The Wolfsberg Group's Updated Anti-Corruption Guidance – The New Global Threshold?

On April 17, 2023, the Wolfsberg Group (the "Group") issued updated guidelines for financial institutions ("FI") relating to Anti-Bribery and Corruption ("ABC") Compliance Programs. Although the guidance is not binding, it certainly is influential. Other FIs and counterparties to the major banks are wise to take heed of the updates and adapt their compliance programs accordingly. 

Introduction

The Group, which formed in 2000, is an association comprised of thirteen global banks. The Group develops and publishes content to promote a perspective from industry leaders regarding best practices relating to managing financial crime risks. The material focuses on risk management in areas including Anti-Money Laundering, ABC, Counter-Financing of Terrorism, and Know-Your-Customer. In addition to providing frameworks and guidance, the Group also publishes Correspondent Banking Due Diligence Questionnaires ("Wolfsberg DDQ") to create a reference for international banking due diligence. The Wolfsberg DDQ has become industry standard and serves as a key document to share when onboarding another FI for financial services. Notably, the Wolfsberg DDQ now includes an ABC section that is aligned with the Wolfsberg ABC guidelines.

The Group's Importance

Even though there may be multiple banking associations at local, national, regional, and international levels, the Group's distinctive characteristic is that the most prominent global banks are involved. For example, all of the members of the Group have been deemed as Global Systemically Important Banks ("G-SIBs") by the Financial Stability Board, the Basel Committee on Banking Supervision, and national financial regulators. Given the international presence of the banks and the extent of their cross-jurisdictional operations, their failure could destabilize national or even global economies. Furthermore, the Group's members represent almost half of all of the G-SIBs, and four of the Group's institutions are the banks with the most global systemic importance.¹

As the Group's members are fundamental to the international financial system, it has a truly authoritative voice and sets the tone when it comes to combatting transnational financial crime.

Although it is not an organization representing states or governments, the Group works closely with, and is taken into consideration by, international financial standard-setters.

In general, the guidance provided by the Group reflects and shapes not only the expectations of international organizations and national governments in terms of formal compliance with principles, standards, and norms, but also the actions taken, from a practical standpoint, by the most prominent banks around the globe to tackle the risks of financial crime and, in this case, corruption.

2023 Anti-Bribery and Corruption Guidance Updates

In its introduction, the Group's 2023 Guidance identifies two new sources for "…definitions for corruption, commonly used and which may be of use to readers…."² The sources are Transparency International and the Word Bank Group's pages on corruption. While the introduction to 2017 Guidance was "specifically focused on corruption in the form of bribery,"³ the introduction to the 2023 Guidance suggests a broader focus, defining "corruption, considered in the context of this Guidance, "…[a]s the abuse of entrusted power for improper personal advantage,"⁴ and following that statement with a separate, specific definition for bribery. This has followed a trend of recognizing the complexity of the phenomena of bribery and corruption.

Governance, Roles, and Responsibilities

Section 2 of the updated Guidance includes new specific recommendations for Governance, Roles and Responsibilities at FIs. The new Guidance indicates that "[a]ll directors and employees are responsible to uphold and comply with the FI's principles and requirements set forth in the firm-wide ABC Policy."⁵

Risk Assessments

Section 3 sets forth several updates to recommended Bribery and Corruption Risk Assessments. Specifically, the new Guidance encourages FIs to identify risks of those conducts being committed periodically. The update defines Emerging Bribery and Corruption risks as a "…new or evolving risk that may, at the outset, be difficult to assess fully, but has a reasonably high potential to manifest into significant concerns, including financial loss, impact to customers or competitive position, reputational harm, or legal/regulatory action if not addressed proactively."⁶

In the 2023 Guidance, the Group recognizes that these risks require emphasized management, since they are not fully understood in many cases, and sometimes existing reporting mechanisms are not sufficient.

Reporting and Investigation Requirements

Section 3.1 of the new Guidance also updates reporting procedures for FIs, expanding recommendations for making improvements to ABC compliance programs. 

