Sharpening the claws of anti-corruption policies: the Wolfsberg Group replaces its Anti-Bribery and Corruption Guidance

The Wolfsberg Group has recently published replacement Anti-Bribery and Corruption Compliance Programme Guidance. 

It is highly recommended that financial institutions review and update their financial crime risk management policies and strategy to reflect the Guidance.

The Group

The Wolfsberg Group is a voluntary organisation founded by thirteen major international clearing banks.  Its aim is to develop policies, guidance and frameworks for financial institutions for the effective management of financial crime risks, particularly in relation to Know Your Customer, Anti-Money Laundering and Counter Terrorist Financing policies. 

Given the size, international presence and sophistication of its members, the Group’s policies and guidelines are often taken into account by regulators and international authorities.

Financial institutions’ financial crime risk mitigation policies should also be developed to take into account applicable laws and regulations, and tailored to mitigate the particular risks that a particular financial institution may face.

Guidance

The Guidance reflects evolving regulatory requirements, industry best practices and lessons learned from real experience by members of the Group. The Group considered input from the UK Finance ABC Panel and the Basel Institute on Governance, amongst others, when developing the Guidance. The Guidance replaces the 2017 Wolfsberg ABC Compliance Programme Guidance.

The key changes that the Guidance made to the previous 2017 guidance include:

• Enhanced scope of guidance. Yhe Guidance opens its scope from the previous set, which focused on corruption in the form of bribery, to all forms of corruption.  Furthermore, the Guidance emphasises that Anti-Bribery and Corruption (ABC) policies and compliance programmes should cover not only the traditional bribery of public officials but should also extend to bribery within the private sector to cover commercial bribery and ‘kickbacks’ (which may occur more commonly at junior levels).  The Guidance continues to emphasise that all directors and employees of a financial institution are responsible for upholding and complying with that institution’s principles and requirements.  This broader scope aligns more closely with global anti-corruption standards, such as the Foreign Corrupt Practices Act in the United States, the UK Bribery Act and the Organisation for Economic Co-Operation and Development’s Anti-Bribery Convention. eThe Guidance also ties in definitions of corruption from Transparency International, an international association targeting corruption, and the World Bank

• Enhanced Risk Assessment guidance. A financial institution should conduct comprehensive risk assessments in order to identify and assess ABC risks relevant to its business, operations and commercial relationships. The risk assessment guidance is more substantive, emphasising the risks which can be introduced by third parties and/or intermediaries.  The Guidance also includes identifying employees in roles which expose them to higher bribery and corruption risks.  Financial institutions should also consider new and emerging risks on a periodic basis.  Perhaps most notably, the Guidance includes a recommendation that a financial institution implements reporting mechanisms to track the effectiveness of the ABC programmes and considers improvements to the policy on a continual basis.

• ‘Anything of Value’. The Guidance includes an expanded section on non-cash or quasi-monetary forms of bribery.  It includes guidelines on business hospitality, gifts between stakeholders incidental to business engagements and sets out a non-exhaustive list of risk factors for institutions to consider when distinguishing between gifts and hospitality and bribery/corruption, as well as including provisions to address virtual events.  Employment opportunities, donations/charitable contributions, sponsorships and political contributions are also noted in the Guidelines.

• Third Party Providers. The Guidelines emphasise that it is the activity actually performed by a third-party provider which will determine a bribery and corruption risk, and not any contractual relationship or terminology used to describe such counterparts.

• Customer-Related Transaction Risks.  Specific guidance on customer-related risks has been updated to include examples of possible risks related to customer transactions.  Facilitation and Reputational Risk guidance has also been expanded to cover additional types of transactions and the use of proceeds or funds by customers or clients.

• Principal Investments.  The Guidance also now includes guidelines for institutions operating or managing funds and acquiring, merging or partnering with a target company to include ABC due diligence of such targets, including contractual provisions relating to ABC in connection with such targets.  Post-investment controls and provisions include prompt implementation of ABC policies and training within the target and ongoing monitoring.

• Training/Awareness. The scope of awareness has been expanded to introduce the concept of an ABC commitment statement from senior management of institutions (as opposed to a potentially vague ‘tone from the top’ message in the 2017 guidelines).  The Guidelines’ approach to training has again emphasised a risk-based approach across all levels of institutions.

• Lessons Learned/Continuous Improvement.  The Guidelines introduce a framework of identifying and analysing adverse events in order to improve ABC policies, awareness and training. 

Next Steps

Financial institutions are encouraged to review their ABC policies and to ensure compliance with the Guidance. Compliance should be assessed through risk-based monitoring and testing of directors’ and employees’ activities. Updating training materials and providing refresher training is also recommended to coincide with any updates to policies.  The updates to policies may also provide a good opportunity to heighten awareness of an institution’s ABC policies and frameworks.

Comprehensive risk assessments should be introduced if not already a part of a financial institution’s policies and frameworks.

How we can help

For further information, please do feel free to contact Jeremy Ladyman and Dan Fielding.