CHAPTER 8
THE WOLFSBERG PRINCIPLES2

2 Excerpts from the Wolfsberg Principles reproduced with kind permission of the Wolfsberg Group. All rights reserved.

The Wolfsberg Group is an association of eleven global banks which aims to develop financial service industry standards and related products for Know Your Customer, Anti-Money-Laundering and Counter-Terrorist-Financing policies.

The Group came together in 2000, at Château Wolfsberg in north-eastern Switzerland, in the company of representatives from Transparency International, including Stanley Morris, and Professor Mark Pieth of the University of Basel, to work on drafting anti-money-laundering guidelines for private banking. The Wolfsberg Anti-Money-Laundering Principles for Private Banking were subsequently published in October 2000, revised in May 2002 and again most recently in June 2012.

The Group then published a Statement on the Financing of Terrorism in January 2002, and also released the Wolfsberg Anti-Money-Laundering Principles for Correspondent Banking in November 2002 with the Wolfsberg Statement on Monitoring Screening and Searching being issued in September 2003. In 2004, the Wolfsberg Group focused on the development of a due diligence model for financial institutions, in cooperation with Banker's Almanac, thereby fulfilling one of the recommendations made in the Correspondent Banking Principles.

During 2005 and early 2006, the Wolfsberg Group of banks actively worked on four separate papers, all of which aimed to provide guidance with regard to a number of areas of banking activity where standards had yet to be fully articulated by lawmakers or regulators. It was hoped that these papers would provide general assistance to industry participants and regulatory bodies when shaping their own policies and guidance, as well as making a valuable contribution to the fight against money laundering. The papers were all published in June 2006, and consisted of two sets of guidance: Guidance on a Risk Based Approach for Managing Money Laundering Risks and AML Guidance for Mutual Funds and Other Pooled Investment Vehicles. Also published were FAQs on AML issues in the Context of Investment and Commercial Banking and FAQs on Correspondent Banking, which complement the other sets of FAQs available on the site: on Beneficial Ownership, Politically Exposed Persons and Intermediaries.

In early 2007, the Wolfsberg Group issued its Statement against Corruption, in close association with Transparency International and the Basel Institute on Governance. It describes the role of the Wolfsberg Group and financial institutions more generally in support of international efforts to combat corruption. The Statement against Corruption identifies some of the measures financial institutions may consider in order to prevent corruption in their own operations and protect themselves against the misuse of their operations in relation to corruption. Shortly thereafter, the Wolfsberg Group and The Clearing House Association LLC issued a statement endorsing measures to enhance the transparency of international wire transfers to promote the effectiveness of global anti-money-laundering and anti-terrorist-financing programmes.

In 2008, the Group decided to refresh its 2003 FAQs on PEPs, followed by a reissued Statement on Monitoring, Screening and Searching in 2009. 2009 also saw the publication of the first Trade Finance Principles and Guidance on Credit/Charge Card Issuing and Merchant Acquiring Activities. The Trade Finance Principles were expanded upon in 2011 and the Wolfsberg Group also replaced its 2007 Wolfsberg Statement against Corruption with a revised, expanded and renamed version of the paper: Wolfsberg Anti-Corruption Guidance. This Guidance takes into account a number of recent developments and gives tailored advice to international financial institutions in support of their efforts to develop appropriate anti-corruption programmes, to combat and mitigate bribery risks associated with clients or transactions and also to prevent internal bribery.

More recently, focus has expanded to the emergence of new payment methods and the Group published Guidance on Prepaid and Stored Value Cards, which considers the money-laundering risks and mitigants of physical prepaid and stored value card issuing and merchant acquiring activities, and supplements the Wolfsberg Group Guidance on Credit/Charge Card Issuing and Merchant Acquiring Activities of 2009.

In 2014 the Group issued Guidance on Mobile and Internet Payment Services (MIPS) and reissued the Principles for Correspondent Banking first issued in November 2002.

