Correspondent Banking Compliance Checklist for Operations Teams

Summary

• Correspondent banking involves managing over 1.3 million relationships worldwide, but manual processes are slow, risky, and frustrating for compliance teams.
• Manual approaches to onboarding, KYC, monitoring, and reviews lead to inconsistencies and compliance gaps, a problem compounded by unresponsive partner banks and complex regulations.
• This guide provides a five-stage checklist for automating the entire correspondent banking lifecycle, from due diligence to de-risking, to ensure consistency and auditability.
• Automating these processes with a purpose-built workflow builder like Jinba can make compliance up to 70% faster while providing the deterministic, auditable trails that regulators require.

If you manage a bank's correspondent relationships, you already know the feeling: you're juggling document requests that go unanswered for weeks, manually reviewing SWIFT messages field by field, and trying to risk-rate a portfolio of respondent banks across a dozen jurisdictions — all while regulators are watching every move.

As one AML practitioner put it on Reddit, "One thing that can be maddening is getting information from other banks...many aren't responsive to requests across borders." That frustration is real, and it's compounded by the sheer scale of the problem. According to SWIFT, there are over 1.3 million bilateral correspondent banking relationships worldwide, each requiring meticulous, ongoing oversight.

Yet most compliance content treats correspondent banking as an afterthought — or addresses it from a regulator's top-down view. This guide is written for the people actually doing the work: compliance officers and heads of operations who own the correspondent banking lifecycle end-to-end.

What follows is a practical, stage-by-stage checklist. For each of the five stages — onboarding due diligence, KYC document collection, transaction monitoring, periodic review, and de-risking — we'll break down what manual operations look like versus what an automated workflow approach can achieve.

Stage 1: Onboarding Due Diligence

Onboarding is the foundation of every correspondent relationship. Flaws here compound over the life of the relationship.

What Manual Onboarding Looks Like

• Collecting business registration documents, ownership charts, and key person IDs via email
• Manually cross-referencing ownership structures against sanctions lists and adverse media sources
• Researching the respondent bank's regulatory standing in its home jurisdiction — which can mean navigating regulators in three or four countries simultaneously
• Assessing the respondent's AML/CTF program quality based on self-certified questionnaires (like Wolfsberg) with no independent verification layer
• Populating risk assessment spreadsheets by hand, often based on criteria like geography, political climate, compliance record, and product types offered

The result? Onboarding a single correspondent can take weeks. Worse, the quality of the risk assessment is only as good as the analyst who ran it that day.

What an Automated Workflow Approach Looks Like

With a deterministic workflow builder like Jinba Flow, operations teams can design and deploy a structured onboarding workflow that covers every required step — consistently, every time.

A typical automated onboarding workflow might include:

• Automated document requests triggered the moment a new correspondent is added to the pipeline
• Third-party database integrations for instant sanctions screening, adverse media checks, and PEP (Politically Exposed Person) lookups
• Rules-based risk flagging that automatically scores the respondent based on predefined criteria: jurisdiction risk tier, product risk, ownership complexity
• Audit trail generation at every step, so every decision is logged and defensible

Crucially, Jinba's workflows are 80% rule-based, not probabilistic — meaning the output is deterministic and auditable, which is exactly what regulators expect. This aligns directly with FATF's guidance on correspondent banking, which emphasizes risk-based, documented due diligence.

Onboarding checklist — what to verify:

•  Legal entity verification and ownership structure (UBOs identified)
•  Sanctions and PEP screening for key persons
•  Jurisdiction risk tier assigned (FATF grey/blacklist status checked)
•  AML/CTF program quality assessed (Wolfsberg questionnaire reviewed)
•  Product and service scope documented
•  Geographic footprint and correspondent network mapped
•  Initial risk rating assigned and approved

Stage 2: KYC Document Collection

Once onboarding is approved, the real administrative marathon begins: collecting, validating, and maintaining KYC documentation across an entire portfolio of respondent banks.

