On April 26th, the ACAMS Carolinas Chapter hosted a virtual event to discuss the role of the Wolfsberg Group and its current priorities along with an introduction to the new payments standard, ISO 20022, and the potential impact and risks on AML/CTF and sanctions screening operations. The event was moderated by Board member Peter Wild who is a Senior Advisor at McKinsey. The speakers included:
· Alan Ketley, Executive Secretary, Wolfsberg Group
· Michael Knorr, Head of Payments & Liquidity Management, Global Payments, Corporate & Investment Banking, Wells Fargo
· Nicolas Stuckens, Head of Sanctions Compliance Services, SWIFT
The event began with Alan providing an overview and history of the Wolfsberg Group (Wolfsberg). Alan noted that Wolfsberg was formed in 2000 but first met in 1999 in Zurich, Switzerland specifically to address issues in private banking tied to a lack of standards and a series of scandals involving European and North American banks. The initial mission was to establish voluntary private banking principles to address these shortcomings and ensure that banks were competing on business capabilities and not lighter KYC policies. Wolfsberg published the AML Principles for Private Banking in October 2000 and revised the document again in 2002 and 2012.
Wolfsberg is an association of 13 global banks which, according to its website, “aims to develop frameworks and guidance for the management of financial crime risks, particularly with respect to Know Your Customer, Anti-Money Laundering and Counter Terrorist Financing policies.” Alan describes Wolfsberg as
“Producers of guidance by practitioners for practitioners.”
Today, Wolfsberg provides guidance that is used by Financial Institutions (FIs), regulatory bodies and standard setters like FATF. Wolfsberg and has published multiple standards, white papers, guidance, FAQs, and comment letters on a wide variety of topics including AML/CTF financing, Politically Exposed Persons (PEPs), Anti-bribery, and trade-finance principles. Wolfsberg publishes everything, in multiple languages, on its website.
Based on his multi-year, direct involvement in its publication, Alan discussed the 2017 Correspondent Banking Due Diligence questionnaire (CBDDQ) which replaced the older Wolfsberg AML questionnaire. The new CBDDQ established the standard for the industry and provides guidance by setting reasonable, global requirements for correspondent banking activity by offering a standardized starting point for due diligence. The document is regularly updated and supported by guidance material and videos.
Alan also addressed the topic of “effectiveness” in AML and CTF laws and regulations. Alan questioned why there is not more feedback to FIs on the SAR filings given that the purpose of the Bank Secrecy Act is so FIs can ‘provide highly useful information to law enforcement’ and how much more effective an FI’s program might become if it could pivot resources to higher value added activities noting that some law enforcement indicate only 15% of all SAR filings are useful in investigations. Alan described how current laws and regulations can create an environment in which banks and FIs focus more on technical compliance rather than measuring outputs - how effective its policies and procedures are at deterring, detecting, and reporting actual bad activity. Alan quoted a 2019 Wolfsberg publication on Effectiveness which indicates the three main attributes of an effective Financial Crimes program should be:
· Compliance with AML/CTF laws and regulations
· Provide highly useful information to relevant government agencies in defined priority areas, and
· Establish a reasonable and risk-based set of controls to mitigate the risks that a financial institution may be used to facilitate illicit activity.
Alan also notes that Wolfsberg is a strong advocate for private and public partnerships that support the sharing of information between institutions and with appropriate government entities as long as appropriate controls are in place to mitigate risk. Alan believes an FI’s ability to identify and report bad actors can be enhanced significantly by the amount of relevant information FIs can share with each other legally.
This topic led to the introduction and discussion of the new cross-border payment standard known as ISO 20022 which, according to the panel,
“Marks the biggest changes to payments and messaging standards in more than a generation.”
For the uninitiated, ISO stands for the International Organization for Standardization. The ISO was established in 1946 and per the ISO website is “an independent, non-governmental international organization with a membership of 167 national standards bodies. Through its members, it brings together experts to share knowledge and develop voluntary, consensus-based, market relevant International Standards that support innovation and provide solutions to global challenges.”
Nicolas went on to describe ISO 20022 as an evolution of the existing Message Type (MT) standards created in 1973. For background, standards define the type of information and data formats that can be exchanged between parties. A syntax is the how the information in a message is structured or formatted and semantics refers to the meaning of the information being shared. Different proprietary standards regularly use different syntaxes (formats) to display the same data and different organizations and countries use different words to express meaning (semantics). For example, two FIs can use the same word but mean different things. Today, there are many different types of messaging standards, syntaxes, and semantics used by FIs which creates significant problems if an organization wants to automate the messaging and screening process.
As noted above, the existing standards have a number of issues which is why they are being updated to the new ISO 20022 standard. For example, the legacy MT 103 message standard or data that is used on the SWIFT network is predominantly unstructured and ambiguous because all data about a party to the payment is grouped into a single field which can potentially create many false positives for screening software. On the other hand, the ISO 20022 standard is structured with common data labels that brings clarity to the message and allows for accurate, efficient, and automatic sanctions screening.
Michael and Nicolas also discussed various elements of the ISO 20022 standard including the fact that it is payment type agnostic e.g., can be used for ACH or wire messages, creates richer, more structured data for a better customer experience including the creation of a legal entity identifier (LEI), supports improved adherence to payment transparency, more space for meaningful client information along with enhanced remittance information e.g. invoice identification or reconciliation for payees.
Nicolas and Michael encouraged FIs to review the Guiding principles for screening ISO 20022 payments. These principles were created in 2021 by SWIFT and 14 global and regional banks and endorsed by the Payments Market Practice Group and The Wolfsberg Group. These principles provide information on:
· How each data element can be used in the screening process
· What the relevant information should be screened against, and
· What type of screening logic can be applied to these tags and data elements
Nicolas touched on several jurisdictions beginning the implementation process and indicated most legacy payment systems worldwide have announced plans or dates to switch to the new ISO standard.
The cross-border ISO 20022 migration starts in November of 2022 and will co-exist with the existing MT format until 2025 to ensure business continuity and allow organizations to move at their own pace to properly implement the new standard. Until this time, FIs will have the option to send payments in either format. The co-existence between the two formats creates interoperability and data integrity considerations that banks need to be aware of. FIs will need to ensure readiness with the new standard and to ensure data isn’t lost as messages are processed.
Michael provided additional information on various working groups and initiatives that support the adoption and integration of the new ISO 20022 standard. He also acknowledged ISO 20022 is complex and banks need specific guidance so they can begin preparing their systems and upgrading their customer information records and channels in order to support the capture of the new data elements.
Michael also discussed several challenges that FIs may face when implementing ISO 20022 including:
· Significant investments to capture, feed and pass-on structured data into payments. Banks need to ensure they have an effective program in place to support this transition with end-to-end transparency.
· The adoption of ISO 20022 creates many interoperability and data integrity challenges that need to be understood and properly addressed. As an example, he referred to the structured address data requirement and the elimination of unstructured address data by 2025.
The panel addressed several questions and agreed that the new ISO 20022 standard creates a unique opportunity for FIs to provide better services to their customers while reducing the payment and compliance processing friction associated with the current MT standard.
Additional information on the new ISO standard can be found below:
The ISO 20020 website:
SWIFT
Booklet by SWIFT called “ISO 20022 for Dummies”
Federal Reserve Migration Timeline for Fedwire Funds Service
Understanding ISO 20022: A Resource Guide for Financial Institutions, Corporations, and the Public
Follow-us on LinkedIn and join the ACAMS Carolinas Chapter so you don’t miss out on these conversations and future events by following the link below!
Blog written by: Associate Board Member, Sean Marsden, CRC, CAMS