enforcement actions have followed. This article breaks down the primary AML risks in correspondent banking, what due diligence frameworks actually require, and where compliance programs most often fall short.
TL;DR
- Correspondent banking connects domestic banks to global payment infrastructure — but layered relationships create significant AML blind spots.
- Criminals use complexity, transaction volume, and jurisdictional gaps to move illicit funds through correspondent chains.
- FATF Recommendation 13 sets the global baseline; the BSA/AML framework governs US institutions specifically.
- Know Your Correspondent Bank (KYCB) due diligence is the primary defense — and ongoing reviews, not one-time checks, are what regulators expect.
What Is Correspondent Banking and How Does It Work?
According to the Bank for International Settlements, correspondent banking is an arrangement where one bank — the correspondent — holds deposits owned by other banks, called respondents, and provides payment and other services on their behalf. The BIS describes it as an essential component of the global payment system, particularly for cross-border transactions.
The Key Players and Mechanics
Three parties are always present in a correspondent relationship:
- The correspondent bank — typically larger, with global reach, holding accounts and executing transactions
- The respondent bank — smaller or more regionally focused, accessing markets it can't reach directly
- End customers — individuals or businesses whose transactions flow through both institutions but who are never directly onboarded by the correspondent
Balances between institutions are tracked through nostro and vostro accounts: the respondent views the account it holds with the correspondent as its nostro account; the correspondent records the same balance as the respondent's vostro.
SWIFT provides the messaging infrastructure that carries payment instructions and trade confirmations between them — the information layer, separate from settlement itself.
Where Complexity Multiplies
The BIS has documented roughly 7,000 SWIFT-connected banks maintaining over 1 million correspondent relationships. A single payment from a fintech customer in one country can pass through two or three intermediary institutions before reaching its destination, with each hop adding a layer of opacity. Each additional intermediary reduces the correspondent's visibility into who is ultimately originating or receiving funds.
Two structural arrangements amplify this opacity further:
- Nested correspondent banking — where other financial institutions use a respondent's access to a correspondent, creating another layer the correspondent may not see
- Payable-through accounts (PTAs) — where the respondent's customers can transact directly through the correspondent account, bypassing the correspondent's normal account-opening controls entirely
Why Correspondent Banking Is a Prime Target for Money Laundering
The structural problem is straightforward: the correspondent bank extends financial services to customers it has never verified. End customers are onboarded by the respondent, not by the correspondent — meaning the correspondent inherits KYC risk it didn't assess.
Structural Vulnerabilities
Four features make correspondent banking attractive to money launderers:
- High transaction volumes let illicit funds blend with legitimate flows without triggering review
- Cross-border transactions span multiple regulatory regimes with inconsistent reporting requirements and enforcement capacity
- Multi-hop payment chains make tracing funds back to their source difficult
- AML compliance thresholds vary significantly across countries, creating exploitable gaps between regimes
The FFIEC's BSA/AML Manual specifically flags payable-through accounts as higher-risk, noting that PTA subaccountholders may not be subject to the US bank's standard account-opening requirements. The domestic correspondent account chapter extends that logic: examiners assess whether banks have effective systems to manage risks from domestic correspondent relationships, not only cross-border ones.
The Cost of Getting It Wrong
Enforcement actions demonstrate the scale of exposure. In 2019, the FCA fined Standard Chartered £102,163,200 for poor AML controls — specifically citing failings in its UK wholesale correspondent banking business. The Federal Reserve added a $164 million penalty in the same period, with total cross-agency settlements exceeding $1 billion.
Beyond the fines, the operational fallout — lost correspondent relationships, remediation programs, and regulatory restrictions on new business — can exceed the penalty amounts themselves.
How Criminals Exploit Correspondent Banking Networks
Money laundering in correspondent banking is, above all, a visibility problem. Criminals aren't defeating sophisticated detection systems — they're exploiting the gaps in what the correspondent can actually see.
Layering Through Multi-Hop Chains
During the layering stage of the money laundering cycle, funds move through multiple correspondent banks across different jurisdictions. Each institutional hop makes tracing funds harder. Investigators following a payment chain encounter a dead end at each respondent that holds no usable customer information about the underlying transaction.
