Preamble The
continuing threat of money laundering through financial institutions
is most effectively managed by understanding and addressing the
potential money laundering risks associated with customers and
transactions. Therefore, the Wolfsberg Group (1) has
developed this Guidance to assist institutions in managing money
laundering risks and further the goal of Wolfsberg Group members
to endeavour to prevent the use of their institutions for criminal
purposes. It is well understood that money launderers go to great lengths
to make their transactions indistinguishable from legitimate transactions.
Accordingly, it is difficult (at times impossible) for an institution
to distinguish between legal and illegal transactions, notwithstanding
the development and implementation of a reasonably designed risk
based approach in an institution's anti-money laundering program. An assessment of money laundering risks will result in the application
of appropriate due diligence when entering into a relationship,
and ongoing due diligence and monitoring of transactions throughout
the course of the relationship. A reasonably designed risk
based approach will provide a framework for identifying the degree
of potential money laundering risks associated with customers and
transactions and allow for an institution to focus on those customers
and transactions that potentially pose the greatest risk of money
laundering.
The Wolfsberg Group believes that this Guidance will support risk
management and assist institutions in exercising business judgement
with respect to their clients. There is no universally agreed and
accepted methodology by either governments or institutions, which
prescribes the nature and extent of a risk based approach. Accordingly,
this Guidance seeks to articulate relevant considerations which institutions
may find useful in developing and implementing a reasonably designed
risk based approach. The specifics of an institution’s
particular risk based process should be determined by each institution
based on the operations of that institution. This Guidance is not
designed to prohibit potential customers from engaging in transactions
with institutions, but rather assist institutions in effectively
managing potential money laundering risks.
1.
Basis of a Reasonably Designed Risk Based Approach
A reasonably designed risk based approach is one by which institutions
identify the criteria to measure potential money laundering risks.
Identification of the money laundering risks of customers and transactions
will allow institutions to determine and implement proportionate
measures and controls to mitigate these risks. Risks for some customers
may only become evident once the customer has begun transacting
through the account, making monitoring of customer transactions
a fundamental component of a risk based approach. Money laundering risks may be measured using various categories,
which may be modified by risk variables. The most commonly
used risk criteria are:
- Country risk;
- Customer risk; and
- Services risk
in each case as modified by the risk variables as described below. The weight given to these risk categories (individually or in
combination) in assessing the overall risk of potential money laundering
is discretionary with each institution. There clearly is not one
single methodology to apply to these risk categories, and the application
of these risk categories is intended to provide a strategy for
managing potential money laundering risks associated with potentially
high risk customers. Each financial institution should document and periodically review
its risk assessment approach.
2. Applicability to Existing Customers A financial institution may consider whether a risk assessment
should be carried out in respect of existing customers. Circumstances
may exist where a financial institution is satisfied with its existing
risk control measures for particular customers as a result of which
additional risk assessment may be unnecessary. Any decision in
this regard should be taken in the context of the overall risks
of the institution's business or events with respect to particular
customers, transactions or business lines that become apparent
through monitoring of transactions or that otherwise become known
that may suggest a new risk assessment of the particular customer
is appropriate.
3. Risk Variables Some degree of judgement is involved in determining the level
of risk a particular client represents to an institution. An
institution's risk based approach methodology may therefore also
take into account additional risk variables, specific to any particular
customer or transaction. These variables may increase or decrease
the perceived risk posed by a particular customer or transaction
and may include:
- The level of assets to be deposited by the particular customer
or size of transactions undertaken. For example, unusually high
levels of assets or unusually large transactions compared to
what might reasonably be expected of customers with a similar
profile may mean that customers not otherwise seen as higher
risk should be treated as such. Conversely, low levels of assets
or low value transactions involving customers that would otherwise
appear to be higher risk mean that a financial institution may
decide to treat such customers as lower risk within an overall
risk based approach.
- The level of regulation or other oversight or governance regime
to which a customer is subject. A customer that is a financial
institution, for example, regulated in a jurisdiction recognised
as having adequate Anti-Money Laundering ('AML') standards (or
is part of a group that implements a group standard where the
parent is subject to adequate AML regulation and supervision
and the parent of the customer exercises appropriate oversight
over the customer) poses less risk from a money laundering perspective
than a customer that is unregulated or subject only to minimal
AML regulation. Additionally companies and their wholly owned
subsidiaries that are publicly owned and traded on a recognized
exchange pose minimal money laundering risks. Even though
it may become substantially more difficult to distinguish between
legitimate and illegitimate transactions, these companies are
usually from jurisdictions with an adequate, recognised regulatory
scheme, and therefore, generally pose less risk due to the type
of business they conduct and the wider governance regime to which
they are subject. In addition, the necessity to have a
specific understanding of each of the transactions conducted
by these companies is mitigated by the nature of the company
(publicly owned and traded from jurisdictions with adequate controls). Moreover,
these entities may not need to be subjected to as stringent account
opening due diligence or transaction monitoring during the course
of the relationship.