8.1 WOLFSBERG STANDARDS

The Wolfsberg Standards consist of the various sets of AML Principles, as well as related statements, issued by the Group since its inception:

  • Wolfsberg Principles for Correspondent Banking (2014)
  • Wolfsberg Statement - Guidance on Mobile and Internet Payment Services (MIPS) (2014)
  • Wolfsberg Private Banking Principles (May 2012)
  • Wolfsberg Guidance on Prepaid and Stored Value Cards (14th October, 2011)
  • Wolfsberg Anti-Corruption Guidance (2011)
  • Statement on the publication of the Wolfsberg Anti-Corruption Guidance (August 2011)
  • The Wolfsberg Trade Finance Principles (2011)
  • Wolfsberg Monitoring Screening Searching Paper (9th November, 2009)
  • Wolfsberg AML Guidance on Credit/Charge Card Issuing and Merchant Acquiring Activities (May 2009)
  • The Wolfsberg Trade Finance Principles (January 2009)
  • Wolfsberg Group, Clearing House Statement on Payment Message Standards (April 2007)
  • Wolfsberg Group, Notification for Correspondent Bank Customers (April 2007)
  • The Wolfsberg Statement against Corruption (February 2007)
  • Wolfsberg Statement – Guidance on a Risk Based Approach for Managing Money Laundering Risks (March 2006)
  • Wolfsberg Statement – Anti-Money Laundering Guidance for Mutual Funds and Other Pooled Investment Vehicles (March 2006)
  • Wolfsberg Statement on Monitoring Screening and Searching (September 2003)
  • Wolfsberg Statement on The Suppression of the Financing of Terrorism (January 2002).

In the following sections we consider key elements of certain of these statements. Further information on individual elements of the statements appears in the relevant chapters of this book. If you do need full details of all or any of the statements, then reference should be made to the original statements. The principles are reproduced with the kind permission of the Wolfsberg Group.

8.1.1 Wolfsberg Anti Money Laundering Principles for Correspondent Banking (2014)

These principles update those originally issued in November 2002 and reiterate the requirements set out by FATF. The principles are also intended to be applied to SWIFT Relationship Management Application (RMA) relationships in part, or in totality, using a risk based approach.

Responsibility and Oversight

Apart from the normal requirements regarding policies and procedures and governance there is also a requirement that at least one person, senior to or independent from, the officer sponsoring the relationship, should approve the correspondent banking relationship. There is also a requirement for independent review.

Risk Based Due Diligence

Again the risk based approach is adopted taking into account the nature of the supervisory environment in which the firm operates. The particular risks of the relationship do need to be considered with information being updated on a risk basis including the use of trigger events. These include relevant money-laundering-deterrence-related adverse media or adverse client behaviour that results in a material change in the client and this should prompt a review of the relevant documentation and information.

Elements that should be used to address specific risk indicators include the following, if appropriate:

  • The correspondent banking client's geographic risk
  • Branches, subsidiaries and affiliates of correspondent banking clients
  • Branches, subsidiaries and affiliates of the institution
  • The correspondent banking client's ownership and management structures
  • The correspondent banking client's business
  • The correspondent banking client's customer base
  • Products or services offered to the correspondent bank client
  • Regulatory status and history
  • Anti money laundering controls
    • The correspondent banking client's AML procedures should be assessed
  • No business arrangements with shell banks
    • This should be confirmed by the institution
  • Client visit
    • Unless other measures suffice, a representative should visit the correspondent banking client prior to, or within a reasonable period of time after, the establishment of the relationship.

Enhanced Due Diligence

Three issues are identified:

  • PEP involvement
    • This is where a PEP is involved with the correspondent banking client. A normal PEP review should be conducted taking into account the risk to the relationship.
  • Downstream correspondents
    • These are also referred to as “nested” relationships and are where facilities are provided to other banks. The additional monitoring is similar to the initial indicators above.
  • Approval
    • Again a higher level of approval is required with a review of high risk relationships on at least an annual basis.

The remaining sections refer to monitoring and integration with the anti money laundering programme.

8.1.2 Wolfsberg Private Banking Principles – May 2012

This recently updated guideline provides general principles for banks, particularly in relation to KYC and due diligence.

The guideline provides that banks will endeavour to accept only those clients whose source of wealth and funds can be reasonably established to be legitimate. The primary responsibility for this lies with the private banker who sponsors the client for acceptance. Mere fulfilment of internal review procedures does not relieve the private banker of this basic responsibility. Bank policy will specify what such responsibility and sponsorship entail. The use of the word “endeavour” is due to the rules of Wolfsberg not strictly being obligatory.

Identification

The bank will establish the identity of its clients and beneficial owners prior to establishing business relationships with such persons. Identity is generally established by obtaining the name, date of birth (in the case of individuals), address and such further information as may be required by the laws of the relevant jurisdictions.