What Manual KYC Collection Looks Like

• Chasing documents via email threads that span weeks
• Tracking outstanding items in spreadsheets that three different people maintain inconsistently
• Re-requesting documents that were already submitted due to version confusion
• No standardized format, so every respondent submits different things in different structures
• No automated expiry tracking, so outdated documents slip through until an audit flags them

The SWIFT KYC Registry was created specifically because the lack of common standards forces banks to repeatedly provide similar information — a burden that causes delays and errors on both sides of the relationship.

What an Automated Workflow Approach Looks Like

This is where the combination of Jinba Flow (the backend engine) and Jinba App (the secure user-facing layer) creates a step-change in efficiency.

Jinba Flow handles the backend: The operations team builds a KYC collection workflow that defines exactly which documents are required, sets validation rules (file type, recency, completeness), and automatically sends reminders when items are outstanding or approaching expiry. A full bank-to-bank KYC workflow in Jinba typically involves 30–40 distinct components — covering everything from initial document requests to multi-stage internal approvals.

Jinba App handles the front end: The respondent bank's compliance team interacts with the workflow through a conversational interface with auto-generated input forms. They upload documents securely, answer structured questions, and receive instant confirmation — no email required, no IT setup on their end. Non-technical users can't accidentally break the underlying workflow.

The result is a centralized, real-time document hub with a clean audit trail — and according to similar implementations, automation like this can make compliance processes up to 70% faster.

KYC collection checklist — what to maintain:

•  Certificate of incorporation / legal existence
•  Ownership and control structure (updated annually or on material change)
•  AML policy documentation and most recent audit report
•  Regulatory licenses in all operating jurisdictions
•  Wolfsberg correspondent banking questionnaire (dated within 12 months)
•  Key person identification (passports, proof of address)
•  Document expiry dates tracked and renewal workflows triggered

Stage 3: Ongoing Transaction Monitoring

The relationship is live and funds are moving. The challenge now is catching suspicious activity without drowning analysts in false positives.

What Manual Transaction Monitoring Looks Like

• Reviewing high volumes of alerts generated by rules-based systems with little context
• Manually parsing SWIFT messages — fields 50 through 70 — to trace originator and beneficiary details and understand the actual flow of funds
• Applying subjective judgment to determine whether activity involving MSBs, unregulated trading companies, cheque cashing operations, or payday lenders warrants escalation
• Trying to detect complex typologies like nesting, downstream clearing, trade-based money laundering, or sanction evasion through exotic shell companies — all from raw transaction data with no automated pattern recognition

As practitioners note, "the flow of funds may not always make sense" — and when you're doing this manually across hundreds of thousands of transactions, material risks slip through the gaps.

What an Automated Workflow Approach Looks Like

An automated monitoring workflow orchestrates multiple detection layers that no manual team can replicate at scale:

• Rules-based threshold checks run first: transaction volumes, geographic risk flags, counterparty type (MSB, NBFI, etc.)
• Pattern recognition identifies structural red flags: circular flows, rapid fund movement across jurisdictions, split transactions designed to avoid reporting thresholds
• When a transaction scores above threshold, the workflow automatically creates a case, assigns it to an analyst, and surfaces all relevant contextual data — prior SAR history, relationship risk rating, SWIFT message details — in a single view
• Human-in-the-loop escalation ensures the analyst focuses on genuine risk rather than noise

AI-driven monitoring tools have been shown to reduce AML false positives by up to 30%, which directly translates to analyst hours recovered and faster response to genuine threats.

Transaction monitoring checklist — what to track:

•  Threshold monitoring configured and reviewed quarterly
•  Geographic risk tiers mapped to monitoring sensitivity (high-risk jurisdictions flagged)
•  MSB and NBFI activity subject to enhanced scrutiny rules
•  SWIFT message parsing (fields 50–70) automated for originator/beneficiary extraction
•  Nesting and downstream clearing pattern detection active
•  Automated case creation and analyst assignment workflow in place
•  SAR filing workflow triggered on confirmed suspicion, with documentation

Stage 4: Periodic Relationship Review

Compliance doesn't end at onboarding. Respondent banks evolve, ownership changes, regulatory environments shift. Reviews need to keep pace.

