Case Study 8.2: Correspondent Banking Under Sanctions Pressure — Rafael's SWIFT Compliance Project
The Situation
Organization: Meridian Capital (fictional US broker-dealer) Rafael's mandate: Upgrade Meridian's payment screening for outbound and inbound wire transfers to address regulatory feedback received during an OCC examination Challenge: Integrating real-time SWIFT message screening into a legacy payment processing infrastructure while managing the operational impact on settlement timelines
The Examination Finding
During a routine OCC examination of Meridian Capital's BSA/AML program in Q1 2022, the examining team conducted a sample review of international wire transfer processing. The finding was specific:
"The institution's current transaction screening process screens wire transfer counterparty names at the point of account onboarding and in periodic batch reviews, but does not systematically screen all fields in SWIFT MT103 messages at the time of payment processing. Specifically, the beneficiary institution field (field 57) and the correspondent bank field (field 56) are not screened prior to payment execution."
In plain terms: Meridian was screening the beneficiary customer name but not the beneficiary bank or the intermediary bank in its wire transfer payments. A payment routed through a sanctioned bank — even to a non-sanctioned beneficiary — could represent a sanctions violation that Meridian's current system would not catch.
Rafael received the examination finding on a Tuesday. By Friday, he had convened a working group with the operations, technology, and legal teams to design a remediation plan.
Understanding the Gap: SWIFT Fields and Sanctions Risk
The first step was understanding exactly what Meridian's system was — and wasn't — screening.
A standard international wire transfer (SWIFT MT103) contains multiple parties:
MT103 Relevant Fields for Sanctions Screening:
Field 50 — Ordering Customer (sender/originator)
→ Meridian screened this at account onboarding
Field 52 — Ordering Institution (sender's bank = Meridian Capital)
→ Meridian itself — no screening needed
Field 56 — Intermediary Institution (correspondent bank)
→ NOT being screened at payment execution
Field 57 — Account With Institution (beneficiary's bank)
→ NOT being screened at payment execution
Field 59 — Beneficiary Customer
→ Screened at account onboarding; NOT re-screened at payment
The risk in fields 56 and 57 is real. Financial institutions are intermediaries in a chain — Meridian might send a payment to a legitimate beneficiary at a legitimate bank, but if the route passes through a correspondent bank that is itself sanctioned or owned by a sanctioned entity, Meridian could be facilitating a sanctions violation.
The risk in field 59 at execution (rather than only at onboarding): a customer who was clean at onboarding could subsequently appear on the SDN list. Without re-screening at payment execution, a payment to a newly-sanctioned individual could be processed if it arrived before the customer's periodic re-screening cycle.
Phase 1: Gap Remediation Design (Months 1–2)
Rafael worked with the technology team to map the existing payment processing workflow:
Current Workflow:
Wire instruction received
↓
Operations team manual entry into payment system
↓
Payment system queues message for SWIFT transmission
↓
SWIFT message sent (no screening at this stage)
Planned Workflow:
Wire instruction received
↓
Operations team manual entry into payment system
↓
SWIFT message composed in payment system buffer
↓
Screening system extracts Fields 50, 56, 57, 59
↓
Screening against SDN + relevant lists
↓
If no alert: release to SWIFT transmission
If alert: hold in suspense; notify compliance
↓
Compliance review → release or block + report
The technology challenge: Meridian's payment processing system was a twelve-year-old application that composed SWIFT messages internally but did not expose individual message fields through an API. The screening integration required either: 1. Parsing the SWIFT message after composition (intercepting the message buffer) 2. Extracting structured fields from the payment instruction before message composition 3. Replacing the legacy payment system with a modern API-enabled system
Option 3 was a 12-24 month project; Rafael needed a remediation within 90 days. He chose Option 1: a SWIFT message parser deployed as a gateway that intercepted outbound messages, extracted fields, submitted them to the screening system, and held or released based on the result.
Phase 2: Correspondent Bank Risk Assessment
The field 56 gap revealed a deeper question: which correspondent banks did Meridian route payments through, and had those correspondents been assessed for sanctions risk?
Rafael's team compiled a list of all SWIFT BICs (Bank Identifier Codes) that had appeared as intermediary banks (field 56) in Meridian's outbound wire transfers over the prior 12 months: 47 distinct BICs, representing banks in 23 countries.
Each was cross-referenced against: - OFAC SDN List (direct match) - OFAC's "CAPTA" and "SSI" lists (sectoral restrictions, particularly relevant for Russian banks post-2014) - US Treasury's Specially Designated Nationals with "UKRAINE-EO13685" program tags (Russia/Ukraine-related designations) - OFSI's UK Consolidated List - EU Consolidated List
The analysis found: - Three BICs that had been involved in OFAC enforcement actions in the prior five years (not themselves sanctioned, but with elevated risk profiles) - One BIC representing a bank with a minority ownership stake from a Russian state-owned entity (requiring assessment under the 50% Rule for sanctions exposure) - Zero directly sanctioned BICs in Meridian's correspondent network
For the Russian state-owned minority stake: the ownership was 31% — below the 50% threshold for automatic OFAC designation. Rafael documented this analysis, consulted with outside OFAC counsel, and concluded that the correspondent bank was not itself subject to OFAC sanctions under the 50% Rule. The documentation was maintained in the correspondent bank file.