The requirement is for the bank to take reasonable measures to verify identity when establishing a business relationship as noted below, subject to applicable local requirements.

  1. Natural persons: Identity will be verified to the bank's satisfaction on the basis of official identity papers or other reliable, independent source documents, data or information as may be appropriate under the circumstances.
  2. Corporations, partnerships, foundations: Identity will be verified on the basis of documentary evidence of due organisation and existence.
  3. Trusts: Identity will be verified on the basis of appropriate evidence of formation and existence or similar documentation. The identity of the trustees will be established and verified.

Identification documents, if used for verification purposes, must be current at the time of opening and copies of such documents should be obtained.

Beneficial Ownership

Beneficial ownership, for AML purposes, must be established for all accounts. The guideline sets out various situations in which beneficial ownership should be ascertained:

  1. Natural persons: When the account is in the name of an individual, the private banker must establish whether the client is acting on his/her own behalf. If doubt exists, the bank will establish the capacity in which, and on whose behalf, the account holder is acting.
  2. Legal entities: Where the client is a private investment company, the private banker will understand the structure of the company sufficiently to determine the provider of funds, the beneficial owner(s) of the assets held by the company and those with the power to give direction to the directors of the company. This principle applies regardless of whether the share capital is in registered or bearer form.
  3. Trusts: Where the client is a trust, the private banker will understand the structure of the trust sufficiently to determine:
    1. the provider of funds (e.g. settlor);
    2. those who have control over the funds (e.g. trustees);
    3. any persons or entities who have the power to remove the trustees; and
    4. the persons for whose benefit the trust is established.
  4. Partnerships: Where the client is a partnership, the private banker will understand the structure of the partnership sufficiently to determine the provider of funds and the general partners.
  5. Foundations: Where the client is a foundation, the private banker will understand the structure of the foundation sufficiently to determine the provider(s) of funds and how the foundation is managed.

In each of the above cases, the private banker will make a reasonable judgment as to the need for further due diligence.

Intermediaries

The nature of the relationship of the bank with an intermediary depends on the type of intermediary involved.

Introducing intermediary

An introducing intermediary introduces clients to the bank, whereupon the introducing intermediary's clients become clients of the bank. The bank will generally obtain the same type of information with respect to an introduced client that would otherwise be obtained by the bank, absent the involvement of an introducing intermediary. The bank's policies will address the circumstances in, and the extent to which, the bank may rely on the introducing intermediary in obtaining this information.

Managing intermediary

A managing intermediary acts as a professional asset manager for another person and either:

  1. Is authorised to act in connection with an account that such person has with the bank (in which case the considerations noted above with respect to introducing intermediaries would apply); or
  2. Is itself the account holder with the bank, to be treated as the client of the bank.

The private banker will perform due diligence on the introducing or managing intermediary and establish, as appropriate, that the intermediary has relevant due diligence procedures for its clients, or a regulatory obligation to conduct such due diligence, that is satisfactory to the bank.

Powers of Attorney/Authorised Signers

The relationship between the holder of a power of attorney or another authorised signer, the account holder and, if different, the beneficial owner of the account, must be understood.

The identity of a holder of general powers over an account (such as the power to act as a signatory for the account) will be established and, as appropriate, verified.

Practices for Walk-In Clients and Electronic Banking Relationships

The guideline obliges banks to determine whether walk-in clients or relationships initiated through electronic channels require a higher degree of due diligence prior to account opening. The bank is also obliged specifically to address measures to establish and verify satisfactorily the identity of non-face-to-face customers.

Due Diligence

In addition to the information contemplated above, the guideline states that it is essential to collect and record the following information for clients and beneficial owners:

  • Source of wealth;
  • Net worth;
  • Source of initial funding of account;
  • Account information;
  • Purpose for account;
  • Expected account size;
  • Expected account activity;
  • Occupation;
  • Nature of client's (or beneficial owner's) business;
  • Role/relationship of powers of attorney or authorised third parties;
  • Other pertinent information (e.g. source of referral).

Applying a risk-based approach, the bank will corroborate the information above on the basis of documentary evidence or reliable sources. Unless other measures reasonably suffice to conduct the due diligence on a client (e.g. favourable and reliable references), a client will be met prior to account opening, at which time, if identity is verified on the basis of official identity documents, such documents will be reviewed.

