The Financial Action Task Force (FATF) has emerged as a key international authority combating money laundering and terrorism funding since its establishment in 1989. The regulatory watchdog introduced the 40 Recommendations to combat illicit activities, offering nations guidance on developing effective anti-money laundering regimes. Last updated in November 2023, this unified framework now targets money laundering, terrorist financing, and the funding of weapons of mass destruction proliferation.
In general, the main goal of FATF is to reduce crimes that could threaten the global financial system. To achieve this, FATF focuses on creating and encouraging the effective implementation of legal, regulatory, and operational measures to combat the mentioned crimes.
In summary, the 40 recommendations of FATF guide companies to:
- Identify financial crime. Recognize different types of financial crime threats within a country’s existing policies and systems.
- Implement anti-fraud policies. Develop and implement policies and procedures in the country’s financial infrastructure to counter identified threats, including money laundering, terrorist financing, drug trafficking, and weapon trading.
- Build a proper AML program. Create preventive measures for financial institutions and reporting entities in line with FATF’s AML and CFT recommendations. These measures include record-keeping, transaction monitoring, customer due diligence, and AML screening.
- Collaborate with law enforcement. Equip the country’s law enforcement entity with the authority to enforce laws and oversee reporting entities while implementing risk prevention measures.
- Practice accountability. Promote accountability at all levels within the system and maintain a fair judiciary in the country.
In this blog post, we continue to review the main policies and procedures of FATF’s 40 Recommendations, helping companies establish a practical AML program based on international standards.
What is the FATF?
The Financial Action Task Force (FATF) is an intergovernmental body consisting of 39 members, including 37 countries, the United Nations, and the World Bank. Established in 1989 as a watchdog for Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT), FATF provides guidance to governments on combating financial crimes.
FATF issues guidance to align international standards and advise countries on the most effective ways to prevent illegal activities. Given the ever-changing landscape of financial crime, FATF regularly updates and revises its recommendations.
The History of the FATF
Claiming the title of the leading international policy-making body, the FATF has been actively reinforcing new measures. This includes setting stricter regulatory frameworks for newly emerging industries and increasing its efforts to combat not only money laundering but also other comprehensive financial crimes.
We provide a brief overview of the FATF throughout the years below:
The FATF, also recognized by its French name, Groupe d’action financière, was established in July 1989 during the G-7 Summit in Paris. It was initially designed to address money laundering and drug trafficking. However, after the events of 9/11 in 2001, the organization expanded its focus and included combating terrorist financing.
Introduction of 40 Recommendations
In April 1990, less than a year after its establishment, the FATF issued a report introducing the 40 Recommendations, a comprehensive plan to combat money laundering. Due to evolving money laundering techniques, the Recommendations were extensively revised in June 2003. Additionally, in 2012, the FATF further extended its efforts to counter the financing of weapons of mass destruction proliferation.
Regulatory Requirements for Crypto
Since 2012, FATF has continuously refined and strengthened its guidance to provide countries with robust tools to address money laundering, terrorist financing, and the financing of weapons of mass destruction proliferation. Despite what seemed to be a clear focus, in June 2019, the FATF updated its standards, making them even stricter, and included new measures for regulating and supervising activities and service providers related to virtual assets or cryptocurrency assets.
Additional Beneficial Ownership Rules
In 2022, global beneficial ownership rules in the FATF regulatory standards were further reinforced to prevent criminals from concealing illicit activities and dirty money behind secret corporate structures.
What is the Key Objective of FATF’s 40 Recommendations?
FATF’s main objective is to mitigate crimes that threaten the global financial infrastructure. According to the FATF itself, 40 Recommendations help form the foundation for all countries to collectively address the common goal of combating illicit activities.
To achieve this, the FATF works on developing and promoting the effective implementation of legal, regulatory, and operational measures against all threats to a stable financial system. As a result, the FATF aims to eliminate loopholes in the financial infrastructure, pushing companies to take these regulations seriously by prioritizing their guidelines.
Why are the 40 Recommendations of the FATF Important?
Even if the business isn’t regulated, complying with the 40 Recommendations of the FATF is crucial. It helps companies follow FATF’s three primary objectives: strengthening asset recovery, countering illicit finance of cyber-enabled crime, and increasing the effectiveness of global AML measures.
In general, there are two key reasons why companies should prioritize FATF’s 40 Recommendations:
- Risk mitigation. Following the FATF Recommendations helps countries and businesses identify and mitigate the risks associated with financial crimes. For instance, Recommendation 10 emphasizes the importance of Customer Due Diligence (CDD) on politically exposed persons (PEPs), reducing the risk of illicit funds entering the financial system.
- Global standardization. The FATF Recommendations provide a universally recognized standard for combating money laundering, terrorist financing, and proliferation financing. For example, Recommendation 5 outlines CDD measures, ensuring a consistent and unified approach worldwide. This standardization facilitates international cooperation and enhances the effectiveness of the overall fraud prevention efforts.
