The Wolfsberg Group - Demonstrating Effectiveness

Page created by Eleanor Parks
Business
English
 
CONTINUE READING
Page content transcription
If your browser does not render page correctly, please read the page content below
The Wolfsberg Group – Demonstrating Effectiveness
This Paper builds on the Wolfsberg Group’s (the Group’s) prior work by suggesting ways in which a Financial
Institution (FI) can assess risk in defined priority areas and demonstrate the effectiveness of its Anti-Money
Laundering/Combatting Terrorist Financing (AML/CTF) programme. In December 2019, the Group published a
Statement on Effectiveness that outlined what it believes are the key elements of an effective AML/CTF programme
(The Wolfsberg Factors):1

     1. Complying with AML/CTF laws and regulations
     2. Providing highly useful information to relevant government agencies in defined priority areas 2
     3. Establishing a reasonable and risk-based set of controls to mitigate the risks of an FI being used to facilitate
        illicit activity3

In August 2020, the Group published a follow-up Statement on Developing an Effective AML/CTF Programme.4 In
that Statement, the Group outlined the following suggested steps for FIs to evolve their AML/CTF programmes to
focus more on effective outcomes:

     1.   Assess Risk in Defined Priority Areas
     2.   Implement/Enhance Controls
     3.   Prioritise Resources
     4.   Engage with Law Enforcement
     5.   Demonstrate AML/CTF Programme Effectiveness

In this paper, we discuss assessing priorities and demonstrating effectiveness and how the Wolfsberg Factors can
serve as a useful framework for doing both. The Group believes designing, assessing, and measuring AML/CTF
programmes based on performance against these defined outcomes would not only enable FIs to detect and deter
criminal activity better, but also improve the effectiveness of the system to combat money laundering and terrorist
financing overall.

Assessing Risk in Defined Priority Areas

The Financial Action Task Force (FATF) requires countries “to identify, assess and understand the money laundering
and terrorist financing risks they are exposed to. Once these risks are properly understood, countries will be able
to implement anti-money laundering and counter terrorist financing measures that mitigate these risks.” 5 This risk-
based approach is central to the effective implementation of the FATF standards. 6 Similarly, we believe the starting
point for an effective AML/CTF programme should be an understanding of the priority risks identified by countries
or supra-national bodies in those assessments, and the applicability of those risks to the FI.

Today, however, most FIs do not focus their AML/CTF risk assessments on government priorities. Instead, and
largely in response to supervisory expectations, AML/CTF risk assessments are focused on technical compliance

1
  The Wolfsberg Group (2019), Statement on Effectiveness – Making AML/CTF Programmes More Effective, www.wolfsberg-
principles.com/sites/default/files/wb/pdfs/Effectiveness%201%20pager%20Wolfsberg%20Group%202019%20FINAL_Publication.pdf .
2
  Information as defined and aligned to nationally defined financial crime prevention priorities, most importantly those set by law enforcement or
prosecuting authorities.
3
  In September 2020, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) proposed a similar definition in an Advanced
Notice of Proposed Rulemaking. See www.federalregister.gov/documents/2020/09/17/2020-20527/anti-money-laundering-program-effectiveness.
4
  The Wolfsberg Group (2020), Developing an Effective AML/CTF Programme, www.wolfsberg-
principles.com/sites/default/files/wb/Wolfsberg%20Effective%20Financial%20Crimes%20Programme%20-%20August2020%20%28FFP%29.pdf.
5
  FATF (2021), Money laundering and terrorist financing risks, FATF, Paris, https://www.fatf-gafi.org/publications/methodsandtrends/documents/ml-tf-
risks.html.
6
  Id.
                                                                           1
© The Wolfsberg Group 2021                                                          The Wolfsberg Group – Demonstrating Effectiveness
with requirements rather than the effectiveness of the FI’s efforts to prevent and detect financial crime. This
exercise typically culminates in an enterprise-wide risk assessment which tends to be very long, complex, and
focused on data, documentation, and process rather than outcomes.7

