This Week in AML

The Wolfsberg Group Updates its Guidance on Anti-Bribery & Corruption

The Wolfsberg Group has published updated Anti-Bribery and Corruption Compliance Programs guidance. John and Elliot discuss critical elements of the guidance and the importance of financial service providers maintaining effective programs.


The Wolfsberg Group Updates its Guidance on Anti-Bribery & Corruption - TRANSCRIPT

John Byrne: Hey, Elliot.

Elliot Berman: Hi John. How are you?

John Byrne: I'm good. I know we're both getting ready for next week's AML Partnership Forum, so doing some last minute meetings with folks that are gonna present next week. So looking forward to that. But I noticed that there's been a number of things going on this week.

Today as we're recording this House Financial Services is looking at the stablecoin issue, so we may get some updates on that next week at our conference. I also saw that the Supreme Court just issued a decision in the Halkbank case, which is a Turkish bank. Without going into too much of the specifics, it's owned by the Republic of Turkey, and they were charged with conspiring to evade US economic sanctions against Iran.

The court in a 7-2 decision dismissed the the bank's charge that they're not covered under what's called the Foreign Sovereign Immunities Act, but said that the lower court now has to look at whether or not common law impacts the decision. To pursue a criminal prosecution against an institution like this. More to come on this, but it's definitely relevant to our audience and again just came out. So I haven't had a chance to read the entire decision, but it is Halkbank, h a l k b a n k, which again is a bank owned by the Republic of Turkey.

And while people might think we've become the marketing arm for Wolfsberg cuz we've given 'em a lot of focus, but correctly and rightly so. The Wolfsberg Group has done a lot of interesting things, but recently has been very active. And they've just published updated guidance for anti-bribery and corruption. So I know you've taken a look at that.

Elliot Berman: Yes it came out earlier this week and we'll link to it on our website when we post on Friday. It's a comprehensive guidance document about how to put together and maintain an effective anti-bribery and corruption compliance program at the institutional level.

One of the things that caught my eye as I was looking at it is these kinds of programs with various different titles ethics program or code of conduct or other things they've been around in certainly decent size banks in the US for a long time. And the latest piece, I think does a really nice job of laying out what you ought to consider and the kinds of things that ought to go into it.

But for, I think a lot of our audience, this will not be a surprise, but it is a comprehensive, well-crafted document.

John Byrne: Yeah so two things. I know you're gonna talk about the risk assessment, which is relatively new, but I also think they're calling out, not just training and awareness, which is important obviously for any sort of guidance to institutions.

But the sharings of lessons learned from internal and external events to continually update your program. So where, my view, where have we made mistakes? Institution. And so here's what we've learned from that or externally, like looking at an enforcement action, similar event. You take a look at the themes in an external event and how can that be utilized to improve your ABC compliance? So I think it sounds obvious and logical, but I think calling that out specifically I think is pretty valuable.

Elliot Berman: Agreed. You mentioned a moment ago the risk assessment. A number of years ago when I was still at a financial institution our organization had strong commitment to ethical behavior. And it had a standing multidisciplinary committee that reviewed the code of conduct on an annual basis and periodically would do a substantial rewrite. What we didn't do at that time, and this was a number of years ago, is we didn't really look at it from a risk assessment perspective.

And I think part of the reason for that was we were a reasonably small institution, but the other reason was the concept of risk assessments has certainly migrated from very narrow areas of organizations to a much broader perspective. This was also at a time where the idea of a chief risk officer really hadn't taken hold in medium sized institutions and things like that.

So I think as all of that, perspective on assessing risk has grown, the element of a risk assessment as part of an ABC compliance program has come into play. And again, that section in the guidance I think is well done and well worth people taking a look at.

John Byrne: Yeah and, looking at not just the executive summary, but the the very comprehensive guidance itself. Some of it again will not be seen as new. But a couple things that I focused on, gifts in business hospitality. I remember decades ago when I was at the Bank Association, we actually worked on the Bank Bribery Act to update it to make sure that the utilization of that criminal law would only kick in if a particular act was done for corrupt purposes or corruptly was the distinction there.

But this guidance talks about appearances and if you look at the Section 4 of this, none of this will seem unusual or shouldn't, but some of the things that they decided collaboratively. Obviously Wolfsburg is looking at international issues, not just US based requirements or practices, but the presence of one or more of the following risk factors can affect the appropriateness of a gift or business hospitality. Number one, that person is a public official. Pretty clear, right? The value is lavish . Family members are invited or part of this. There is no clear commercial rationale or business nexus and several others.

