The Wolfsberg Group has released a new version of its Correspondent Banking Due Diligence Questionnaire (CBDDQ) along with updated supporting FAQs, Completion Guidance and Capacity Building Guidance.
Version 1.3 of the questionnaire (PDF | Excel) includes the following changes:
- Questions CBDDQ ‘14’, ‘70’ and FCCQ ‘27’ were changed to refer to ‘non-resident’ rather than ‘offshore’ customers.
- Question CBDDQ ’77’ and FCCQ ‘31’ have been changed to refer to ‘suspicious activity’ rather than from ‘currency’ reporting.
- Question CBDDQ ‘94’ was removed and blanked out thus not changing the numbering of the following questions.
- Various questions were updated so that responses are in a drop-down format or additional options were added to provide more specific answers.
What is the Purpose of the Wolfsberg Questionnaire?
The Wolfsberg Group’s questionnaire was developed to improve the effectiveness of due diligence for correspondent banking relationships. The Wolfsberg questionnaire is designed to be answered on a Legal Entity (LE) Level which includes any branches for which the client base, products and control model are materially similar to the LE Head Office. As mentioned in the questionnaire, each question in the CBDDQ will need to be addressed from the perspective of the LE and on behalf of all of its branches.
If a response for the LE differs for one of its branches, this needs to be highlighted, and the details regarding this difference need to be captured at the end of each sub-section. If a branch’s business activity (products offered, client base, etc.) is materially different than its Entity Head Office, a separate questionnaire can be completed for that branch.
Below is a list of the questions asked in the questionnaire. It does not include the pull-down answers available in the official version but it gives an indication of the type of questions that are included in the questionnaire. For more information view our blog on the Wolfsberg Group and its efforts to combat financial crimes.
The Wolfsberg Questionnaire
1. ENTITY & OWNERSHIP
- Full Legal Name
- Append a list of foreign branches which are covered by this questionnaire
- Full Legal (Registered) Address
- Full Primary Business Address (if different from above)
- Date of Entity incorporation/ establishment
- Select the type of ownership and append an ownership chart if available
6 a Publicly Traded (25% of shares publicly traded).
If Y, indicate the exchange traded on and ticker symbol
6 b Member Owned/ Mutual
6 c Government or State Owned by 25% or more
6 d Privately Owned.
If Y, provide details of shareholders or ultimate beneficial owners with a holding of 10% or more - % of the Entity’s total shares composed of bearer shares
- Does the Entity, or any of its branches, operate under an Offshore Banking License (OBL) ?
8 a If Y, provide the name of the relevant branch/es which operate under an OBL - Name of primary financial regulator / supervisory authority
- Provide Legal Entity Identifier (LEI) if available
- Provide the full legal name of the ultimate parent (if different from the Entity completing the DDQ)
- Jurisdiction of licensing authority and regulator of ultimate parent
- Select the business areas applicable to the Entity
13 a Retail Banking
13 b Private Banking / Wealth Management
13 c Commercial Banking
13 d Transactional Banking
13 e Investment Banking
13 f Financial Markets Trading
13 g Securities Services / Custody
13 h Broker / Dealer
13 i Multilateral Development Bank
13 j Other - Does the Entity have a significant (10% or more) portfolio of non-resident customers or does it derive more than 10% of its revenue from nonresident customers? (Non-resident means customers primarily resident in a different jurisdiction to the location where bank services are provided.)
14 a If Y, provide the top five countries where the nonresident customers are located. - Select the closest value:
15 a Number of employees
15 b Total Assets - Confirm that all responses provided in the above Section ENTITY & OWNERSHIP are representative of all the LE’s branches
16 a If N, clarify which questions the difference/s relate to and the branch/es that this applies to.
16 b If appropriate, provide any additional information/context to the answers in this section.
