Wolfsberg publishes further guidance on developing an effective AML/CTF programme

The Wolfsberg Group is an association of global banks which develops guidance to help financial institutions (FIs) manage financial crime risks. Although the Group is not specifically endorsed by any national regulators, many of the guiding practices have become standard among both non-member and member FIs. 

In December 2019, the Group issued a Statement on Effectiveness of AML/CTF Programmes, noting that FIs "still tend to be examined by national supervisors almost exclusively on the basis of technical compliance rather than focusing on the practical element of whether AML/CTF programmes are really making a difference in the fight against financial crime."

In that Statement, the Wolfsberg group set out the elements it believes supervisors should evaluate when assessing FIs’ compliance, while "recognising that no two FIs are the same and each FI's risk mitigation strategy must be tailored to meet its risk appetite". The three elements are:

1. Complying with AML/CTF laws and regulations 
2. Providing highly useful information to relevant government agencies in defined priority areas 
3. Establishing a reasonable and risk-based set of controls to mitigate the risks of a FI being used to facilitate illicit activity.

Further to that Statement, the Wolfsberg Group released August 2020 guidance for FIs to help strengthen their AML/CTF programmes and more effectively fight financial crime.  The steps will certainly look familiar to financial crime SMEs, but the guidance does provide some additional insights for supervisors as well as FIs.

1. Assess risk in defined priority areas - the risk assessment is of course the essential first step for any FI. The guidance cites to the Bank Secrecy Act/Anti-Money Laundering Examination Manual and notes that a variety of risk assessment methods and formats may be suitable for different institutions. According to the Group, FIs should leverage the national risk assessment and priorities set by law enforcement to determine which financial crime risk areas to focus on.
2. Implement/Enhance controls - depending on the priority risk areas, the FI should evaluate controls designed to mitigate those risks, and may accordingly need to enhance certain controls.
3. Prioritise Resources - FIs should reallocate time and resources from lower-risk areas to high-risk areas and “harness technological developments (e.g. machine learning and artificial intelligence).” Uniquely, the guidance also urges FIs to "discontinu[e] practices that do not lead to one of the key elements of an effective AML/CTF programme."
4. Engage with Law Enforcement - according to the Wolfsberg Group, the most effective way to engage with law enforcement is through public-private partnerships (PPP). Clearly the availability or reasonableness of engaging with law enforcement will depend where the FI is operating, so this guidance also serves as a call to supervisors to provide further avenues for cooperation.
5. Demonstrate AML/CTF Programme Effectiveness - because risks will vary depending on the FI's operations, size, location, etc. how to measure effectiveness will also vary. According to the guidance, both quantitative and qualitative factors should be used. The guidance also urges supervisors and law enforcement to provide feedback to FIs on what they have found to be most effective.

This latest guidance from the Wolfsberg Group further emphasises their conclusion that AML/CTF programmes should be implemented and measured not only on technical compliance, but true effectiveness in mitigating financial crime risk. FIs can, and as per Wolfsberg’s latest guidance should, leverage new technology and data together with qualitative evidence to test effectiveness.