- The regularity or duration of the relationship. Long
standing relationships involving frequent client contact throughout
the relationship may present less risk from a money laundering
perspective.
- The familiarity with a jurisdiction, including knowledge of
local laws, regulations and rules, as well as the structure and
extent of regulatory oversight, as the result of an institution’s
own operations within the jurisdiction. Greater familiarity will
enhance the ability of the institution to assess the client.
- The use by clients of intermediate corporate vehicles or other
structures that have no clear commercial or other rationale or
that unnecessarily increase the complexity or otherwise result
in a lack of transparency for the financial institution. Such
vehicles or structures will increase the risk unless the rationale
is understood and the structure is sufficiently transparent to
the institution.
4. Measures and Controls for Higher Risk Situations Financial institutions should design and implement appropriate
measures and controls to mitigate the potential money laundering
risks of those customers that are determined to be higher risk
as the result of the institution's risk assessment process. Such
measures and controls may require investment both in terms of resource
and time in order to identify and capture appropriate customer
risk data. These measures and controls may include one or
more of the following:
- Increased awareness by the institution of higher risk situations
within business lines across the institution;
- Increased levels of know your customer (“KYC”)
or enhanced due diligence;
- Escalation for approval of the establishment
of an account or relationship;
- Increased monitoring of transactions;
and
- Increased levels of ongoing controls and reviews of relationships.
The same measures and controls may often address more than one
of the risk criteria identified, and it is not necessarily expected
that an institution establish specific controls targeting each
and every risk criterion set forth in this Guidance.
Wolfsberg Group guidelines and principles provide more detailed guidance
on appropriate enhanced measures and controls that could be initiated
for higher risk customers.
(2)
5. Country Risk Country risk, in conjunction with other risk factors, provides useful information
as to potential money laundering risks. There is no universally agreed definition
by either governments or institutions that prescribes whether a particular
country represents a higher risk. Factors that may result in a determination
that a country poses a higher risk include:
- Countries subject to sanctions, embargoes or similar measures issued by,
for example, the United Nations (“UN”). In addition, in
some circumstances, countries subject to sanctions or measures similar to
those issued by bodies such as the UN, but which may not be universally recognized,
may be given credence by an institution because of the standing of the issuer
and the nature of the measures.
- Countries identified by the Financial Action Task Force (“FATF”)
as non-cooperative in the fight against money laundering or identified by
credible sources as lacking appropriate money laundering laws and regulations.
- Countries
identified by credible sources (3) as
providing funding or support for terrorist activities. (While, as stated
below, a risk based approach to identifying terrorist funding in financial
institutions is impracticable, considering those countries that support
terrorist activities as an evaluating factor for determining country
or geography risk may be appropriate.)
- Countries identified by credible sources as having significant levels
of corruption, or other criminal activity. (4)
6. Customer Risk Determining the potential money laundering risks posed by a customer will
provide significant input into the overall money laundering risk assessment.
Each institution needs to assess, based on its own criteria, whether a particular
customer poses a higher risk of money laundering and whether mitigating factors
may lead to a determination that customers engaged in such activities do not
pose a higher risk of money laundering. Application of the risk variables described
above plays an important part in this determination. There is no universal
consensus as to which customers pose a higher risk, but the below listed characteristics
of customers have been identified with potentially higher money laundering
risks:
- Armament manufacturers, dealers and intermediaries.
Cash (and cash equivalent) intensive businesses including:
- money services businesses (remittance houses, exchange houses, casas
de cambio, bureaux de change, money transfer agents and bank note
traders)
- casinos, betting and other gambling related activities, or
- businesses that while not normally cash intensive, generate substantial
amounts of cash for certain transactions.
Unregulated charities and other unregulated “not for profit” organisations
(especially those operating on a “cross-border” basis). Dealers in high value or precious goods (e.g jewel, gem and precious
metals dealers, art and antique dealers and auction houses, estate agents
and real estate brokers).
- Accounts for "gatekeepers" such as accountants, lawyers, or other
professionals for their clients where the identity of the underlying client
is not disclosed to the financial institution. Accounts for clients introduced
by such gatekeepers may also be higher risk where the financial institution
places unreasonable reliance for KYC and AML matters on the gatekeeper.
