Wolfsberg Questionnaire (CBDDQ) – Version 1.3 Now Available

The Wolfsberg Group has released a new version of its Correspondent Banking Due Diligence Questionnaire (CBDDQ) along with updated supporting FAQs, Completion Guidance and Capacity Building Guidance.

Version 1.3 of the questionnaire (PDF | Excel) includes the following changes:

• Questions CBDDQ ‘14’, ‘70’ and FCCQ ‘27’ were changed to refer to ‘non-resident’ rather than ‘offshore’ customers.
• Question CBDDQ ’77’ and FCCQ ‘31’ have been changed to refer to ‘suspicious activity’ rather than from ‘currency’ reporting.
• Question CBDDQ ‘94’ was removed and blanked out thus not changing the numbering of the following questions.
• Various questions were updated so that responses are in a drop-down format or additional options were added to provide more specific answers.

What is the Purpose of the Wolfsberg Questionnaire?

The Wolfsberg Group’s questionnaire was developed to improve the effectiveness of due diligence for correspondent banking relationships. The Wolfsberg questionnaire is designed to be answered on a Legal Entity (LE) Level which includes any branches for which the client base, products and control model are materially similar to the LE Head Office. As mentioned in the questionnaire, each question in the CBDDQ will need to be addressed from the perspective of the LE and on behalf of all of its branches.

If a response for the LE differs for one of its branches, this needs to be highlighted, and the details regarding this difference need to be captured at the end of each sub-section. If a branch’s business activity (products offered, client base, etc.) is materially different than its Entity Head Office, a separate questionnaire can be completed for that branch.

Below is a list of the questions asked in the questionnaire. It does not include the pull-down answers available in the official version but it gives an indication of the type of questions that are included in the questionnaire. For more information view our blog on the Wolfsberg Group and its efforts to combat financial crimes. 

The Wolfsberg Questionnaire

1. ENTITY & OWNERSHIP

1. Full Legal Name
2. Append a list of foreign branches which are covered by this questionnaire
3. Full Legal (Registered) Address
4. Full Primary Business Address (if different from above)
5. Date of Entity incorporation/ establishment
6. Select the type of ownership and append an ownership chart if available
   6 a Publicly Traded (25% of shares publicly traded).
   If Y, indicate the exchange traded on and ticker symbol
   6 b Member Owned/ Mutual
   6 c Government or State Owned by 25% or more
   6 d Privately Owned.
   If Y, provide details of shareholders or ultimate beneficial owners with a holding of 10% or more
7. % of the Entity’s total shares composed of bearer shares
8. Does the Entity, or any of its branches, operate under an Offshore Banking License (OBL) ?
   8 a If Y, provide the name of the relevant branch/es which operate under an OBL
9. Name of primary financial regulator / supervisory authority
10. Provide Legal Entity Identifier (LEI) if available
11. Provide the full legal name of the ultimate parent (if different from the Entity completing the DDQ)
12.  Jurisdiction of licensing authority and regulator of ultimate parent
13. Select the business areas applicable to the Entity
    13 a Retail Banking
    13 b Private Banking / Wealth Management
    13 c Commercial Banking
    13 d Transactional Banking
    13 e Investment Banking
    13 f Financial Markets Trading
    13 g Securities Services / Custody
    13 h Broker / Dealer
    13 i Multilateral Development Bank
    13 j Other
14.  Does the Entity have a significant (10% or more) portfolio of non-resident customers or does it derive more than 10% of its revenue from nonresident customers? (Non-resident means customers primarily resident in a different jurisdiction to the location where bank services are provided.)
    14 a If Y, provide the top five countries where the nonresident customers are located.
15. Select the closest value:
    15 a Number of employees
    15 b Total Assets
16. Confirm that all responses provided in the above Section ENTITY & OWNERSHIP are representative of all the LE’s branches
    16 a If N, clarify which questions the difference/s relate to and the branch/es that this applies to.
    16 b If appropriate, provide any additional information/context to the answers in this section.