Numbered or Alternate Name Accounts

The guideline only permits numbered or alternate name accounts if the bank has established the identity of the client and the beneficial owner. These accounts must be open to a level of scrutiny by the bank's appropriate control layers equal to the level of scrutiny applicable to other client accounts. Furthermore, wire transfers from these accounts must reflect the true name of the account holder.

Concentration Accounts

Under the guideline, the bank is not allowed to permit the use of its internal non-client accounts (sometimes referred to as “concentration accounts”) to prevent association of the identity of a client with the movement of funds on the client's behalf, i.e. the bank will not permit the use of such internal accounts in a manner that would prevent the bank from appropriately monitoring the client's account activity.

Oversight Responsibility

New clients, subject to a risk-based approach, must be approved by at least one person other than the private banker.

Client Acceptance: Situations Requiring Additional Diligence/Attention; Prohibited Customers

Prohibited customers

The bank will specify categories of customers that it will not accept or maintain.

General

In its internal policies, the bank must define categories of persons whose circumstances warrant enhanced due diligence. This will typically be the case where the circumstances are likely to pose a higher than average risk to a bank.

Indicators

The circumstances of the following categories of persons are indicators for defining them as requiring enhanced due diligence:

  • Persons residing in and/or having funds sourced from countries identified by credible sources as having inadequate AML standards or representing a high risk for crime and corruption.
  • Persons engaged in types of economic or business activities or sectors known to be susceptible to money laundering.
  • “Politically exposed persons,” frequently abbreviated as “PEPs”.

Clients who are not deemed to warrant enhanced due diligence may be subjected to greater scrutiny as a result of:

  • Monitoring of their activities;
  • External inquiries;
  • Derogatory information (e.g. negative media reports);
  • Other factors which may expose the bank to reputational risk.
Senior management approval

The bank's internal policies should indicate whether, for any one or more among these categories, senior management must approve entering into new relationships.

Relationships with PEPs may only be entered into with the approval of senior management.

Cash handling

The bank's policies and procedures will address client cash transactions, including specifically the receipt and withdrawal of large amounts of cash.

Updating Client Files

The private banker is responsible for updating the client file on a defined basis and/or when there are major changes. The private banker's supervisor or an independent control person will review relevant portions of client files on a regular basis to ensure consistency and completeness. The frequency of the reviews depends on the size, complexity and risk posed by the relationship.

With respect to clients classified under any category of persons mentioned above as requiring enhanced due diligence or being prohibited, the bank's internal policies will indicate whether senior management must be involved in these reviews and what management information must be provided to management and/or other control layers. The policies and/or procedures should also address the frequency of these information flows.

Reviews of PEPs must require senior management's involvement.

Practices when Identifying Unusual or Suspicious Activities

Definition of unusual or suspicious activities

The bank will have a written policy on the identification of, and follow-up on, unusual or suspicious activities. This policy and/or related procedures will include a definition of what is considered to be suspicious or unusual and give examples thereof. The guideline provides examples of potentially suspicious activities and how to spot them, including:

  • Account transactions or other activities which are not consistent with the due diligence file;
  • Cash transactions over a certain amount;
  • Pass-through/in-and-out transactions.

Unusual or suspicious activities can be identified through:

  • Monitoring of transactions;
  • Client contacts (meetings, discussions, in-country visits, etc.);
  • Third party information (e.g. newspapers, other media sources, internet);
  • Private banker's internal knowledge of the client's environment (e.g. political situation in his/her country).
Follow-up on unusual or suspicious activities

The private banker, management and/or the control function will carry out an analysis of the background of any unusual or suspicious activity. If there is no plausible explanation, a decision involving the control function will be made to:

  • Continue the business relationship with increased monitoring;
  • Cancel the business relationship;
  • Report the business relationship to the authorities.

The report to the authorities is made by the control function and senior management may need to be notified (e.g. Senior Compliance Officer, CEO, Chief Auditor, General Counsel). As required by local laws and regulations, the assets may be blocked and transactions may be subject to approval by the control function.

Monitoring and screening

The primary responsibility for reviewing account activities lies with the private banker. The private banker will be familiar with significant transactions and increased activity in the account and will be especially aware of unusual or suspicious activities. In addition, a sufficient monitoring programme must be in place. The bank will decide to what extent fulfilment of this responsibility will need to be supported through the use of automated systems or other means.

