Enhanced Due Diligence AI: FATF Recommendation 10, Correspondent Banking De-risking & PEP Screening

Enhanced due diligence (EDD) — the heightened customer due diligence applied to high-risk customers, counterparties, and transactions — is the area of AML compliance most frequently cited in bank enforcement actions. FATF Recommendation 10 establishes that financial institutions must apply enhanced due diligence for business relationships and transactions involving higher-risk countries or customers. FATF Recommendation 12 requires EDD for politically exposed persons (PEPs). AI-powered EDD systems are transforming both the speed and quality of high-risk customer reviews — but inadequate AI EDD is as legally problematic as inadequate manual EDD.

$8.1B

Global AML enforcement penalties in 2023 including EDD failures (KPMG Global Banking AML Survey 2024)

EDD failures are cited in a majority of major bank AML enforcement actions. The TD Bank $3.09B case, HSBC's $1.9B settlement, Deutsche Bank's multiple enforcement actions, and Fines against Julius Baer, BSI, and other private banks all involved inadequate EDD for high-risk customers.

FATF Recommendations 10 and 12 — Customer Due Diligence and PEPs

Recommendation 10: Financial institutions must apply CDD measures, including enhanced measures for higher-risk situations, to all customers
Higher-risk situations requiring EDD: Business relationships with non-face-to-face customers; transactions with high-risk countries; PEPs and their associates; correspondent banking relationships; private banking
Recommendation 12 — PEPs: Financial institutions must take reasonable measures to determine whether customers are PEPs; apply EDD to PEP relationships including establishing source of funds and wealth; obtain senior management approval for PEP relationships
AI compliance requirement: AI PEP screening systems must achieve screening coverage meeting FATF standards — failure to screen PEP lists comprehensively or to update screening with new PEP appointments is itself an EDD violation
Source: FATF Recommendations — fatf-gafi.org

Regulatory Risks and Compliance Challenges

Correspondent banking de-risking — the practice of banks withdrawing from correspondent banking relationships with banks in high-risk jurisdictions to avoid AML compliance costs — has reduced global financial access while not effectively addressing money laundering risk. The World Bank estimates that 25% of global remittance corridors have lost correspondent banking access. AI-powered EDD for correspondent banking specifically addresses the cost problem that drives de-risking — automated due diligence reduces the per-relationship compliance cost while improving coverage quality.

PEP screening AI must maintain comprehensive PEP lists that cover all relevant politically exposed persons across all jurisdictions where the institution operates or serves customers. PEP lists that are stale, incomplete, or that miss positions below the national legislator level create screening gaps that generate enforcement findings. AI PEP screening must also screen PEP associates and family members per FATF Recommendation 12 — a requirement that significantly expands the screening universe beyond the primary PEP list.

Claire's AI Compliance Solution

Claire Platform Capabilities

AI EDD Risk Scoring

Claire's EDD module dynamically assigns high-risk customers to appropriate EDD tiers — PEP, high-risk country, adverse media, correspondent banking — and triggers the appropriate investigation workflows, source of funds analysis, and senior management approval processes that FinCEN and FATF standards require.

Comprehensive PEP Screening

Claire maintains comprehensive PEP lists covering all FATF-defined PEP categories across all relevant jurisdictions — including national politicians, state-owned enterprise executives, judicial officials, military officers, and their associates — with daily list updates and automated re-screening when new PEP appointments are identified.

Correspondent Banking EDD Automation

Claire automates correspondent banking due diligence — collecting, analyzing, and documenting the information required for correspondent relationship approval: AML program quality, regulatory examination history, geographic risk exposure, product risk, ownership structure, and sanctions exposure — reducing the per-relationship EDD cost that drives de-risking decisions.

Compliance Checklist

AI Regulatory Compliance Requirements

AI governance framework with board oversight.

Pre-deployment risk assessment for all material AI systems.

Independent model validation annually.

Anti-discrimination and fairness testing.

Explainability for consumer-facing AI decisions.

Third-party AI vendor due diligence and monitoring.

Data quality and lineage documentation.

Immutable audit trail for all AI decisions.

Board AI risk reporting quarterly.

Incident response plan for AI failures.

Frequently Asked Questions

What regulatory framework governs this area?

Multiple overlapping frameworks apply: FinCEN AML requirements, FATF recommendations, CFPB consumer protection, federal banking agency model risk management (SR 11-7), and applicable state laws. The specific obligations depend on institution type, products, and jurisdictions.

How should institutions document AI for regulators?

Maintain: model inventory with risk tiers; training data documentation; validation results; ongoing monitoring data; consumer complaint records by AI system; adverse action samples; vendor oversight records; and board reporting on AI risk.

What are the main AI enforcement risks?

Key risks include: AI credit decisions with disparate impact (fair lending); AI customer service impeding consumer rights (UDAAP); inadequate SAR filing from AI monitoring gaps; model governance deficiencies under SR 11-7; and failure to maintain adequate audit trails.

How does the EU AI Act affect this sector?

The EU AI Act classifies credit-scoring, insurance, and investment AI as high-risk (Annex III). High-risk AI requires conformity assessments, technical documentation, transparency, and human oversight. EU-facing institutions must assess which AI systems require EU AI Act compliance.

What does SR 11-7 require for AI models?

SR 11-7 requires: model documentation; independent validation; ongoing performance monitoring; board-level model risk awareness; and documentation adequate to allow replication of model results. These requirements apply to all quantitative models including AI/ML systems.

Ready to strengthen your AI compliance program? Claire helps financial institutions navigate complex regulatory requirements with automated monitoring, audit trails, and examination-ready documentation. Book a demo with Claire.