2. PRODUCTS AND SERVICES
- 17 Does the Entity offer the following products and services:
17 a Correspondent Banking
17 a1 If Y
17 a2 Does the Entity offer Correspondent Banking services to domestic banks?
17 a3 Does the Entity allow domestic bank clients to provide downstream relationships?
17 a4 Does the Entity have processes and procedures in place to identify downstream relationships with domestic banks?
17 a5 Does the Entity offer correspondent banking services to Foreign Banks?
17 a6 Does the Entity allow downstream relationships with Foreign Banks?
17 a7 Does the Entity have processes and procedures in place to identify downstream relationships with Foreign Banks?
17 a8 Does the Entity offer correspondent banking services to regulated MSBs/MVTS?
17 a9 Does the Entity allow downstream relationships with MSBs/MVTS?
17 a10 Does the Entity have processes and procedures in place to identify downstream relationships with MSB /MVTS?
17 b Private Banking (domestic & international)
17 c Trade Finance
17 d Payable Through Accounts
17 e Stored Value Instruments
17 f Cross Border Bulk Cash Delivery
17 g Domestic Bulk Cash Delivery
17 h International Cash Letter
17 i Remote Deposit Capture
17 j Virtual /Digital Currencies
17 k Low Price Securities
17 l Hold Mail
17 m Cross Border Remittances
17 n Service to walk-in customers (non-account holders)
17 o Sponsoring Private ATMs
17 p Other high-risk products and services identified by the Entity - Confirm that all responses provided in the above Section PRODUCTS & SERVICES are representative of all the LE’s branches
18 a If N, clarify which questions the difference/s relate to and the branch/es that this applies to.
18 b If appropriate, provide any additional information/context to the answers in this section.
3. AML, CTF & SANCTIONS PROGRAMME
- Does the Entity have a program that sets minimum AML, CTF and Sanctions standards regarding the following components:
19 a Appointed Officer with sufficient experience/expertise
19 b Cash Reporting
19 c CDD
19 d EDD
19 e Beneficial Ownership
19 f Independent Testing
19 g Periodic Review
19 h Policies and Procedures
19 i Risk Assessment
19 j Sanctions
19 k PEP Screening
19 l Adverse Information Screening
19 m Suspicious Activity Reporting
19 n Training and Education
19 o Transaction Monitoring - How many full-time employees are in the Entity’s AML, CTF & Sanctions Compliance Department?
- Is the Entity’s AML, CTF & Sanctions policy approved at least annually by the Board or equivalent Senior Management Committee?
- Does the Board or equivalent Senior Management Committee receive regular reporting on the status of the AML, CTF & Sanctions programme?
- Does the Entity use third parties to carry out any components of its AML, CTF & Sanctions programme?
23 a If Y, provide further details - Confirm that all responses provided in the above Section AML, CTF & SANCTIONS Programme are representative of all the LE’s branches
24 a If N, clarify which questions the difference/s relate to and the branch/es that this applies to.
24 b If appropriate, provide any additional information/context to the answers in this section
4. ANTI BRIBERY & CORRUPTION
- Has the Entity documented policies and procedures consistent with applicable ABC regulations and requirements to [reasonably] prevent, detect and report bribery and corruption?
- Does the Entity have an enterprise-wide program that sets minimum ABC standards?
- Has the Entity appointed a designated officer or officers with sufficient experience/expertise responsible for coordinating the ABC program?
- Does the Entity have adequate staff with appropriate levels of experience/expertise to implement the ABC program?
- Is the Entity’s ABC program applicable to: (drop-down list)
- Does the Entity have a global ABC policy that:
30 a Prohibits the giving and receiving of bribes? This includes promising, offering, giving, solicitation or receiving of anything of value, directly or indirectly, if improperly intended to influence action or obtain an advantage
30 b Includes enhanced requirements regarding interaction with public officials?
30 c Includes a prohibition against the falsification of books and records (this may be within the ABC policy or any other policy applicable to the Legal Entity)? - Does the Entity have controls in place to monitor the effectiveness of its ABC program?
