Corporate customers are globalising, while centralising financial management. That includes opening and operating bank accounts remotely, without travelling to the many countries concerned. Ideally the process for overseas corporate account opening should be streamlined, easy to comply with, and risk-free.
On the supply side, however, many banks are being compelled to reduce their international capabilities by the fall-out from the credit crisis, while those banks that have never had international operations are seeking to acquire capabilities without building them. In parallel, new regulations around know your customer (KYC) know your customer’s business (KYB) anti-money laundering (AML) are changing the demands of existing remote account opening (RAO) models.
A further new factor is the migration to single euro payments area (SEPA), which alters the status of banking details from a set of routing instructions to ‘uniquely identifying an account at a financial institution in a country. A bank should not issue those details without going through the full KYC/KYB/AML due diligence.
The recent industry discussion on this topic has been around enabling the centralised customer to issue electronic instructions about existing accounts – electronic bank account management (eBAM) but not about the more fundamental topic of the risks and issues in different RAO models. Complete streamlining here means minimising the impact on the customer of the differences in KYC/KYB/AML regimes around the world, whilst at the same time enabling customers to use indigenous services.
There is a lack of transparency about the range of services on offer and, for example, about the qualifications for the issuance of an international bank account number (IBAN). Users of any of these variants are at risk from the extent to which other variants ‘push the envelope’.
Solutions that ‘push the envelope’ would imply that the customer had a fully-fledged local banking connection and would enable the customer to use all associated services such as cash, cheque, direct debit origination and so on.
Were, in the worst case, an incident to occur in this area that paralleled the issue in MT202 Cover Messages, where regulators caused Lloyds TSB to pay US$350m (£231m) for helping customers get around US AML sanctions, then we can look forward to a new round of regulations around RAO, which would, at least, impede normal business and increase costs. They might also result in services being withdrawn from the market, at which point the corporate users and their banks might have to set up new services or completely new banking relationships.
To forestall this, the banking industry would be well advised to create transparency around the different RAO models and supply a ranking of the variants for customers in terms of services available, and the documentation and KYC/KYB/AML due diligence work to be done to undertaken to use them.
Core models – a network bank, and a banking network
Banks with their own networks (network bank) have established themselves as the default option for opening accounts overseas. The major benefits of this approach should be:
- Single set of account opening documents and KYC tests applying to all branches of the same bank.
- One point of relationship management and customer service.
- Single electronic banking channel for all high-value and file-based payments out of any account held in the network.
The potential drawbacks of this approach are:
- Local jurisdictions may demand extra documents beyond the bank’s harmonised KYC process, especially for non-resident accounts.
- The network bank’s operations are normally only branches; they may not support all the services the customer needs.
- What happens when the group parent is not on the target client list of the bank at all?
- What happens when the bank does not have an operation in a particular country?
Banking networks, such as IBOS have been constructed to help their members compete with network banks, by stressing the following:
- The banks’ operations are large local banks that are full service.
- The banks contain relationship management and customer service teams that are geared up to deal with customers of all sizes.
- The banks accept that the target client of an introducing bank is eligible for inclusion in their target market as a receiving bank – because the banks accept the warranties of customer acceptance tests conducted by one another as being of the same efficacy of their own.
- The documentation needed for all types of account is driven off a harmonised customer referral sheet, that enables AML and KYC checks to be completed in a streamlined manner.
Both the own branches and banking network solutions are legally robust: the account holding bank entity can point to a compliant and complete file on the account holder covering KYC/KYB/AML.
However, neither solution can be said to completely cater for all possible shades of demand:
- The network bank approach is tailored for multinationals: what about the same bank’s small- and medium-sized enterprises (SME) and commercial banking customers?
- When the customer needs services in countries where the own branches bank has no branch.
- When the customer’s bank is not one whose customer acceptance tests would be seen as equating to their own by all the members of a banking network.
- When the customer’s business volume would make the usage of an own branches or banking network solution appear costly.
Meeting these demands has led to a number of variants of partner banking.
