Complete Guide to the FATF 40
An in-depth analysis of the FATF 40 Recommendations and how they apply to country-level regulations and day-to-day compliance activities.
For those entering the Anti-Money Laundering (AML), Know Your Customer (KYC), or Customer Due Diligence (CDD) space, the 134-page FATF Recommendations document can be very daunting to read and understand. Many who have spent years in the field do not have a clear insight into the value or purpose of the standards and how they are implemented. Understanding these guidelines and how they fit into each country’s AML/KYC regulations is key to understanding how countries work together to fight financial crime.
The Financial Action Task Force (FATF) is an intergovernmental organization established in 1989 by the G-7 (Canada, France, Germany, Italy, Japan, the United Kingdom, and the United States). Initially focused on money laundering from drug trafficking, the FATF has expanded to 37 member countries and has grown its remit to include a broader definition of financial crime.
The FATF does not have any legal or enforcement authority. Rather, it relies on its member states to establish laws and regulations to meet the standards set forth by the FATF. With that in mind, the FATF has two main objectives:
- Establish global standards for financial intelligence units (FIUs) and governments to implement regulations and laws to reduce the flow of illicit funds globally.
- Monitor and evaluate compliance with the FATF recommendations for approximately 100 countries globally.
To meet the first goal, the FATF has created its 40 recommendations divided into 7 topics. These recommendations are focused on what countries and jurisdictions should implement. They are not focused on the requirements for financial institutions or banks specifically.
- A. AML/CFT Policies and Coordination (Recommendations 1-2): The first two recommendations are focused on countries understanding their unique AML/CFT risks and creating policies that mitigate those risks using a risk-based approach (RBA) and ensuring cooperation between government agencies within a country to coordinate risk mitigation efforts.
- B. Money Laundering and Confiscation (Rec. 3-4): Section B of the recommendations addresses the criminalization of money laundering and the ability for countries to confiscate criminal proceeds. Implementation of such rules has resulted in billions of dollars in asset forfeiture, including a $500M forfeiture by ABN Amro Bank in 2010.
- C. Terrorist Financing and Financing of Proliferation (Rec. 5-8): Similar to Section B, section C addresses the criminalization of terrorist financing and the financing and proliferation of weapons of mass destruction. The section also addresses the need for jurisdictions to comply with UN Sanctions and ensuring there are measures in place to identify non-profit organizations being used or exploited for illegitimate purposes.
- D. Preventative Measures (Rec. 9-23): Section D covers the bulk of requirements that are must be implemented by financial institutions and designated non-financial businesses or professions (DNFBP) (law firms, casinos, dealers in precious metals and stones, etc.). This includes requirements on establishing customer due diligence programs including customer risk screening on all business relationships and transactions and maintaining appropriate records on all such customers.
In addition to creating customer and enhanced due diligence programs for all customers, this section defines enhanced due diligence requirements for politically exposed persons (PEPs), correspondent banking relationships, MSBs (Money Service Business), wire transfers, business in or with higher-risk countries, and new financial technologies such as virtual currencies.
A critical part of Section D is Recommendation 10, which covers the different risk-based approaches that must be carried out on customers and 3rd parties. Rec. 10 makes clear distinctions between normal customer due diligence (CDD) and when a geographic, customer, or transactional risk necessitates enhanced due diligence (EDD). It is from this recommendation that many jurisdictions have implemented requirements going beyond sanctions screening to include watchlist screening, and adverse media screening.
Finally, Section D requires jurisdictions to have laws in place requiring the reporting of suspicious transactions to the financial intelligence unit (FIU).
- E. Transparency and Beneficial Ownership of Legal Persons and Arrangements (Rec: 24-25): While many areas of the FATF Recommendations have been implemented for a number of years, Section E, concerning the transparency and screening of ultimate beneficial owners (UBO), is still undergoing implementation around the world. In the EU, the Money Laundering Directive has required states to create UBO registries; however, many member states have yet to comply with this requirement.
In the United States, financial institutions and DNFBPs are required to identify and screen UBOs, but there is no requirement for corporations or LLCs to report this information to any authority. The Corporate Transparency Act of 2019 is designed to implement such a solution but has not yet passed Congress.
- F. Powers and Responsibilities of Competent Authorities and Other Institutional Measures (Rec. 26-35): Section F defines the roles that states have in ensuring there are competent authorities with the power to license and supervise financial institutions and DNFBPs. This includes the establishment of a financial intelligence unit (FIU) that works closely with law enforcement to mitigate terrorist financing and money laundering. Either the FIU or other appropriate law enforcement agency must have the ability to enact “effective, proportionate, and dissuasive” sanctions for failure to comply with AML/CFT regulations.
- G. International Cooperation (Rec: 36-40): Finally, Section G defines the coordination and cooperation between states on legal affairs including freezing and confiscation of funds and extradition requests. This cooperation is facilitated through the Egmont Group which consists of 164 financial intelligence units globally.
While the FATF Recommendations are focused on the roles and responsibilities of countries and competent authorities, the policies and procedures laid out also impact global financial institutions. Changes to the FATF Recommendations, whether directly or through an Implementation Note, impact regulations, laws, and enforcement actions globally — most recently with FATF’s statements on Virtual Assets (cryptocurrencies). Financial institutions must keep an eye out for changes to the recommendations as well as changes to how they are interpreted and implemented.