2. PRODUCTS AND SERVICES

17. 17 Does the Entity offer the following products and services:
    17 a Correspondent Banking
    17 a1 If Y
    17 a2 Does the Entity offer Correspondent Banking services to domestic banks?
    17 a3 Does the Entity allow domestic bank clients to provide downstream relationships?
    17 a4 Does the Entity have processes and procedures in place to identify downstream relationships with domestic banks?
    17 a5 Does the Entity offer correspondent banking services to Foreign Banks?
    17 a6 Does the Entity allow downstream relationships with Foreign Banks?
    17 a7 Does the Entity have processes and procedures in place to identify downstream relationships with Foreign Banks?
    17 a8 Does the Entity offer correspondent banking services to regulated MSBs/MVTS?
    17 a9 Does the Entity allow downstream relationships with MSBs/MVTS?
    17 a10 Does the Entity have processes and procedures in place to identify downstream relationships with MSB /MVTS?
    17 b Private Banking (domestic & international)
    17 c Trade Finance
    17 d Payable Through Accounts
    17 e Stored Value Instruments
    17 f Cross Border Bulk Cash Delivery
    17 g Domestic Bulk Cash Delivery
    17 h International Cash Letter
    17 i Remote Deposit Capture
    17 j Virtual /Digital Currencies
    17 k Low Price Securities
    17 l Hold Mail
    17 m Cross Border Remittances
    17 n Service to walk-in customers (non-account holders)
    17 o Sponsoring Private ATMs
    17 p Other high-risk products and services identified by the Entity
18. Confirm that all responses provided in the above Section PRODUCTS & SERVICES are representative of all the LE’s branches
    18 a If N, clarify which questions the difference/s relate to and the branch/es that this applies to.
    18 b If appropriate, provide any additional information/context to the answers in this section.

3. AML, CTF & SANCTIONS PROGRAMME

19. Does the Entity have a program that sets minimum AML, CTF and Sanctions standards regarding the following components:
    19 a Appointed Officer with sufficient experience/expertise
    19 b Cash Reporting
    19 c CDD
    19 d EDD
    19 e Beneficial Ownership
    19 f Independent Testing
    19 g Periodic Review
    19 h Policies and Procedures
    19 i Risk Assessment
    19 j Sanctions
    19 k PEP Screening
    19 l Adverse Information Screening
    19 m Suspicious Activity Reporting
    19 n Training and Education
    19 o Transaction Monitoring
20. How many full-time employees are in the Entity’s AML, CTF & Sanctions Compliance Department?
21. Is the Entity’s AML, CTF & Sanctions policy approved at least annually by the Board or equivalent Senior Management Committee?
22. Does the Board or equivalent Senior Management Committee receive regular reporting on the status of the AML, CTF & Sanctions programme?
23. Does the Entity use third parties to carry out any components of its AML, CTF & Sanctions programme?
    23 a If Y, provide further details
24. Confirm that all responses provided in the above Section AML, CTF & SANCTIONS Programme are representative of all the LE’s branches
    24 a If N, clarify which questions the difference/s relate to and the branch/es that this applies to.
    24 b If appropriate, provide any additional information/context to the answers in this section