- Does the Entity’s Board or Senior Management Committee receive regular Management Information on ABC matters?
- Does the Entity perform an Enterprise-Wide ABC risk assessment?
33 a If Y select the frequency - Does the Entity have an ABC residual risk rating that is the net result of the controls effectiveness and the inherent risk assessment?
- Does the Entity’s ABC EWRA cover the inherent risk components detailed below:
35 a Potential liability created by intermediaries and other third-party providers as appropriate
35 b Corruption risks associated with the countries and industries in which the Entity does business, directly or through intermediaries
35 c Transactions, products or services, including those that involve state-owned or state-controlled entities or public officials
35 d Corruption risks associated with gifts and hospitality, hiring/internships, charitable donations and political contributions
35 e Changes in business activities that may materially increase the Entity’s corruption risk - Does the Entity’s internal audit function or other independent third party cover ABC Policies and Procedures?
- Does the Entity provide mandatory ABC training to:
37 a Board and senior Committee Management
37 b 1st Line of Defence
37 c 2nd Line of Defence
37 d 3rd Line of Defence
37 e 3rd parties to which specific compliance activities subject to ABC risk have been outsourced
37 f Non-employed workers as appropriate (contractors/consultants) - Does the Entity provide ABC training that is targeted to specific roles, responsibilities and activities?
- Confirm that all responses provided in the above Section Anti Bribery & Corruption are representative of all the LE’s branches
39 a If N, clarify which questions the difference/s relate to and the branch/es that this applies to.
39 b If appropriate, provide any additional information/context to the answers in this section.
5. AML, CTF & SANCTIONS POLICIES & PROCEDURES
- Has the Entity documented policies and procedures consistent with applicable AML, CTF & Sanctions regulations and requirements to
reasonably prevent, detect and report:
40 a Money laundering
40 b Terrorist financing
40 c Sanctions violations - Are the Entity’s policies and procedures updated at least annually?
- Are the Entity’s policies and procedures gapped against/compared to:
42 a US Standards
42 a1 If Y, does the Entity retain a record of the results?
42 b EU Standards
42 b1 If Y, does the Entity retain a record of the results? - Does the Entity have policies and procedures that:
43 a Prohibit the opening and keeping of anonymous and fictitious named accounts
43 b Prohibit the opening and keeping of accounts for unlicensed banks and/or NBFIs
43 c Prohibit dealing with other entities that provide banking services to unlicensed banks
43 d Prohibit accounts/relationships with shell banks
43 e Prohibit dealing with another entity that provides services to shell banks
43 f Prohibit opening and keeping of accounts for Section 311 designated entities
43 g Prohibit opening and keeping of accounts for any of unlicensed/unregulated remittance agents, exchanges houses, casa de cambio, bureaux de change or money transfer agents
43 h Assess the risks of relationships with domestic and foreign PEPs, including their family and close associates
43 i Define escalation processes for financial crime risk issues
43 j Define the process, where appropriate, for terminating existing customer relationships due to financial crime risk
43 k Specify how potentially suspicious activity identified by employees is to be escalated and investigated
43 l Outline the processes regarding screening for sanctions, PEPs and negative media
43 m Outline the processes for the maintenance of internal “watchlists” - Has the Entity defined a risk tolerance statement or similar document which defines a risk boundary around their business?
- Does the Entity have a record retention procedures that comply with applicable laws?
45 a If Y, what is the retention period? - Confirm that all responses provided in the above Section POLICIES & PROCEDURES are representative of all the LE’s branches
46 a If N, clarify which questions the difference/s relate to and the branch/es that this applies to.
46 b If appropriate, provide any additional information/context to the answers in this section.