With respect to clients classified as high risk, the bank's internal policies will indicate how the account activities will be subject to monitoring.

A sufficient sanctions programme must be in place, and no bank or employee may provide any assistance to a client trying to deceive the authorities.

The guideline obliges banks to include standard controls to be undertaken by the various “control layers” (private banker, line management, independent operations unit, Compliance, Internal Audit) in its policies and procedures. These controls will cover issues of frequency, degree of control, areas to be controlled, responsibilities and follow-up, compliance testing, etc.

An independent audit function (which may be internal to the bank) will test the programmes contemplated by these controls.

Reporting

There will be regular management reporting established on money-laundering issues (e.g. number of reports to authorities, monitoring tools, changes in applicable laws and regulations and the number and scope of training sessions provided to employees).

Education, training and information

The bank will establish a training programme on the identification and prevention of money laundering for employees who have client contact and for Compliance personnel. Regular training (e.g. annually) will also include how to identify and follow up on unusual or suspicious activities. In addition, employees will be informed about any major changes in AML laws and regulations.

All new employees will be provided with guidelines on the AML procedures.

Record retention requirements

The bank will establish record retention requirements for all AML-related documents. The documents must be kept for a minimum of five years, or longer, as may be required by local law and regulation.

Exceptions and deviations

The bank will establish an exception and deviation procedure that requires risk assessment and approval by an independent unit.

AML organisation

The bank will establish an adequately staffed and independent department responsible for the prevention of money laundering (e.g. Compliance, independent control unit, Legal).

8.1.3 Statement on Anti-Corruption

In August 2011, the Wolfsberg Group replaced its 2007 Wolfsberg Statement against Corruption with a revised, expanded and renamed version of the paper: Wolfsberg Anti-Corruption Guidance. This Guidance takes into account a number of recent developments and gives tailored advice to international financial institutions in support of their efforts to develop appropriate anti-corruption programmes, to combat and mitigate bribery risks associated with clients or transactions and also to prevent internal bribery.

Bribery is commonly described as involving the promise, offer/acceptance or transfer of an advantage, either directly or indirectly, in order to induce or reward the improper performance of a function or an activity. It may occur in a commercial arrangement (so-called commercial bribery) or involve the misuse of public office or public power for private gain in order to obtain, retain or direct business or to secure any other improper advantage in the conduct of business.

Financial Institutions' Internal Measures/Anti-corruption Programme

The statement provides guidance on anti-corruption programmes. It states that financial institutions should risk assess their own acuities, products and services, as appropriate, to develop and implement effective anti-corruption policies, procedures and measures, which are proportionate to the corruption risks identified. The following internal measures are important mitigants that a financial institution should consider implementing to prevent bribery and to protect employees, as well as the organisation itself, in the event that an allegation of direct or indirect bribery or corruption is raised:

  • Senior management commitment;
  • Risk assessment;
  • Clear, practical and proportionate policies;
  • Monitoring and review.

Misuse of the Financial System through Corruption

Financial institutions may be misused to further acts of corruption or to launder the proceeds of bribery. For example:

  • A customer directing or collecting funds for the purpose of paying a bribe;
  • A recipient of a bribe placing proceeds of the illicit bribe payment into the financial system;
  • The deposit of misappropriated state assets;
  • The clearing of transactions in any of the above cases.

In many instances, and without further information (for example, absent red flags), it may not be apparent from account activity that misuse is occurring and, therefore, it is hardly possible for financial institutions to make a distinction between accounts and transactions associated with corruption and those accounts and transactions that have a legal and sound commercial basis. This is particularly, but by no means exclusively, the case when dealing with substantial companies with complex business operations. The primary responsibility to ensure that funds are neither collected nor used for illicit operations, including bribery, must rest with a financial institution's customer or that customer's representatives. This is particularly true since a financial institution will seldom have a complete overview of its customers' financial activity.

Transactions involving the proceeds of corruption often follow patterns of behaviour common to money laundering associated with other criminal activities. Adherence to existing anti-money-laundering policies, procedures and controls is therefore important in the fight against corruption. By the same token, the standards and guidance set out in existing Wolfsberg papers are similarly relevant to determine and manage money-laundering risks related to corruption.