In order to be effective, assessing risk in priority areas needs to be done differently. FIs should focus on threats
related to specifically defined national or supra-national priorities. This process should be more agile and less
prescriptive than the enterprise-wide risk assessment as it is currently undertaken. Where specifically defined
priorities do not exist, FIs can leverage priorities described in the jurisdiction’s National Risk Assessment, or
equivalent publication, as defined priority areas. In either case, the more detailed information that is shared, by
governments with FIs, related to these threats, whether publicly or privately, the better the FI will be able to
evaluate, mitigate, and potentially provide useful information related to these threats to law enforcement. The
Group intends to discuss threat assessments in more detail in an upcoming paper.

Evaluating and Demonstrating Effectiveness

The Group believes that the Wolfsberg Factors provide a useful framework for evaluating the effectiveness of an
FI’s controls in defined priority areas and for demonstrating the effectiveness of its AML/CTF programme overall.
Where an FI can demonstrate, for a specific threat or for the AML/CTF programme overall, that it has complied with
applicable AML/CTF laws and regulations, designed its programme to provide highly useful information to
government authorities, and implemented a reasonable and risk-based set of controls to prevent and detect
financial crime, this should be considered as strong evidence of the FI’s effectiveness.

          1. Complying with AML/CTF Laws and Regulations

FIs must comply with AML/CTF laws and regulations. This is the foundation for AML/CTF programmes. In order to
do this, FIs must understand the AML/CTF laws and regulations for each applicable jurisdiction, or supra-national
authority, and implement reasonably designed processes to comply with these requirements, as well as controls
and reporting to demonstrate how they comply with the relevant law or regulation. Supervisors, for their part,
should clearly differentiate between legal or regulatory requirements that must be met and other areas wher e FIs
are permitted to take a risk-based approach. Today, FIs spend significant time and resources on activities that are
considered “expectations” of an AML/CTF programme but are not required by law or regulation. These
“expectations” are sometimes written in non-binding guidance, sometimes unwritten, or can be a reflection of the
views of an individual examiner or auditor. However, unless these activities lead to highly useful information for
government authorities or help the FI materially prevent, detect, or deter actual crime, these “expectations” are
often counterproductive to an effective AML/CTF programme.

          2. Providing Highly Useful Information to Government Authorities in Priority Areas

The extent to which governments define priorities and provide feedback to FIs on reporting will vary by jurisdiction.
Likewise, the risks related to published priority areas will vary by FI, depending on its size, business model and
geographic scope. These factors will have an impact both on the type and quant ity of highly useful information

7 In 2015, the Group published “The Wolfsberg Frequently Asked Questions on Risk Assessments for Money Laundering, Sanctions and Bribery
& Corruption.” Those Frequently Asked Questions (FAQs) were largely focused on the enterprise-wide risk assessment process. The Group
is currently reviewing those FAQs and plans to reaffirm or update the FAQs in light of the Group’s effectiveness work.
                                                                     2
© The Wolfsberg Group 2021                                                   The Wolfsberg Group – Demonstrating Effectiveness
that the FI provides to law enforcement. Therefore, demonstrating and assessing effectiveness in providing highly
useful information to government authorities will necessarily vary by FI.

For some FIs, it may be helpful to track engagement with, and information provided to, government authorities.
The metrics and programme attributes described below could be used internally by an FI to measure its
effectiveness, or externally to demonstrate to supervisors that its programme is reasonably designed to provide
highly useful information. The metrics focus on the quality, not the quantity, of reporting. The best indicator of
quality is direct feedback from government authorities and, as discussed further in the next section, how that
feedback influences enhancements or improvements to the FI’s control framework. Where feedback is limited or
unavailable, FIs could consider factors like the complexity of the investigation, the identification of network activity,
or reporting in identified priority areas, as indicators of quality. While these indicators are not perfect, the Group’s
experience, and general feedback from government authorities, suggests that the examples proposed below
demonstrate the FI’s commitment to providing highly useful information to law enforcement.

