This Week in AML

The Wolfsberg Group Gives Guidance on Requests for Information in AML Transaction Monitoring

The Wolfsberg Group, an association of 13 global banks, this week issued a guidance document on requests for information (RFI). The focus of the guidance is best practices in correspondent banks using RFIs in transaction monitoring. John and Elliot discuss some of the issues raised in the guidance and the value of effective use of RFIs. They also talk about the importance of banks being prompt in their responses to RFIs.



Elliot Berman: John. How are you this week?

John Byrne: I'm good. Elliot. How are you doing?

Elliot Berman: I'm good too. So you found something really interesting. The Wolfsberg Group issued a guidance piece on RFIs or requests for information. And this isn't the RFI that you do when you want someone to hire someone. This is RFIs between respondent and correspondent banks for border payments,

John Byrne: Yeah. And I, you know to be fair, it was publicized on LinkedIn. On another discussion of financial investigative folks, I'm part of Alan Ketley, whom we interviewed a few weeks ago. This is basically a best-practice paper.

And I think folks know that have been in the AML community for anything length. At the time, the Wolfsberg Group is 13 global banks that put together frameworks, guidance, and best practices. To manage financial crime risk. And so they focus on KYC and obviously a variety of AML and CTF-related issues. And this best practice is designed explicitly for transaction monitoring.

Elliot Berman: Right. So as I was looking through it, it's clear that it's focusing on a couple of challenges that you have in the payment space. Cross-border payments are happening through correspondent banks, which is not unusual.

Most banks don't have direct relationships with, you know, international banks in the foreign country. They often transact their cross-border payments through an office or a bank in the US in one of the money centers. Who then moves the money to either the ultimate beneficiaries' bank or a bank along the way.

And it gets there. So some of them take a number of steps, but the point here is the money moves. But John, as you and I have talked about many times, the respondent bank does KYC on its customers. Doesn't get passed along with the wire. So when the correspondent gets the wire and starts doing its transaction monitoring and saying, oh, the destination's an issue or because of high risk.

The beneficiary name pops up, maybe not on an actual sanctions list because that should be caught at the respondent bank, but on some other watch list of some kind that the correspondent is using, what's you know, how, what do they do then in this. Request for information process has been around. But it hasn't been as effectively used all the time.

I think, as the Wolfsburg group banks believe it could be. And so they've put out this guidance paper,

John Byrne: right? I want to give credit to our colleague that we're gonna interview. And she's been kind enough to be part of conferences when I've been moderating panels. And that's Sarah Beth Felix,

CEO at Palm Romero Consulting. She posted on LinkedIn when she looked at the RFI, key takeaways. And I'll just list one because it's simple, but it's so on point. She said when vetting a new respondent, the bank asks better questions. And so that was a big takeaway from the specific list of things that the Wolfsberg RFI focuses on.

Elliot Berman: And this is an extensive piece, and there is an appendix I'm paging through here. I want to say this right. There's an Al, like 19-page appendix that guide, and it's called guidance on RFI questions and ex and expected responses. Now they make this clear in the guidance piece. This is not a prescriptive list.

You're not supposed to ask 19 pages worth of questions, but I think to Sarah Beth's point you. Understanding what you're trying to accomplish when you're onboarding a respondent bank as it relates to future risks, what their customer base is like, what types in the same way that you ask an individual or a business customer when you onboard them, are you expecting to do wires?

What's the role? Where are they going? You know, why are you doing all these wires? You know, why do you need wire services? All those KYC questions are essentially extensive KYC on the respondent bank. One of the areas that this guidance docent talks about is that the correspondent banks if something trips in their system and they're, and they're giving something a deeper.

They eventually need to make a SAR filing decision if they're in the US or the similar docent you know required in the UK, the EU, Canada, and other jurisdictions. Excuse me, jurisdictions as well. So one of the important things is if the RFI process can work smoothly with information going back and forth, it really helps. The correspondent bank is making that determination.

John Byrne: Yeah. And as you say, there are 19 plus pages of questions with possible answers. So I've pulled out a couple that I thought were interesting and pretty useful; one is to provide the source of wealth of the underlying customer.

And, and so the Wolfsberg folks. When they say, why is that question being asked? They say, which is understandable to us in our community, understanding the source of wealth or origin income will help us better understand whether the customer engaged in transactions consistent with the referred income or wealth.

And they use examples. Okay. The source of wealth can be salary from employment, business, revenue, inheritance, or a key KYC issue, right? To understand that's how you can make a decision. As you said before, whether or not a SAR should be considered because the source of wealth seems unusual or inconsistent with the type of customer. Then you know, there's the direction to look further.