AML, CTF & SANCTIONS RISK ASSESSMENT
- Does the Entity’s AML & CTF EWRA cover the inherent risk components detailed below:
47 a Client
47 b Product
47 c Channel
47 d Geography - Does the Entity’s AML & CTF EWRA cover the controls effectiveness components detailed below:
48 a Transaction Monitoring
48 b Customer Due Diligence
48 c PEP Identification
48 d Transaction Screening
48 e Name Screening against Adverse Media & Negative News
48 f Training and Education
48 g Governance
48 h Management Information - Has the Entity’s AML & CTF EWRA been completed in the last 12 months?
49 a If N, provide the date when the last AML & CTF EWRA was completed. - Does the Entity’s Sanctions EWRA cover the inherent risk components detailed below:
50 a Client
50 b Product
50 c Channel
50 d Geography - Does the Entity’s Sanctions EWRA cover the controls effectiveness components detailed below:
51 a Customer Due Diligence
51 b Transaction Screening
51 c Name Screening
51 d List Management
51 e Training and Education
51 f Governance
51 g Management Information - Has the Entity’s Sanctions EWRA been completed in the last 12 months?
52 a If N, provide the date when the last Sanctions EWRA was completed. - Confirm that all responses provided in the above Section AML, CTF & SANCTIONS RISK ASSESSMENT are representatives of all the LE’s
branches
53 a If N, clarify which questions the difference/s relate to and the branch/es that this applies to.
53 b If appropriate, provide any additional information/context to the answers in this section.
7. KYC, CDD and EDD
- Does the Entity verify the identity of the customer?
- Do the Entity’s policies and procedures set out when CDD must be completed, e.g. at the time of onboarding or within 30 days
- Which of the following does the Entity gather and retain when conducting CDD? Select all that apply:
56 a Ownership structure
56 b Customer identification
56 c Expected activity
56 d Nature of business/employment
56 e Product usage
56 f Purpose and nature of relationship
56 g Source of funds
56 h Source of wealth - Are each of the following identified:
57 a Ultimate beneficial ownership
57 a1 Are ultimate beneficial owners verified?
57 b Authorised signatories (where applicable)
57 c Key controllers
57 d Other relevant parties - What is the Entity’s minimum (lowest) threshold applied to beneficial ownership identification?
- Does the due diligence process result in customers receiving a risk classification?
- If Y, what factors/criteria are used to determine the customer’s risk classification? Select all that apply:
60 a Product Usage
60 b Geography
60 c Business Type/Industry
60 d Legal Entity type
60 e Adverse Information
60 f Other (specify) - Does the Entity have a risk-based approach to adverse media screening/negative news?
- If Y, is this at:
62 a Onboarding
62 b KYC renewal
62 c Trigger event - What is the method used by the Entity to screen for adverse media / negative news?
- Does the Entity have a risk-based approach to screening customers and connected parties to determine whether they are PEPs, or controlled by PEPs?
- If Y, is this at:
65 a Onboarding
65 b KYC renewal
65 c Trigger event - What is the method used by the Entity to screen PEPs?
- Does the Entity have policies, procedures and processes to review and escalate potential matches from screening customers and connected parties to determine whether they are PEPs, or controlled by PEPs?
- Does the Entity have a process to review and update customer information based on:
68 a KYC renewal
68 b Trigger event - Does the Entity maintain and report metrics on current and past periodic or trigger event due diligence reviews?
- From the list below, which categories of customers or industries are subject to EDD and/or are restricted, or prohibited by the Entity’s FCC program?
70 a Non-account customers
70 b Non-resident customers
70 c Shell banks
70 d MVTS/ MSB customers
70 e PEPs
70 f PEP Related
70 g PEP Close Associate
70 h Correspondent Banks
70 h1 If EDD or EDD & restricted, does the EDD assessment contain the elements as set out in the Wolfsberg Correspondent Banking Principles 2014?
