top of page

New Wolfsberg Guidelines Emphasize Internal Controls

The Wolfsberg Group, renowned for its contributions to banking and financial regulation, has recently issued updated guidelines, placing a spotlight on the importance of internal controls for financial institutions (FIs) in their ongoing battle against financial crime. These guidelines serve to provide FIs with a structured framework for conducting Internal Audits (IAs) aimed at evaluating the effectiveness of their Financial Crime Risk Management (FCRM) strategies.

New Wolfsberg Guidelines Emphasize Internal Controls

Historically, the Wolfsberg Group has underscored three pivotal 'Wolfsberg Factors' essential for achieving effective FCRM outcomes:

  1. Complying with regulations: Ensuring adherence to regulatory requirements.

  2. Establishing controls: Implementing robust internal control mechanisms.

  3. Providing useful information to authorities: Facilitating effective communication with regulatory bodies.

These factors have long been regarded as guiding principles for FIs and regulators seeking to enhance their FCRM efforts.

The latest guidelines from the Wolfsberg Group offer a comprehensive approach for FIs to conduct Internal Audits (IAs) to assess the efficacy of their FCRM strategies. By aligning with the 'Wolfsberg Factors,' these guidelines provide a structured framework for evaluating and enhancing internal controls within FIs.


The Principles of Internal Audits

Under each of the 'Wolfsberg Factors,' the group delineates key principles for conducting IAs, accompanied by detailed measures to ensure compliance and effectiveness.

1. Complying with Regulations

Key Principle: The IA should assess the FI's controls' effectiveness in addressing relevant local laws.


  • Measure 1.1: Demonstrating compliance with local financial crime laws through governance documents.

  • Measure 1.2: Ensuring the design and operation of controls comply with regulatory requirements.

  • Measure 1.3: Establishing a process to assess FCRM adequacy in response to regulatory changes.

2. Establishing Controls

Key Principle: The IA should evaluate the design and effectiveness of the FI's internal control mechanisms.


  • Measure 2.1: Demonstrating that controls provide adequate coverage proportional to identified risks.

  • Measure 2.2: Adhering to the principles underlying regulations, beyond mere technical compliance.

  • Measure 2.3: Implementing a structured process for updating and modifying controls in response to evolving threats and regulations.

3. Providing Useful Information to Authorities

Key Principle: FIs should establish indicators to assess their performance in providing relevant information to authorities.


  • Measure 3.1: Developing credible indicators to evaluate information provision effectiveness.

  • Measure 3.2: Ensuring adherence to self-established standards for information provision.

  • Measure 3.3: Providing evidence of information provision effectiveness to internal governance structures.

Sarah Beth Felix, CEO and Founder of Palmera Consulting, offered her perspective on the new guidelines. While acknowledging their significance, Felix criticized the perceived lack of practical advice for auditors conducting IAs. She emphasized the need for more concrete suggestions, particularly in identifying red flags warranting deeper examination during audits.

While the Wolfsberg Group's guidelines highlight the critical role of IAs in FCRM, there remains an opportunity to enhance their effectiveness by providing auditors with more specific recommendations. By incorporating detailed guidance, FIs can further fortify their defenses against financial crime, ultimately safeguarding the integrity of the global financial system.



bottom of page