Structuring and Smurfing
FinCEN defines structuring as breaking up transactions to evade BSA reporting requirements. Currency Transaction Reports are required for cash transactions exceeding $10,000 under 31 CFR 1010.311. Funds broken into smaller amounts across different correspondent accounts — potentially across multiple countries — are much harder to aggregate and flag.
Shell Companies and Beneficial Ownership Gaps
Criminals register legal entities in jurisdictions with strict privacy laws, then route cross-border transactions through correspondent banks under the shell company's name. From the correspondent's perspective, it looks like a legitimate business payment.
FATF Recommendation 13 prohibits correspondent relationships with shell banks and requires that correspondents satisfy themselves that respondents don't permit shell banks to use their accounts.
Jurisdictional Arbitrage
Criminals map the weakest regulatory link in a payment chain — the jurisdiction with the least rigorous customer identification requirements — and route transactions to access the global financial system through that point. The transaction enters the correspondent network looking clean because the entry-point bank had minimal controls.
FATF Guidance and the Regulatory Framework
FATF Recommendation 13 is the global baseline. It requires correspondent banks to:
- Gather enough information to understand the respondent's business model
- Assess the respondent's reputation and quality of supervision
- Evaluate the respondent's AML/CFT controls
- Obtain senior management approval before establishing new relationships
- Document each institution's AML/CFT responsibilities clearly
- For payable-through accounts: confirm the respondent has performed CDD on customers with direct access and can provide that information on request
FATF's 2016 Guidance on Correspondent Banking Services is equally direct: blanket de-risking is not a compliant response. Exiting entire categories of respondent banks may reduce direct exposure but pushes transactions underground and increases financial exclusion without meaningfully reducing systemic risk.
Jurisdiction-Specific Implementation
| Jurisdiction | Key Instrument | Correspondent Banking Obligations |
|---|---|---|
| US | BSA / FFIEC Manual / Section 312 | Risk-based due diligence on foreign correspondent accounts; OFAC filtering on all transactions; domestic correspondent account risk management |
| EU | AMLD4 (Directive 2015/849), Articles 19 & 24 | Enhanced due diligence for cross-border correspondent relationships with third-country institutions; shell bank prohibition |
| UK | Money Laundering Regulations 2017, Regulation 34 | Enhanced due diligence for correspondent relationships with third-country credit or financial institutions |
Institutions consistently underestimate this point: compliance obligations don't transfer by assuming another institution has an equivalent AML program. The correspondent cannot rely on the respondent's program without independently verifying its adequacy.
Know Your Correspondent Bank (KYCB): The Foundation of AML Compliance
KYCB — Know Your Correspondent Bank — is the structured due diligence process a correspondent bank applies specifically to its respondent bank partners. It's distinct from standard customer KYC. The subject is an institution, not an individual.
What a Robust KYCB Process Covers
A complete KYCB file for a respondent bank should address:
- Legal identity and licensing — confirmed registration, charter status, and regulatory standing
- Ownership and management — beneficial ownership structure to the extent required
- AML/CFT policies and procedures — direct review of the respondent's written program, not just attestation
- Customer base and geographic exposure — understanding who the respondent serves and where
- Nested access and PTA exposure — whether other institutions sit behind the respondent and whether their customers can transact directly
- Expected transaction profile — what normal activity looks like, enabling anomaly detection
- Senior management approval — documented authorization before the relationship begins
KYCB Is Not a One-Time Event
Many institutions treat KYCB as a one-time onboarding step. It isn't. Files must be refreshed when the respondent's ownership changes, its regulatory status shifts, it enters new business lines, or its jurisdiction's risk rating changes.
Real-time transaction monitoring runs alongside KYCB — not instead of it. KYCB sets the baseline for what normal activity looks like; ongoing monitoring catches when activity stops matching that picture.
That compliance rigor has real commercial consequences. World Bank research documented a 30% decline in global correspondent bank relationships over the prior decade — and a 60% decline in the Pacific region — largely driven by de-risking pressure. Strong KYCB documentation is what lets a correspondent keep relationships with well-understood respondents while exiting the ones it cannot adequately assess.