By closely following FATF’s guidelines, companies protect their businesses from reputational risks and contribute to safeguarding the global economy.
Is the FATF a Regulatory Body?
Remember that FATF is not a regulatory body, so its crafted Recommendations do not have the force of law. Despite that, FATF’s member countries are expected to adopt and support all 40 Recommendations. If a country fails to implement sufficient controls against money laundering and other financial crimes, FATF may include it in its “blacklist,” negatively affecting international cooperation and trade.
What Happens if You are on the FATF Blacklist?
Although the FATF doesn’t conduct direct investigations, it closely monitors global AML/CFT efforts to determine the content of its blacklists. If you end up on the FATF Blacklist, also known as the list of “Non-Cooperative Countries or Territories,” you can face economic penalties and other restrictive measures. FATF member states and other international bodies can impose negative measures, such as exclusion from international trade and cooperation.
So, even though the recommendations are not strict laws, businesses are supposed to follow the official FATF guidelines and adopt its Recommendations. In certain industries, like fintech, regulatory bodies in the US, such as the Financial Crimes Enforcement Network (FinCEN), can impose fines or other penalties for non-compliance.
The Legal Structure of FATF’s 40 Recommendations
The FATF’s 40 Recommendations can be categorized into four sections:
1. Addressing Money Laundering and Terrorism Financing
The first part emphasizes establishing a robust institutional and legal framework to address money laundering and terrorism funding.
In brief, the FATF provides these key points:
- Criminalization. The FATF encourages countries to criminalize money laundering and terrorist financing offenses. That means ensuring that these activities are explicitly prohibited and subject to legal consequences.
- Regulatory supervision. Effective oversight is crucial. The FATF advises countries to appoint qualified authorities to supervise financial institutions, implement regulatory controls, and enforce compliance with AML/CTF measures.
- The need for cooperation. Recognizing the transnational nature of financial crimes, the FATF underscores the importance of collaboration. This includes sharing information globally and providing legal assistance to strengthen the collective response among nations.
2. Customer Due Diligence and Record-Keeping
This section of the 40 Recommendations of the FATF emphasizes the necessity of customer due diligence (CDD) measures while encouraging companies to maintain accurate records to enhance transparency in their AML programs.
Here are the main points to remember about CD and record-keeping obligations mentioned in FATF’s Recommendations:
- Documentation and customer ID verification. Financial institutions and other obliged entities are encouraged to establish risk-based strategies for identifying and verifying the identities of their customers. This involves obtaining reliable and unbiased documentation, conducting ongoing monitoring, and understanding the nature of the business relationship with the client.
- Identification of ultimate beneficial owners (UBOs). Identification and understanding of the ultimate beneficial owners of legal entities and contractual arrangements are crucial to prevent the misuse of corporate structures. Countries are advised to maintain precise and up-to-date records of beneficial ownership data.
- Identifying information and record-keeping. Effective record-keeping practices are essential for identifying and investigating financial crimes. Financial institutions must maintain accurate records of all transactions, client identity information, and other relevant data to assist law enforcement agencies.
3. Implementing a Risk-Based Approach
The FATF suggests that countries adopt a risk-based approach (RBA) to AML. In this approach, countries should instruct obligated entities to assess the level of money laundering and terrorism financing risks they face and take appropriate compliance measures accordingly.
This section of FATF’s 40 Recommendations also focuses on the importance of proper risk assessments that are required for a risk-based approach. This includes developing risk-based strategies and allocating resources effectively to their counter-terrorist financing and anti-money laundering efforts.
To follow the risk-based approach, companies must comply with AML/CFT regulations based on FATF recommendations, requiring to implement:
- Due diligence on customers. This helps businesses understand their identities, assess the purpose of transactions, and evaluate associated risks.
- AML screening for other companies. Important both for customers and corporate clients, especially in the B2B field.
- Processes for record-keeping. This involves collecting identifying information, verifying it and ensuring that it is up-to-date as well as accurate.
- Procedures for reporting suspicious transactions. Companies must be ready to report all suspicious transactions to relevant authorities.
- AML checks on UBOs. Relevant in cases where the business serves another business. This helps identify potential risks associated with the individuals who ultimately control or benefit from the business relationship.
The risk-based approach is the main component of an effective AML/CFT regime and is crucial for implementing additional FATF recommendations. Keep in mind that it’s flexible, with higher risk levels requiring more robust compliance measures or enhanced due diligence (EDD) and lower risk levels allowing for simplified due diligence (SDD) procedures.
4. Reporting and Cooperating with Law Enforcement
The FATF advises countries to collaborate with financial intelligence units (FIUs) and allows them to access information to cooperate further with law enforcement agencies. For businesses, this implies that successful fraud detection, investigation, and mitigation of financial crime depend on streamlined reporting strategies between law enforcement and obligated entities.
