_23 _WOLFSBERG QUESTIONNAIRE
X (10) of the Code of Federal Regulation (CFR) and the FFIEC BSA/AML examination manual
• (for the European Union) the provisions of the 4th EU Money Laundering Directive and the CDD Risk Factor Guidelines from the European Supervisory Authorities (ESAs).
SOME GOOD PRACTICES
When completing the Enterprise- Wide Risk Assessment (EWRA) section (Q47 and beyond), respondent institutions should make reference to the outcomes of:
• their national risk assessments (NRA) in the way they conduct their own EWRA, as this will demonstrate command of the risk environment and help the correspondent bank’s efforts
• their country’s mutual evaluation report (Immediate Outcome
4 – preventive measures) as correspondents are very likely to look at these parameters to assess the sector’s effectiveness at implementing preventing measures.
CONCLUSION
The CBDDQ represents a welcome improvement in the standardisation of FCC controls and is expected to contribute to reducing the cost of compliance in CB services and help limit de-risking.
It is not, however, an end in itself and should be used as a check-list by financial institutions to ensure that they actively identify and measure the financial crime risks within
their business; that they have the requisite controls to manage the risks and take a proactive approach to risk management; and that they remain engaged partners who can communicate effectively on the current and future state of their FCC programmes.l
Roland Guennou is Managing Partner at OSACO Financial and a member of the International Compliance Association’s external faculty.
IN DEPTH
     13; it is not a substitute for each institution’s assessment of its CB relationship risks. As stated in the FAQ accompanying document: “As a general approach, the CBDDQ should be used as the basis of bilateral CDD [customer due diligence] discussions between respondent and correspondent.”
SCOPE AND NOTABLE ABSENTEES
The questionnaire has been expanded to include more details on anti-
money laundering (AML) and sanctions programmes, internal risk assessments, CDD and transaction monitoring. It also covers anti- bribery and corruption programmes, hence branching out to other areas of FCC beyond AML.
There are, however, a few areas of global concern which
remain notably absent from the questionnaire, including:
• measures against the financing of proliferation and controls dealing in dual-use goods. This is not only in the scope of FATF recommendations, it is also an important element in trade finance relationships
• measures against tax evasion which constitute a primary line of enquiry in FCC
• the Foreign Account Tax Compliance Act (FATCA) and Common Reporting Standard (CRS) status, which are most often part of CB due diligence.
Respondent institutions should therefore be prepared to provide additional information to their correspondents on these topics.
REGULATION BY PROXY
While the questionnaire is aimed at creating a common standard across the industry, its primary focus on US and EU regulations makes it
in effect a tool of regulation by proxy vis-à-vis the community of respondents.
Section 5 of the questionnaire on policies and procedures explicitly makes reference to US and EU standards, while reference to relevant international standards (Wolfsberg, Bank of International Settlements, FATF) is absent. Evaluating their FCC programmes against US and
EU standards is a necessary exercise for respondent firms to avoid de- risking by major banks but they should still be evaluating their programmes against international norms to support globally consistent FCC controls across
all jurisdictions.
When performing a benchmark
against US and EU regulations respondents should make reference to: • (for the United States) Chapter