Offshore Investment, June 2011 – ‘The growing pitfalls of remote account opening’

Corporate customers are globalising, whilst centralising financial management. That includes opening and operating bank accounts remotely, without travelling to the many countries concerned. Ideally the process for overseas corporate account opening should be streamlined, easy to comply with, and risk-free.

On the supply side, new regulations around Know Your Customer/ Know Your Customer’s Business/ Anti-Money Laundering (or KYC, KYB and AML) are changing the demands of existing Remote Account Opening models.

A further new factor is the migration to Single Euro Payments Area, which alters the status of banking details from a set of routing instructions to “uniquely identifying an account at a financial institution in a country”.

Banks are likewise moving: in a few cases to expand their own networks, in more cases to rationalize them, and in many cases to acquire international capabilities without building them (including to replace their own closing branches).

The recent industry discussion on this topic has been around enabling the centralized customer to issue electronic instructions about existing accounts (eBAM) but not about the more fundamental topic of the risks and issues in different Remote Account Opening models. “Streamlining” means minimising the impact on the customer of the differences in KYC/KYB/AML regimes around the world, whilst at the same time enabling customers to use indigenous services.

There is a lack of transparency about the range of services on offer and, for example, about the qualifications for the issuance of an International Bank Account Number. Users of any of these variants are at risk from the extent to which other variants “push the envelope”.

Were, in the worst case, an incident to occur in this area that paralleled the issue in MT202 Cover Messages, where regulators caused Lloyds TSB to pay $350m (£231m) for helping customers get around American AML sanctions, then we can look forward to a new round of regulations around Remote Account Opening which would, at least, impede normal business and increase costs.

They might also result in services being withdrawn from the market, at which point the corporate users and their banks might have to set up new services or completely new banking relationships.

To forestall this the banking industry would be well advised to create transparency around the different Remote Account Opening models and supply a ranking of the variants for customers in terms of services available, and the documentation and KYC/KYB/AML due diligence work to be done to undertaken to use them.

Core models – a Network Bank, and a Banking Network

Banks with their own network of branches (Network Bank) have established themselves as the default option for opening accounts overseas. The major benefits of this approach should be:

• Single set of account opening documents and KYC tests applying to all branches of the same bank
• One point of relationship management and customer service
• Single electronic banking channel for all high-value and file-based payments out of any account held in the network

The potential drawbacks of this approach are:

• Local jurisdictions may demand extra documents beyond the bank’s harmonized KYC process, especially for non-resident accounts
• The Network Bank’s operations are normally only branches; they may not support all the services the customer needs
• What happens when the group parent is not on the target client list of the bank at all?
• What happens when the bank does not have an operation in a particular country?

Banking Networks (like IBOS) have been constructed to help their members compete with Network Banks, by stressing the following:

• The banks’ operations are full service local banks
• The banks contain relationship management and customer service teams that are geared up to deal with customers of all sizes
• The banks accept that the target client of an introducing bank is eligible for inclusion in their target market as a receiving bank
• The documentation needed for all types of account is driven off a harmonised Customer Referral Sheet, that enables AML and KYC checks to be completed in a streamlined manner, but that is not the same as having a single account opening document

Both the “own branches” and “banking network” solutions are legally robust: the Account-Holding bank entity can point to a compliant and complete file on the account holder covering KYC/KYB/AML.

However, neither solution can be said to completely cater for all shades of demand:

• The Network Bank approach is tailored for Multinationals: what about SME and Commercial Banking customers?
• When the customer needs services in countries where the “own branches” bank has no branch
• When the customer’s bank is not one whose Customer Acceptance tests would be seen as equating to their own by all the members of a banking network
• When the customer’s business volume would make the usage of an “own branches” or “banking network” solution appear costly

Meeting these demands has led to a number of variants of Partner Banking.

Nature of supply of Partner Banking

Certain banks with their own networks are key players as both buyers and sellers of these variants of Partner Banking:

• to obtain coverage for their own customers of countries where the bank has no branch
• to third-party banks, to enable them to service their customers, where the Network Bank has no desire to bank that customer itself

The upside of these variants replicates the advantages of using the bank with its own network directly:

• Single set of account opening documents
• Only one set of KYC tests to pass
• One point of customer service

The point is that the customer holds their accounts at a single bank whose KYC tests they must pass, but then this single bank uses downstream partner banks, undisclosed to the customer.

The service is frequently known as a Multicurrency Account because the customer holds multiple accounts in different currencies and possibly in the name of different subsidiaries, all in the same bank.

Where that bank is one with its own branches but does not have one in a given country, the partner arrangement is often known as a Re Account. Let’s start with that one.

Re-Account (e.g. offered by A Bank In North America – ABINA – for its own customers):

• The customer (for example, KastecFace Finland Oy) opens its account at ABINA; the customer receives its statement on this account, which will usually have an IBAN+BIC identifiable to ABINA London, typically. It reconciles using this statement and issues instructions on this account
• The accounts at the local partner bank in Finland are sub-accounts of ABINA’s nostro and are entitled “ABINA Re KastecFace Finland Oy”, hence the Re Account title
• A local IBAN+BIC are issued on each sub-account, and the customer puts the Finnish IBAN+BIC on their invoices to their Finnish trading partners; they are each identifiable to the partner bank and the country of the partner bank
• Trading partners of the customer can pay in via local circuits, resident-to-resident and in local currency, thus avoiding any lifting fees and Central Bank Reporting
• ABINA carries out its own KYC/KYB on the customer. It issues a blanket indemnity that covers the partner bank for not doing their own Due Diligence
• Remember that ABINA bank will have a lot of its own branches as well, so that in practice a customer might have its accounts opened as follows:

1. UK business – ABINA London
2. Finnish business – ABINA London
3. German business – ABINA Frankfurt
4. Spanish business – ABINA Madrid
5. Austrian business – ABINA London

White labeling (e.g. by Another Very Big Bank in America – AVBBIA – for a smaller bank called the 1^st of the 7^th Bank from, let’s say, Hardin Montana)

• This is the version where an “own branches” bank makes those facilities available to customers of its correspondent banks, without those customers becoming customers of the “own branches” bank
• Under this variant the company does not get real accounts at AVBBIA but opens them all at 1^st/7^th back in the USA
• 1^st/7^th has its nostro accounts at AVBBIA, probably in London, and each customer gets a designated  sub-account of that nostro
• The customer’s “real” accounts are at the introducing bank 1^st/7^th; there can be one account opening document for that purpose. The customer gets its statements on and issues its instructions against this account
• 1^st/7^th then directs AVBBIA to open a new sub-account in their nostro for that customer, or several if the customer wants multiple currencies. The nostro sub-accounts each have a UK IBAN issued upon them, and they all carry AVBBIA’s UK BIC
• The customer puts the IBAN+BIC on their invoices to their trading partners
• Trading partners have to send a cross-border payment into AVBBIA London if they are not in the UK, and this may not satisfy the objective of avoiding cross-border fees and Central Bank Reporting

White Labelling of Re-Account (e.g. by ABINA for the customers of the same 1^st/7^th Bank):

• This is where the bank ABINA that built a Re-Account offering for its own customers, makes that available to the customers of its white-label partners, in order to win business against the offering of AVBBIA
• The customer still only has accounts at 1^st/7^th so the usage of a single account opening document is retained and it works exactly like the White Label, except that there are also “accounts” at the local partners of ABINA
• The indemnity issued by 1^st/7^th to ABINA is passed on to the partner bank

Financial Action Taskforce (FATF) and Basel

Regulators have, through the FATF and the Basel Committee on Banking Supervision “Customer due diligence for banks” document of October 2001, issued “essential standards on KYC” for opening customer accounts, covering:

• Customer Acceptance Policy
• Customer Identification – General Requirements and Specific Issues
• Ongoing monitoring of activity

Account number – routing instructions or IBAN?

In addition this issue can be approached around the question of the issuance of an IBAN.

This is where the environment is moving now. When many of these structures were established the key need – to give the debtors of the account holder a routing code that enables payment to be made via the local clearing – could be met via the issuance of a series of letters and numbers that explicitly reveal neither the name nor the country of the bank. The local Basic Bank Account Number (BBAN) and routing code reveal this only to the initiated.

However, in every EU country BBAN and the local routing code now have to be displayed alongside the equivalent IBAN and BIC.

Invoices submitted by EU creditors on EU debtors must carry IBAN and BIC.

As SEPA migration proceeds – and even if SEPA itself miscarries – countries are retiring BBAN and the legacy routing code and showing IBAN and BIC as the only bank details available.

IBAN is a code “uniquely identifying an account at a financial institution in a country”, according to the European Payments Council, the organizer of SEPA.

IBAN is a standard owned by the ISO, but it is run in practice by SWIFT. The salient definitions in SWIFT’s General Glossary of Terms such as “Account Owner” and “Account Servicing Institution” make it clear that there is no “wiggle room” for a bank to purport to be running an account for a customer (by issuing an IBAN+BIC against a data record in which the customer’s name is visible) when that IBAN does not uniquely identify the account.

Risks for the corporate

The existence of a risk for the corporate is easy to identify – does the corporate issue invoices that carry IBANs on accounts where no statement is received and reconciled that carries the identical IBAN at its head?

Measuring that risk is a function, not of the variant the individual corporate is using, but of the attributes of the variant in operation that “pushes the envelope” the furthest. An “incident” around an adventurous variant could cause the regulators to become explicit about either IBAN issuance or Remote Account Opening or both, and bring all variants into question.

Example scenario

An example incident is not hard to devise.

Remote trader commits a fraud:

• Distance selling into Finland with payment into a local Re Account identifiable to a Finnish bank in Helsinki
• Goods are not delivered; consumers fail to get their money back via the trader or the Finnish bank, and then consumer organizations lobby the Finnish financial regulator to investigate
• Finnish financial regulator discovers that Finnish bank has no KYC file on the remote trader, but that the Finnish IBAN was issued on a sub-account of ABINA London
• Finnish financial regulator contacts its UK counterpart who discovers that ABINA London has no KYC file on the remote trader either, because it is a customer of 1^st/7^th Bank
• Finnish and UK financial regulators contact their US counterparts…
• If a lot of money was involved and several other countries, it would be surprising if the file did not eventually come across a desk at the European Commission

Conclusion

Customer business models and geographical reach are moving, and customers will look to their banks for support. Banks will legitimately look to work together to deliver solutions to customers. However, the regulators and the external environment are also moving, and not always in lock step.

This is why it is essential that the banking industry create its own guidelines for Remote Account Opening and clarify what arrangements are completely robust when looking at the Basel document and the IBAN definitions, so that corporates are in a position to make a risk judgment.

The current risk for the corporate is in the lack of transparency, and the threat that a major incident affecting any of the above variants could be sufficient to undermine that whole line of services, even if the arrangement that the corporate itself is using appears robust.

PDF of Offshore Investment, June 2011, The growing pitfalls of remote account opening