For the three BICs with enforcement history: Rafael implemented enhanced monitoring — any payment routed through these correspondents was flagged for compliance awareness, and the correspondent banking relationship was reviewed annually rather than on the standard 3-year cycle.
Phase 3: The Operational Impact Challenge
The screening gateway went live in Month 3. The first week of operation revealed an operational impact that Rafael had underestimated: payment hold times.
Meridian processed approximately 230 international wire transfers per day. Of these: - 218 cleared screening immediately: released within 2 seconds - 12 per day generated screening alerts requiring compliance review
The compliance review process for a wire alert: - Alert assigned to a compliance analyst: average 15 minutes - If analyst clears: payment released; total hold time: 15–45 minutes - If analyst escalates to senior review: additional 30–60 minutes - If confirmed true match (none in the first month): payment blocked; OFAC report filed
Settlement impact: for payments with a same-day settlement requirement (T+0), a 45-minute hold was manageable. For payments with a specific execution deadline (some institutional settlements have narrow execution windows), a delay could cause a missed settlement.
In the first month, three payments missed their settlement window due to alert holds. Two of the three were false positives (common name matches); one was a borderline case that required senior compliance review.
Rafael's solution: a pre-screening tier for time-critical settlements. Payments flagged as "time-critical" by the operations team were routed to a dedicated compliance analyst on standby, with a 10-minute target review time. This added staffing cost (partial FTE coverage for time-critical payments) but eliminated missed settlements.
The Six-Month Review
Six months after the screening gateway went live, Rafael compiled a program assessment:
| Metric | Month 1 | Month 6 |
|---|---|---|
| Wire transfers screened per day | 230 | 247 |
| Alert rate (% of transfers) | 5.2% | 4.1% |
| Average alert review time | 22 min | 14 min |
| True matches confirmed | 0 | 0 |
| Missed settlements due to hold | 3 | 0 |
| Field 56 (correspondent) alerts | 8% of alerts | 6% of alerts |
Alert rate reduction (5.2% → 4.1%) was achieved through threshold tuning: Rafael's team analyzed the Month 1 alert composition and identified several BIC patterns that consistently generated false positives due to name components in the bank's legal name (e.g., "International", "National", "Commercial" matching watchlist entity name fragments). A refinement to the business name matching logic reduced these false positives without raising the overall threshold.
No true sanctions matches were confirmed in the six months — which Rafael noted in his program assessment with the observation: "The absence of true matches does not indicate the screening is unnecessary. It indicates the screening is working."
The Follow-Up Examination
Fourteen months after the initial finding, the OCC conducted a targeted follow-up review of the remediation. The examination included: - Review of the SWIFT gateway architecture documentation - Sample testing of the screening system (OCC submitted 10 test payments including 2 with SDN matches; both were correctly held) - Review of the correspondent bank risk assessment and enhanced monitoring documentation - Review of the time-critical settlement process
The examination finding: remediation satisfactory. No further action required. The documentation of the correspondent bank risk assessment was specifically noted as thorough — the OCC examiner had expected to find this gap unaddressed.
Rafael's reflection in the program file: "The OCC didn't just want to know that the gap was fixed. They wanted to know that we understood what the gap was, why it was a risk, and that we had built a documented analytical framework around the fix — not just plugged the hole."
Discussion Questions
1. The OCC finding identified that Meridian was not screening SWIFT Fields 56 and 57. Under OFAC regulations, what is the specific legal basis for requiring screening of correspondent and beneficiary bank information in international wire transfers?
2. The correspondent bank analysis identified a bank with 31% Russian state-ownership — below the OFAC 50% threshold. Rafael documented his analysis and concluded the bank was not subject to sanctions. If that ownership percentage later increased to 52% through additional share acquisition by the Russian state entity, what would Meridian's immediate obligations be?
3. The time-critical settlement problem — payments held for compliance review missing execution windows — represents a direct conflict between compliance requirements and operational requirements. Design a governance policy that balances these requirements: under what circumstances can a time-critical payment be released before screening is complete? What compensating controls would be required?
4. Rafael's program assessment observed: "The absence of true matches does not indicate the screening is unnecessary. It indicates the screening is working." Evaluate this claim: is it analytically sound? What evidence would you need to distinguish "screening is working (preventing violations)" from "there were genuinely no violations to catch during this period"?
5. The six-month alert rate fell from 5.2% to 4.1% through false positive reduction. At what point does false positive reduction in payment screening create the risk of threshold drift — gradually raising the threshold to a level where genuine sanctions risks are being missed? How should a financial institution govern the threshold tuning process to prevent this?