On 22 July 2025, the Wolfsberg Group, an association comprising 12 leading global banks released its long‑expected Statement on the Risk‑Based Approach (RBA), affirming its foundational philosophy and promising applicable updates to several significant documents. With roots in the group’s 2006 RBA guidance and the widely used 2015 risk-assessment FAQs, this new statement firmly returns the spotlight to proportionality, prioritization, and outcome-based effectiveness.
A Revived Upsurge
Since its original RBA guidance nearly two decades ago, the Wolfsberg Group has seen its frameworks widely accepted throughout multinational financial institutions. Yet internal and external feedback has signaled that fear-driven, checklist‑based compliance practices too often undermine the real objective financial crime prevention. This statement aspires to revamp the balance, encouraging institutions to commit to a more thoughtful, calibrated, and results-oriented approach. It explicitly endorses the FATF’s reforms that reject a “zero‑failure” mindset in favor of measurable impact.
In the first half of 2025, the Group engaged judiciously but steadily with regulators, policymakers, civil society, and peer institutions to embed the RBA in actual practice. Their efforts have presently materialized into a public reaffirmation and a forward-looking policy agenda.
Core Principles
The statement emphasizes three pillars:
Proportionality
Curating controls to the institution’s size, risk appetite, and business model. This helps avoid one-size-fits-all recipes that burden low-risk areas unnecessarily.
Prioritization
Focusing resources on the highest-risk clients, products, or geographies, rather than dispersing efforts across low-impact areas.
Effectiveness
Measuring results is not just procedural completion to ensure AML/CFT programs, but actually to reduce risk and deliver real-world impact.
These principles aim to move financial institutions from box-ticking to decision-making driven by clear strategic goals aligned with financial crime mitigation.
Updates to Significant Documents
To give practical effect to this refurbished vision, Wolfsberg has pledged to update its earlier guidance materials:
- The 2006 Risk‑Based Approach Guidance
The original roadmap defining RBA fundamentals across customer due diligence, transaction monitoring, and risk governance.
- The 2015 Risk‑Assessment FAQs
Tools that help institutions interpret and implement risk assessments across different business lines and landscapes.
This modernization is aimed to reflect evolving AML/CFT risks, such as digital assets, AI/ML-assisted systems, and complex emerging typologies and build in clearer expectations around effectiveness metrics.
It’s Importance for Banks and Regulators
For banks, the updated stance:
- Clears the clutter that compliance is not risk elimination rather, it’s risk management initiated to deliver real impact.
- Supports a shift from theoretical compliance towards risk intelligence and strategic decision-making.
- Helps improve resource allocation by steering effort toward real danger zones.
For regulators, this reaffirmation aligns with broader trends pushing for outcome-focused regulation, reducing rigid, blanket mandates in favour of supervisory models that value proof of effectiveness and institution-specific computation.
Real‑World Implications
Banks should anticipate:
- An internal review of risk frameworks to ensure they reflect proportionality, rather than conservative overreach.
- Adoption of metrics and KPIs to measure the effectiveness of control, for instance quality of dubious activity reports, rate of true positives, remediation impact.
- Improved governance mechanisms to escalate issues where risk criteria or outcomes are not met.
- Training and awareness campaigns focusing decision lifecycle thinking, not only rule compliance.
Broader Industry Context
The statement arrives at an inflection point:
- Global regulators (e.g. FATF) are accelerating reforms promoting more flexible, risk-tailored AML/CFT regimes.
- Financial technology and digital asset sectors pose novel risks requiring active, outcome‑oriented approaches.
- Past enforcement has often penalized institutions more for procedural failures than for failure to meaningfully attack money laundering.
In this context, Wolfsberg’s move motivates the industry to embrace smarter, targeted controls, not just exhaustive procedures.
Futuristic View
Wolfsberg continues its cooperative work with:
- Member banks, to pilot and refine updated guidance and metrics.
- Regulatory stakeholders, to ensure alignment and mutual understanding.
- Civil society and industry groups, to harmonize risk-based thinking across sectors.
Additionally, the group is expected to issue playbooks, case studies, or toolkits that showcase how to apply RBA effectively in areas like correspondent banking, trade finance, crypto, or AI-enabled transaction monitoring.
To conclude, the Wolfsberg Group’s July 2025 Statement on the Risk‑Based Approach marks a momentous shift:
- Reinforcing proportionality, prioritization, and effectiveness as key pillars.
- Promising updates to foundational guidance from 2006 and 2015 that will reflect important and current financial crime challenges.
- Motivating financial institutions to embrace outcome-based thinking, moving away from fear‑driven compliance bureaucracy.
As the industry evolves with new challenges, new technologies, and new aspirations and expectations, this reaffirmation arrives as both a milestone and a mandate to reconsider how institutions practice AML/CFT, focus on what matters most, and measure for real-world inspiration and impact.
To navigate to the Wolfsberg website, click here.