4. ANTI BRIBERY & CORRUPTION

25. Has the Entity documented policies and procedures consistent with applicable ABC regulations and requirements to [reasonably] prevent, detect and report bribery and corruption?
26. Does the Entity have an enterprise-wide program that sets minimum ABC standards?
27. Has the Entity appointed a designated officer or officers with sufficient experience/expertise responsible for coordinating the ABC program?
28. Does the Entity have adequate staff with appropriate levels of experience/expertise to implement the ABC program?
29. Is the Entity’s ABC program applicable to: (drop-down list)
30. Does the Entity have a global ABC policy that:
    30 a Prohibits the giving and receiving of bribes? This includes promising, offering, giving, solicitation or receiving of anything of value, directly or indirectly, if improperly intended to influence action or obtain an advantage
    30 b Includes enhanced requirements regarding interaction with public officials?
    30 c Includes a prohibition against the falsification of books and records (this may be within the ABC policy or any other policy applicable to the Legal Entity)?
31. Does the Entity have controls in place to monitor the effectiveness of its ABC program?
32. Does the Entity’s Board or Senior Management Committee receive regular Management Information on ABC matters?
33. Does the Entity perform an Enterprise-Wide ABC risk assessment?
    33 a If Y select the frequency
34. Does the Entity have an ABC residual risk rating that is the net result of the controls effectiveness and the inherent risk assessment?
35. Does the Entity’s ABC EWRA cover the inherent risk components detailed below:
    35 a Potential liability created by intermediaries and other third-party providers as appropriate
    35 b Corruption risks associated with the countries and industries in which the Entity does business, directly or through intermediaries
    35 c Transactions, products or services, including those that involve state-owned or state-controlled entities or public officials
    35 d Corruption risks associated with gifts and hospitality, hiring/internships, charitable donations and political contributions
    35 e Changes in business activities that may materially increase the Entity’s corruption risk
36. Does the Entity’s internal audit function or other independent third party cover ABC Policies and Procedures?
37. Does the Entity provide mandatory ABC training to:
    37 a Board and senior Committee Management
    37 b 1st Line of Defence
    37 c 2nd Line of Defence
    37 d 3rd Line of Defence
    37 e 3rd parties to which specific compliance activities subject to ABC risk have been outsourced
    37 f Non-employed workers as appropriate (contractors/consultants)
38. Does the Entity provide ABC training that is targeted to specific roles, responsibilities and activities?
39. Confirm that all responses provided in the above Section Anti Bribery & Corruption are representative of all the LE’s branches
    39 a If N, clarify which questions the difference/s relate to and the branch/es that this applies to.
    39 b If appropriate, provide any additional information/context to the answers in this section.

5. AML, CTF & SANCTIONS POLICIES & PROCEDURES

40. Has the Entity documented policies and procedures consistent with applicable AML, CTF & Sanctions regulations and requirements to
    reasonably prevent, detect and report:
    40 a Money laundering
    40 b Terrorist financing
    40 c Sanctions violations
41. Are the Entity’s policies and procedures updated at least annually?
42. Are the Entity’s policies and procedures gapped against/compared to:
    42 a US Standards
    42 a1 If Y, does the Entity retain a record of the results?
    42 b EU Standards
    42 b1 If Y, does the Entity retain a record of the results?
43. Does the Entity have policies and procedures that:
    43 a Prohibit the opening and keeping of anonymous and fictitious named accounts
    43 b Prohibit the opening and keeping of accounts for unlicensed banks and/or NBFIs
    43 c Prohibit dealing with other entities that provide banking services to unlicensed banks
    43 d Prohibit accounts/relationships with shell banks
    43 e Prohibit dealing with another entity that provides services to shell banks
    43 f Prohibit opening and keeping of accounts for Section 311 designated entities
    43 g Prohibit opening and keeping of accounts for any of unlicensed/unregulated remittance agents, exchanges houses, casa de cambio, bureaux de change or money transfer agents
    43 h Assess the risks of relationships with domestic and foreign PEPs, including their family and close associates
    43 i Define escalation processes for financial crime risk issues
    43 j Define the process, where appropriate, for terminating existing customer relationships due to financial crime risk
    43 k Specify how potentially suspicious activity identified by employees is to be escalated and investigated
    43 l Outline the processes regarding screening for sanctions, PEPs and negative media
    43 m Outline the processes for the maintenance of internal “watchlists”
44. Has the Entity defined a risk tolerance statement or similar document which defines a risk boundary around their business?
45. Does the Entity have a record retention procedures that comply with applicable laws?
    45 a If Y, what is the retention period?
46. Confirm that all responses provided in the above Section POLICIES & PROCEDURES are representative of all the LE’s branches
    46 a If N, clarify which questions the difference/s relate to and the branch/es that this applies to.
    46 b If appropriate, provide any additional information/context to the answers in this section.