- The use or involvement of intermediaries within the relationship. However,
the involvement of an intermediary that is subjected to adequate AML
regulation and is supervised for compliance with such regulation or otherwise
employs adequate AML procedures generally poses reduced money laundering
risks. (5)
Customers that are Politically Exposed Persons or “PEPs” (6).
7. Services Risk Determining the potential money laundering risks presented by services offered
by a financial institution may also assist in the overall risk assessment.
Services that pose a higher risk of money laundering should be included in
a determination of the overall money laundering risks posed. Institutions
should be mindful of new or innovative services not specifically being offered
by institutions, but that make use of the institution’s services to deliver
the product. Determining the money laundering risks of services should
include a consideration of such factors as:
- Services identified by regulators, governmental authorities or other credible
sources as being potentially high risk for money laundering including, for
example:
·International Correspondent Banking services, and ·International Private Banking services.
- Services involving banknote and precious metal trading and delivery.
For the avoidance of doubt, services intended to render the customer deliberately
anonymous to the financial institution, to avoid identification and detection
shall not be offered.
8. Training and Education Training and education of all relevant employees within a financial institution
plays a critical role in the successful implementation of any risk based approach
to managing potential money laundering risks. All relevant employees must be
aware of and understand the legal and regulatory environment in which they
operate, including relevant money laundering prevention provisions, as well
as the financial institution’s own measures to give effect to their risk
based approach. 9. Risk Based Approach and the Financing of Terrorism This Guidance does not specifically address a risk based approach for
identifying potential risks related to the funding of terrorism because
the Wolfsberg Group believes that such a methodology is not effective
when attempting to identify terrorist funds in a financial institution.
As the Wolfsberg Group has
previously stated (7) , it is difficult to
distinguish terrorist funds from other funds. Funds that are used to finance
terrorist activities do not necessarily derive from criminal activity.
Therefore, a risk based assessment of customers and transactions will not
generally provide any utility in specifically identifying potential terrorist
funds. However, to the extent that some or part of terrorist financing
originates from money laundering, the risk based approach may benefit the
fight against terrorist financing by providing the means for financial
institutions to identify and report money laundering to government authorities.
The Wolfsberg Group continues to believe that the most effective means
by which to identify terrorist funds within a financial institution is
for governments to identify those connected to terrorist activities and
provide that information to financial institutions in a timely manner.
10. Conclusion This Guidance is not intended to preclude financial institutions from doing
business with a customer merely because of its potentially higher risk status.
Rather, it is designed to assist institutions to identify situations where
additional measures and controls may be appropriate. Even with the use
of a reasonably designed risk based approach, a financial institution may unwittingly
be involved in money laundering. Such findings do not invalidate the risk based
approach and should not result in unwarranted criticism of an institution that
has implemented such an approach. A risk based approach is important to the effectiveness and efficiency of
the fight against money laundering. It promotes the prioritisation of effort
and activity by reference to the likelihood of money laundering and reflects
experiences and proportionality through the tailoring of effort to risk. 1) The
Wolfsberg Group consists of the following leading international
financial institutions: ABN AMRO, Banco Santander, Bank of Tokyo-Mitsubishi-UFJ,
Barclays, Citigroup, Credit Suisse, Deutsche Bank, Goldman Sachs,
HSBC, JP Morgan Chase, Société Générale,
and UBS. In addition, Allied Irish Banks, DBS, Lloyds, TSB, SEB and Standard
Chartered Bank participated in the development of this Guidance. 2) See existing Wolfsberg
papers at www.wolfsberg-principles.com/standards 3) “Credible sources” refers
to information that is produced by well known bodies that generally
are regarded as reputable and that make such information publicly
and widely available. Such sources may include, but are not limited
to, supra-national or international bodies such as the World
Bank, the International Monetary Fund, the Organisation for Economic
Co-operation and Development ("OECD"), and the Egmont
Group of Financial Intelligence Units, as well as relevant national
government bodies and non-governmental organisations. 4) Such as Transparency International. 5) For a discussion of intermediaries,
including situations posing higher and reduced money laundering
risks, see the general FAQs issued by the Wolfsberg Group with
respect to intermediaries, as well as in specific instances in
the Guidance for Mutual Funds and Other Pooled Investment Vehicles
and FAQs on Investment and Commercial Banking (all of which are
available at http://www.wolfsberg-principles.com) 6) See Wolfsberg FAQs on
Politically Exposed Persons at http://www.wolfsberg-principles.com/faq.html 7) See the
Wolfsberg Statement on the Suppression of the Financing of Terrorism
at http://www.wolfsberg-principles.com/standards
© 2008 by The Wolfsberg Group |