The examples provided, however, are neither an exhaustive list nor intended to imply that there be a requirement
to track these or any other particular type of information to demonstrate effectiveness. Some of the examples may
not be applicable to certain FIs based on their size, business model, risk profile, or available government feedback
in the jurisdictions where they operate. A smaller FI with a lower risk profile, for example, could have an effective
AML/CFT programme even if it has not filed any Suspicious Transaction Reports/Suspicious Activity Reports
(STR/SAR), for as long as the FI has demonstrated an understanding of its financial crime risk and implemented a
reasonably designed programme based on its risk profile. For these reasons, the metrics should not be used as a
basis to compare one FI to another.

                 Law Enforcement and Government Engagement

       Use of intelligence from law enforcement and relevant government authorities, including Financial
        Intelligence Unit communications
       Participation in public-private partnerships
       Results from engagement in public-private partnerships (i.e., government action following tactical
        information sharing or work on strategic and policy initiatives)
       Engagement with law enforcement and relevant government authorities on priority areas, including sharing
        information and typologies
       Recognition/feedback from law enforcement and relevant government authorities
       High quality and timely responses to requests from law enforcement and relevant government authorities
       Analysis of requests from law enforcement and relevant government authorities
       Number of relationships/accounts maintained at the request of law enforcement (sometimes referred to
        as “Keep Open Requests”)

                 Suspicious Transaction Reports (STRs)/Suspicious Activity Reports (SARs)

       STRs/SARs filed in priority areas aligned to nationally defined/published financial crime priorities, including
        those set by law enforcement
       STRs/SARs that identify networks of interconnected suspicious activity typically involving several parties
       STRs/SARs filed following a complex investigation by the FI
       Percentage of STRs/SARs filed that result in follow-up enquiries from law enforcement or government
        authorities

                                                           3
© The Wolfsberg Group 2021                                        The Wolfsberg Group – Demonstrating Effectiveness
   Percentage of STRs/SARs in priority areas where the FI has received positive law enforcement or
        government feedback
       STRs/SARs where government action was later taken (e.g., the suspect was later charged with or convicted
        of a crime, asset seizure, etc.)
       STRs/SARs filed following information sharing from the government
       STRs/SARs filed following information sharing from other FIs, where legally permissible

        3. Reasonable and Risk-Based Controls to Detect, Prevent or Deter Financial Crime

As financial crime risks vary by FI, so too will the risk-based controls necessary to mitigate those risks. Risk-based
controls should be reasonably designed to both prevent the FI from being used to facilitate illicit activity, as well as
to detect and report potential illicit activity. These controls should include, but may not be limited to, AML/CTF
policies and procedures, risk assessments, collection of customer due diligence (CDD), enhanced due diligence
(EDD) requirements where appropriate, oversight of the business, governance processes, transaction monitoring,
economic sanctions screening, a system for employees to refer potentially suspicious activity, and AML/CTF
training. An FI may also demonstrate effectiveness by applying lessons learned from government engagement or
other priorities-focused work towards the development of new or enhanced controls to detect, prevent or deter
financial crime.

While these, and indeed other, controls are well known, today auditors, consultants and supervisors tend to focus
their assessment of these controls almost exclusively on their technical implementation and execution. In a regime
focused on effectiveness, supervisors and FIs would instead focus on the practical element of whether the controls
are making a material difference in helping the FI, and the jurisdictions in which it operates, mitigate its risks and
address defined AML/CTF priorities. In other words, as the FATF has emphasised, effectiveness should be judged
on outcomes rather than process.8 Therefore, in order to demonstrate effective controls, FIs should be prepared
to explain to their supervisors how their controls actually mitigate risk and/or provide highly useful information to
government authorities.

Not only should the controls mitigate risk, they should also be risk-based. This means focusing controls on areas
that present a higher risk to the FI. In discussing risk-based supervision, the FATF has said “[t]here also needs to be
a recognition that AML/CTF related weaknesses in areas of lower [Money Laundering/Terrorist Financing] risk may
go undetected by supervisors in the application of risk-based supervision ….” 9 The same is true for an FI’s AML/CTF
programme. Where an FI has reasonably focused on higher risk areas in line with its assessment of the threats it
faces, an undetected weakness in a lower risk area is not by default an indication of programme failure, but rather
a natural extension of the implementation of a risk-based approach.