Risk-based Approach

The anti-corruption programme addressing internal bribery risks should be based upon the financial institution's wider risk-management strategy which will encompass a risk-based approach. There is an appendix to the guideline providing further guidance based on the following criteria:

  • Services risk
  • Country risk
  • Customer risk
  • Industry risk
  • Transaction risk indicators (“red flags”).
Services risk

The payment and receipt of bribes may be effected through a variety of services provided by financial institutions. However, in considering and assessing exposure to this risk, there are certain services that may be considered more vulnerable to abuse than others. The risks and possible mitigating measures are highlighted below, together (where appropriate) with any particularly relevant red flags.

Private banking
  1. Risks: Private banking, particularly international private banking services, is vulnerable for a variety of reasons, including the high-net-worth characteristics of the customer base, the offshore nature of the facilities offered and the type of products and services available (e.g. asset protection and investment vehicles such as trusts, foundations, personal investment companies, cross-border wire transfers, etc.). In particular, recipients of bribes may seek international private banking services to launder the proceeds of the bribes.
  2. Mitigating measures: Important mitigating measures include acceptance procedures for customers including the identification of beneficial ownership, the verification of identity and due diligence, notably establishing the source of wealth and source of funds deposited. These measures should also take into account risk indicators such as countries identified as representing higher risk for corruption, whether the customer is categorised as a PEP, or whether the customer is involved in a higher risk industry (e.g. arms dealing, or acting as an agent or intermediary for the arms trade, or other industry sector identified as posing increased corruption risks). Various risk attributes and red flags should be taken into account by an institution's policies to identify when enhanced due diligence should be applied to a prospective or existing client relationship. Adherence to the Wolfsberg AML Principles on Private Banking should constitute effective risk management in this area.
  3. Red flags: Substantial cash or wire transfers to or from an account of a private banking customer where such activity is not consistent with legitimate or expected activity. In particular, substantial activity over a relatively short time period and/or the improper use of corporate vehicles to obscure ownership and/or the involvement of industries and/or countries posing increased corruption risk may also raise suspicions that require further due diligence and investigation.
Project finance/export credits
  1. Risks: The provision of finance to customers of a financial institution and/or involvement in transactions linked to major project finance initiatives, such as those to support public sector infrastructure/construction projects or the exploitation of natural resources, is particularly vulnerable to the payment of bribes or other corrupt activity, not least because of the size and complexity of projects of this nature, in combination with the generally large number of participants involved, including government export credit agencies, private companies and banks. The responsibilities of financial institutions will generally be limited to their direct involvement in the financial advisory services, arranging or financing process such as with the borrower, exporter of record or sponsor and then only as regards disbursement of funds to, or for and on behalf of, the direct customer.
  2. Mitigating measures: Where governments, international organisations or multilateral lending organisations are involved in loans, donations or other arrangements or in facilitating trade through export credits, financial institutions may have an involvement in these arrangements. In these circumstances, financial institutions can reasonably expect such governments or organisations to conduct appropriate assessments (diligence) on the parties involved and to take other appropriate measures to ensure that funds are not siphoned off to pay bribes. Financial institutions will, however, need to complete their own due diligence as appropriate to their customers.
  3. Red flags:
    1. Projects located in countries where corruption risks are regarded as being high;
    2. A project structure involving legal entities in offshore jurisdictions where the ownership and role of the entity is not clear and purpose of the payment is not transparent;
    3. A project involving the use of intermediaries;
    4. Project payments to third parties, whose role in the transaction is unclear or who request unusually opaque methods of payment.

Factors that could be considered by a financial institution whose customers are directly involved in project finance or related activities might include country, industry and political risk (see the sections on Country risk and Customer risk below) as well as due diligence or enhanced due diligence on the customer. For example, it might be appropriate to consider a customer's record in relation to convictions or other sanctions for corruption, if known. It would not be reasonable to extend due diligence beyond the direct customer to sub-contractors, suppliers, agents, consultants or other intermediaries. However, if the financial institution discerns something sufficiently unusual about the transaction, it should seek clarification about the matter, so as to dispel concerns it may have with regard to the transaction.

Retail banking
  1. Risks: The diversity of products and services offered through a retail banking operation results in a huge variety of customers. This factor, together with the nature and scale of transactions executed through retail banks, means that it is virtually impossible to identify specific transactions that may be linked to corrupt activities, particularly petty corruption, unless such transactions are sufficiently unusual and are identified in the course of monitoring designed to detect money laundering.
  2. Mitigating measures: In general, a retail bank's AML policies and procedures should be applied, adopting a risk-based approach.
Country risk

Countries having been identified by credible sources as having significant levels of corruption; for further information see the Wolfsberg Guidance on a Risk Based Approach.