Additionally, the Group encourages FIs to expand investigations into allegations of potential bribery to "…include timely root cause analysis to remediate any control weaknesses and ensure continuous improvement in the Programme and alignment to, and integration with, policies, procedures, and processes for the purposes of compliance with the FI's external reporting obligations."⁷

Anything of Value

Section 4 of the Updated Guidance broadens the scope of potential risk factors related to gifts and business hospitality (which includes lodging, meals, entertainment, transportation, etc.), which may raise flags for Bribery or Corruption issues.

In previous Guidance, the Wolfsberg Group detailed five types of recipients, accompanied by specific elements and characteristics, which qualify as risk factors that can "affect the appropriateness of a gift or business hospitality."⁸ In the update, Section 4.1 now broadens the scope beyond those few scenarios and instead lists the presence of broader factors to be aware of, such as any involvement of public officials, lavish or excessive gifts, any invitation of third party guests to receive a benefit, close proximity to awards of new business opportunities, and ten other general scenarios as potential risk factors. 

The Wolfsberg Group also updated this section in light of the recent shift to remote work and communication. For example, the Updated Guidance suggests that, in instances where gifts are related to virtual or remote business hospitality, FIs should "ensure evidence of the virtual meeting is maintained to avoid any doubt that the business hospitality is a gift."⁹

Third-Party Providers

Section 5 of the Updated Guidance concerns Third-Party Providers. The Group expanded the introduction of this section to reiterate that activity –and not contractual relationship per se– will determine the level of Bribery and Corruption risk presented by a Third-Party Provider, as well as the mitigating actions that FIs must take in that regard. 

Non-Intermediaries

Section 5.2 includes new guidelines for engaging non-intermediaries. 

Unlike intermediaries, non-intermediaries generally interact only with employees of the FI engaging the third party. Non-intermediaries are typically not asked to interact in a material way on behalf of the FI with other entities and therefore may pose less risk from an ABC perspective when compared to intermediaries. Although these third parties can present lower corruption risks, FIs should still "implement clear, risk-based guidance on their engagement, set forth expectations for their conduct, and undertake appropriate ongoing monitoring of these relationships."¹⁰ ABC controls for non-intermediaries can be integrated into the overall control framework because responsibility for the engagement of non-intermediaries typically sits with a dedicated supplier/vendor management team. 

In developing ABC controls for non-intermediaries, FIs can look to existing controls that manage other risks and leverage the controls to mitigate corruption risk. In doing so, FIs should consider the risk that a non-intermediary may offer or provide improper personal benefits to the FI's employees to retain or obtain new business from the FI.¹¹ As mitigation, FIs should develop guidelines about the selection of service providers, as well as "…risk-based restrictions on the receipt of anything of value from such third parties by employees involved in the selection process."¹² 

On-boarding procedures should also include ABC related questions to help FIs identify non-intermediaries that could present increased ABC risks and may require continuous monitoring. FIs should be proactive and continue to use a risk-based approach to determine whether forward-looking risk mitigation controls are necessary once a non-intermediary is on-boarded.

Customer-Related Transaction Risks

Section 6 of the Updated Guidance includes additional specific guidance regarding customer-related transaction risks.

The new Guidance encourages FIs, as part of assessing and managing certain customer-related transaction risks, to consider the holistic risk profile of a transaction, even where responsibility for customer-related risks may be partially delegated to review units outside of the Bribery and Corruption program.

Section 6.1 adds new recommendations to FIs concerning risks related to improper use of proceeds of equity or debt financing. The 2023 Guidance states: "[t]he FI should understand how the proceeds of equity or debt financing will be used in appropriate detail based on the risk, examining the business rationale for the purported use. Where risk is high, FIs may consider conducting further independent checks to confirm the validity of the use of proceeds of financing."¹³ The Guidance further recommends that, in addition, "measures implemented by FIs to ensure that wire payments contain complete and accurate information may also assist in the prevention and detection of the proceeds of Bribery and Corruption."¹⁴ The Updated Guidance suggests that in situations where the FI deems the transaction to carry elevated risk, "consideration can be given to conducting checks on the customer's representatives and the end recipient of funds to ascertain if the transaction is at arm's length."¹⁵

