When we talk about the financial sector, we not only refer to banking, but also to related companies and institutions from insurance sector, investments, trading, real estate, intermediaries, leasing companies, cryptocurrency exchanges, and more.
# What is FATF? Financial Action Task Force
The FATF acronym (Financial Action Task Force), also known as GAFI (Grupo de Acción Financiera Internacional) is an intergovernmental body that establishes standards for risk management and fraud prevention, as well as good practices in the development of activities related to the financial sector.
As a regulatory body, it develops actions for the creation of laws and regulations in more than 200 states that implement these controls and standards. Together with the state authorities of each country, it works on the AML (Anti-Money Laundering) or PBC (Prevention of Money Laundering) rules.
One of its main lines of action is the creation and implementation of the 40 recommendations created by FATF (FATF Recommendations or FATF Standards), which ensure a coordinated global response to prevent corruption, money laundering and the financing of terrorism, among other crimes and attacks, which occur when companies associated with the financial sector develop their activity.
# FATF (Financial Action Task Force) grey list
Opposite to the FATF blacklist that lists “non-cooperative countries or territories” in the global fight against money laundering and terrorist financing, the Financial Action Task Force grey list lists the countries and jurisdictions that are identified as having strategic deficiencies in their AML programs and therefore are under increased FATF monitoring.
# FATF Grey ListThese are the counties under the FATF grey list as per June 2023 and March 2022:
FATF GreyList Countries 2023 - June
FATF GreyList Countries 2022 - March
FATF - GAFI high-risk countries
This statement identifies countries or jurisdictions with serious strategic deficiencies to counter money laundering, terrorist financing, and financing of proliferation. For all countries identified as high-risk, the FATF calls on all members and urges all jurisdictions to apply enhanced due diligence, and in the most serious cases, countries are called upon to apply counter-measures to protect the international financial system from the ongoing money laundering, terrorist financing, and proliferation financing risks emanating from the country. The last blacklist of countries under FATF high-risk jurisdictions is in June 2023, and the FATF high-risk countries are the Democratic People’s Republic of Korea (DPRK), Iran and Myanmar.
FATF compliant countries
There are currently 39 members of the Financial Action Task Force (37 jurisdictions and 2 regional organisations). These FATF compliant countries represent the financial centres all over the world:
Gulf Co-operation Council
Hong Kong, China
Republic of Korea
# The importance of FATF recommendations. How does FATF work?
The FATF list of recommendations is the basic and essential framework for combating money laundering and other risks associated with financial activities. These risks are a clear detriment to both companies and organizations in the financial sector and its users, as well as to society, hence the importance of FATF.
These norms and standards defined by the FATF bring together the regulations associated with the financial system and its associated actors with international legal frameworks. It is important to understand that their compliance is mandatory since they are integrated into the regulatory frameworks and AML laws of each country and are not optional.
These recommendations are how FATF works, and they are not static. Since the last major definition, in which the 40 essential points were marked in 2012, they have been constantly reviewed and updated to meet the challenges of the immediate economy and society. The last update took place in February 2023.
# FATF recommendations list
Inside Financial Action Task Force 40 recommendations, we highlight the following that influence the development of operations and activities of finance companies associated with:
- FATF Recommendation 10 is crucial for organizations to function. The so-called Customer Due Diligence is the appropriate trust and security framework that organizations must establish in order to incorporate and register their users.
- FATF Recommendation 11 focuses on maintaining records and how should be carried out in relation to operations carried out by both entities and businesses as users who are customers of them.
- FATF Recommendation 15 on digital solutions, tools and other technologies used by companies define how they should be digital processes and supply in remote products and services for this mitigates any risks arising from their nature and characteristics. This recommendation is complex, explicit and clearly defines how to act in this regard.
- FATF Recommendation 16 applies to cross-border and domestic wire transfers (including serial payments, and cover payments) and intends to “prevent terrorists and financial criminals from having unfettered access to wire transfers for moving their funds, and for detecting them when it occurs by specifically ensuring basic information on the originator and beneficiary of the wire transfers are immediately available”. To accomplish this, “countries should have the ability to trace all wire transfers and should minimise thresholds”.
# DNFBP FATF: Designated Non-Financial Businesses and Professions
The FATF list makes a classification of DNFBPs or Designated Non-Financial Businesses and Professions and includes casinos, real estate agents, precious metal/stone dealers, lawyers, notaries, other independent professionals, accountants and trust company services providers. These entities, although not being financial businesses per se, are the weakest link to suffer from being abused by criminals and terrorists for money laundering and terrorist financing.
DNFBPs are specifically mentioned in FATF Recommendations 22 (DNFBPs: Due Diligence), 23 (DNFBPs: other measures) and 28 (Regulation and supervision of DNFBPs).
As financial institutions are required to, FATF DNFBPs are also required to:
- Identify, assess, monitor, manage, and take effective action to mitigate ML/TF risks using a risk-based approach that requires enhanced measures when risks are higher.
- Carry out Customer Due Diligence (CDD) either themselves and/or with reliance on third parties that fulfil specific criteria and keep CDD information and transaction records.
- Identify, assess, manage and mitigate ML/ TF risks that arise when developing new products, business practices or delivery channels, or when using or developing new technologies.
- Implement policies, procedures and internal controls against ML/TF risks.
- Apply enhanced due diligence (EDD) when dealing with customers or entities from high risk and sanctioned countries.
- Report, in good faith, suspicious activities and transactions to the financial intelligence unit (FIU).
- Provide records and information to competent authorities to aid in ML/TF investigations carried out by them, or because of mutual legal assistance (MLA) requests.”
# FATF and cryptocurrency exchanges
Following one of the major and latest updates to the FATF recommendations, the Financial Action Task Force is giving crypto guidance and is developing guidelines on DeFi cryptocurrency and companies and exchange services.
The cryptocurrency sector must comply with a series of rules just like the rest of the financial players. The FATF, now, is in the process of final approval to regulate both bitcoin and the rest of the crypto, as well as their platforms and P2P markets. In this way, KYC controls must then be established in all processes in relation to customers.
# How to comply with the FATF recommendations
Thanks to the digitisation of processes and the emergence of RegTech, companies have found the answer to the challenges AML/FATF compliance they face in digital identity solutions
It is crucial to find an appropriate RegTech partner that can offer comprehensive solutions for digital identification, electronic signing and authentication to be integrated into the organisation’s systems. Similarly, the partner must be a digital compliance advisor with experience and reliability.
These solutions must comply with the most demanding requirements proposed by the FATF and KYC guidelines should be updated accordingly as well as not be neglecting the user experience and addressing issues as fundamental as agility, digitisation of processes and user experience.