To view or print PDF content, download the free Adobe Acrobat Reader.
Department of the Treasury
Financial Crimes Enforcement Network
We are issuing this guidance to clarify the date on which certain U. S. financial institutions must complete recertifications to comply with regulations relating to correspondent accounts established, maintained, administered, or managed in the United States for or on behalf of foreign financial institutions. Responses to certain frequently asked questions follow the summary background and analysis.
Background on Foreign Bank Certification Requirements
The Bank Secrecy Act prohibits certain U. S. financial institutions - namely banking institutions and securities broker-dealers - from establishing, maintaining, administering, or managing a correspondent account in the United States for, or on behalf of, foreign shell banks, e.g., foreign banks that do not have a physical presence in any country. 1 The Bank Secrecy Act also requires these financial institutions to maintain records identifying the owners of foreign banks for which correspondent accounts are maintained and the name and address of a U. S. resident authorized to accept service of legal process for records regarding each correspondent account, and take reasonable steps to ensure that the accounts are not being used indirectly to provide services to a foreign shell bank. 2
We adopted regulations implementing both provisions, effective as of October 28, 2002. 3 The term "covered financial institution" is defined to include banks insured by the Federal Deposit Insurance Corporation, commercial bank and trust companies, private bankers, agencies or branches of foreign banks located in the United States, credit unions, thrift (savings and loan) institutions, corporations acting under section 25A of the Federal Reserve Act (12 U.S.C. § 611 et seq.), and registered broker-dealers. 4 The regulations allow covered financial institutions to receive a "safe harbor" for compliance if they use
the certification process described in 31 C.F.R. § 103.177. A covered financial institution must obtain a certification from each foreign bank for which it maintains a correspondent account "at least once every three years" to maintain the safe harbor 5.
For correspondent accounts in existence on the rule's effective date, covered financial institutions were required to obtain certifications on or before March 31, 2003. 6 For correspondent accounts established after the rule's effective date, certifications were (and continue to be) required within 30 days of the opening of the underlying account or accounts 7.
The regulation does not specify any method for determining the date when three-year recertifications must be obtained by (i.e., delivered or made available to) a covered financial institution. We are issuing this guidance to address recent inquiries on this topic. Specifically, we have been asked whether the recertification must be obtained within three years of: (1) the end of the calendar year of the previous certification; (2) the date of the opening of the underlying account or accounts; (3) the execution date of the previous certification; (4) the date the previous certification was obtained (which, in some cases, could be after the certification execution date); or (5) March 31, 2003, the deadline for initial certifications on accounts established before the regulation's effective date.
Policy on Calculation of Recertification Due Dates
We have determined that all recertifications must be obtained by covered financial institutions on or before the three-year anniversary of the execution of the initial or previous certification.
We view all recertifications as essentially a formal attestation of no material change to the previous certification (i.e., the one being recertified). Since recertification forms disclose the execution date of the previous certification, compliance with the regulation and this policy may, under most circumstances, be confirmed directly from an examination of the recertification form itself - first, by noting the execution date of the previous certification stated on the form; and second, by noting the date when the recertification is first delivered to the institution, by reference to a date-stamp or other manual or digital dating technique. To comply with the regulation, the gap between these two dates may not exceed three years.
We believe this approach is the most efficient and effective way to implement the recertification requirement. This approach does not require any modifications to applicable regulations or forms.
Questions & Answers on Foreign Shell Bank Certifications and Recertifications
1. Does this policy also apply to "global" recertifications?
Yes. There is no explicit or implicit requirement or statement in the statutory language or the regulations that suggests the need for a different approach to global recertifications.8
2. Can recertifications be obtained by covered financial institutions via electronic transmission, web posting, or other methods?
Yes. We continue to approve of the use of websites or other data communication systems for the delivery of certifications. A covered financial institution may satisfy the safe harbor by obtaining a copy of a foreign bank's certification or recertification either directly from the foreign bank or indirectly, such as from a central database or from another financial institution, providing that the form and content of the certification are sufficient and reliable.9
3. If a foreign bank delivers a corrected or amended certification, is a recertification required within three years of the execution of the original certification (i.e., the one being corrected or amended) or within three years of the execution of the corrected or amended certification?
If inaccuracies in a certification are subsequently corrected in a revised certification, or if a certification is amended to reflect a material change in facts or circumstances, the recertification should be with respect to the revised or amended certification, not the original certification. Accordingly, a recertification should note the execution date of the revised or amended certification, and the recertification should be delivered within three years of the execution of the revised or amended certification.