Section 6.1 also recommends that FIs scrutinize the purpose and structure of corporate vehicles set up to support transactions, the nature and structure of transactions, the customer's and counterparty's reputations, distribution of proceeds generated, involvement, payment and reputation of third parties, and the nature of any government nexus to proposed transaction-related activities. According to the Updated Guidance, "[h]ow FIs deal with Bribery and Corruption red flags or negative news arising from these factors will depend on the FI's risk appetite, escalation/reporting process, and its governance structures, but may include a review by the program lead or another senior compliance resource as appropriate."¹⁶

Post-Investment Training and Implementation of ABC Controls

Section 7 includes new guidance recommending FIs to encourage post-investment training and implementation of appropriate ABC controls at newly acquired Targets. Some of the recommended considerations include additional due diligence, prompt application or enhancement of ABC Policies at the newly acquired Target, compliance review of the newly acquired Target, ongoing monitoring of the Target's operations and transactions, and prompt and thorough disposition of any Bribery and Corruption-related issues or control weaknesses.

Lessons Learned and Continuous Improvement

Finally, Section 8.1 expands upon the importance of implementing systems that track "lessons learned and continuous improvement."¹⁷ Per the Updated Guidance, FIs should consider evolving their compliance programs as business lines change over time, environments shift, laws change, and standards of industry are revised. 

Additionally, FIs should consider analyzing identified adverse events to understand how and when they took place; the root cause of the event and control failings; how and when it was escalated; what adverse financial and non-financial impact was and what are the remaining risk exposures; what remediation actions are or were required and taken. These analyses should be reported under existing escalation and reporting processes and governance structures, which "should include dissemination to both business/first line and control functions, as appropriate."¹⁸

Global Relevance of the Guidance

Aside from promoting ethical and perhaps consistent business practices within the banking industry, the Group aims to reduce financial crime and risks of corruption. This aligns with the Group's view and experience that corruption does not arise, occur or end remotely from other financial crime risks but rather fits within the same environment that causes or allows a broader range of risks that affect banks, and others, financially and reputationally.

FIs at a smaller scale (e.g., national or local banks, fintech entities, money service businesses, etc.) could encounter difficulties establishing and maintaining business relationships with fellow financial entities should they fail to comply with Wolfsberg's standards –including the Guidance– particularly in the current global panorama where there are increased corruption risks (e.g., due to sanctions impositions and evasions around the world). Wolfsberg has long recognized this reality and encourages adoption of its recommendations as make sense for each institution in assessing its own risks. Although adherence to the Guidance is not required per se, the new publication suggests the Group's members expect to see some degree incorporation of its guidance in their counterparties' policies and procedures. This point is only strengthened by the fact that the Wolfsberg DDQ is presently the market standard.

When considering whether to adopt the guidelines, FIs should take into account applicable law, the particular corruption risks that the financial entity faces due to its operations, its risk appetite, as well as expectations from regulators and business counterparties. If past is prologue, over time, regulators may adopt these guidelines as expectations as they review and investigate activity involving FIs.

The Group's guidance in general (including the ABC Guidance) aims at providing insights that other FIs can draw from in order to better mitigate their financial crime risks. 

Navigating the evolving expectations affecting FIs, their counterparties and other market participants remains challenging. Carefully evaluating where and how to adopt the Guidance recommendations should be thoughtfully undertaken, protected by legal privilege where possible, so the adoption efforts do not themselves become the fodder of regulatory scrutiny.

_{1 See Financial Stability Board, 2022 List of Global Systemically Important Banks (G-SIBSs) (Nov. 21, 2022).
2 The Wolfsberg Group, Wolfsberg Anti-Bribery and Corruption Compliance Programme Guidance (Apr. 17, 2023).
3 Id.
4 Id.
5 Id. 
6 Id.
7 Id.
8 Id.
9 Id.
10 Id.
11 Id.
12 Id.
13 Id.
14 Id.
15 Id.
16 Id.
17 Id.
18 Id.}

Robert DeNault (Associate, White & Case, New York) contributed to the development of this publication.

_{White & Case means the international legal practice comprising White & Case LLP, a New York State registered limited liability partnership, White & Case LLP, a limited liability partnership incorporated under English law and all other affiliated partnerships, companies and entities.}

_{This article is prepared for the general information of interested persons. It is not, and does not attempt to be, comprehensive in nature. Due to the general nature of its content, it should not be regarded as legal advice.}

_{© 2023 White & Case LLP}