This is how it looks in practice in terms of FATF’s 40 Recommendations:
- Cooperating. Successful investigations and prosecutions require collaboration among financial intelligence units and relevant authorities. Additionally, the FATF promotes international coordination through other networks and regional organizations. The goal is to exchange best practices and enhance the effectiveness of their AML programs.
- Asset freezing. Companies should implement systems to freeze and seize assets linked to money laundering and terrorism financing. That means they must take action to prevent the transfer of illicit funds and confiscate earnings from criminal activities.
- Reporting. Businesses should establish procedures to identify and report suspicious transactions to the appropriate authorities swiftly. This includes disclosing transactions related to the financing of terrorism and those suspected of involvement in money laundering.
Not every one of the 40 Recommendations of the FATF directly targets specific businesses. Some recommendations are oriented towards regulatory bodies, such as the mentioned FIUs, serving as guiding principles. The country’s FIU, in turn, then enforces regulations that embody the best practices outlined in the Recommendations.
FATF Recommendations that Help Businesses Ensure Compliance
Apart from CDD processes, implementing a risk-based approach to AML, or screening PEPs, there are other important guidelines highlighted in FATF’s 40 Recommendations. Here’s a short summary of the Recommendations that benefit businesses in maintaining proper AML/CTF compliance based on FATF’s guidelines:
The FATF advises member states to screen targeted sanctions lists of individuals or entities involved in terrorism financing, as well as those participating in the proliferation and financing of weapons of mass destruction. In general, if the country’s FIU imposes sanctions on parties involved in these activities, the business needs to implement a sanctions screening system.
In other words, companies must verify that their customers aren’t listed on any relevant sanctions list and refrain from engaging in business with sanctioned individuals, entities, or countries. FATF member-states also generate and circulate sanctions lists that companies can refer to when initiating business relationships with clients, especially for high-risk customers, such as PEPs, who may present a risk.
In accordance with the law, countries must freeze the funds and assets of sanctioned individuals and entities, ensuring no further availability of their assets.
Mentioned in FATF Recommendations 6,7 and 35
The FATF addresses advanced technologies, specifically focusing on virtual asset service providers (VSAPs), which, according to the organization, mostly refers to cryptocurrency industry players. FATF treats them as obliged entities and recommends that national authorities regulate, monitor, and supervise VASPs and facilitate information sharing.
FATF’s recommendations suggest that VSAPs should adopt a risk-based approach. The FATF provided clarity on the definition of virtual assets and offered guidance on handling stablecoins while emphasizing the implementation of the Travel Rule. The FATF also advocates for the licensing of VASPs, mandating them to comply with standard obligations such as customer due diligence, PEP screening, and compliance with reporting and record-keeping requirements.
Mentioned in FATF Recommendations 15 and 16
The Travel Rule also mandates countries to gather identifying information from both the senders and receivers of domestic and international wire transfers, establishing an effective AML/CFT audit trail. This leaves companies with the responsibility to ensure that all wire transfers cover details about both the originator and the beneficiary.
This Recommendation by the FATF guarantees that the authorities can trace any suspicious activity or involved party in the transaction. In practical terms, this involves exchanging information between parties during every transfer, including cryptocurrency and other VASPs, such as wallets. In 2021, the FATF broadened this regulation’s scope and included non-fungible tokens (NFTs) and decentralized finance (DeFi).
Mentioned in FATF Recommendation 16
Designated Non-Financial Businesses and Professions
The FATF explains that Designated Non-Financial Businesses and Professions (DNFBPs) consist of a group of entities or individuals engaged in activities beyond the conventional financial sector. These entities possess the potential to be exploited for money laundering, terrorist financing, or other illicit financial activities.
Due to the high-risk nature of their activities, DNFBPs are supervised and regulated by authorities. This involves monitoring their activities, conducting inspections, and imposing sanctions for non-compliance. FATF Recommendation 24 specifically addresses the regulation and supervision of DNFBPs. Member countries must ensure that DNFBPs are subject to effective AML/CFT measures, which include licensing, registration, and other regulatory requirements.
According to the FATF, DNFBPs mean casinos, real estate agents, dealers in precious metals, dealers in precious stones, lawyers, notaries, other independent legal professionals, accountants, and Trust and Company Service Providers.
Mentioned in FATF Recommendation 23 and 24
Align with the 40 Recommendations of the FATF Using iDenfy
Revising, updating, and enhancing your AML/CTF strategy can be a hassle, especially when there are so many global and local compliance regulations as well as standard guidelines, such as FATF’s 40 recommendations.
At iDenfy, we have industry-specific knowledge for different fields, helping businesses onboard both customers and businesses with our KYC and KYB tools. For complete compliance, we offer AML screening, PEP and sanctions checks, adverse media screening, and more fully automated tools to streamline internal compliance workflows.
Book a free demo and find out more about our RegTech solutions and their custom automations.