The Wolfsberg Group (‘The Group’) is a non-governmental association formed by 13 global banks. Its objective is to develop practical anti-money laundering (AML) and counter-terrorist financing (CTF) standards and policies for financial institutions. The overall objective of the Wolfsberg AB&C guidance is to promote a culture of ethical practice and assist businesses with the implementation of legislation.
The Group published its latest guidance on the 4th July 2017 on developing and maintaining a robust AB&C framework. Although corruption covers various criminal offences, the Wolfsberg guidance focuses on bribery in two main areas:
1. The practical application of the risk-based approach, and;
2. The internal measures required within a firm to maintain integrity standards.
The guidance provides a framework for firms to enable them to review their AB&C programme and to manage the inherent risks.
The Wolfsburg Group provides an overview of the key areas of an AB&C programme that must be in place (and working effectively) to mitigate the risks:
1. The risk-based approach
Financial institutions should periodically assess their products and services to identify bribery and corruption risks. A risk-based approach will involve a proportionate response to the risks a firm is exposed to, and a focus on mitigating, in priority order, those risks which will have the greatest material impact to the firm and its customers if left unmitigated.
2. The key elements of an AB&C programme
There is no one-size-fits-all approach, however, an effective compliance programme should include: governance overseen by senior management; a firm-wide written policy including a public statement of commitment; establishment of a control environment (including for gifts and hospitality); ongoing risk assessment; training and awareness; the monitoring of controls; and the identification of corruption risks. Each of these elements should incorporate and be tailored to the specifics of the firm.
Roles and responsibilities – central roles should be allocated with AB&C responsibilities to tackle the issue. Senior management should have overall responsibility, a programme lead should be assigned who is independent from the business and has the expertise and authority to oversee bribery and corruption risk, and all corporate functions should have primary responsibility for compliance.
Internal reporting – senior management need accurate information to monitor the AB&C programme, such as: status updates; deviations of policies; intermediary risks; legal and regulatory developments; internal reviews; and other significant issues.
Independent review – The AB&C programme should be tested and verified by an independent body.
4. Firm-wide policy
Prohibition of bribery – a zero-tolerance ‘tone from the top’ should exist that proliferates downwards through the business to the front line.
Books and records – a documented policy that explicitly prohibits improper accounting or concealment of financial activity must be in place, and able to be evidenced when requested by regulators / legislators.
Public officials – public officials are deemed a higher corruption risk and firms should consider defining public officials and performing closer monitoring.
Reporting and investigation – a process to receive, investigate and resolve reports of alleged misconduct including bribery and corruption should be implemented.
5. Third party providers
General procurement process – firms should consider the risk of bribery in relation to the procurement of goods. Onboarding procedures should also include bribery related questions or general procurement questionnaires.
Intermediaries – third parties that act on behalf of the firm to win new business and any other business involvement may pose a high risk for bribery. The guidance provides a list of factors to consider such as industry and country risk, business necessity and fee structures. A firm should consider adequate due diligence such as media and court record searches. Mitigation controls for intermediaries could be in the form of training, contract terms, communication and enhanced monitoring of fees / expenses.
6. Principal investments and controlled fund acquisitions / joint ventures
The risk of bribery and corruption can occur where a firm or firm-controlled fund has merged, partnered or acquired a substantial stake in the other company / entity. A firm should consider due diligence of the target with the listed factors detailed in the publication such as public officials involved, country and industry risk and ethical reputation.
7. Anything of value
Gifts and business hospitality – bribery is not limited to cash incentives. Gifts and hospitality should not be used to directly influence business. The guidance provides a list of risk factors, such as the frequency of gifts being given and their proximity to business being awarded.
Employment and work experience – offers of employment or other unpaid work can act as an inducement to obtain or retain business. Firms should include factors such as a consistent recruitment process, the ongoing testing of procedures and scrutiny of public officials into their management of risk in this area.
Charitable giving – charities have been used as a vehicle for facilitating bribes or influencing a supporter / director of a charity, and firms should be vigilant against this.
Political contributions – Political contributions may be used to influence and induce improper performance. Contributions should be scrutinised, especially where there is an involvement of public officials.
Marketing sponsorships – Sponsorship may be used to influence a senior person’s decision-making process.
8. Risk assessment
An effective AB&C programme should be based on an ongoing (and periodically updated) risk assessment. The assessment should be shared with senior management to address the areas of risk the firm is exposed to, including exposure to bribery and corruption. Some key factors to consider within the bribery and corruption area of the risk assessment are intermediaries, country and industry risk, the setup of products and services, subsidiaries, political contributions and changes in business activities.
9. Training and awareness
Training should include definitions (e.g. bribery and corruption, public officials and intermediaries) and communicated to the whole firm, including third parties. Post-training assessments to determine levels of understanding can be used to help staff maintain a contemporary view.
10. Monitoring compliance using controls
A firm must assess how effective its AB&C controls are to mitigating risks with ongoing monitoring and periodic testing. This includes the monitoring of employee activity, which should form part of the firm’s framework for managing AB&C risk. Ongoing monitoring of internal activities could include the assessment of post-transaction events, the monitoring of expenses and business hospitality, as well as individuals’ sponsorships and attendance at corporate events.
11. Customer-related corruption risks
Facilitation and reputational risk - firms should be aware of deal-related risks such as underwriting, lending and advisory transactions when financing initiatives for the public sector.
Laundering the proceeds of bribery – firms should be aware of the laundering of the proceeds of bribery through their firm with improper payments. Risks can be mitigated through anti-money laundering requirements such as enhanced due diligence for politically exposed persons.
Considerations for firms
Most firms considered the risks of bribery and corruption with the introduction of the Bribery Act 2010. However, the need to maintain an ongoing view of the business and contemporary view of regulatory requirements in terms of AB&C is vital.
The Wolfsberg Principles provide helpful guidance for firms in structuring their AB&C compliance programmes. However, this will be a continuous challenge for UK-based multinational firms that have overseas intermediaries acting on their behalf. The guidance recommends that an independent body should review a firm’s compliance framework and carry out periodic controls testing, allowing a firm to maintain an independent view.