Customer risk

Certain customers identified during due diligence or enhanced due diligence (initial and ongoing) may potentially represent a greater degree of risk. Such due diligence or enhanced due diligence may include identification of negative publicly available information from credible sources that calls into question a customer's activities regarding corruption, or, indeed, that indicates that prosecutions or actions have been taken by governmental authorities and/or law enforcement. The risks and possible mitigating measures are highlighted below, together with any particularly relevant red flags.

Politically exposed persons

PEPs potentially represent higher risk either because they are in a position to exert undue influence on decisions regarding the conduct of business by private sector parties, or they have access to state accounts and funds.

  1. Red flags: Substantial cash or wire transfers into, or from, an account of a customer identified as a PEP, where such activity is not consistent with legitimate or expected activity. In particular, substantial activity over a relatively short time period and/or the improper use of corporate or other vehicles to obscure ownership may also raise suspicions.
Intermediaries/agents

In certain industries, the services of intermediaries or agents are used by companies to help secure or retain business abroad. Commissions paid to agents have sometimes been used to pay bribes to government officials on behalf of a company. Intermediaries and/or agents are often difficult to identify.

  1. Mitigating measures: If a financial institution is able to identify a private banking prospect or client as an intermediary and/or agent, particularly in industries and/or sectors identified as posing increased corruption risk, it may determine that enhanced due diligence would be appropriate because, for example, the services (private banking), industry, country and/or transactional risk indicators are present which could increase the risks posed for the financial institution in dealing with the customer. Under these circumstances, the financial institution might consider one or more of the following as part of that enhanced due diligence exercise, for example whether the customer:
    1. Has a family member in a government position, especially if the family member works in a procurement or decision-making position or is a high-ranking official in the department with which the intermediary is known to have dealings and that is the target of the intermediary's efforts.
    2. Has failed upon request (or has been suspiciously reluctant) to disclose owners, partners or principals; uses shell or holding companies or equivalent structures that obscure ownership without credible explanation.
    3. Has little or no expertise in the industry or the country in connection with which he acts as an intermediary.
    4. Anticipates substantial commission payments as an intermediary, either in absolute terms or as a percentage of the main contract sum, which cannot plausibly be verified vis-à-vis the role undertaken.
    5. Is retained by a company whose reputation in relation to the payments of such commissions is questionable by reference to prior convictions or governmental actions, or that is reputed otherwise to engage in improper payments to governmental organisations.
  2. Red flags: Substantial cash or wire transfers into or from an account of a customer identified as an agent or intermediary where such activity is not consistent with legitimate or expected activity. In particular, substantial activity over a relatively short time period and/or the improper use of corporate vehicles to obscure ownership and/or the involvement of industries and/or countries posing increased corruption risk may also raise suspicions.
Correspondents

Correspondent customers potentially represent higher risks because the bank typically has no direct relationship with the customers of the correspondent bank. The bank is, therefore, unable as a matter of course to verify the identity of these underlying customers or understand the nature of the business and transactions (e.g. wire transfers, clearing cheques) it processes on their behalf.

Industry risk

Certain business sectors and industries have historically been identified with high perceived levels of corruption. Financial institutions therefore need to assess, based on their own criteria, whether the activity of a customer in a particular industry poses a higher risk of corruption.

Where risk factors are identified, an assessment should be made as to whether the customer should be the subject of enhanced due diligence, transaction monitoring, senior management approval and/or other measures, including review and oversight of their financial operations, as may be appropriate. In some circumstances, the filing of a suspicious activity report (SAR) or other notification to the authorities may be required by local law or regulations.

A Multi-stakeholder Approach

The international community recognises the need for States to cooperate with one another in order to prevent and eradicate corruption. Organisations like the OECD and the UN also recognise that if efforts are to be effective, the involvement and support of individuals and groups outside the public sector are required, including civil society, non-governmental organisations and community-based organisations. Private sector companies and their related industry organisations, Chambers of Commerce and other industry organisations also have an important role to play in this regard in apprising financial institutions of developments to prevent corruption by industrial sectors or individual firms.

