The Financial Action Task Force (FATF) is a global money laundering and terrorist financing authority that works to prevent financial criminal activity and promote global compliance standards. The FATF was founded in 1989 following an agreement by the G7, which at the time comprised Canada, France, West Germany, Italy, Japan, the UK and the US. The agreement recognised the need for an international organisation that could study emerging financial crime trends, and monitor the anti-money laundering (AML) standards of world governments. In 2001, following the September 11 terrorist attacks, the FATF added the counter-financing of terrorism (CFT) to its mandate.
Upon its foundation, the FATF had 16 member states. By 2022, that number had grown to 39, with hundreds more committed to implementing its AML/CFT policies and recommendations.
What does the FATF do?
The FATF’s stated objectives are to ‘set standards and promote effective implementation of legal, regulatory, and operational measures for combating money laundering, terrorist financing and other related threats to the integrity of the international financial system’. The FATF achieves those objectives in two main ways: by developing and implementing AML/CFT policy in the form of a series of recommendations, and by issuing mutual evaluation reports (MER) on individual countries in order to assess their domestic AML/CFT compliance performance.
The FATF’s 40 Recommendations
The FATF’s recommendations represent a list of AML/CFT compliance measures and controls that member states must implement and enforce via domestic legislation. There are currently 40 recommendations, each of which address some aspect of money laundering methodology, and an additional 9 Special Recommendations that address terrorism financing. The 40 Recommendations set out details of specific compliance controls and require member states to adopt the following regulatory principles:
- Money laundering should be treated as a criminal offence and authorities should be able to confiscate its proceeds.
- Member states should establish a national authority known as a financial intelligence unit (FIU) to analyse and process money laundering reports submitted by financial service providers.
- Domestic firms should be required to implement a risk-based approach to AML/CFT compliance, conducting assessments of their customers and transactions and then deploying an AML response commensurate with the risk that they face.
- Firms should conduct suitable due diligence on their customers in order to build accurate individual risk profiles and determine the appropriate compliance response.
- Firms should monitor their customers’ financial activity on an ongoing basis.
- Firms should submit suspicious activity reports (SAR) to the authorities in a timely manner when they detect potential money laundering activity.
- Member states should co-operate with international money laundering investigations and prosecutions.
Mutual Evaluation Reports
FATF mutual evaluation reports are in-depth reports which analyse a country’s success in implementing the 40 Recommendations. The MER process involves a peer review by representatives of different FATF member states who assess the target country’s technical compliance with the FATF’s AML/CFT recommendations, and the effectiveness of those measures in combatting money laundering and terrorism financing.
When an assessment is completed, the FATF publishes the country’s mutual evaluation report. The report sets out a detailed description of the target country’s AML/CFT performance, and provides recommendations for that country to enhance its AML/CFT framework.
A mutual evaluation report is extremely important for a country’s global economic profile. Positive MERs may provide a significant economic boost; the lower the AML/CFT compliance risk, the more likely it is that a country will be able to establish business connections with international partners. Conversely, countries that perform poorly on their MER may be considered too high a compliance risk for many potential business partners.
The FATF Greylist
When a MER reveals serious AML/CFT deficiencies, the FATF may add that country to its high risk AML watchlists. Firms should exercise a high degree of caution when dealing with countries included on the lists since the designation denotes an increased risk of financial crime and regulatory compliance violations. The FATF maintains the following high risk watchlists:
Jurisdictions Under Increased Monitoring
Sometimes referred to as the ‘greylist’, the FATF’s Jurisdictions Under Increased Monitoring list designates countries that have ‘strategic deficiencies in their regimes to counter money laundering, terrorist financing, and proliferation financing.’ Greylist countries represent high AML/CFT risks but have committed to working with the FATF to resolve the relevant deficiencies and facilitate their removal from the list. In 2022, following the addition of Turkey, Jordan, and Mali, there were 24 countries on the greylist.
High Risk Jurisdictions Subject to a Call for Action
Sometimes referred to as the ‘blacklist’, the High Risk Jurisdictions Subject to a Call for Action list refers to countries that the FATF deems to have serious deficiencies in their AML/CFT frameworks and that represent a significant criminal threat. These countries are highly likely to be the target of international sanctions and the FATF calls on member states to apply ‘counter-measures’ when dealing with them. As of 2022, there were two FATF blacklist countries: Iran and North Korea.
How to Comply with FATF AML/CFT Regulations
FATF member states must implement the 40 Recommendations through domestic legislation, imposing a range of AML/CFT compliance standards on firms within their jurisdiction. In the UK, for example, FATF Recommendations are implemented via the the Proceeds of Crime Act 2002 (POCA), the Terrorism Act 2000 and the Money Laundering, Terrorist Financing and Transfer of Funds Act 2017. In the US, FATF Recommendations are implemented via the Bank Secrecy Act and the Patriot Act, and in the EU via the Anti-Money Laundering Directives – the most recent being the Sixth Anti-Money Laundering Directive.
These regulations set out a range of reporting and record-keeping obligations, and require firms to implement a risk-based approach to AML/CFT. Broadly, FATF compliance requires firms to:
- Conduct suitable customer due diligence in order to establish the identities of their customers.
- Screen customers and their transactions in order to verify their status as politically exposed persons (PEP) and to find out whether they are included on international sanctions lists.
- Conduct adverse media screening in order to capture changes in customers’ risk profiles quickly and efficiently.
- Submit suspicious activity reports to the relevant financial authority when money laundering alerts are generated.
FATF Compliance Technology
In order to comply with FATF AML/CFT regulations, firms must analyse a vast amount of customer and transaction data for signs of money laundering, terrorism financing, and other financial crimes. In practice, this means integrating effective compliance technology capable of analysing data with speed and efficiency, helping firms build accurate customer risk profiles, and adapting to future changes to the FATF’s AML/CFT guidance.
Future FATF regulations
As the financial landscape changes, the FATF’s regulatory focus shifts to engage with emerging threats, including the influence of fintech and regtech innovations. Recently, the FATF has highlighted the money laundering risks associated with cryptocurrencies and virtual assets, and released a report in 2020 on Virtual Assets Red Flag Indicators of Money Laundering and Terrorist Financing. The report included a range of characteristic signs of money laundering involving cryptocurrencies, and was based on research conducted by the FATF into prior money laundering investigations. In 2021, the FATF issued updated guidance on the risk-based approach for cryptocurrency service providers, pointing out that ‘continued monitoring and engagement between the public and private sectors’ would be necessary to protect the global financial system.