One final consideration related to the effective implementation of a set of risk-based controls should be the time
and resources devoted to such efforts, relative to the risk mitigation. Where a control requires significant time
and/or resources for minimal risk mitigation, FIs should consider changing or eliminating the control altogether and
reallocating those resources to those with demonstrably more effective outcomes. In other words, it is entirely
normal for an FI to decommission ineffective and inefficient controls. The opportunity cost of failing to change or

8    See FATF (2021), Guidance for applying a Risk-Based Approach to Supervision, FATF, Paris, www.fatf-
gafi.org/publications/documents/Guidance-RBA-Supervision.html at ¶ 18 (“The FATF focuses on outcomes rather than process.”).
9 Id. At ¶ 81.

                                                                 4
© The Wolfsberg Group 2021                                               The Wolfsberg Group – Demonstrating Effectiveness
eliminate an ineffective or inefficient control should be a part of an FI’s overall assessment of its risk-based controls.
The Group plans to address resource prioritisation in more detail in an upcoming paper.

C onclusion

Ultimately, each FI should be able to demonstrate effectiveness by telling its unique story, based on its risks and
corresponding AML/CTF programme. An FI’s effectiveness, as it relates to designated priorities or the AML/CTF
programme overall, should be measured based on its compliance with law and regulations, how it is designed to
provide highly useful information to government authorities in defined priority areas, and how the FI builds and
maintains a reasonable and risk-based set of controls to mitigate the risks of the FI being used to facilitate illicit
activity. The Group believes designing, assessing, and measuring AML/CTF programmes based on performance
against these defined outcomes will help to achieve the FATFs goal of creating a more effective system to combat
money laundering and terrorist financing, while at the same time reducing friction on legitimate customers and
supporting governments in achieving their financial inclusion objectives.