Building a Robust AML Compliance Program for Correspondent Banking
Effective correspondent banking AML programs rest on four pillars. Each is grounded in regulatory expectation, not best practice optionality.
The Four Pillars
Enhanced Due Diligence (EDD) — FATF R13, EU Article 19, UK Regulation 34, FinCEN Section 312, and the FFIEC Manual all require respondent-bank due diligence before and throughout the relationship. EDD is not a checkbox; it's a file.
Transaction Monitoring — Systems must detect patterns tied to correspondent banking risk: structuring across accounts, unusual cross-border volumes, payment chains involving high-risk jurisdictions, and shell company indicators. The FFIEC explicitly expects monitoring systems scaled to a bank's size, complexity, and customer relationships.
Information Sharing — FATF's correspondent banking guidance acknowledges information-sharing challenges and supports the use of shared utilities and data to manage risk — without transferring ultimate compliance responsibility.
Documented Procedures — FFIEC Section 312 requires documented policies and controls. When examiners or sponsor banks review a program, they're reading the file. Undocumented controls don't count.
The Challenge for Smaller Institutions and Fintechs
Smaller banks, fintechs, money transmitters, and embedded finance companies carry the same compliance obligations as large correspondent banks. There is no small-institution exemption. The FFIEC scales expectations to size and complexity — but Section 312 still applies to covered institutions with foreign correspondent accounts.
The gap is expertise, not obligation. Building KYCB frameworks, conducting EDD on respondent banks, calibrating transaction monitoring for correspondent account risk, and maintaining audit-ready documentation requires deep BSA/AML experience that many smaller teams don't have in-house.
That's where fractional compliance leadership fills the gap directly. Fraxtional places director-level BSA Officers, CAMLOs, and MLROs who can be named on regulatory filings and serve as the accountable compliance officer across US, UK, Canadian, and EU frameworks.
For fintechs navigating sponsor bank relationships, pre-deal compliance reviews, or ongoing program oversight, this model delivers both the compliance substance and the regulatory credibility that sponsor banks and examiners require — without the cost of a full-time executive hire.
Frequently Asked Questions
What is correspondent banking in AML?
In an AML context, correspondent banking refers to the arrangement where one bank provides financial services on behalf of another, typically in a different country or market. The AML risk arises because the correspondent bank processes transactions for the respondent bank's customers — who have never been directly onboarded or KYC-verified by the correspondent itself.
What is the FATF guidance on correspondent banking?
FATF Recommendation 13 requires correspondent banks to assess the respondent's business, reputation, supervision quality, and AML/CFT controls before entering a relationship. Senior management approval is required, and responsibilities between both parties must be clearly documented.
What is Know Your Correspondent Bank (KYCB) and why does it matter?
KYCB is the due diligence process a correspondent bank applies to its respondent partners, covering their legal identity, licensing, AML programs, customer risk profiles, and nested access arrangements. It is the primary defense against inherited money laundering risk and must be maintained continuously, not just completed at onboarding.
What is de-risking in correspondent banking and why is it problematic?
De-risking occurs when a bank exits entire categories of correspondent relationships deemed too high-risk to manage. While it reduces direct exposure, FATF warns that blanket de-risking drives transactions toward less transparent channels, reduces financial system visibility, and can increase rather than decrease overall AML and terrorist financing risk.
What AML controls should correspondent banks have in place?
Correspondent banks should maintain four core controls:
- Enhanced due diligence on respondents, covering ownership, AML programs, and customer base
- Transaction monitoring calibrated for correspondent-specific patterns such as structuring and unusual cross-border volumes
- OFAC and sanctions screening on all transactions flowing through the account
- Documented risk-based policies aligned to FATF recommendations and applicable national regulations
How should a fintech or smaller bank approach correspondent banking compliance?
Fintechs and smaller institutions must meet the same KYCB, EDD, and monitoring standards as larger banks. The obligations are identical; only the implementation model differs. Fractional BSA Officers, CAMLOs, or MLROs provide named regulatory accountability without the overhead of a full-time compliance hire.
