ResourcesPractical guidance and standards for financial crime compliance practitioners

on the Correspondent Banking Due Diligence and Financial Crime Compliance Questionnaires

Introduction

The Correspondent Banking Due Diligence Questionnaire (CBDDQ) was originally released to the banking community in October 2017. Alongside a Guidance document and Glossary, the Frequently Asked Questions (FAQs) were created to provide additional context to the CBDDQ and Financial Crimes Compliance Questionnaire (FCCQ).

The FAQs is a live document and it will be updated as and when the need to include new topics is identified. The version control found on the cover and footnote of this document identifies the version number.

1. Why has the CBDDQ been updated?

Updates to the CBDDQ in this version (1.4) have been made based on industry and other stakeholder feedback. Enhancements to the Questionnaire’s coverage include the addition of a new section on Fraud and enhancements to questions relating to higher-risk customers, transaction monitoring, whistleblower policy and data quality management. Other changes focus on clarity and usability, including updating the definition of terms used in certain questions (e.g. walk-in customers) and providing clearer response to multi-party questions by increasing drop-down options.

2. Why are there so many questions in the CBDDQ?

The CBDDQ has a broad scope, (i.e. inclusion of Sanctions, Counter Terrorism Financing, Anti-Bribery and Corruption, and Fraud controls) and was created using the questionnaires of the Wolfsberg Group member banks as a starting point. As a result, the Wolfsberg Group (the Group) continues to expect this CBDDQ question set, when completed, to act as a baseline to help satisfy FATF's Recommendation 13, that for "cross-border correspondent banking" additional due diligence requirements must be undertaken, including for so called "high risk" correspondent banking relationships.

3. Has the CBDDQ replaced the previous questionnaire?

Yes and all versions prior to v1.4 have been retired.

4. Is the CBDDQ sufficient for all cross-border and/or other higher risk Correspondent Banking relationships?

Each Financial Institution (FI) should have its own risk appetite and risk tolerance. While the Questionnaire will be sufficient in most circumstances, it is possible that the nature of the relationship, products used and geographies served may necessitate a broader conversation and additional questions may have to be asked. As a general approach, the CBDDQ should be used as the basis of bilateral CDD discussions between respondent and correspondent.

5. Should Central Banks complete the CBDDQ?

If a Central Bank acts as a correspondent banking provider, either permanently or temporarily, then they should complete the questionnaire and identify themselves as Central Bank in the answer to the relevant question in Section 1.

6. Should the CBDDQ be completed for SWIFT Relationship Management Application (RMA) non-customer relationships?

The Questionnaire was developed for cross-border and/or other higher risk Correspondent Banking relationships, which generate a higher risk compared to SWIFT RMA non-customer relationships. The Wolfsberg Guidance on SWIFT RMA Due Diligence outlines the minimum due diligence standards required for non-customer RMAs.

7. What is the difference between the CBDDQ and the FCCQ?

The CBDDQ and its guidance material provide a much more comprehensive set of questions to address today’s financial crime risks for cross-border and/or other higher risk Correspondent Banking relationships. The FCCQ provides high-level information about an FI’s Financial Crime Compliance Programme and can be completed at the group level and encompass all the entities in the group.

The FCCQ is not intended for use by FIs receiving cross-border or higher risk correspondent banking activity which must be addressed through the CBDDQ. The FCCQ may be used for Banks or other FIs to obtain high-level information about the Financial Crime Compliance Programme of the entity completing the document.

8. Who should complete the CBDDQ? Who should complete the FCCQ?

Any FI that receives, or may receive, correspondent banking services should complete and submit the CBDDQ: it reflects the complexity involved and higher expectations of Banks with global networks, as well as the heightened scrutiny on those activities by other Banks and Regulators.

The FCCQ may be used for Banks or other FIs to provide high-level information about their Financial Crime Compliance Programme. However, it is not intended for use by FIs receiving correspondent banking services, which must be addressed through the CBDDQ.

9. Wolfsberg amended the CBDDQ and FCCQ on 10 February 2023, do FIs need to update their published Questionnaires to the new version immediately?

The Group will update the CBDDQ and the FCCQ periodically and as needed to reflect feedback or changes to regulatory requirements or the financial crime risk environment. The fact that the Group publishes an updated version of the Questionnaires does not invalidate already completed CBDDQs or FCCQs or serve as a trigger to update an FI’s due diligence on its customers.

Correspondent Banks should document their policy for when their customers are required to update their CBDDQ/FCCQ after a new version of the Questionnaires has been published. The Group would not regard the publication of a new version of the Questionnaires to be seen as a trigger for immediate updates.

10. What is the validity/expiry date of the completed CBDDQ or FCCQ?

While not prescribing any particular review period, it is recommended that the questionnaires be reviewed and updated on a 12–18-month basis. Any material changes, however, should be updated as soon as reasonably possible.

11. How should FIs complete the CBDDQ or FCCQ?

FIs should complete the questionnaires accurately and with up-to-date information. They should ensure that the questionnaire is completed in its entirety.

12. How should the CBDDQ or FCCQ be signed off/approved by the Entity?

The CBDDQ, when completed and shared, whether through a Utility or bilaterally, must be signed (on the final page “Declaration Statement”) by two parties:

1. The Head of the submitting FI’s Correspondent Banking business, or equivalent. In situations where the FI does not offer Correspondent Banking services, the CBDDQ should be signed by the most senior person of the respondent’s business unit that handles these transactions/manages the account; and
2. The Group’s Money Laundering Reporting Officer (MLRO) or Head of FCC.

The FCCQ requires only the signature of the MLRO, or equivalent Financial Crime Compliance Senior Manager.

13. If the Entity completes the CBDDQ or FCCQ, does it mean it should be classified as High Risk?

Not necessarily. The questions were designed to collect sufficient information to make an informed assessment of the Entity’s financial crime risk exposure. The same is true for the FCCQ.

14. How do I obtain a completed CBDDQ/FCCQ on my respondent/customer?

Due to the extensive information contained in the CBDDQ banks may choose not to post completed CBDDQs on their websites so the CBDDQ should be obtained either from a KYC utility or directly from the respondent.

An FCCQ may be available from a KYC utility or directly from the customer. Some FIs have chosen to make the FCCQ available publicly via their websites, while providing the CBDDQ on a more limited basis where the nature of the relationship warrants.

15. Can additional questions be added to the CBDDQ or FCCQ by FIs? How should they be asked?

As previously mentioned, it is the responsibility and choice of each FI should it wish to ask additional questions. These additional questions should not be added to the CBDDQ or FCCQ template as they are not endorsed by the Wolfsberg Group.

16. If a potential error is identified in the CBDDQ or FCCQ and/or the guidance material, who should be notified?

If any potential errors are identified with either questionnaire or any of the published materials, please e-mail info@wolfsberg-group.org.

17. What is the CBDDQ Guidance material published on the Group’s website? When should it be utilised, and by whom?

The CBDDQ Guidance Material published on the Wolfsberg Group website is a set of 12 short training videos, one guidance document and a presentation video providing more in-depth guidance on Correspondent Banking and its financial crime risks, the standards which the financial industry is aiming to work towards, as well as helping the CBDDQ user to understand why the questionnaire asks such questions.

Any user of the CBDDQ would benefit from reviewing all guidance and training material provided, either ahead or during the completion of the questionnaire.