On 10 February 2023, Wolfsberg Group issued a new version of CBDDQ and offered an updated benchmark for financial crime compliance controls (FCC) among the top-tier financial firms. The new sections and questions, even though not necessarily mandatory regulatory requirements, in this new version indicate the best practices among the Group members or expectations by the Group. We expect that more new due diligence questions will be raised for financial firms who maintain or want to maintain correspondent banking or other business relationships with their international peers. Here we summarized the key changes for your reference.
-
Higher requirements on internal control responsibilities of the Board. The survey question scope was expanded to include whether the Board assesses and challenges relevant FCC policies.
-
A new Section added on fraud, including questions about fraud risk control policy, dedicated teams, fraud monitoring and control processes. The new section indicates a common practice by integrating fraud control into financial crime control framework.
-
Higher requirements on KYC, CDD and EDD
- A site visit requirement or due diligence expectation for high risk non-individual customers.
- EDD requirements or business limitations/prohibitions for new high risk industries, including Respondent Banks, General Trading Companies and Marijuana-related Entities.
- A new question on whether EDD requires senior business management and/or compliance approval.
- An attention on entity’s downstream business relations for payment services. The risk assessment requirement was further expanded. The scope of client downstream relationship identification was expanded from MSBs (Money Services Business) and MVTSs (Money/Value Transfer Services) to MSBs, MVTSs and PSPs (Payment Service Provider).
- A new question was added on the types of non-bank entities that may provide third party payment services to their customers. New non-bank entities specifically mentioned are Third Party Payment Service Providers, Virtual Asset Service Providers, and eCommerce Platforms, indicating the Group’s attention on the potential risks arising from the third party payment business.
- An attention on due diligence requirements for walk-in customers in specific payment services: cheque cashing services, wire transfers, foreign currency conversion and sales of Monetary instruments.
- A new question for defining the process for exiting clients for financial crime reasons that applies across the entity, including foreign branches and affiliates.
- A new question for defining the process and controls to identify and handle customers that were previously exited for financial crime reasons if they seek to re-establish a relationship. -
More questions on monitoring and sanctions screening. Higher requirements on database quality for surveillance and sanctions risk screening mechanisms. Questions such as the name of tools and the frequency of system upgrades are added. A focus on sanction screening matching configuration’s effectiveness and completeness was added.
-
New questions on whether an entity has processes in place to respond to Request For Information from other entities or to their customers in a timely manner.
-
A new question about whistleblower policies and another new question on the processes for escalating financial crime risk issues/potentially suspicious activities identified by employees, but no details on the whistleblower program were framed into questions.
-
The question on the risk assessment of Anti Bribery & Corruption was maintained, and a new frequency of every 12 months was added for survey.
-
On Entity & Ownership Section, added questions about Virtual Bank Licenses and whether they are only available online.
Please click the button "Download" at the end of this article to read "2023 Wolfsberg CBDDQ (v1.4) Update Analysis".
Download