So I think we can look at current events and make determinations that those appearances are things that could present potential conflict. And in some cases we would argue absolutely present conflict. And the other part of it I thought was also interesting is they said, and I've not seen this before you have, because you've run this in institutions, but to prevent offers of employment from being used improperly, they say that FIs should consider the following, and again, some of this will seem obvious, but spelling it out I think is pretty interesting to me. And that's consistent recruitment process, merit-based hiring, heightened scrutiny if a candidate is referred by a public official or an employee of a customer, or potential customers. Monitoring or testing procedures, the effectiveness of governance, and then training and hiring managers and HR employees.

Again, sometimes spelling things out that we should already know, I think certainly adds to the value proposition of a guidance document.

Elliot Berman: Agreed. And many of the things that are laid out in here and are laid out in good comprehensive programs, one could argue would be common sense, and yet there are aspects of it that don't feel like they're a problem, in part because the person or people who are doing it, their motive is not to create influence. I think the hiring one's a good example. Particularly in medium sized institutions, you could have a senior official at a very large bank customer reach out to someone they know well in the institution when their son or daughter is looking for a college internship, for example. So it may be even unpaid. And, they're interested in banking and hey, would you have a summer position where they could come and learn more about the industry because they're a finance major.

You and I have certainly heard those stories. We are aware of those stories. There's no effort there to influence the next loan application, and yet if you don't have a process for hiring with the factors that you identified, you run the risk that after the fact in 20-20 hindsight, even something as seemingly

unintended, not related to corruption or bribery, could be viewed it as not well thought out if something bad happens later on.

And so I think the challenge with the with running an effective program is getting people to understand that they really have to think deeply about some things that they wouldn't normally, and to having good mechanisms to help have consistent decisions across an institution. So if there's a gift being offered to someone and it's not clear what the value is, so you can't really figure out if it fits in the organization's value limits, that there's Information source, a committee, or, someone that can actually help adjudicate those as opposed to leaving lots of people on their own to guess.

Cuz that's an area where organizations regularly get tripped up in terms of at least internal violations if not regulatory violations.

John Byrne: And last thing, the Appendix A lists examples of bribery and corruption, red flags. Not exhaustive as they say, but there's quite a bit there. So take a look at that when you get a chance.

But again, I think the Wolfsburg group has done everybody a great service by putting something together that you can tailor to your own institution. You make the modifications based on law and regulations that are relevant to oversight of your particular institution. But again, the risk assessment area, learning from previous events and obviously the red flags are all value adds to an area that continues to challenge us, particularly in the States, in that corruption is one of the priorities identified by the Treasury Department a couple of years ago that we know will eventually be crafted into a regulation and we'll have institutions will have to show how they're being responsive to deal with that particular priority.

Elliot Berman: Yes. So I'll let you do the plug for the AML Partnership Forum, which you mentioned earlier.

John Byrne: It starts on April 26th to the 28th. Especially if you are a local, in the DC area, we still have some seats available. But remember, it is basically closed door in that there's no press, there's no exhibit hall, but the ability to network and contact with your partners, in the private and public sector is unmatched on the East coast.

We are very excited about the keynoters that we have. Catherine Chen from Polaris. I have Tom Vartanian, an excellent banking law expert who's just written a book on cybersecurity. Plus we'll have a law enforcement

panel looking at FinTech, crypto, you name it. Next week, 26 to 28th in Washington DC.

Elliot Berman: And senior representatives from the IRS:CI, HSI, and FBI will kick off each day with remarks about their insights into the public-private partnership challenges and priorities.

John Byrne: Yep. So information's available and we urge everybody to to reach out if they can. I think you, not only will you not be disappointed, you will learn a heck of a lot.

Elliot Berman: Yes, I think it'll be an excellent program. And John anything else in the hopper?

John Byrne: I'm getting ready to do an interview with several folks from Interaction, which is a humanitarian group that's done some great advocacy work on de-risking and financial access. And we're gonna talk early next week about the recent OFAC license improvements that allow many humanitarian groups to process and submit transactions to conflict areas. We're gonna do that interview on Monday and obviously we'll post it at some point after that.

Elliot Berman: Yeah, that'll get posted early next month. And by the time you hear this, the webinar for April will be complete but the May webinar is gonna be on the power of public and private partnerships, and that's May 25th and you'll be able to register at our website when you hear this. Look for that. John, yeah, I know you're putting together a great panel on that as well. So you have a great week and I look forward to spending a good share of the week with you next week in Washington.

John Byrne: Yep. Stay safe, talk to you soon.

Elliot Berman: You too. Bye-bye.