70 i Arms, defense, military
70 j Atomic power
70 k Extractive industries
70 l Precious metals and stones
70 m Unregulated charities
70 n Regulated charities
70 o Red light business / Adult entertainment
70 p Non-Government Organisations
70 q Virtual currencies
70 r Marijuana
70 s Embassies/Consulates
70 t Gambling
70 u Payment Service Provider
70 v Other (specify) - If restricted, provide details of the restriction
- Does the Entity perform an additional control or quality review on clients subject to EDD?
- Confirm that all responses provided in the above Section KYC, CDD and EDD are representative of all the LE’s branches
73 a If N, clarify which questions the difference/s relate to and the branch/es that this applies to
73 b If appropriate, provide any additional information/context to the answers in this section.
8. MONITORING & REPORTING
- Does the Entity have risk-based policies, procedures and monitoring processes for the identification and reporting of suspicious activity?
- What is the method used by the Entity to monitor transactions for suspicious activities?
- If manual or combination selected, specify what type of transactions are monitored manually
- Does the Entity have regulatory requirements to report suspicious transactions?
77 a If Y, does the Entity have policies, procedures and processes to comply with suspicious transaction reporting requirements? - Does the Entity have policies, procedures and processes to review and escalate matters arising from the monitoring of customer transactions and activity?
- Confirm that all responses provided in the above Section MONITORING & REPORTING are representative of all the LE’s branches
79 a If N, clarify which questions the difference/s relate to and the branch/es that this applies to
79 b If appropriate, provide any additional information/context to the answers in this section.
9. PAYMENT TRANSPARENCY
- Does the Entity adhere to the Wolfsberg Group Payment Transparency Standards?
- Does the Entity have policies, procedures and processes to [reasonably] comply with and have controls in place to ensure compliance with:
81 a FATF Recommendation 16
81 b Local Regulations
81 b1 Specify the regulation
81 c If N, explain - Does the Entity have processes in place to respond to Request For Information (RFIs) from other entities in a timely manner?
- Does the Entity have controls to support the inclusion of required and accurate originator information in international payment messages?
- Does the Entity have controls to support the inclusion of required beneficiary information international payment messages?
- Confirm that all responses provided in the above Section PAYMENT TRANSPARENCY are representative of all the LE’s branches
85 a If N, clarify which questions the difference/s relate to and the branch/es that this applies to.
85 b If appropriate, provide any additional information/context to the answers in this section.
10. SANCTIONS
- Does the Entity have a Sanctions Policy approved by management regarding compliance with sanctions law applicable to the Entity, including with respect its business conducted with, or through accounts held at foreign financial institutions?
- Does the Entity have policies, procedures, or other controls reasonably designed to prevent the use of another entity’s accounts or services in a manner causing the other entity to violate sanctions prohibitions applicable to the other entity (including prohibitions within the other entity’s local jurisdiction)?
- Does the Entity have policies, procedures or other controls reasonably designed to prohibit and/or detect actions taken to evade applicable sanctions prohibitions, such as stripping, or the resubmission and/or masking, of sanctions-relevant information in cross-border transactions?
- Does the Entity screen its customers, including beneficial ownership information collected by the Entity, during onboarding and regularly thereafter against Sanctions Lists?
- What is the method used by the Entity?
- Does the Entity screen all sanctions-relevant data, including at a minimum, entity and location information, contained in cross-border transactions against Sanctions Lists?
- What is the method used by the Entity?
- Select the Sanctions Lists used by the Entity in its sanctions screening processes:
93 a Consolidated United Nations Security Council Sanctions List (UN)
93 b United States Department of the Treasury’s Office of Foreign Assets Control (OFAC)
93 c Office of Financial Sanctions Implementation HMT (OFSI)
93 d European Union Consolidated List (EU)
93 e Lists maintained by other G7 member countries
93 f Other (specify) - Question removed
- When regulatory authorities make updates to their Sanctions list, how many business days before the entity updates their active manual and/or automated screening systems against:
95 a Customer Data
95 b Transactions - Does the Entity have a physical presence, e.g., branches, subsidiaries, or representative offices located in countries/regions against which UN, OFAC, OFSI, EU and G7 member countries have enacted comprehensive jurisdiction-based Sanctions?