What Manual Periodic Review Looks Like

• Calendar-based reviews once a year (or less), regardless of whether anything has changed
• Pulling data from multiple systems manually to rebuild a complete picture of the relationship
• Static risk ratings that don't reflect real-time changes in the respondent's behavior, geography, or ownership
• Inconsistent review depth depending on which analyst is assigned

This approach means a bank could deteriorate significantly between review cycles without triggering any action — a scenario regulators have little patience for.

What an Automated Workflow Approach Looks Like

The shift here is from calendar-triggered to event-triggered continuous review:

• Adverse media monitoring running continuously; when a hit is detected against a respondent entity or key person, a review workflow is automatically triggered
• Transaction behavior change detection can initiate a review when volume patterns deviate materially from established baselines
• Sanctions list updates automatically cross-referenced against the correspondent portfolio; matches escalate immediately
• Annual review workflows still run on schedule, but they pull from live data sources — not last year's static files — and route automatically through the appropriate approval chain

All review activity is logged in Jinba's immutable audit trail, providing regulators with a clear record of what was reviewed, what data was used, and what decision was made.

Periodic review checklist — what to assess:

•  Ownership and control structure unchanged (or changes documented)
•  No new adverse media, sanctions, or enforcement actions against the entity or key persons
•  Transaction volumes and patterns consistent with the relationship's documented purpose
•  AML program documents current (Wolfsberg refreshed, audit report updated)
•  Risk rating reviewed and confirmed or updated with documented rationale
•  Relationship scope still appropriate (no new high-risk product lines added without enhanced due diligence)
•  Review approved by designated second line or compliance committee

Stage 5: De-risking Decisions

The hardest call in correspondent banking: whether to exit a relationship. It demands a defensible, data-driven process — both to protect the bank and to avoid the kind of wholesale de-risking that FATF explicitly cautions against.

What Manual De-risking Looks Like

• Decisions driven by general "perceived risk" rather than specific, documented evidence
• Inconsistent application of policy across the portfolio, with outcomes that vary by analyst or committee composition
• Limited audit documentation, making it difficult to demonstrate to regulators that the decision was systematic and proportionate
• Reactive terminations that come after regulatory pressure, rather than proactive risk-management decisions

What an Automated Workflow Approach Looks Like

A de-risking workflow aggregates all risk signals across the entire relationship lifecycle and presents them in a structured, evidence-based format for committee review:

• Risk signal aggregation: All transaction monitoring flags, review outcomes, adverse media hits, and compliance document gaps are compiled automatically into a relationship risk dossier
• Scoring against policy thresholds: The workflow applies the bank's own de-risking policy consistently across every relationship — no subjectivity, no variation between analysts
• Defensible documentation: Every factor that contributed to the de-risking recommendation is logged, timestamped, and attributed — fully auditable by regulators
• Proportionate decision support: The workflow can surface remediation options (enhanced due diligence, restricted product access) before recommending full exit, aligning with FATF's proportionality guidance

De-risking checklist — before exiting a relationship:

•  Full risk dossier compiled (monitoring history, review outcomes, compliance gaps)
•  Policy threshold analysis completed and documented
•  Remediation options assessed and ruled out with rationale
•  Compliance committee approval obtained and logged
•  Exit notification process initiated per contractual and regulatory obligations
•  Audit trail preserved and accessible for regulatory review

From Checklist to Working Workflow

Managing correspondent banking relationships manually is no longer a viable operating model. The volume of relationships, the sophistication of financial crime typologies, and the pace of regulatory change have all outpaced what spreadsheets and email chains can handle. Each stage of the lifecycle — from onboarding through de-risking — requires a level of consistency, documentation, and speed that only automated workflows can reliably deliver.