Nature of Supply of Partner Banking
Certain banks with their own networks are key players as both buyers and sellers of these variants of partner banking:
- To obtain coverage for their own customers of countries where the bank has no branch.
- To third-party banks, to enable the service for the customers of those banks, where the network bank has no desire to bank that customer itself.
The upside of these variants replicates the advantages of using the bank with its own network directly:
- Single set of account opening documents.
- Only one set of KYC tests to pass.
- One point of customer service.
The point is that the customer holds their accounts at a single bank whose KYC tests they must pass, but then this single bank – or another intermediary bank – uses downstream partner banks. These partner banks are used on an undisclosed basis.
The service is frequently known as a multicurrency account because the customer holds multiple accounts in different currencies and possibly in the name of different subsidiaries, all in the same bank in the same financial centre.
Where that bank is one with its own branches but does not have one in a given country, the partner arrangement is often known as a re-account. Here’s one example:
Re-account (e.g. offered by A Bank In North America – ABINA – for its own customers):
- The customer (for example, KastecFace Finland Oy) opens its account at ABINA; the customer receives its statement on this account, which will usually have an IBAN+BIC identifiable to ABINA London. It reconciles using this statement and issues instructions on this account.
- The accounts at the local partner bank in Finland are sub-accounts of ABINA’s nostro and are entitled ‘ABINA Re KastecFace Finland Oy’, hence the re-account title.
- A local IBAN+BIC are issued on each sub-account; the replica of this account at ABINA London has a UK IBAN+BIC.
- The customer puts the Finnish IBAN+BIC on their invoices to their Finnish trading partners; they are each identifiable to the partner bank and the country of the partner bank.
- Trading partners of the customer can pay in via local circuits, resident-to-resident and in local currency, thus avoiding any lifting fees and central bank reporting.
- ABINA carries out its own KYC/KYB on the customer. It issues a blanket indemnity that covers the partner bank for not doing their own due diligence.
- Remember that ABINA bank will have a lot of its own branches as well, so that in practice a customer might have its accounts opened as follows:
- UK business – ABINA London.
- Finnish business – ABINA London.
- German business – ABINA Frankfurt.
- Spanish business – ABINA Madrid.
- Austrian business – ABINA London.
White labelling (e.g. by Another Very Big Bank in America – AVBBIA – for a smaller bank called the 1st of the 7th Bank from, let’s say, Hardin Montana)
- This is the version where an own branches bank makes those facilities available to customers of its correspondent banks, without those customers becoming customers of the own branches bank.
- Under this variant the company does not get real accounts at AVBBIA but opens them all at 1st/7th back in the US.
- 1st/7th has its nostro accounts at AVBBIA, probably in London, and each customer gets a designated sub-account of that nostro.
- The customer’s ‘real’ accounts are at the introducing bank 1st/7th; there can be one account opening document for that purpose. The customer gets its statements on and issuesits instructions against this account
- 1st/7th then directs AVBBIA to open a new sub-account in their nostro for that customer, or several if the customer wants multiple currencies. The nostro sub-accounts each have a UK IBAN issued upon them, and they all carry AVBBIA’s UK BIC.
- The customer puts the IBAN+BIC on their invoices to their trading partners.
- Trading partners have to send a cross-border payment into AVBBIA London if they are not in the UK, and this may not satisfy the objective of avoiding cross-border fees and central bank reporting.
White Labelling of Re-account (e.g. by ABINA for the customers of the same 1st/7th Bank):
- This is where the bank ABINA that built a re-account offering for its own customers, makes that available to the customers of its white-label partners, in order to win business against the offering of AVBBIA.
- The customer still only has accounts at 1st/7th so the usage of a single account opening document is retained and it works exactly like the White Label, except that there are also ‘accounts’ at the local partner of ABINA.
- The indemnity issued by 1st/7th to ABINA is passed on to the partner bank.