                                                            5
© The Wolfsberg Group 2021                                         The Wolfsberg Group – Demonstrating Effectiveness
You can also read
5 facts about AML5 that businesses should know - Welcome to the business of certainty - Bureau van ...
5 facts about AML5 that businesses should know - Welcome to the business of certainty - Bureau van ...
Managing Risk: how can process models help - Evangelia Belia, Primodal US Inc. Michael Lunn, Primodal US Inc.
Managing Risk: how can process models help - Evangelia Belia, Primodal US Inc. Michael Lunn, Primodal US Inc.
Emergency Management Office (EMO NS)
Emergency Management Office (EMO NS)
Being overweight during pregnancy and after birth - RCOG
Being overweight during pregnancy and after birth - RCOG
Menopause and HRT update - Madhavi Vellayan Consultant Gynaecologist Gloucestershire Hospitals NHS Trust - Winfield Hospital
Menopause and HRT update - Madhavi Vellayan Consultant Gynaecologist Gloucestershire Hospitals NHS Trust - Winfield Hospital
Have you heard about our Princess Group Program? - InteleTravel
Have you heard about our Princess Group Program? - InteleTravel
Rm Manulife Financial - Group Benefits Life Conversion Option
Rm Manulife Financial - Group Benefits Life Conversion Option
Pump It Up and Zig Zag Run Training Improve Children Agility Age 7-8 Years Old
Pump It Up and Zig Zag Run Training Improve Children Agility Age 7-8 Years Old
PROVISIONAL ITINERARY - TEMECULA UNITED SOCCER CLUB 2010 BOYS IRELAND SOCCER TOUR - Irish Rugby Tours
PROVISIONAL ITINERARY - TEMECULA UNITED SOCCER CLUB 2010 BOYS IRELAND SOCCER TOUR - Irish Rugby Tours
Deploying macOS Upgrades and Updates with Jamf Pro - Technical Paper Jamf Pro 9.96 or Later 15 June 2021
Deploying macOS Upgrades and Updates with Jamf Pro - Technical Paper Jamf Pro 9.96 or Later 15 June 2021
The 2021 Trusted Advisor Peer Group - A Peer Group for Non-Executive Directors and Trustees. Creating a trusted network for greater client value ...
The 2021 Trusted Advisor Peer Group - A Peer Group for Non-Executive Directors and Trustees. Creating a trusted network for greater client value ...
Commonwealth Bank of Australia - 2013 165(d) Tailored Resolution Plan
Commonwealth Bank of Australia - 2013 165(d) Tailored Resolution Plan
Club Treboada PRIZE MONEY - International Tournamet of Acrobatic Gymnastics - Sports Acrobatics Info
Club Treboada PRIZE MONEY - International Tournamet of Acrobatic Gymnastics - Sports Acrobatics Info
Commonwealth Bank of Australia - 2014 Section 165(d) Dodd-Frank Act Tailored Resolution Plan
Commonwealth Bank of Australia - 2014 Section 165(d) Dodd-Frank Act Tailored Resolution Plan
The Effect of Applying Problem Based Learning on the Sixth Grade Students' Critical and Communicative Thinking Skills at SDN Tegal Besar 03 Jember
The Effect of Applying Problem Based Learning on the Sixth Grade Students' Critical and Communicative Thinking Skills at SDN Tegal Besar 03 Jember
Black Sea Financially Settled (Platts) Sunflower Oil futures
Black Sea Financially Settled (Platts) Sunflower Oil futures
Government Data Center Modernization - Strategy Focus Group Discussion 13 March 2017
Government Data Center Modernization - Strategy Focus Group Discussion 13 March 2017
Latest from the OSCE Special Monitoring Mission to Ukraine (SMM), based on information received as of 19:30, 18 February 2019 - ReliefWeb
Latest from the OSCE Special Monitoring Mission to Ukraine (SMM), based on information received as of 19:30, 18 February 2019 - ReliefWeb
AIIA Calendar of Events and Rate Card January - June 2019 - For more information please visit www.aiia.com.au
AIIA Calendar of Events and Rate Card January - June 2019 - For more information please visit www.aiia.com.au
The Comparison the Effectiveness of Guided Discovery Model and Inquiry Model for Early Childhood Education Students - IJICC
The Comparison the Effectiveness of Guided Discovery Model and Inquiry Model for Early Childhood Education Students - IJICC
2018 ITALIAN ELECTIONS - A guide on what to expect on March 4th - APCO Worldwide
2018 ITALIAN ELECTIONS - A guide on what to expect on March 4th - APCO Worldwide
Saskatchewan Liquor and Gaming Authority - Plan for 2019-20 - saskatchewan.ca
Saskatchewan Liquor and Gaming Authority - Plan for 2019-20 - saskatchewan.ca
Duke Energy s DA (Distribution Automation) Program - Rod Hallman - Sr. Engineer New Technology Group - Product specifications, product selection ...