The Wolfsberg Group supports the publicly led multi-stakeholder approach to addressing the following important areas where further dialogue and cooperation may lead to improvements in preventing and deterring bribery and other corrupt activity as it affects the financial sector:

  1. Governments and international institutions (IMP, World Bank): Where governments, through their diplomatic services or political analysts, have evidence of corruption in foreign countries or have evidence that foreign officials and their families have acquired assets through corruption, they should take appropriate action such as sharing this assessment with civil society and the private sector in an appropriate manner.
  2. Governments and their agencies: Export credit agencies, development aid, lending and trade departments should carry out coordinated due diligence and monitoring so that an appropriate audit trail in respect of money transfers and credits may be established by them.
  3. Governments and international bodies: A more coordinated and harmonised approach should be developed between governments as to the recovery and repatriation of assets held by financial institutions and identified as connected to corruption.
  4. Law enforcement and financial intelligence units: Should identify new techniques used by money launderers in relation to bribery and other corrupt activity, communicate typologies to the financial community and develop appropriate countermeasures.
  5. Regulators and supervisors: In relation to the development of policies and procedures that are consistent with regard to the definition and identification of politically exposed persons as well as the initial and ongoing management of relationships with customers who fall into this category.
  6. Civil society and non-governmental organisations: Should identify trends, patterns and mechanisms used by bribe payers and recipients, thereby gaining a better understanding of the causes and effects of bribery and other corrupt activity, in order to prevent the misuse of financial institutions and support the development of appropriate standards and controls.

The Wolfsberg Group believes that constructive dialogue in this area will help to increase the knowledge and ability of such agencies and institutions to identify trends, patterns, money-laundering techniques and mechanisms used in the furtherance of acts of bribery and corruption and, with an effective public/private partnership, financial institutions will be better placed to assist in the fight to prevent and/or detect and disclose incidents of corruption.

8.1.4 Wolfsberg Guidance on Mobile and Internet Payment Services (MIPS)

This guidance supplements the guidance issued on credit/charge card issuing and merchant acquiring activities and on prepaid and stored value cards. It discusses the roles and operations of MIPS and also discusses Non-Bank Service Providers (NBSPs).

MIPS Risk Factors

The concerns over MIPS are where the following services are included within their product offering:

  • Ability to transfer funds (domestically and/or internationally)
  • Speed of transfer of funds
  • Lack of, or difficulty in providing, an audit trail
  • Lack of, or difficulty in compiling, an aggregate view of multiple transactions
  • Lack of face to face contact
  • Identification means either not taken, or taken and not verified
  • The ability to reload
  • The ability to load/reload with cash
  • The ability to withdraw cash
  • The ability to load/transfer from alternative funding sources.

The analysis of these features will enable a firm to assess the money laundering risks posed and the controls that can be applied to mitigate these risks.

The following factors should be considered when assessing the risk:

  • Intended geographical scope of the MIPS
  • Intended usages of the MIPS
  • Knowledge about MIPS users
  • Intended scope of MIPS (open/closed loop)
  • Source of funding
  • Value limits
  • Cash withdrawal via automated teller machines (ATM)/cash redemption of monetary value
  • Value term limit
  • MIPS KYC/CDD requirements for service activation.

AML Framework

Again a risk based approach is adopted. For low risk propositions no identification and verification is required so long as patterns do not change over time. For higher risk propositions the identification of the MIPS user is required as well as verification of name and address.

In terms of screening for low risk propositions no sanctions screening is required, whereas for higher risk propositions it is required before the account or service is opened and during the lifetime of the relationship.

All partners in the service should be subject to appropriate risk based due diligence.

In terms of transaction monitoring the following are identified as being worthy of note:

  • Unusual level and frequency of ATM usage
  • Unusually high value/volume payment service activity
  • Unusually high velocity payment service activity
  • Identifying patterns of high cash activity
  • MIPS usage in unexpected or high risk countries
  • Identifying patterns related to typologies.

Conclusion

In conclusion the Wolfsburg Group believes that:

  • NBSPs involved in money transmission should be subject to AML regulation/oversight
  • Unregulated NBSPs should be considered as high risk
  • Financial institutions need to consider their regulatory/reputational position when dealing with unregulated NBSPs if money transmission is involved
  • Increased harmonisation of mobile, internet and prepaid-related terminology is desirable to aid discussion and guidelines.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset