FATF Turns 30, Part 3: The Future of AML/CFT
This is the third in a series of articles assessing the Financial Action Task Force’s (FATF) evolution since its inception in 1989. This article provides an overview of the strategic review taking place at the FATF as well as initiatives – such as public-private partnerships, the creation of common data standards and the adoption of technology – that could improve the effectiveness of anti-money laundering and countering the financing of terrorist (AML/CFT) measures.
The first article looked at how the FATF’s mandate has changed in the past 30 years under the guidance of the G7 and G20. The second focused on how the FATF is addressing the rise of innovation in finance, particularly the crypto and virtual assets industry, and emerging trends in technology.
There has been some recognition recently that efforts to tackle money laundering and terrorist financing are failing to yield the desired results. The United Nations Office on Drugs and Crime (UNODC) estimates that the total of money laundered on a global basis amounts to between US$800 billion – US$2 trillion (2% – 5% of global GDP). Only1% of criminally derived assets are seized or confiscated, however. This has led to questions around what can be done to make the financial crime prevention model more effective, pragmatic, intelligence-led and risk-based.
It has also led to questions about what the future of AML/CFT should look like. It will need to be a future built on principles of collaboration and standardised data sets, where the incredible technological capabilities that exist are widely adopted in a responsible manner. There will also need to be a focus on impact and economies of scale. Regulators, law enforcement and the private sector will need to act in concert to target those who are causing the greatest amount of social harm.
Strategic Review
The FATF recently launched a much-welcomed strategic review, as a priority of the Chinese Presidency, to determine how to increase the effectiveness of the fight against financial crime. The FATF has held previous reviews, which led to the issuance of the updated FATF 40 Recommendations in 2012 and the introduction of the Immediate Outcomes (IO) methodology for assessing effectiveness of national AML/CFT measures. While the FATF is the first global standard-setter to assess both the legal and institutional frameworks in countries and the level of effectiveness, it is positive to see that the FATF is taking a moment to assess its own role and consider how to make more progress.
An important focus of the strategic review is the mutual evaluations review (MER) process. In a recent speech at the Royal Unites Services Institute (RUSI), David Lewis, FATF’s executive secretary, said that, although there are some positive results in the mutual evaluations process, many countries still focus on technical compliance as opposed to outcomes, and some are still failing at that. “For example, 75% of countries need to make fundamental or major improvements to their supervision… And 100% of countries need to make fundamental or major improvements to the implementation of preventative measures” by the regulated sector, Lewis said. He said that the strategic review would look at how to modernise the process.
The MER process and the IO methodology are highly effective at mapping out the “as is” state in member countries and those participating in the FATF-Style Regional Bodies (FSRBs). The MER process and IOs also hold countries accountable, as the FATF AML/CFT standards are not legally binding. The publication of a country’s final MER report is, however, often accompanied with news reports indicating that the process may lead to overly favorable results, as has been the case with the UK and Russia. While most MERs include an action plan, limited incentives exist for countries to maintain or enhance the established frameworks to stay off the FATF’s blacklist once they are no longer under an international spotlight.
With regards to how the MER process could be modernised, Tom Keatinge, the director of the Centre for Financial Crime and Security Studies, has argued that the frequency of, and resources spent on, mutual evaluations could be risk-based. He said that, for example, this could result in systemically important jurisdictions having a “higher tempo” of reviews. There has also been the idea of holding more regular thematic reviews.
But in reviewing the methodologies for the MER and IOs, how about developing slightly different methodologies for assessing countries that are known to be source, transit, and destination countries for money laundering and terrorist financing? Source countries typically have very different geopolitical landscapes and risk profiles from transit and destination countries, as well as levels of resources that can be spent on AML/CFT initiatives. For example, the number of individuals available to prepare for MERs in-country is vastly different in FSRBs such as Kenya than say, the United States.
Another item for consideration is whether, in implementing the risk-based approach, the FATF could use the data collected by its members to identify and focus on countries that pose the greatest threat to the integrity of the global financial system. Is it possible, and feasible, for the FATF to target their resources on providing technical support to those countries while citing key risks to the international community?
Consideration should also be given to expanding the FATF’s list of non-cooperative countries and jurisdictions (NCCTs) to listing jurisdictions that pose a major threat to the integrity of the global financial system, not solely due to failing to make progress in their national action plans in implementing their AML/CFT frameworks. For example, criteria for listing countries could be based on: (1) listing countries as high-risk because politically exposed persons exercise significant and conflicted influence over the banking sector; (2) or because a certain percentage of their GDP may be linked to illicit finance; or (3) even because, based on evidence, a country is a known hub for drugs, arms, people, and/or wildlife trafficking, or has exceptionally high levels of human rights abuses and corruption.
While the Strategic Review presents the FATF with a great opportunity to continue to have a massive impact on society, it cannot do so by itself.
Public-Private Partnerships
There is a growing recognition that public-private partnerships are essential to tackling financial crime. The main reason is that every sector has a different piece of the puzzle, and by putting those pieces together, it significantly increases the chances of tracing and recovering illicit assets.
The private sector is heavily involved in financial flow of assets, its input and sharing of information allow for a cooperative effort between the public and private sectors to engage more effectively in AML and CFT efforts. Without adequate cooperation between the two sectors, AML/CFT efforts becomes fragmented, creating gaps in implementation and loopholes that can be exploited by criminals.
The Future of Financial Information Sharing (FFIS) programme, which plays an important role on promoting public-private partnerships, has highlighted that there are seven active PPPs in Australia, Canada, Hong Kong, the Netherlands, Singapore, the UK, and the United States. While these forums appear to lead to better investigative and enforcement results, there needs to be such more partnerships. Consideration should be given to involving civil society groups, to allow their intelligence to complement the work of the public and private sections. Additionally, the information flow largely remains one way, with the private sector submitting a large volume of suspicious activities reports (SARs) to, seemingly, a black box, which further calls for the need for a feedback loop between the private and public sectors. Marc Fungard, Global Head, Research and Analytics at HSBC, said in a speech during the CogX festival that there needs to be more collaboration, in a more streamlined fashion, between financial institutions and government. Consideration should be given to creating a standard on public-private partnerships as part of the FATF strategic review.
Global Data Standards
To facilitate financial intelligence-sharing, consideration should also be given to the creation of global data standards for AML/CFT. A recent statistic indicated that the amount of data created would reach 44 zettabytes during 2020. The volume of information flowing around the world is so vast that, for financial intelligence to be effectively used, it must be easily transferable, accessible and commonly understood. There is a case for the development of data standards for AML/CFT, and the international community could look to existing Organisation for Economic Cooperation and Development (OECD) Common Reporting Standards and information-sharing requirements as a model. This could in turn reduce the cost of updating technology to cope with volumes of data, or to process data available in certain formats.
Placing focus on creating a basic data set and technology layer for suspicious activity reporting on a global basis could go a long way towards making it easier to share financial intelligence on a cross-border basis. On the private sector side, having a common way to gather know-your-customer/customer due diligence information could decrease duplication and resource waste, while paving the way for the possibility of creating utilities or other shared services in the future. Technology is a necessary tool not only to help transfer, store, process and understand the massive amount of data but also to protect that data that exists.
Use of Technology
More and more innovative solutions are being applied to AML/CFT. Machine learning, cloud storage, mobile platforms and biometrics are now widely used as part of the customer on-boarding process. There is also a rise in what has been dubbed as privacy-enhancing technology (PET) to protect what is a basic human right. Homomorphic encryption and zero knowledge proof offer the promise of confirming information without sharing personal data.
Technological adoption offers economies of scale, a reduction in human error, greater efficiency and additional data points that can be used to manage risks. AML/CFT controls can be dynamic, real-time and flag data indicators that could be a cause for concern (unusual IP address, GPS data, time usage, detection of image compressions). It allows for investigations to dip into data pools to assess big data, carry out analysis, and map out results using visualization techniques. Essentially, technology presents the opportunity to do things more quickly, cheaply and effectively.
Technological adoption, however, carries its own risks, costs and the international community needs to promote responsible adoption. While the FATF’s 40 Recommendations make reference to new technologies, further work is needed to understand the risks and opportunities of the technologies available to manage AML/CFT risks and how they work in practice. Events such as the TechSprint hosted by the UK’s Financial Conduct Authority bring together different actors to create an understanding of the different potential uses for technology. But the principle of explainability (or explicability for artificial intelligence), as well as monitoring for any bias, must be part of any solution. Lastly, it will be essential for the public and private sectors to work together, and the private sector must take the commercial lead in building a new, future-proof, cross-industry and cross-sector technology-based model to fight AML/CFT more effectively.
Working Together to Remove Barriers
At its core, AML/CFT is more than just the flow of dirty funds. Corruption, terrorism, environmental crimes, human rights abuses, gender and sexual violence, and the trafficking of people, drugs, arms, wildlife, conflict minerals, etc. all affect society and the world we live in. AML/CFT is about identifying, investigating and cutting off those who profit from monstrous crimes in the international financial system. It is not about wholesale de-risking, although the rising costs of prevention continue to lead to business decisions to stop operating where risk exceeds appetite, as well as the lack of protection or incentives from government or regulators to keep those channels open. (There is a need for greater dialogue to address de-risking between government, regulators and the banking community to ensure that legitimate financing remains accessible.)
For the fight against financial crime prevention to be more effective, it is essential that all those holding a different piece of the puzzle (public, private and civil society sectors) work together to remove barriers to effectiveness. This means not only making some key enhancements as part of the FATF’s Strategic Review but also promoting cross-industry and cross-border information sharing. It also means introducing new standards to develop common data sets and reduce duplication, as well as the new technology necessary to process massive quantities of information in this data-driven world. The FATF, as the global standard setter in AML/CFT, continues to have an opportunity to decide areas of focus and guide the future of AML/CFT. The international community is eagerly anticipating the results of its Strategic Review.
Originally published on Thomson Reuters Accelus