AML, CTF & SANCTIONS RISK ASSESSMENT

47. Does the Entity’s AML & CTF EWRA cover the inherent risk components detailed below:
    47 a Client
    47 b Product
    47 c Channel
    47 d Geography
48. Does the Entity’s AML & CTF EWRA cover the controls effectiveness components detailed below:
    48 a Transaction Monitoring
    48 b Customer Due Diligence
    48 c PEP Identification
    48 d Transaction Screening
    48 e Name Screening against Adverse Media & Negative News
    48 f Training and Education
    48 g Governance
    48 h Management Information
49. Has the Entity’s AML & CTF EWRA been completed in the last 12 months?
    49 a If N, provide the date when the last AML & CTF EWRA was completed.
50. Does the Entity’s Sanctions EWRA cover the inherent risk components detailed below:
    50 a Client
    50 b Product
    50 c Channel
    50 d Geography
51. Does the Entity’s Sanctions EWRA cover the controls effectiveness components detailed below:
    51 a Customer Due Diligence
    51 b Transaction Screening
    51 c Name Screening
    51 d List Management
    51 e Training and Education
    51 f Governance
    51 g Management Information
52. Has the Entity’s Sanctions EWRA been completed in the last 12 months?
    52 a If N, provide the date when the last Sanctions EWRA was completed.
53. Confirm that all responses provided in the above Section AML, CTF & SANCTIONS RISK ASSESSMENT are representatives of all the LE’s
    branches
    53 a If N, clarify which questions the difference/s relate to and the branch/es that this applies to.
    53 b If appropriate, provide any additional information/context to the answers in this section.

7. KYC, CDD and EDD

54. Does the Entity verify the identity of the customer?
55. Do the Entity’s policies and procedures set out when CDD must be completed, e.g. at the time of onboarding or within 30 days
56. Which of the following does the Entity gather and retain when conducting CDD? Select all that apply:
    56 a Ownership structure
    56 b Customer identification
    56 c Expected activity
    56 d Nature of business/employment
    56 e Product usage
    56 f Purpose and nature of relationship
    56 g Source of funds
    56 h Source of wealth
57. Are each of the following identified:
    57 a Ultimate beneficial ownership
    57 a1 Are ultimate beneficial owners verified?
    57 b Authorised signatories (where applicable)
    57 c Key controllers
    57 d Other relevant parties
58. What is the Entity’s minimum (lowest) threshold applied to beneficial ownership identification?
59. Does the due diligence process result in customers receiving a risk classification?
60. If Y, what factors/criteria are used to determine the customer’s risk classification? Select all that apply:
    60 a Product Usage
    60 b Geography
    60 c Business Type/Industry
    60 d Legal Entity type
    60 e Adverse Information
    60 f Other (specify)
61. Does the Entity have a risk-based approach to adverse media screening/negative news?
62. If Y, is this at:
    62 a Onboarding
    62 b KYC renewal
    62 c Trigger event
63. What is the method used by the Entity to screen for adverse media / negative news?
64. Does the Entity have a risk-based approach to screening customers and connected parties to determine whether they are PEPs, or controlled by PEPs?
65. If Y, is this at:
    65 a Onboarding
    65 b KYC renewal
    65 c Trigger event
66. What is the method used by the Entity to screen PEPs?
67. Does the Entity have policies, procedures and processes to review and escalate potential matches from screening customers and connected parties to determine whether they are PEPs, or controlled by PEPs?
68. Does the Entity have a process to review and update customer information based on:
    68 a KYC renewal
    68 b Trigger event
69. Does the Entity maintain and report metrics on current and past periodic or trigger event due diligence reviews?
70. From the list below, which categories of customers or industries are subject to EDD and/or are restricted, or prohibited by the Entity’s FCC program?
    70 a Non-account customers
    70 b Non-resident customers
    70 c Shell banks
    70 d MVTS/ MSB customers
    70 e PEPs
    70 f PEP Related
    70 g PEP Close Associate
    70 h Correspondent Banks
    70 h1 If EDD or EDD & restricted, does the EDD assessment contain the elements as set out in the Wolfsberg Correspondent Banking Principles 2014?
    70 i Arms, defense, military
    70 j Atomic power
    70 k Extractive industries
    70 l Precious metals and stones
    70 m Unregulated charities
    70 n Regulated charities
    70 o Red light business / Adult entertainment
    70 p Non-Government Organisations
    70 q Virtual currencies
    70 r Marijuana
    70 s Embassies/Consulates
    70 t Gambling
    70 u Payment Service Provider
    70 v Other (specify)
71. If restricted, provide details of the restriction
72. Does the Entity perform an additional control or quality review on clients subject to EDD?
73. Confirm that all responses provided in the above Section KYC, CDD and EDD are representative of all the LE’s branches
    73 a If N, clarify which questions the difference/s relate to and the branch/es that this applies to
    73 b If appropriate, provide any additional information/context to the answers in this section.

