Fraud & Compliance / Learning brief
The SWIFT KYC Registry
Your notes
In simple terms / 01
What this means in plain language
The KYC Registry is a shared platform where banks contribute and consume standardised due-diligence data and documents, so correspondent know-your-customer information is collected once and reused instead of exchanged bilaterally many times over.
Banks that hold accounts for one another, called correspondent relationships, must each perform due diligence to understand who they are dealing with. KYC (know your customer) is that process: gathering standard facts and documents about an institution's ownership, licences, and controls. Done bilaterally, the same bank ends up sending nearly the same information to dozens of partners, each in a slightly different format. The KYC Registry is a shared platform that replaces those repeated exchanges. An institution contributes a standardised set of baseline data and supporting documents once, and its partners consume that entry when they need it, subject to the institution's permission. Because the data follows an agreed structure, including the industry's standard due-diligence questionnaire, everyone reads the same fields the same way. Collecting due diligence once and reusing it lowers duplicated effort, improves consistency, and gives each institution a clearer, more comparable view of its counterparties.
Complete lesson / 02
Understand the full idea, step by step
Fill out the same medical form at every clinic you visit — same name, same history, same allergies, re-copied each time — and you quickly see the waste: the facts barely change, yet everyone asks again in their own layout. Correspondent banks had exactly this problem with the paperwork of knowing each other. Their answer was to collect it once and share it, carefully. That is the registry we look at here.
The duplication problem in correspondent due diligence
Correspondent banking works through relationships in which one institution holds an account for another so payments can reach places it does not serve directly. Each side must understand its counterparty, which means collecting due-diligence information: ownership, licensing, regulatory status, financial-crime controls. When this is exchanged bilaterally, the effort multiplies — a bank with many correspondents answers many near-identical requests, each in a different layout, and sends its own to each partner in turn. The facts are largely stable and largely the same from one request to the next, yet they are gathered, formatted, and checked over and over.
The KYC Registry — KYC = know your customer
The KYC Registry is a shared platform where an institution assembles a standardised set of baseline data and supporting documents describing itself, and publishes that entry once. It turns many bilateral exchanges into one maintained record. Know your customer is the broad obligation to understand who you are dealing with; here the "customer" is a correspondent bank, and the registry is where the evidence of that understanding is collected and shared.
Contribute once, consume with permission
An institution publishes its entry to the platform, and partners that need the information request access — the contributing institution controls who may see it. The data is shared with permission, not published openly. When a licence, address, or control changes, the update is made once and every permitted partner sees the same refreshed record. This is the core of the model: maintain a single record, and let many partners consume it, instead of keeping a separate answer alive for each relationship.
Wolfsberg CBDDQ — Correspondent Banking Due Diligence Questionnaire
A central part of the structure is the CBDDQ — an industry-standard set of questions, from the Wolfsberg Group, covering an institution's ownership, business, and financial-crime controls. Because everyone completes the same questionnaire and supplies data in agreed fields, a consuming institution reads each counterparty in a consistent shape rather than deciphering a bespoke form. A shared question set also makes it harder for an important question to be quietly skipped.
If the data is standardised and shared, does the registry decide whether Meridian Bank should take Nordbank on?
No — and this is the important line. The registry standardises and distributes information; it does not make the compliance decision. Meridian Bank still assesses whether Nordbank fits its own risk appetite, applies enhanced review where its policy requires it, and decides whether to open, continue, or exit the relationship. What changes is the starting point: Kabir's team begins from clean, comparable, permission-controlled data instead of chasing forms — so effort goes to judgement, not to formatting.
COMMON CONFUSION
“Using the registry means a bank has outsourced its know-your-customer decision to the platform.”
Reusing due-diligence data does not move the decision anywhere. Each institution still reviews the counterparty against its own policy, records its own assessment, and owns the outcome. The registry improves the inputs — consistent fields, a shared questionnaire, a maintained record — which is exactly what makes gaps easier to spot. The judgement stays with the bank.
STRICTLY SPEAKING
Strictly speaking, real due-diligence obligations vary by jurisdiction and by the risk of each relationship, and enhanced measures apply where policy or law demands them. The registry is a foundation that supports the process — cleaner data, a clearer audit trail of which version was relied on and when — not a substitute for it. Framed defensively, it strengthens controls: comparable fields make an omission visible, a shared questionnaire resists a skipped question, and a maintained record reduces reliance on stale information.
FOR NOW, REMEMBER
- Correspondent due diligence is largely the same facts asked many times; the KYC Registry replaces those bilateral exchanges with one shared record.
- An institution contributes a standardised entry once and controls which partners may consume it — shared with permission, not published openly.
- The Wolfsberg CBDDQ gives everyone a common question set, so counterparties can be read in a consistent shape and gaps are easier to see.
- The registry standardises and distributes data; each bank keeps the compliance decision, applies its own risk appetite, and owns the outcome.
TRY IT YOURSELF
Kabir reads Nordbank's complete, up-to-date CBDDQ on the registry and finds no obvious concerns. Which action fits how the registry is meant to be used?
Knowing who a counterparty is answers one risk. Another is how well it secures the systems that create and send messages. Next: the programme that sets a common security baseline and asks every connected institution to prove it meets it.
KEEP GOINGKey takeaways / 03
Three things to remember
- 01
The KYC Registry lets institutions publish standardised due-diligence data once and share it with permitted partners.
- 02
A common structure, including the Wolfsberg CBDDQ, makes counterparty information comparable across institutions.
- 03
Collecting due diligence once and reusing it reduces duplicated requests without removing each bank's own review.
Practical use cases / 04
Where you would use this
A correspondent bank publishes its baseline data and documents so partners can request access instead of emailing forms.
A compliance team consumes a counterparty's registry entry when refreshing periodic due diligence.
An onboarding analyst checks a prospective partner's standardised questionnaire before opening a relationship.
Worked example / 05
Put the idea into a real situation
Illustrative example: a fictional bank, Aldergate Commercial, maintains correspondent relationships with 40 partner banks. Instead of answering 40 separate due-diligence requests each year, it publishes one standardised entry, including its completed questionnaire and 12 supporting documents, to the registry. When a partner refreshes its review, it consumes the entry directly. Aldergate estimates it answered 40 near-identical requests before; now it maintains a single record and grants access, cutting repeated form-filling while its partners still make their own risk decisions.
Evidence & review / 07
Evidence & review
Swift's KYC Registry for correspondent banking due diligence, and the Wolfsberg CBDDQ as its standardised question set. Defensive framing only.
What this brief simplifies: Presents the registry as contribute-once/consume-with-permission; the platform's document handling, baseline data set, and access workflows are richer. Due-diligence obligations are described generally and point to jurisdiction-specific law rather than quoting it.
Sources for this brief4
- Market practice
Swift products and services ↗ — Swift
Used for the public overview of product details documented behind swift.com.
- Market practice
Wolfsberg Group Payment Transparency Standards ↗ — The Wolfsberg Group
The 2023 standards replace the 2017 version and are supplemented by separate Wolfsberg guidance on roles and responsibilities in payment chains.
- Market practice
Correspondent banking (final report) ↗ — CPMI, Bank for International Settlements
Published in July 2016; its statistics cover 2011-2015 and are dated, but the definitions and arrangement types remain widely used.
- Official requirement
The FATF Recommendations: International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation ↗ — Financial Action Task Force
Adopted in 2012 and updated regularly since; the June 2025 FATF plenary agreed revisions to Recommendation 16 on payment transparency. Consult the live consolidated text for the current wording.