The Financial Action Task Force, or FATF, has created a comprehensive list of 40 recommendations to help prevent money laundering and the financing of terrorism. These recommendations are not legal requirements and primarily exist to inform best practices. But they can also benefit your business by helping you avoid bad actors and implement necessary compliance protocols.
This article breaks down each of the FATF Recommendations, who they apply to, and how you can use them to improve your business’s policies and procedures.
What is FATF?
The Financial Action Task Force is an intergovernmental body made up of 39 members: 37 countries as well as the United Nations and the World Bank. As an AML and CFT (Anti-Money Laundering and Countering the Financing of Terrorism) watchdog, FATF was established in 1989 to advise governments on how to combat these and other financial crimes.
FATF releases guidance to help align international standards and inform countries on how to best prevent illegal and harmful activities. As the world of financial crime is constantly evolving, FATF must make updates and revisions on a regular basis.
What are FATF’s 40 Recommendations, and why do they matter?
The FATF Recommendations introduce standards and policies for member countries to implement. Because FATF isn’t a regulatory body, the Recommendations aren’t laws. However, all member countries are expected to support and adopt all recommendations and may be evaluated by FATF for compliance. If a particular country has not implemented adequate controls to counter money laundering and other financial crimes, FATF may add this country to its “blacklist.” This can significantly impact the willingness of other countries and businesses to work and trade with that country.
In certain industries, such as finance, regulating bodies like the Financial Crimes Enforcement Network (FinCEN) in the United States may issue fines or other punitive actions against businesses in their jurisdiction for non-compliance.
FATF’s Recommendations are important even if your business does not operate in a regulated industry. Many Recommendations can be followed for more robust and effective AML/CFT procedures. By following them closely, you’ll guard your business against reputational risk and also help protect the global economy. For these reasons, you should always look to the Recommendations for guidance before you implement any new AML measures.
Do the FATF Recommendations apply to my business?
Whenever FATF releases a Recommendation, it is up to the Financial Intelligence Unit (FIU) of each member country to implement and execute the recommendation through legislation. While individual companies can use the 40 Recommendations as guidance, they should consult with legal experts who understand the relevant FIU’s regulatory requirements.
As mentioned above, the FATF Recommendations most readily apply to financial institutions and other industries where the risk of money laundering is high. If your business operates in this domain, you will be governed by the FIU in your country and may be required to implement certain Know Your Customer (KYC) and AML measures.
For all other businesses, the Recommendations are not legally binding… but the laws set out by your FIU might be. And since following FATF’s guidance can only improve the safety and well-being of your business, your customers, and the world at large, you should consider implementing them whenever you can.
Which Recommendations affect my business?
Not all of FATF’s 40 Recommendations will apply to your business directly. A significant portion are directed toward regulatory bodies, such as FIUs, as guiding principles. Your country’s FIU will have implemented regulations to enforce the best practices set out in the Recommendations.
You should always receive legal advice regarding your governing FIU’s regulations before making any AML decisions. That said, you can use the Recommendations at a high level to inform policies and procedures. The below analysis begins with the Recommendations you can implement to protect your business, followed by the Recommendations specifically actionable by FIUs and other governing bodies.
FATF Recommendations that can benefit your business
#1: Risk-based approach. Approach your program with your product and business’s specific AML/CFT risks and vulnerabilities in mind. You should identify relevant threats, monitor customers to understand how much risk they present, and use this knowledge to implement customized preventative measures.
#2: Comply with national regulations. All countries should have national AML/CFT policies enforced by their FIU. It’s your responsibility to understand and comply with any laws your governing FIU sets out.
#6-#7: Targeted financial sanctions. If your FIU has issued a sanction against parties known to be involved in money laundering or financial terrorism, your business must adopt a sanctions screening protocol. It is your responsibility to ensure your customers are not named on any applicable sanctions list and avoid doing business with sanctioned individuals, entities, or countries.
#8: Non-profit organizations. Even if your business is a non-profit, you must follow your country’s legislation and any regulations set out by the FIU. Providing the same scrutiny and analysis to non-profits ensures there is no terrorism financing hidden behind a legitimate entity.
#9: Financial institution secrecy. Privacy and secrecy procedures at your business must not hinder the implementation of FATF Recommendations. This means you must follow regulatory best practices even when determining internal processes. Your business’s policies should not conceal illegal activity.
#10: Customer due diligence. Your business must implement KYC procedures to confirm all new customers are who they say they are. In addition, you should use ongoing CDD measures to monitor customer activity, confirm identities, and investigate any suspicious or unexpected transactions.
#11: Record-keeping. Your business should maintain records of all customer transactions and activity for at least five years. This will ensure you can respond quickly to any inquiries or investigations by the authorities.
#12: PEPs (Politically Exposed Persons). Your business must have a process to identify PEPs and acknowledge the risks they present. Use the regulatory requirements that govern your business to determine when you should conduct KYC measures, identify individuals’ SOF (Source of Funds/Source of Wealth), and maintain a process to continuously monitor these individuals.
