Pressing priorities and trends
What are the Wolfsberg Group’s goals and priorities? And what are the implications of the new Due Diligence Questionnaire for Correspondent Banks (CBDDQ)? These are just two of the topics covered during a session at Sibos 2017.
- The Wolfsberg Group’s main focus is on the need to be more effective at preventing criminal activity.
- Current areas of attention include correspondent banking and cryptocurrencies.
- The Wolfsberg Group’s new CBDDQ enables financial institutions to undertake risk assessments using a single data standard.
- The questionnaire could benefit banks that have been ‘de-risked’ or ‘de-marketed’ – although this is an ancillary benefit, rather than a core goal.
The group is working on tax transparency principles and is “about to issue frequently asked questions on country risk.” There are also working groups looking at the future of surveillance, transaction monitoring and harnessing innovation to support risk management processes. “Most of this boils down to, ‘how do we become more effective?’”
But there is no agreement across banks, regulators and governments as to what effectiveness really looks like with the current focus on processes rather than outcomes: “We’d like to see a greater emphasis on what are the outcomes? What are we really looking for? What are we trying to achieve through a good AML programme?”
Less than 1% of the money laundered each year is stopped, so the industry needs to move “away from an ‘us and them’ mentality and have it as an ‘us together, against the criminals’ mentality.”
“It’s my hypothesis that you can have a perfectly technically compliant programme and still be ineffective at financial crime mitigation.”
Areas of focus
Correspondent banking is a “big area of focus.” This is a high-risk area as it is a corss-border activity and the parties who are conducting the activity "are not your direct clients."
And there are issues arising from cryptocurrencies. In the case of significant fraud, criminals may open a bank account, “spoof somebody into transferring a ton of money into that account,” and then transfer the money to a cryptocurrency – so it is important to stay vigilant as the system innovates.
Unintended consequences of financial crime include de-risking or ‘de-marketing.’ All institutions go through an exercise to define their target market criteria, risk acceptance and where they want to do business, before deciding whether a particular relationship in a particular jurisdiction fits that model. Institutions may keep a particular relationship but decide against specific activities, such as remittance activity. “That’s the bigger topic right now, and we’ll have to put it on our agenda.”
Due Diligence Questionnaire
With Wolfsberg Group’s new (CBDDQ), institutions can undertake their risk assessments using a single data standard. The goal is to “move away from situations where if you’ve got multiple respondents or correspondents, you’re looking at 60 different versions.”
The questions included on the questionnaire are already being asked – “I don’t know that we actually came up with anything new that somebody wasn’t already asking” – but now the information is all in one place.
Banks that have been de-risked or de-marketed could view the CBDDQ as an indication of what the big clearing banks are looking for with their financial crime programmes, and an indication of their areas of concern.
“Who knows better what the controls should be, and understands how the products and the services work, than the people in the banks, the actual practitioners?”
So what would the experts change about financial crime risk management if they had a “magic wand?” Measuring effectiveness through outcomes and then holding banks to account on the outcomes would allow institutions to “stop chasing innocent people and actually go back to chasing bad guys.”
The importance of focusing on information sharing also came up, both within a particular jurisdiction and across jurisdictions. And one of the experts highlighted the value of more communication between different parts of the European Commission, “such that we don't have one side of the Commission issuing the money laundering directive and another part of the Commission doing GDPR.”