Shin Je-yoon, the current president of the Financial Action Task Force (FATF), summed up the Paris-based intergovernmental organisation's activities neatly at a conference in March. Speaking at the Thomson Reuters 2nd Annual Japanese Regulatory Summit, Shin noted that once-obscure abbreviations such as AML, CTF and KYC were now commonplace at banks. (They stand for anti-money laundering, counter-terrorist financing, and know-your-customer, respectively.)
"Strong AML [and CTF] controls are at the heart of many financial institutions," he said. "However, recent cases have shown that contraventions of these controls can result in fines and deferred prosecution agreements running into billions of dollars, or sanctions becoming licence-threatening. To this end, major financial centres look ultimately to [us] for guidance on a set of international standards to combat money laundering and terrorist financing."
Established in 1989 following a Group of Seven summit, the FATF sets high-level standards and promotes the implementation of legal, regulatory and operational measures for combating money laundering, terrorist financing and the proliferation of weapons of mass destruction. The group is perhaps most notable for 40 recommendations, which are recognised as the international standard for AML and CTF measures. Those recommendations, which countries implement via their own legal frameworks, were first issued in 1990 and have since been revised on numerous occasions – most recently, in 2012.
One of the body's major achievements in recent years highlights the extent of its global influence. In October 2014, it issued new guidance to help countries identify illegal corporate arrangements in their jurisdictions. Known as the Guidance on transparency and beneficial ownership, it elaborated on its own 2012 international recommendations. The guidance details steps that countries can take to identify the true owners of shell companies or complex corporate structures, which money launderers, supporters of terrorism, tax evaders and other financial criminals often use to gain access to legitimate banking services.
In May this year, the European Council and European Parliament reached agreement on a fourth European Union Anti-Money Laundering Directive, following the publication of an initial draft in February 2013. The new directive draws upon many of the FATF's recommendations – for instance, by requiring EU countries to maintain central registries on the ultimate owners of companies and trusts. EU member states have until July 2017 to transpose the directive into national law.
Elsewhere, in November 2014, the Group of 20 adopted high-level principles on beneficial ownership transparency based on those of the FATF, and G20 countries formally committed to implementing them in their own jurisdictions.
The FATF is more than just a standard-setter, however. In addition to putting forward recommendations, it is also helping to shape the regulatory and legislative agenda. One area where it has been particularly active in the past year is in the debate over 'de-risking'. The FATF's highest-level meetings are held each quarter and attended by representatives of its 34 member countries and two regional organisations. For the past year, the issue of de-risking has featured on every agenda.
To investigate suspicious financial activity, authorities need access to timely, accurate data; this requires the involvement of banks and other financial institutions. But having to cope with myriad rules in areas such as AML, CTF and KYC means that the cost of compliance is rising. Amid diminishing profitability and higher capital requirements under Basel III, the temptation for many firms is to retreat from whole geographies or client segments entirely – a phenomenon known as de-risking.
"It's pretty clear that caution is the rule of thumb now," says Rick McDonell, executive secretary of the FATF. "There might have been higher appetite for riskiness in the past, but that's now gone in most sectors of the financial industry."
Banks say they are being cautious due to a lack of regulatory guidance on how to manage high-risk countries, particularly as fines for non-compliance continue to grow. But with the accounts of money services businesses, charities and nongovernmental organisations reportedly closing at a rapid rate – often in developing countries where alternative sources of financing are scarce – some fear their customers will be pushed into less regulated areas of global finance.
In October 2014, the FATF responded to these trends by publishing its Risk-based approach guidance for the banking sector. The guidance urges banks to implement AML and CTF measures that are commensurate with the risks of the businesses they are involved in – the aim being to prevent an excessive level of de-risking. "The risk issue is more complicated today, with more facets involved," notes McDonell. "The industry is looking for greater clarity around how they are supposed to determine their own risk."
The idea that money services businesses are being abandoned by major global banks is an important issue for the FATF, which seeks to promote market integrity as well as financial inclusion. The organisation is equally concerned about indications that the number of correspondent banking relationships is shrinking across the globe, as highlighted in an October consultative report from the Basel-based Committee on Payments and Market Infrastructures (CPMI).
