Understanding Wolfsberg Group and Its Role in Anti Money Laundering Compliance

The Wolfsberg Group is a consortium of 12 major international banks that came together to address the need for a standardized approach to anti-money laundering (AML) compliance. This group was formed in 2002.

The Wolfsberg Group's primary goal is to develop and implement risk management standards and guidelines to combat money laundering and terrorist financing.

These standards include the Wolfsberg Anti-Money Laundering Principles, which provide a framework for banks to assess and manage their AML risk.

By working together, the Wolfsberg Group member banks aim to reduce the risk of money laundering and terrorist financing in the global financial system.

The Wolfsberg Group has a fascinating history that dates back to 1999. The U.S. Senate Permanent Subcommittee on Investigations called Citigroup's CEO, John Reed, to testify on a "rogues gallery" of clients at Citibank's private bank.

In response, Citigroup's new head of the Private Bank, Shaukat Aziz, was tasked with resolving allegations and preventing future occurrences. He met with Frank Vogl, then vice chairman of Transparency International, to discuss a joint initiative.

A dinner was organized in New York, co-hosted by Aziz and Vogl, which initiated discussions among major banks to attain voluntary understandings on know-your-customer standards. The meeting led to the formation of the Wolfsberg Group.

The group was initially an informal association of 11 global banks, including Citigroup, UBS, and HSBC. In 2000, the founding members were Banco Santander, MUFG, Barclays, Citigroup, Credit Suisse, Deutsche Bank, Goldman Sachs, HSBC, J.P. Morgan Chase, Société Générale, and UBS.

After the September 11 attacks in 2001, the group shifted its focus to include counter-terrorism financing standards. This marked a significant change in the group's priorities.

In 2021, the Wolfsberg Group was officially founded as an association under Swiss law, with its registered domicile in Basel, Switzerland. This formalization solidified the group's commitment to its mission.

The group's recent suggestions, in response to the 2022 Russian invasion of Ukraine, include screening bank customers for negative news stories to assess their financial crime risk.

The Wolfsberg Group plays a vital role in the international financial system. Its members are deemed Global Systemically Important Banks by the Financial Stability Board, the Basel Committee on Banking Supervision, and national financial regulators.

These banks have a significant international presence and engage in extensive cross-jurisdictional operations. Their failure could destabilize national or even global economies.

The Group's members represent almost half of all G-SIBs, and four of its institutions are among the banks with the most global systemic importance.

The Group has a truly authoritative voice and sets the tone in combating transnational financial crime.

The Wolfsberg Group encourages financial institutions (FIs) to expand investigations into allegations of potential bribery to include timely root cause analysis.

This involves remedying any control weaknesses and ensuring continuous improvement in the compliance program.

Section 3.1 of the new Guidance updates reporting procedures for FIs, expanding recommendations for making improvements to ABC compliance programs.

FIs are encouraged to expand investigations into allegations of potential bribery to include timely root cause analysis.

This analysis is crucial in remediating any control weaknesses and ensuring continuous improvement in the Programme.

The Group recommends that investigations be aligned to, and integrated with, policies, procedures, and processes for the purposes of compliance with the FI's external reporting obligations.

By doing so, FIs can ensure that their compliance programs are effective and up-to-date.

The Wolfsberg Group has called for an overhaul of suspicious transaction reporting, citing that 95 per cent of reports do not lead to prosecutions.

This staggering statistic highlights the inefficiency of the current system, where a large volume of reports is being generated without yielding meaningful results.

The increasing volume of suspicious activity reports has not led to a proportional increase in prosecutions, leading the Wolfsberg Group to question the value being derived from these reports.

The Wolfsberg Group's Updated Guidance makes it clear that activity, not contractual relationship, determines the level of Bribery and Corruption risk presented by a Third-Party Provider.

FIs should focus on mitigating actions rather than just contractual relationships. This means that even if a third-party provider has a contract with the FI, the actual activity they engage in can still pose a risk.

Non-intermediaries, which are third parties that generally interact only with employees of the FI, may pose less risk compared to intermediaries. However, FIs should still implement clear, risk-based guidance on their engagement and monitor these relationships closely.

FIs can leverage existing controls to mitigate corruption risk in non-intermediaries, such as setting risk-based restrictions on the receipt of anything of value from third parties by employees involved in the selection process.

The level of Bribery and Corruption risk presented by a Third-Party Provider is determined by their activity, not their contractual relationship with a Financial Institution (FI). This is a key takeaway from the Updated Guidance.

Activity, not contractual relationship, is what matters when assessing risk with Third-Party Providers. This means that even if a provider has a contract in place, their actions can still pose a significant risk.

FIs must take mitigating actions to address the risks associated with Third-Party Providers. The Group emphasizes that activity will determine the level of risk, and FIs must take action accordingly.

The Group expanded the introduction of Section 5 to reiterate this important point about Third-Party Providers. By focusing on activity rather than contractual relationship, FIs can better assess and manage risk.