Again seems simple, seems obvious, but having these sorts of questions and possible answers listed in this guidance, I think, is particularly useful for training purposes. I would argue for regular oversight, and you know when they see that you have a list of things you do and yet can be consistent about it, right?

You have to do it for most cases whether. Different questions for individuals versus companies, of course, and that sort of thing. And, they sort of play for that in the Q and a that they list.

Elliot Berman: Yeah, it is interesting. This section is done in slide format and one of the slides.

Makes very clear. And I'm gonna read it's just one sentence. There is no, and that's underscored, no expectation or requirement for the correspondent bank to conduct due diligence on the respondent's customers, sometimes referred to as no your customer's customer, which I thought was interesting. And they cite some 2020 2016 FADAF guidance on correspondent banking as you and I know it has been around for a long time and from a compliance and a.

Risk perspective. It presents challenges because organizations who are asked to trans, you know, be involved in transactions, end up being remote from the initiator of the transaction and oftentimes from the beneficiary. And so having enough that they're comfortable is tricky and this RFI process.

If it's well implemented, the respondent and the correspondent can make that go much more smoothly.

John Byrne: Yeah. And I, hopefully, would've come up with this view regardless, but again, I wanted to give Sarah some credit when she posted her thoughts on this. She said the guidance was helpful, not just for traditional foreign correspondent banking.

And I, and I, I agree with that. I mean, I think there are some things in. like timelines are the respondent bank is providing information in a timely fashion or not. And that could be something that you factor into your risk scoring. Right? So, that's an issue you could have with any client, right?

Any customer, the customer's not being responsive to your request for additional information, or they're not doing it in a timely fashion. There could be reasons for that. So I take her point that this guidance, while it's very. Transaction monitoring at Wolfsburg makes that obvious upfront. Some of the themes in here, I think you can adapt to another sort of general KYC-related challenges, are, I would put it.

Elliot Berman: I agree with you, but I, and I think you and I have talked about that, that general concept many times, and that is that a lot of. We do this in the financial crime prevention process. You use a lot of different parts of it, and you might turn it just a little bit or tune it just a little bit, but the basic principles of, you know, high-quality information gathered in a timely way, responsive clients. Practical analysis, all of those things, those really, you know, work in all the different facets of financial crime prevention. And I think Sarah Beth, again, Sarah Beth's call out is spot on.

John Byrne: Right. And just to remind folks, I was able to sit down with them. Executive secretary Alan Ketley a few weeks ago. So if you want to learn more information about the Wolfsberg group, take a look at that on our AML conversations. Many people have posted it on LinkedIn so that you can find it there. But it was just introduced middle of the week.

Elliot Berman: Yes. So, John, our Thursday webinar will be complete when people hear this episode. But I know you've, you've been burning up the microphone recording a lot of podcasts.

So tell us a few things that are coming in the next couple of days.

John Byrne: Yeah. So given what's going on in the US regarding, Both are unfounded. And, in my humble opinion, disgusting attacks on the FBI and the IRS are disgusting. We got two individuals that I couldn't think of, better people to talk to about the impact that this had on the working men and women in those agencies, Don Ford, former I S C chief.

He and I sat down yesterday, and I also talked to Dennis Lamel, the former head of TFOs, but currently the P. Of the society of retired FBI agents who sent a letter, or a public statement as it were, regarding the FBI's handling of the search warrant in the Mar Lago situation. And also the unfortunate and sad response from policymakers.

So that conversation will give you an insight into both. The legal process, how it was carefully crafted, and the emotional impact that attacks can have daily. And we've seen some of that already. Sadly, the IRS is looking at all of their org buildings around the country to ramp up security because they think that's necessary.

So those two interviews will come up in the next few days, and I urge folks to listen to them. And I encourage our AML community to stand. We need to have the backs of the men and women in the IRS, FBI, Homeland security, and other law enforcement agencies.

Elliot Berman: Yes, absolutely complete I'm in, as you know, I fully agree with you, a, a little bit of a lookout to the end of September on September 29th our live-streamed webinar, which will be at noon. Eastern time will be on ESG, a more sustainable future. And this particular webinar will cover the topic broadly, but it will specifically focus on some things going on in the EU in the UK.

And there are, of course, things going on here in the US as well. So, you should you'll be able to register for that starting. When you hear this, John, has a great weekend, and I will talk to you next week.

John Byrne: Take care, Elliot.

Elliot Berman: Yep. Bye-bye.