Part of the problem, McDonell believes, is that banks are misinterpreting the FATF and its rules around KYC. "Some financial institutions seem to believe that they are required to identify their customer's customer, which is not required under our standards – and to my knowledge, isn't required by regulators for that matter," he says.
It's not the first time the organisation has sought to clarify its stance. The FATF published a statement in June that emphasised there were many drivers of de-risking activity, and the issue went "far beyond AML and [CTF]". "FATF recommendations do not require banks to perform, as a matter of course, normal customer due diligence on the customers of their respondent banks when establishing and maintaining correspondent banking relationships," it insisted.
McDonell says it's not entirely clear where the notion of "knowing your customer's customer" has come from. "It may be linked to a concern that if banks don't know or routinely ask for this extra information, they believe the regulators will be harder on them during an examination," he says.
In any case, the FATF's recommendations – many of which have been translated into law across the globe – are unequivocal that measures taken against AML should be proportionate. "What is required is that financial institutions do risk assessments in cases where they detect suspicious or unusual transactions," says McDonell. "If they determine that the risk is high, they may need to obtain more information about the customer from the correspondent bank."
In March, representatives from the FATF met with public and private sector stakeholders, including representatives of banks, insurers and savings firms. The idea was to discuss recent developments related to terrorism and terrorist financing risks, but also to exchange views on de-risking and gain feedback on the risk-based approach.
Over the coming year, the FATF is seeking to develop new guidance to clarify the risk-based approach as it relates to money transfer services. Further guidance on the effective supervision and enforcement of the risk-based approach by financial supervisors and law enforcement is expected to be adopted in the coming months. The organisation says it will continue to consult with regulators and the private sector on the topic, taking into account other work conducted by the International Monetary Fund and World Bank, along with the CPMI and the Basel-based Financial Stability Board.
Another major role the FATF undertakes is monitoring its members' progress in implementing measures and reviewing their AML and CTF frameworks. This process of mutual evaluations sees the FATF working with the World Bank, the IMF and other regional bodies to assess the status of 195 countries worldwide in relation to its recommendations.
The FATF is currently undergoing its fourth full cycle of mutual assessments – a process that takes six years to complete. The third cycle, completed in June last year, entailed a rigorous set of reports concentrated almost solely on technical compliance issues, such as the existence of appropriate regulations and the ability to enforce them. But the fourth cycle has seen a significant change of focus. While continuing to evaluate the architecture in place for rules and enforcement, the FATF is also putting greater emphasis on its effectiveness. In other words, the FATF is now looking to check on how the AML and CTF measures actually work in practice.
This means the methodology is now more of a mix of objective and subjective judgment. "It's a harder job – but absolutely essential," McDonell says. "That's because you can have the best laws on paper, but not have effective outcomes. This process is all about finding out what you're doing with them."
As part of the assessment process, plenary meetings are held every four months to gauge countries' progress in meeting the recommendations. If compliance deficiencies are uncovered, then countries must participate in a follow-up mechanism that monitors improvements on the ground. Ultimately, if countries are found to be non-compliant, they may be labelled as "non-cooperative" or "high risk" jurisdictions. Seventeen countries currently fall into this category, including Angola, Myanmar and North Korea. Regulators say the list is an invaluable tool for financial firms looking to avoid trouble.
That aside, the FATF is attempting to respond to other pressing issues facing its members. In June, for example, it published guidance on a risk-based approach to virtual currencies and best practices for combating the abuse of non-profit organisations. And it has also been shining a spotlight on the financing of Islamic State – publishing a report in February summarising the movement's financial activities and the measures countries can take to disrupt its access to funding.
"Things evolve," says McDonell. "A few years ago, virtual currencies did not have the importance that they have now. This is an example of how new potential vulnerabilities crop up, and we need to monitor them and, where necessary, ensure they are covered by our standards if they're not already."
The week on Risk.net, July 14–20, 2017Receive this by email