Duke Energy s DA (Distribution Automation) Program - Rod Hallman - Sr. Engineer New Technology Group - Product specifications, product selection ...
Leeds International Study Centre - International Foundation Year International Year One - Study Group
Leeds International Study Centre - International Foundation Year International Year One - Study Group
ABBOTT CODING GUIDE CARDIOMEMS HF SYSTEM Effective January 1, 2022 - INTRO PHYSICIAN CODING - Abbott cardiovascular
ABBOTT CODING GUIDE CARDIOMEMS HF SYSTEM Effective January 1, 2022 - INTRO PHYSICIAN CODING - Abbott cardiovascular
Role of Computer and Information Technology in Education System
Role of Computer and Information Technology in Education System
Laparoscopic Hiatal Hernia Repair - Patient & Family Guide Please bring this booklet to the hospital with you - Nova Scotia Health Authority
Laparoscopic Hiatal Hernia Repair - Patient & Family Guide Please bring this booklet to the hospital with you - Nova Scotia Health Authority
NYDFS Fines First Unum and Paul Revere Insurance Companies $1.8 Million for Violations Arising Out of Data Breaches
NYDFS Fines First Unum and Paul Revere Insurance Companies $1.8 Million for Violations Arising Out of Data Breaches
2021 NEBRASKA ARTIST BIENNIAL - Gallery 1516
2021 NEBRASKA ARTIST BIENNIAL - Gallery 1516
COVID-19 vaccine safety update - VAXZEVRIA - European ...
COVID-19 vaccine safety update - VAXZEVRIA - European ...
LEGAL UPDATES January 202 1 - RHTLaw Vietnam
LEGAL UPDATES January 202 1 - RHTLaw Vietnam
The Lottery and Educational Opportunities for South Carolinians - Programs & Information
The Lottery and Educational Opportunities for South Carolinians - Programs & Information
Venue: Penryn Campus Date: 1 May 2018
Venue: Penryn Campus Date: 1 May 2018
INFORMATION SHEET 2021/2022 - Universität Potsdam
INFORMATION SHEET 2021/2022 - Universität Potsdam
Spring 2019 Weekend Guide
Spring 2019 Weekend Guide
Molybdenum- The New Battery Metal 2018 - hammermetals.com.au
Molybdenum- The New Battery Metal 2018 - hammermetals.com.au
Compliance and Enforcement update April 2019 to March 2020 - April 2020 - Entrust
Compliance and Enforcement update April 2019 to March 2020 - April 2020 - Entrust
International Friendship Week 21st to 27th July 2013
International Friendship Week 21st to 27th July 2013
Summer Holiday Programme - 2nd August - 3rd September 2021 Please use the link below or scan the QR code for our
Summer Holiday Programme - 2nd August - 3rd September 2021 Please use the link below or scan the QR code for our
COVID-19 INFORMATION PACKAGE: January 2021 - St ...
COVID-19 INFORMATION PACKAGE: January 2021 - St ...
GREENHOUSE GAS REPORTING PORTAL USER GUIDE - THIS DOCUMENT PROVIDES GUIDANCE ON USING THE WERECYCLE PORTAL TO SUBMIT GREENHOUSE GAS (GHG) REPORTS ...
GREENHOUSE GAS REPORTING PORTAL USER GUIDE - THIS DOCUMENT PROVIDES GUIDANCE ON USING THE WERECYCLE PORTAL TO SUBMIT GREENHOUSE GAS (GHG) REPORTS ...
Guardian i 3 International Quality Growth Fund
Guardian i 3 International Quality Growth Fund
VENDOR INFORMATION GUIDE INDIRECT PURCHASES - REVISION DATE: MARCH 10, 2021 - LOWESLINK
VENDOR INFORMATION GUIDE INDIRECT PURCHASES - REVISION DATE: MARCH 10, 2021 - LOWESLINK
Simonds Group Limited - 61 Financial
Simonds Group Limited - 61 Financial
Production and Dissemination of Information for Voters in Accessible Formats Advance Contract Award Notice (ACAN)
Production and Dissemination of Information for Voters in Accessible Formats Advance Contract Award Notice (ACAN)
Statement of Strategy 2017-2021 - NCSE
Statement of Strategy 2017-2021 - NCSE
(SNA) - Payroll Information Note For Special Needs Assistants **PLEASE DETACH THIS NOTE AND PROVIDE IT TO THE SNA *DO NOT RETURN THIS NOTE WITH ...
(SNA) - Payroll Information Note For Special Needs Assistants **PLEASE DETACH THIS NOTE AND PROVIDE IT TO THE SNA *DO NOT RETURN THIS NOTE WITH ...
National Centre for Guidance in Education - Webinar Presentation and Discussion for Whole School Guidance during the Covid19 Pandemic
National Centre for Guidance in Education - Webinar Presentation and Discussion for Whole School Guidance during the Covid19 Pandemic
Immaculate Conception School - Immaculate Conception ...
Immaculate Conception School - Immaculate Conception ...
CODE OF BUSINESS CONDUCT AND ETHICS - A summary of Fluor's for non-office based Stork Employees
CODE OF BUSINESS CONDUCT AND ETHICS - A summary of Fluor's for non-office based Stork Employees
We use cookies. Please refer to the Privacy Policy.