The Wolfsberg Group ¦ Statement on Demonstrating Effectiveness

The Wolfsberg Group: Statement on Demonstrating Effectiveness in AML/CTF Programs

The Wolfsberg Group, a leading association of global banks focused on financial crime prevention, has released a critical paper aimed at helping Financial Institutions (FIs) assess risk and demonstrate the effectiveness of their Anti-Money Laundering and Combatting the Financing of Terrorism (AML/CTF) programs. Building on prior work, this guidance centers on prioritizing national or supra-national risks and focusing on meaningful outcomes rather than mere technical compliance.

Key Elements of an Effective AML/CTF Program

The Wolfsberg Group, in its December 2019 Statement on Effectiveness, identified three foundational factors for an effective AML/CTF program — referred to as the Wolfsberg Factors:

1. Compliance with AML/CTF Laws and Regulations: The program must meet all legal requirements across jurisdictions where the FI operates.
2. Provision of Highly Useful Information: FIs should provide relevant and actionable information to government authorities focused on defined priority areas.
3. Reasonable and Risk-Based Controls: Implement controls that mitigate risks of illicit activity in a manner proportional to the identified threats.

Moving Toward Effective Outcomes

In a follow-up statement in August 2020, the Group outlined steps for evolving AML/CTF programs to focus more on effectiveness:

• Assess risk in defined priority areas.
• Implement or enhance controls based on risk.
• Prioritize resources efficiently.
• Engage actively with law enforcement.
• Demonstrate overall program effectiveness.

Assessing Risk in Defined Priority Areas

The Financial Action Task Force (FATF) emphasizes that countries must identify and understand their money laundering and terrorist financing risks to apply effective countermeasures. The Wolfsberg Group urges FIs to align their risk assessments with these government or supra-national priorities instead of concentrating solely on complex, enterprise-wide compliance exercises that focus on data and documentation rather than outcomes.

Where specific priorities are not clearly defined, FIs should use the jurisdiction’s National Risk Assessment or similar publications as a guide. More detailed threat information shared by governments, whether publicly or privately, improves an FI’s ability to evaluate, mitigate, and report relevant risks.

Evaluating and Demonstrating Effectiveness

Effectiveness is demonstrated when an FI can show:

• Compliance with applicable laws and regulations.
• The ability to provide highly useful information to authorities.
• Implementation of reasonable, risk-based controls to prevent and detect financial crime.

1. Compliance with AML/CTF Laws and Regulations: Compliance forms the foundation of any AML/CTF program. FIs need to understand legal requirements across all jurisdictions and implement processes to comply fully while maintaining controls to prove compliance. The Wolfsberg Group highlights that many FIs spend significant resources on activities not legally required but often expected by regulators — activities which may not contribute meaningfully to preventing financial crime.

2. Providing Highly Useful Information to Authorities: The quality of information provided is more important than quantity. Feedback from government authorities on Suspicious Transaction Reports (STRs) or Suspicious Activity Reports (SARs), engagement results in public-private partnerships, and law enforcement recognition are key indicators.

   Metrics could include:

   • Participation in intelligence sharing and public-private partnerships.
   • Filing STRs/SARs aligned with defined priority areas.
   • Reporting complex investigations or interconnected suspicious networks.
   • Percentage of reports resulting in law enforcement follow-ups or positive feedback.

   However, the Group cautions against comparing FIs based on these metrics alone due to differences in size, risk profile, and geographic scope.

3. Reasonable and Risk-Based Controls: Controls should be tailored to the FI’s specific risks and include policies on customer due diligence (CDD), enhanced due diligence (EDD), transaction monitoring, sanctions screening, internal reporting mechanisms, governance, and training.

Effectiveness should be judged on outcomes — whether these controls materially help mitigate risks or provide useful intelligence — rather than just their technical implementation. Importantly, controls should be focused on higher-risk areas; minor gaps in lower-risk areas do not necessarily indicate program failure under a risk-based approach.

The Group also emphasizes the importance of resource allocation: ineffective or inefficient controls should be reconsidered or decommissioned in favor of those yielding better results.

Conclusion

Each Financial Institution must demonstrate the effectiveness of its AML/CTF program based on its unique risk profile and priorities. Success is measured by:

• Compliance with relevant laws.
• The provision of actionable intelligence in priority areas.
• A reasonable set of risk-focused controls that prevent or detect illicit activity.

By adopting outcome-based assessment frameworks such as those proposed by The Wolfsberg Group, FIs can better support law enforcement efforts, reduce undue burden on legitimate customers, and contribute to more effective global efforts against money laundering and terrorist financing. This approach marks a shift from process-driven compliance to results-oriented financial crime prevention, benefiting both the financial industry and society at large.

Dive deeper

• The Wolfsberg Group ¦ Statement on Demonstrating Effectiveness ¦ Link