A helping hand for due diligence

The Wolfsberg Correspondent Banking Due Diligence Questionnaire (CBDDQ), released publicly in February 2018, is an important upgrade to the historical Wolfsberg Questionnaire in helping banks carry out their due diligence on respondent institutions based on a recognised industry standard.

The new questionnaire reflects how correspondent banking (CB) due diligence practices have evolved over recent years.

Purpose of the CBDDQ

The questionnaire is a tool for providers of CB services to assess the risk profile of their respondent institutions based on the information offered by the respondent firm. It examines the corporate profile of the respondent, its inherent risks, and the existence and scope of its financial crime compliance (FCC) programme – its three-lines-of-defence governance structure. In other words, it is a self-assessment mechanism by the respondent that supports the due diligence enquiries performed by the correspondent.

Each financial institution is therefore a dual user of the questionnaire in the following ways.

• As a correspondent, it helps to assess the FCC programme of its respondent when providing CB services. This is particularly important when providing advisory services in trade finance.
• As a respondent, the CBDDQ allows it to demonstrate the adequacy of its FCC programme. This is critical in securing ongoing access to clearing and other correspondent services in major world currencies and financial centres.

The questionnaire is a starting point for due diligence, providing a common platform and terminology to initiate the due diligence process required by Financial Action Task Force (FATF) Recommendation 13; it is not a substitute for each institution’s assessment of its CB relationship risks.

As stated in the FAQ accompanying document: “As a general approach, the CBDDQ should be used as the basis of bilateral CDD [customer due diligence] discussions between respondent and correspondent.”

Scope and notable absentees

The questionnaire has been expanded to include more details on anti-money laundering (AML) and sanctions programmes, internal risk assessments, CDD and transaction monitoring. It also covers anti-bribery and corruption programmes, hence branching out to other areas of FCC beyond AML.

There are, however, a few areas of global concern which remain notably absent from the questionnaire, including:

• measures against the financing of proliferation and controls dealing in dual-use goods. This is not only in the scope of FATF recommendations, it is also an important element in trade finance relationships
• measures against tax evasion which constitute a primary line of enquiry in FCC
• the Foreign Account Tax Compliance Act (FATCA) and Common Reporting Standard (CRS) status, which are most often part of CB due diligence.

Respondent institutions should therefore be prepared to provide additional information to their correspondents on these topics.

Regulation by proxy

While the questionnaire is aimed at creating a common standard across the industry, its primary focus on US and EU regulations makes it in effect a tool of regulation by proxy vis-à-vis the community of respondents.

Section 5 of the questionnaire on policies and procedures explicitly makes reference to US and EU standards, while reference to relevant international standards (Wolfsberg, Bank of International Settlements, FATF) is absent.

Evaluating their FCC programmes against US and EU standards is a necessary exercise for respondent firms to avoid derisking by major banks but they should still be evaluating their programmes against international norms to support globally consistent FCC controls across all jurisdictions.

When performing a benchmark against US and EU regulations respondents should make reference to:

• (for the United States) ChapterX (10) of the Code of Federal Regulation (CFR) and the FFIEC BSA/AML examination manual
• (for the European Union) the provisions of the 4th EU Money Laundering Directive and the CDD Risk Factor Guidelines from the European Supervisory Authorities (ESAs).

Some good practices

When completing the Enterprise-Wide Risk Assessment (EWRA) section (Q47 and beyond), respondent institutions should make reference to the outcomes of:

• their national risk assessments (NRA) in the way they conduct their own EWRA, as this will demonstrate command of the risk environment and help the correspondent bank’s efforts
• their country’s mutual evaluation report (Immediate Outcome 4 – preventive measures) as correspondents are very likely to look at these parameters to assess the sector’s effectiveness at implementing preventing measures.

Conclusion

The CBDDQ represents a welcome improvement in the standardisation of FCC controls and is expected to contribute to reducing the cost of compliance in CB services and help limit de-risking.

It is not, however, an end in itself and should be used as a check-list by financial institutions to ensure that they actively identify and measure the financial crime risks within their business; that they have the requisite controls to manage the risks and take a proactive approach to risk management; and that they remain engaged partners who can communicate effectively on the current and future state of their FCC programmes.