In December last year, the Wolfsberg Group of large private banks published a 'statement of effectiveness' that outlined its beliefs regarding the key elements of an effective anti-money-laundering plan of action or 'programme.' It has now built on this.
The original statement opined that the elements were:
- compliance with AML laws and regulations;
- the provision of highly useful information to relevant government agencies in defined areas of priority;
- the establishment of a reasonable and risk-based set of controls to offset the risk that money launderers might use the financial institution in question.
Since it published that statement, various global factors have emboldened the group to "move towards more effectiveness-focused AML/CTF regimes" - an ambiguous phrase. With this in mind, it is now exhorting financial institutions (and especially banks such as themselves) to take the following steps to evolve their AML programmes.
1. To assess risk in "defined priority areas." The starting point for an effective plan, according to the group, is to understand the risks associated with priority financial crime areas in jurisdiction(s) relevant to the bank, the applicability of those risks to the bankand material changes to those risks over time. The question of who has to do the "defining" is a vexed one. The group believes that a priorities-focused AML regime is most effective when relevant government agencies in every jurisdiction trot out a specific set of national priorities, particularly if they are law-enforcement agencies, for banks to pursue. In countries where they do not do this, the banks can use the priorities that their governments outline in their National Risk Assessments, or equivalent publications, as the "defined priority areas."
2. To implement/enhance controls. Once a bank has settled on the risks it is running in the areas of priority, it should assess the effectiveness of its controls against them, which may then lead it to improve them or add new ones, along with something the Wolfsberg Group calls "associated governance."
3. To prioritise resources. Certain areas of priority may present a greater risk for the bank in question than others. It should take a risk-based approach to reallocate time and resources from less risky areas to the more risky areas. It should also assess the benefits of harnessing technological developments (e.g. machine learning and artificial intelligence) and, if it can prove that these are indeed beneficial, should consider adopting these more widely than it already does and "discontinuing practices that do not lead to one of the key elements of an effective AML/CTF programme."
4. To talk to the police. The bank in question ought to deal as well as it can with "the appropriate level of law enforcement" and try to understand its operational priorities, the better to help it. It should also do this in an effort to understand trends and emerging threats from a more strategic perspective. There are many ways in which it can communicate with law enforcers, but Wolfsberg believes that the most effective is through Public-Private Partnerships (PPPs) of which there are many examples, although the models differ from country to country.
5. To demonstrate the effectiveness of the plan to various people. The risks that each bank runs, and the way in which it assesses and offsets those risks, are different. This is why it ought to "articulate the effectiveness" of its AML plan (Wolfsberg does not say whether it is referring to propaganda, i.e. the act of merely telling people that the plan is effective, or the act of actually proving it) to senior executives, boards, supervisors, examiners (the American word for visiting regulators) in different ways, using both quantitative and qualitative factors.
On a slightly different subject, the group believes that an assessment of effectiveness should not merely be a statistical exercise; qualitative factors may be equally, if not more, important than the numbers themselves. Similarly, a bank can make its efforts more effective if it asks both law enforcement agencies and regulators to enumerate the things that they have found to be most effective in this-or-that bank’s reporting and/or the ways in which it has put its own plan into action.
The Wolfsberg Group believes that this approach will enable financial institutions to detect and deter criminal activity more effectively (by getting the job done) and efficiently (by doing it economically), while at the same time being less abrasive with innocent customers than it might be otherwise. As AML regimes around the world continue to concentrate on effectiveness, the group is talking to policy makers, regulators, police forces and others to develop this approach further. It intends to publish additional materials on each of the five steps in due course.
The thirteen private banks that make up the Wolfsberg Group are:
- Banco Santander;
- Bank of America;
- Credit Suisse;
- Deutsche Bank;
- Goldman Sachs;
- JP Morgan Chase;
- MUFG Bank;
- Société Générale;
- Standard Chartered Bank; and
- UBS, whose training camp is at Château Wolfsberg in Switzerland.