Financial Action Taskforce (FATF) and Basel
Regulators have, through the FATF and the Basel Committee on Banking Supervision ‘Customer due diligence for banks’ document of October 2001, issued ‘essential standards on KYC’ for opening customer accounts:
Customer acceptance policy.
Customer identification – general requirements and specific issues.
Ongoing monitoring of activity.
Account Number – Routing Instructions or IBAN?
This issue can be approached around the question of the issuance of an IBAN. This is where the environment is moving now. When many of these structures were established, the key need – to give the debtors of the account holder a routing code that enables payment to be made via the local clearing – could be met via the issuance of a series of letters and numbers that explicitly reveal neither the name nor the country of the bank. The local basic bank account number (BBAN) and routing code reveal this only to the initiated.
However, in every EU country BBAN and the local routing code now have to be displayed alongside the equivalent IBAN and BIC.Invoices submitted by EU creditors on EU debtors must carry IBAN and BIC.
As SEPA migration proceeds – and even if SEPA itself miscarries – countries are retiring BBAN and the legacy routing code and showing IBAN and BIC as the only bank details available.
IBAN is a code ‘uniquely identifying an account at a financial institution in a country’, according to the European Payments Council (EPC), the organiser of SEPA. IBAN is a standard owned by the ISO, but it is run in practice by SWIFT. The salient definitions in SWIFT’s General Glossary of Terms such as ‘account owner’ and ‘account servicing institution’ make it clear that there is no ‘wiggle room’ for a bank to purport to be running an account for a customer (by issuing an IBAN+BIC against a data record in which the customer’s name is visible) when that IBAN does not uniquely identify the account – because there is a replica of the account and it is that one that the customer believes is their account.
Risks for the Corporate
The existence of a risk for the corporate is easy to identify – does the corporate issue invoices that carry IBANs on accounts where no statement is received and reconciled that carries the identical IBAN at its head? Measuring that risk is a function, not of the variant the individual corporate is using, but of the attributes of the variant in operation that ‘pushes the envelope’ the furthest. An ‘incident’ around an adventurous variant could cause the regulators to become explicit about either IBAN issuance or RAO or both, and bring all variants into question.
A remote trader commits a fraud:
- Distance selling into Finland with payment into a local re-account identifiable to a Finnish bank in Helsinki.
- Goods are not delivered or are defective; consumers attempt and fail to get their money back via the trader or the Finnish bank, and then consumer organisations lobby the Finnish financial regulator to investigate.
- Finnish financial regulator discovers that Finnish bank has no KYC file on the remote trader, but that the Finnish IBAN was issued on a sub-account of ABINA London.
- Finnish financial regulator contacts its UK counterpart who discovers that ABINA London has no KYC file on the remote trader either, because it is a customer of 1st/7th Bank.
- Finnish and UK financial regulators contact their US counterparts…
- If a lot of money was involved and several other countries, it would be surprising if the file did not eventually come across a desk at the European Commission (EC).
Customer business models and geographical reach are moving, and customers will look to their banks for support. Banks will legitimately look to work together to deliver solutions to customers. However, the regulators and the external environment are also moving, and not always in lock step.This is why it is essential that the banking industry create its own guidelines for RAO and clarify what arrangements are completely robust when looking at the Basel document and the IBAN definitions, so that corporates are in a position to make a risk judgement.
The current risk for the corporate is in the lack of transparency, and the threat that a major incident affecting any of the above variants could be sufficient to undermine that whole line of services, even if the arrangement that the corporate itself is using appears robust.
Many banks around the world, large and small, continue to experience major security failures. Biometric systems such as pay-by-selfie, iris scanners and vein pattern authentication can help.
The implementation date of Europe's revised Markets in Financial Instruments Directive, aka MiFID II, is fast approaching. Yet evidence suggests that awareness about the impact of Brexit on MiFID II is, at best, only patchy and there are some alarming misconceptions.
Despite all the automation and improvements that digital banking has the potential to achieve, customers and their needs still form the very core of the banking sector.
Banks might feel justified in victim blaming when fraud occurs, but it does little for customer confidence.