New Wolfsberg Principles warn global banks of the risk factors that require Enhanced Due Diligence on a wide range of data

The Wolfsberg Principles are widely regarded as authoritative guidance for how financial institutions should respond to the rising risks of bribery and corruption. New guidance has recently been released for the first time in six years. We unpack its main recommendations of risk factors which should prompt banks to carry out enhanced due diligence, and explain how technology can help to improve and upgrade their compliance approach.

Wolfsberg Principles set the agenda for financial institutions’ compliance

The Wolfsberg Group is an association of 13 global banks which oversees highly influential standards on Anti-Bribery and Corruption (ABC) compliance. The Group has now replaced its guidance from 2017 with a new set of standards. It says the aim of the updated guidance is to advise the financial services industry on how to “develop, implement and maintain an effective ABC program”, and to “promote a culture of ethical business practices and compliance with ABC legal and regulatory requirements”.

The standards were drafted by representatives of some of the biggest banks in Europe, North America and Asia, including Santander, Goldman Sachs, Deutsche Bank, Credit Suisse, Barclays, MUFG Bank and Société Générale, in association with experts and civil society organizations. While the standards are not binding, they are credited with setting the agenda for financial institutions’ approach to ABC, Anti-Money Laundering and Counter-Terrorist Financing, and compliance in general.

Assessment of risk-based due diligence is critical to effective compliance

The 18-page document makes clear that firms should adopt a risk-based approach in their ABC compliance programs by assessing the following factors:

• The “locations in which they do business”.
• Their customer base and “types of customer business activities”.
• The industries in which the financial institution does business.
• Their products and services.
• Their business model.
• Their use of third parties and intermediaries.
• Any interactions with “Public Officials and State-Owned Entities”.
• Whether they are pursuing business opportunities from, or providing benefits to, “government or wholesale customer entities”.

Once companies have identified the level of risk posed by an entity or client, they should apply due diligence and ABC controls which are proportionate to that level. Importantly, the guidance says firms should “periodically assess” these elements to ensure they are capturing new and emerging risks. The Principles outline the types of changes which could raise the level of risk to which an institution is exposed, including:

• “Changes in business activities”, particularly if a company onboards a different type of client, or enters a new sector or jurisdiction.
• Activities by a third party which may create “potential liability” for the financial institution.
• “Emerging bribery and corruption risks”, including new gifts, hospitality arrangements, or political contributions.

Tone from the top: compliance should be led by senior management

The new guidance advises the C-Suite of a company that its ABC policies, standards and procedures should be effectively communicated to staff with a “commitment statement from senior managers”. Compliance can no longer be confined to one area of the business, but it should be a standing item at Board level. This is because a compliance failure can inflict severe legal, financial, reputational and strategic damage on a company–whereas an ethical approach to business can create new opportunities.

The Wolfsberg Principles also call for a culture of “lessons learned and continuous improvement” to be implemented throughout a financial institution. This includes reviewing an ABC program regularly and enhancing it where necessary; reporting and tracking adverse events; and sharing lessons learned across the company. The guidance also says that specific ABC training should be provided to senior managers, Board members and any employees with “heightened exposure to bribery and corruption risks as part of their roles”.

Due diligence helps companies to surface ABC and reputational risks

The report concludes by pointing to “red flags” for potential bribery and corruption which could warrant a firm carrying out enhanced due diligence. This includes:

• Use of a shell company or other non-transparent corporate structure.
• A company with a “flawed background or reputation”.
• A third party making “unreasonable” or “unsupported objections” to ABC due diligence being included in a contract or transaction agreement.
• The “unusual involvement of Public Officials in commercial matters”.

The list of risk indicators is long, and it requires a compliance officer to look at numerous data sources to capture the different issues raised. Detecting the use of a shell company necessitates understanding corporate structures from company information filings, while assessing a “flawed” reputation needs a more subjective judgement based on public opinion and media sources. Compliance officers looking at the list may wonder how they can keep track of these different areas on an ongoing basis.

A good solution is to implement a due diligence program which uses technology to sift through high volumes of data to find risk indicators. A wide range of relevant and authoritative data sources will help, including:

• Company data, which can help financial institutions to identify where a shell company is being used to conceal a beneficial owner.
• Media and social media data, which will demonstrate if a company’s reputation is flawed as the guidance suggests.
• Data on Politically-Exposed Persons (PEPs), which lets compliance officers check if a public official or one of their close associates is involved in a deal.

Upgrade your risk management with Nexis® Solutions

A financial institution needs an effective due diligence program to fully understand its exposure to risk. Nexis® Solutions helps firms to surface risks across a high volume of authoritative data from the most relevant sources, including:

• News data to identify reputational risk of third parties.
• PEPs and sanctions data to identify third parties which may require enhanced due diligence.
• ESG data to assess third parties’ compliance with growing expectations from regulators and the public around human rights and environmental due diligence.
• Company data to help to build a picture of a company’s structure, directors and beneficial owners.

We support firms to deploy technology across these sources to improve their approach to due diligence and risk management. For example:

• Nexis Diligence supports an effective due diligence process with our extensive archives and news searches going back more than 40 years.
• Nexis® Data as a Service delivers an unrivalled collection of licensed and web content, deep archives and data, through our flexible data APIs.