8. MONITORING & REPORTING

74. Does the Entity have risk-based policies, procedures and monitoring processes for the identification and reporting of suspicious activity?
75. What is the method used by the Entity to monitor transactions for suspicious activities?
76. If manual or combination selected, specify what type of transactions are monitored manually
77. Does the Entity have regulatory requirements to report suspicious transactions?
    77 a If Y, does the Entity have policies, procedures and processes to comply with suspicious transaction reporting requirements?
78. Does the Entity have policies, procedures and processes to review and escalate matters arising from the monitoring of customer transactions and activity?
79. Confirm that all responses provided in the above Section MONITORING & REPORTING are representative of all the LE’s branches
    79 a If N, clarify which questions the difference/s relate to and the branch/es that this applies to
    79 b If appropriate, provide any additional information/context to the answers in this section.

9. PAYMENT TRANSPARENCY

80. Does the Entity adhere to the Wolfsberg Group Payment Transparency Standards?
81. Does the Entity have policies, procedures and processes to [reasonably] comply with and have controls in place to ensure compliance with:
    81 a FATF Recommendation 16
    81 b Local Regulations
    81 b1 Specify the regulation
    81 c If N, explain
82. Does the Entity have processes in place to respond to Request For Information (RFIs) from other entities in a timely manner?
83. Does the Entity have controls to support the inclusion of required and accurate originator information in international payment messages?
84. Does the Entity have controls to support the inclusion of required beneficiary information international payment messages?
85. Confirm that all responses provided in the above Section PAYMENT TRANSPARENCY are representative of all the LE’s branches
    85 a If N, clarify which questions the difference/s relate to and the branch/es that this applies to.
    85 b If appropriate, provide any additional information/context to the answers in this section.

10. SANCTIONS

86. Does the Entity have a Sanctions Policy approved by management regarding compliance with sanctions law applicable to the Entity, including with respect its business conducted with, or through accounts held at foreign financial institutions?
87. Does the Entity have policies, procedures, or other controls reasonably designed to prevent the use of another entity’s accounts or services in a manner causing the other entity to violate sanctions prohibitions applicable to the other entity (including prohibitions within the other entity’s local jurisdiction)?
88. Does the Entity have policies, procedures or other controls reasonably designed to prohibit and/or detect actions taken to evade applicable sanctions prohibitions, such as stripping, or the resubmission and/or masking, of sanctions-relevant information in cross-border transactions?
89. Does the Entity screen its customers, including beneficial ownership information collected by the Entity, during onboarding and regularly thereafter against Sanctions Lists?
90. What is the method used by the Entity?
91. Does the Entity screen all sanctions-relevant data, including at a minimum, entity and location information, contained in cross-border transactions against Sanctions Lists?
92. What is the method used by the Entity?
93. Select the Sanctions Lists used by the Entity in its sanctions screening processes:
    93 a Consolidated United Nations Security Council Sanctions List (UN)
    93 b United States Department of the Treasury’s Office of Foreign Assets Control (OFAC)
    93 c Office of Financial Sanctions Implementation HMT (OFSI)
    93 d European Union Consolidated List (EU)
    93 e Lists maintained by other G7 member countries
    93 f Other (specify)
94. Question removed
95. When regulatory authorities make updates to their Sanctions list, how many business days before the entity updates their active manual and/or automated screening systems against:
    95 a Customer Data
    95 b Transactions
96. Does the Entity have a physical presence, e.g., branches, subsidiaries, or representative offices located in countries/regions against which UN, OFAC, OFSI, EU and G7 member countries have enacted comprehensive jurisdiction-based Sanctions?
97. Confirm that all responses provided in the above Section SANCTIONS are representative of all the LE’s branches
    97 a If N, clarify which questions the difference/s relate to and the branch/es that this applies to.
    97 b If appropriate, provide any additional information/context to the answers in this section.