#13: Correspondent banking. Financial institutions must apply additional measures beyond Customer Due Diligence when working with cross-border accounts. You should use Enhanced Due Diligence (EDD) procedures, which involve a higher level of scrutiny, for any transaction or customer deemed high risk.
#14: Money transfers. Countries are responsible for ensuring all parties that transfer money are licensed and registered. When conducting these kinds of transactions, you should ensure the service complies with FIU regulations.
#15: New technologies. As technology continues to change and develop, FIUs must continue to assess the risks these new products present. Before adopting any new technology in your business, you should ensure the system can support and comply with all relevant measures set out by your governing FIU.
#16: Wire transfers. Any wire transfers you send must include identifying information, such as the originator and beneficiary information. This will ensure any suspicious activity or party involved in the transaction will be traceable by the proper authorities.
#17: Reliance on third parties. When working with other entities subject to regulatory legislation, you must ensure to the best of your ability that they are also following appropriate CDD measures.
#18: Internal controls. Financial institutions are required to implement widespread internal measures to combat money laundering and terrorist financing. As this is open to interpretation, it’s important to consult legal experts to evaluate the adequacy of your internal controls.
#19: High-risk countries. You should implement Enhanced Due Diligence (EDD) measures when working with countries identified as high risk by FATF or other relevant governing bodies.
#20: Reporting suspicious transactions. Financial institutions (and any other business) should promptly report suspicious transactions and activity to the appropriate FIU such as FinCEN. This allows authorities access to information that may lead to further investigatory action.
#21: Confidentiality. Employees and businesses that report suspicious activity are protected against criminal and civil liability. You should educate yourself and all employees on relevant whistleblower legislation in your jurisdiction.
#22-23: Designated non-financial businesses and professions (DNFBPs). These are requirements that apply to specific types of businesses including casinos, real estate agents, lawyers, dealers of precious metals, and trust service providers. If your business falls into one of these categories, it’s essential to consult with experts who understand your FIU’s regulatory requirements.
#24/25: Transparency and beneficial ownership. You should conduct CDD and EDD measures to identify the Ultimate Beneficial Owners (UBO) of any entity you work with. This will help you ensure no parties are sanctioned or known to be involved in money laundering or other financial crimes.
#32: Cash couriers. If transporting currency over physical borders, you must follow the disclosure or declaration system set out by your FIU.
FATF Recommendations actionable by FIUs
The following Recommendations are more relevant to FIUs and other governing bodies directly. We’ve included them here to provide the full picture of FATF’s purpose and to aid in your understanding.
#3-4: Money laundering as a criminal offense. Authorities should be given the right to investigate and confiscate any funds derived from this illegal activity.
#5: Financial terrorism as a criminal offense. The funding of individual terrorists or terrorist organizations must be illegal in member states.
#26: Regulation and supervision of financial institutions. Countries must ensure all banks are regulated and that they properly implement FATF standards.
#27: Power of supervisors. Supervisors must have adequate power to investigate and ensure compliance.
#28: Designated non-financial businesses and professions (DNFBPs) regulation. These businesses, which include casinos, real estate agents, lawyers, and more, must be registered and subject to appropriate regulatory controls.
#29: FIUs. All countries must appoint a designated Financial Intelligence Unit to be a national center for the receipt and analysis of information regarding money laundering, financing of terrorism, and other financial crimes.
#30: Responsibility of law enforcement. Law enforcement and other authorities must promptly investigate allegations around money laundering and financing of terrorism.
#31: Power of law enforcement. Authorities must have access to documents and all other necessary information for the purpose of investigation.
#33: Statistics. Countries should track and maintain information regarding the efficiency and effectiveness of all AML processes.
#34: Guidance and feedback. FIUs should aid individual businesses by establishing guidelines around the Recommendations.
#35: Sanctions. There must be a range of appropriate, dissuasive sanctions for financial crimes.
#37: Mutual legal assistance. When money laundering situations arise, all countries should rapidly and constructively provide legal assistance to assist with persecution.
#38: Freezing and confiscation. Countries must provide legal assistance to freeze, confiscate, and otherwise take action on illegally obtained assets.
#39: Extradition. Money laundering and financing terrorism are extraditable offenses; countries should manage all requests promptly.
#40: Other international cooperation. Countries must take all necessary steps to cooperate with FATF Recommendations.
Start following the FATF Recommendations with help from Persona
Understanding the FATF Recommendations is essential — but implementing its guidance doesn’t have to be difficult. Taking action against money laundering and protecting your business can be as straightforward as adhering to your FIU’s standards and implementing lessons learned from enforcement actions or other relevant updates.
Proper enforcement of AML and CFT policies will require your business to implement various strategies, policies, and procedures. Thankfully, with infrastructure like Persona on your side, you can automate many of these protocols, including customer onboarding and watchlist screening.
Leverage Persona’s customizable workflows to build a risk-based verification process that adapts to the unique risk of each customer. Identify PEPs, adverse media, and other relevant information through a single comprehensive platform that always pulls from the most up-to-date data sources. Simplify your AML efforts with Persona and discover the benefits of implementing FATF Recommendations in your business. Start for free or get a demo today.