- Confirm that all responses provided in the above Section SANCTIONS are representative of all the LE’s branches
97 a If N, clarify which questions the difference/s relate to and the branch/es that this applies to.
97 b If appropriate, provide any additional information/context to the answers in this section.
11. TRAINING & EDUCATION
- Does the Entity provide mandatory training, which includes :
98 a Identification and reporting of transactions to government authorities
98 b Examples of different forms of money laundering, terrorist financing and sanctions violations relevant for the types of products and services offered
98 c Internal policies for controlling money laundering, terrorist financing and sanctions violations
98 d New issues that occur in the market, e.g., significant regulatory actions or new regulations
98 e Conduct and Culture - Is the above mandatory training provided to :
99 a Board and Senior Committee Management
99 b 1st Line of Defence
99 c 2nd Line of Defence
99 d 3rd Line of Defence
99 e 3rd parties to which specific FCC activities have been outsourced
99 f Non-employed workers (contractors/consultants) - Does the Entity provide AML, CTF & Sanctions training that is targeted to specific roles, responsibilities and high-risk products, services and activities?
- Does the Entity provide customized training for AML, CTF and Sanctions staff?
- Confirm that all responses provided in the above Section TRAINING & EDUCATION are representative of all the LE’s branches
102 a If N, clarify which questions the difference/s relate to and the branch/es that this applies to.
102 b If appropriate, provide any additional information/context to the answers in this section.
12. QUALITY ASSURANCE /COMPLIANCE TESTING
- Are the Entity’s KYC processes and documents subject to quality assurance testing?
- Does the Entity have a program-wide risk-based Compliance Testing process (separate to the independent Audit function)?
- Confirm that all responses provided in the above Section QUALITY ASSURANCE / COMPLIANCE TESTING are representative of all the LE’s branches
105 a If N, clarify which questions the difference/s relate to and the branch/es that this applies to.
105 b If appropriate, provide any additional information/context to the answers in this section.
13. AUDIT
- In addition to inspections by the government supervisors/regulators, does the Entity have an internal audit function, a testing function or other independent third party, or both, that assesses FCC AML, CTF and Sanctions policies and practices on a regular basis?
- How often is the Entity audited on its AML, CTF & Sanctions program by the following:
107 a Internal Audit Department
107 b External Third Party - Does the internal audit function or other independent third-party cover the following areas:
108 a AML, CTF & Sanctions policy and procedures
108 b KYC / CDD / EDD and underlying methodologies
108 c Transaction Monitoring
108 d Transaction Screening including for sanctions
108 e Name Screening & List Management
108 f Training & Education
108 g Technology
108 h Governance
108 i Reporting/Metrics & Management Information
108 j Suspicious Activity Filing
108 k Enterprise Wide Risk Assessment
108 l Other (specify) - Are adverse findings from internal & external audit tracked to completion and assessed for adequacy and completeness?
- Confirm that all responses provided in the above section, AUDIT are representative of all the LE’s branches
110 a If N, clarify which questions the difference/s relate to and the branch/es that this applies to.
110 b If appropriate, provide any additional information/context to the answers in this section.
The full official versions of the Wolfsberg questionnaire can be found here: PDF | Excel.
Alessa and Correspondent Banking Relationships
Alessa is an AML solution that allows banks to effectively meet their correspondent banking relationships – all within one platform. The solution integrates with existing core systems and includes:
- Real-time due diligence
- Transaction monitoring and screening
- Sanctions and watchlist screening
- Automated regulatory reporting
- Advanced analytics like anomaly detection and machine learning
- Dashboards, workflows and case management
Contact us to learn more about how Alessa can help with compliance, such as the Wolfsberg Questionnaire and more.