11. TRAINING & EDUCATION

98. Does the Entity provide mandatory training, which includes :
    98 a Identification and reporting of transactions to government authorities
    98 b Examples of different forms of money laundering, terrorist financing and sanctions violations relevant for the types of products and services offered
    98 c Internal policies for controlling money laundering, terrorist financing and sanctions violations
    98 d New issues that occur in the market, e.g., significant regulatory actions or new regulations
    98 e Conduct and Culture
99. Is the above mandatory training provided to :
    99 a Board and Senior Committee Management
    99 b 1st Line of Defence
    99 c 2nd Line of Defence
    99 d 3rd Line of Defence
    99 e 3rd parties to which specific FCC activities have been outsourced
    99 f Non-employed workers (contractors/consultants)
100. Does the Entity provide AML, CTF & Sanctions training that is targeted to specific roles, responsibilities and high-risk products, services and activities?
101. Does the Entity provide customized training for AML, CTF and Sanctions staff?
102. Confirm that all responses provided in the above Section TRAINING & EDUCATION are representative of all the LE’s branches
     102 a If N, clarify which questions the difference/s relate to and the branch/es that this applies to.
     102 b If appropriate, provide any additional information/context to the answers in this section.

12. QUALITY ASSURANCE /COMPLIANCE TESTING

103. Are the Entity’s KYC processes and documents subject to quality assurance testing?
104. Does the Entity have a program-wide risk-based Compliance Testing process (separate to the independent Audit function)?
105. Confirm that all responses provided in the above Section QUALITY ASSURANCE / COMPLIANCE TESTING are representative of all the LE’s branches
     105 a If N, clarify which questions the difference/s relate to and the branch/es that this applies to.
     105 b If appropriate, provide any additional information/context to the answers in this section.

13. AUDIT

106. In addition to inspections by the government supervisors/regulators, does the Entity have an internal audit function, a testing function or other independent third party, or both, that assesses FCC AML, CTF and Sanctions policies and practices on a regular basis?
107. How often is the Entity audited on its AML, CTF & Sanctions program by the following:
     107 a Internal Audit Department
     107 b External Third Party
108. Does the internal audit function or other independent third-party cover the following areas:
     108 a AML, CTF & Sanctions policy and procedures
     108 b KYC / CDD / EDD and underlying methodologies
     108 c Transaction Monitoring
     108 d Transaction Screening including for sanctions
     108 e Name Screening & List Management
     108 f Training & Education
     108 g Technology
     108 h Governance
     108 i Reporting/Metrics & Management Information
     108 j Suspicious Activity Filing
     108 k Enterprise Wide Risk Assessment
     108 l Other (specify)
109. Are adverse findings from internal & external audit tracked to completion and assessed for adequacy and completeness?
110. Confirm that all responses provided in the above section, AUDIT are representative of all the LE’s branches
     110 a If N, clarify which questions the difference/s relate to and the branch/es that this applies to.
     110 b If appropriate, provide any additional information/context to the answers in this section.

The full official versions of the Wolfsberg questionnaire can be found here:  PDF | Excel.

Alessa and Correspondent Banking Relationships

Alessa is an AML solution that allows banks to effectively meet their correspondent banking relationships – all within one platform. The solution integrates with existing core systems and includes:

• Real-time due diligence
• Transaction monitoring and screening
• Sanctions and watchlist screening
• Automated regulatory reporting
• Advanced analytics like anomaly detection and machine learning
• Dashboards, workflows and case management

Contact us to learn more about how Alessa can help with compliance, such as the Wolfsberg Questionnaire and more.