Non-intermediaries generally interact only with employees of the FI engaging the third party, posing less risk from an ABC perspective compared to intermediaries.

FIs should implement clear, risk-based guidance on their engagement, set forth expectations for their conduct, and undertake appropriate ongoing monitoring of these relationships.

Non-intermediaries can present the risk of offering or providing improper personal benefits to the FI's employees to retain or obtain new business from the FI.

FIs should develop guidelines about the selection of service providers, as well as risk-based restrictions on the receipt of anything of value from such third parties by employees involved in the selection process.

On-boarding procedures should include ABC related questions to help FIs identify non-intermediaries that could present increased ABC risks and may require continuous monitoring.

FIs should be proactive and use a risk-based approach to determine whether forward-looking risk mitigation controls are necessary once a non-intermediary is on-boarded.

The Wolfsberg Group is committed to countering terrorist financing through a risk-based approach. This approach emphasizes identifying sectors, activities, and jurisdictions more frequently associated with the financing of terrorism.

In 2024, the Wolfsberg Group published a statement on countering terrorist financing that replaces its 2002 statement. The new statement outlines four priorities: a risk-based approach, customer due diligence, monitoring and screening, and global cooperation.

A risk-based approach is essential in preventing the financing of terrorism. The Wolfsberg Group suggests that a CTF framework should be informed by guidance from relevant competent authorities, which will include the identification of sectors, activities, and jurisdictions more frequently associated with the financing of terrorism.

The Wolfsberg Group emphasizes the importance of customer due diligence in preventing the financing of terrorism. This includes maintaining policies and procedures to screen customers and beneficial owners against sanctions or other applicable lists.

Here are the key steps in customer due diligence as outlined by the Wolfsberg Group:

The Wolfsberg Group also highlights the importance of global cooperation in preventing the financing of terrorism. This includes co-operation with law enforcement and government agencies in their efforts to combat the financing of terrorism.

The Wolfsberg Group plays a significant role in the management of financial crime risks, and they've published guidance on how internal audit functions can help financial institutions with this process.

Their guidance highlights the importance of internal auditing in financial crime risk management, believing it can play a crucial role in this process.

Internal auditors can help identify and assess financial crime risks, ensuring that financial institutions have effective controls in place to mitigate these risks.

The Wolfsberg Group also emphasizes the need for collective responsibility in countering terrorist financing, which involves shared responsibility between financial institutions and law enforcement agencies.

This collective approach is essential in suppressing the financing of terrorism, and the Wolfsberg Group's revised statement highlights this importance.

By working together, financial institutions and law enforcement agencies can effectively prevent the financing of terrorism and reduce financial crime risks.

The Wolfsberg Group, an association of global banks, is a key player in financial crime risk management. They oppose mandatory enhanced due diligence on FATF grey-listed jurisdictions.

The FATF grey list is a list of countries under increased monitoring for money laundering and terrorist financing risks. The Wolfsberg Group has spoken out against introducing a mandatory higher level of customer due diligence on customers from these countries.

The Financial Action Task Force (FATF) is an international organization that sets standards for anti-money laundering and counter-terrorist financing.

Customer-Related Transaction Risks are a major area of focus for Financial Institutions (FIs) in managing Bribery and Corruption risks.

The 2023 Guidance encourages FIs to consider the holistic risk profile of a transaction, even when responsibility for customer-related risks is partially delegated to review units outside of the Bribery and Corruption program.

FIs should understand how the proceeds of equity or debt financing will be used in appropriate detail based on the risk, examining the business rationale for the purported use, especially where risk is high.

Measures implemented by FIs to ensure that wire payments contain complete and accurate information can assist in the prevention and detection of the proceeds of Bribery and Corruption.

In situations where the FI deems the transaction to carry elevated risk, consideration can be given to conducting checks on the customer's representatives and the end recipient of funds to ascertain if the transaction is at arm's length.

FIs should scrutinize the purpose and structure of corporate vehicles set up to support transactions, the nature and structure of transactions, the customer's and counterparty's reputations, distribution of proceeds generated, involvement, payment and reputation of third parties, and the nature of any government nexus to proposed transaction-related activities.

Continuous improvement is key to effective financial crime risk management. Financial institutions (FIs) should regularly review and update their compliance programs to reflect changing business lines, laws, and industry standards.

The Wolfsberg Group emphasizes collective responsibility in countering terrorist financing, shared between FIs and law enforcement agencies. This highlights the importance of collaboration in preventing financial crime.

FIs should analyze adverse events to understand their root cause, control failings, and remediation actions. This analysis should be reported under existing escalation and reporting processes and governance structures.

Lessons learned from adverse events should be disseminated to both business and control functions, as appropriate. This ensures that all stakeholders are aware of the risks and take necessary steps to mitigate them.

Continuous improvement requires FIs to track and analyze "lessons learned" to refine their compliance programs. This ongoing process helps FIs stay ahead of emerging risks and threats.