The five checklists above give you a framework for evaluating where your program stands today. The harder question is: how far are you from running each of these stages as a structured, auditable, automated workflow?

That's exactly what Jinba is built to help banks answer. With a bank-to-bank KYC workflow that spans 30–40 components, enterprise-grade controls including on-premise deployment, full audit logging, and SOC II compliance — and the ability to build and deploy new workflows in days rather than months — Jinba is purpose-built for the compliance and operations teams running correspondent banking programs in large regulated institutions.

Ready to see where your current workflows stand?

Map your correspondent banking processes to this checklist in a 30-minute session. Book your free AI strategy assessment with Jinba's experts and walk away with a clear picture of your automation gaps — and a practical path to closing them.

Frequently Asked Questions

What is correspondent banking?

Correspondent banking is a service where one bank (the correspondent) provides services, such as payment processing and currency exchange, to another bank (the respondent), typically in a different country. This network of relationships is the backbone of global finance, enabling international trade and cross-border transactions. With over 1.3 million such relationships worldwide, managing the associated compliance and risk is a significant operational challenge.

Why is managing correspondent banking relationships so challenging?

The primary challenges in managing correspondent banking relationships stem from manual processes, regulatory complexity, and the sheer volume of oversight required. Compliance teams often struggle with unresponsive partner banks, inconsistent data collection in spreadsheets, and the high risk of human error. These issues lead to slow onboarding, compliance gaps, and difficulty producing the clear, auditable trails that regulators demand.

What are the key stages of the correspondent banking lifecycle?

The correspondent banking lifecycle consists of five key stages, each with unique compliance requirements. These are:

1. Onboarding Due Diligence: Verifying the respondent bank's identity, ownership, and risk profile.
2. KYC Document Collection: Gathering and maintaining all necessary Know Your Customer documentation.
3. Ongoing Transaction Monitoring: Watching for suspicious activity like money laundering or sanctions evasion.
4. Periodic Relationship Review: Regularly reassessing the relationship's risk based on new information or behavior.
5. De-risking Decisions: Making a structured, evidence-based decision to exit a relationship if the risk becomes unacceptable.

How does automation improve correspondent banking compliance?

Automation improves correspondent banking compliance by making processes faster, more consistent, and fully auditable. Automated workflows can handle tasks like document requests, sanctions screening, and transaction monitoring, reducing manual effort by up to 70%. This ensures that every relationship is managed according to the same high standard, eliminates human error, and creates a deterministic, time-stamped audit trail for every decision, which is exactly what regulators expect to see.

What is a deterministic workflow and why is it important for compliance?

A deterministic workflow is a rule-based process that produces the exact same outcome every time a specific set of inputs is provided. This is crucial for compliance because it guarantees consistency and predictability, eliminating the subjective judgment that can vary between analysts. Unlike probabilistic or AI-driven systems that might produce different results, a deterministic approach provides the clear, auditable, and defensible evidence that regulators require to prove a bank's processes are systematic and under control.

What is the Wolfsberg questionnaire and why is it important?

The Wolfsberg Group Correspondent Banking Due Diligence Questionnaire (CBDDQ) is a standardized questionnaire used by banks to gather due diligence information from their correspondent banking partners. Its importance lies in creating a common framework for assessing a respondent bank's anti-money laundering (AML) and counter-terrorist financing (CTF) programs, making the due diligence process more efficient and consistent across the industry.

What is the risk of "nesting" in correspondent banking?

Nesting is a significant money laundering risk where a respondent bank provides correspondent services to other financial institutions ("downstream correspondents") without the primary correspondent bank's knowledge or approval. This practice obscures the true origin and destination of funds, allowing transactions from unvetted entities to flow through the correspondent's accounts. Automated transaction monitoring helps detect nesting patterns that are often invisible to manual review.