- What is International Financial Action Task Force FATF-GAFI
- 40 FAFT-GAFI Recommendations
Preventative measures to protect consumers
- Laws on secrecy or confidentiality of financial institutions
- Adequate Customer Identification and Verification (KYC)
- Registration and Conservation of Data
- Politically Exposed Persons
- Correspondent Banking Relationships
- Money or Value Transfer Services
- New Technologies
- Electronic Transfers
- Use of Third Parties
- Internal Controls, Foreign Subsidiaries, and Branches
- Higher-risk countries
- Suspicious Transaction Reports
- Disclosure and Confidentiality
- Designated Non-Financial Businesses and Professions (DNFBPs): Customer Due Diligence and Verification
- Designated Non-Financial Activities and Professions (DNFBPs): Other Measures
- Recommendation 10: Know your customer: KYC
- Recommendation 15: the dangers of cryptocurrencies
FATF-GAFI, the International Financial Action Task Force, updates regulations to counter money laundering and terrorism, including specific regulations on cryptocurrencies and virtual assets.
The good news for small investors, is that authorities around the world are now obliging that those who manage exchanges, and those who supervise them, comply with the rules of GAFI, the International Financial Action Task Force (otherwise recognised by its English name as FATF, ‘Financial Action Task Force’).
What is International Financial Action Task Force FATF-GAFI
The international Financial Action Task Force, FATF-GAFI, was established in 1989 by the ministers of the member countries.
Its task is to set standards and promote the effective implementation of legal, regulatory, and operational measures to combat money laundering, financial terrorism, and other related threats to the integrity of the international financial system.
FAFT-GAFI also works to identify national-level vulnerabilities with the aim of protecting the international financial system from abuse.
It has 37 member countries, as well as important international financial and industrial bodies acting as observers (United Nations, International Monetary Fund, World Bank, European Central Bank, Europol, Egmont etc).
Italy joined in 1990.
FAFT-GAFI establishes international standards that aim to prevent illicit financial activities and their consequences, analyses the techniques used and the evolution of said techniques, evaluates and monitors national systems and identifies countries that maintain strategic gaps in their systems for preventing, and countering, money laundering and financial terrorism.
Thanks to their work, they provide the financial sector with useful elements for risk analyses.
40 FAFT-GAFI Recommendations
FATF, or FATF Standards, divided into 7 sub-categories, that are internationally recognised, and constitute more than a guide to preventing organised crime, corruption, and terrorism.
Having conceived and comprehended an approach in their original form of 1990, over the years they have formed the basis of a well-structured money laundering prevention plan.
Subsequently, they gained 9 Special Recommendations, aimed at countering the financing of terrorism.
In 2018, FATF-GAFI clarified how to apply its recommendations to financial activities involving virtual assets.
The most substantial part of the Recommendations is dedicated to preventive measures.
Probably the importance of the document can be seen in this set of tips which, if adopted, would significantly reduce the means to those who organise scams.
Preventative measures to protect consumers
The FATF-GAFI Recommendations, from No. 9 to 23, focus on the importance of the prevention and control of and for consumers.
Laws on secrecy or confidentiality of financial institutions
“Countries must ensure that the laws and regulations that protect financial institutions’ professional discretion, do not hinder the implementation of FATF-GAFI Recommendations”.
Adequate Customer Identification and Verification (KYC)
“Financial institutions must be prohibited from keeping anonymous accounts or accounts in the demonstrably fictitious names”.
Registration and Conservation of Data
“Financial Institutions must be obligated to retain, for at least 5 years, all necessary transaction data, both domestic and international, to comply promptly with requests for information from the relevant authorities.
Customer Due Diligence (CDC) information (personal information collected to verify a customer’s identity) and transaction data must be made available to the authorised national authorities”.
Politically Exposed Persons
“In these particular cases, financial institutions must take reasonable steps to establish the origin of the assets and the origin of the funds”.
Correspondent Banking Relationships
“Financial institutions must be prohibited from establishing or continuing a correspondent banking relationship with shell banks”.
Money or Value Transfer Services
“Countries must take measures to ensure that natural or legal persons providing funds or value transfer services are licensed or registered and are subject to effective oversight systems that ensure their compliance with the relevant measures required by the FATF-GAFI Recommendations”.
“‘Virtual Asset Service Providers’ (VASPs according to their glossary), are regulated for anti-money laundering (AML) and counter-terrorist financing (CFT) purposes, subject to licensing or registration and to effective monitoring or supervisory systems”.
“Countries must ensure that, in the execution of electronic transfers, financial institutions take measures to freeze and prevent the carrying out of transactions with detected persons and entities, in line with the obligations set out in relevant United Nations Security Council Resolutions, such as Resolution No. 1267 (1999) and subsequent resolutions, and Resolution No. 1373 (2001), relating to the prevention and suppression of terrorism and terrorist financing.”
Use of Third Parties
Countries may allow financial institutions to use third parties for customer due diligence purposes. The customer may be identified, based on documents, through data or information obtained from a ‘reliable and independent’ source.
In addition, financial institutions may ask third parties for information on the purpose and nature of the business relationship with the customer.
In this case, “the financial institution must ensure that the third party is regulated, subject to supervision and oversight, and has measures in place to comply with customer due diligence and record keeping requirements”.
Internal Controls, Foreign Subsidiaries, and Branches
“Financial groups must implement group-wide anti-money laundering and counter-terrorist financing programmes, including intra-group information sharing policies and procedures for anti-money laundering and counter-terrorist financing purposes.”
“Financial institutions must apply enhanced customer due diligence measures in the context of business relationships and transactions with natural and legal persons and financial institutions from countries that are defined as “higher risk” by the FATF-GAFI. The enhanced measures applied must be effective and proportionate to the risks”.
Suspicious Transaction Reports
“Where financial institutions suspect or have reasonable grounds to suspect that funds are the proceeds of criminal activity or are linked to financial terrorism activities, they must by law be obliged to make a suspicious transaction report to the Financial Intelligence Unit (FIU, or otherwise recognised in Italian as UIF) without delay”.
Disclosure and Confidentiality
“Financial institutions, their directors, officers and employees must be: (a) legally protected from any criminal and/or civil liability for breach of any restriction on disclosure of information imposed by contract or by any legislative, regulatory or administrative provision, when they report, in good faith, their suspicions to the FIU, even if they do not have precise knowledge of the related criminal activity and regardless of whether the illegal activity has taken place”.
Designated Non-Financial Businesses and Professions (DNFBPs): Customer Due Diligence and Verification
“The customer due diligence and record keeping requirements of Recommendations 10, 11, 12, 15 and 17 apply to the following DNFBPs:
- Real estate Agents
- Dealers in precious metals and precious stones
- Lawyers, Notaries, Accountants, and other independent legal and accounting professionals
- Trusts and Company service providers,
in the case that they “arrange or execute, for their customers’” particular activities, or if they “carry out with a customer a cash transaction in an amount equal to or exceeding the designated threshold”.
Designated Non-Financial Activities and Professions (DNFBPs): Other Measures
“Lawyers, Notaries, Accountants and other independent legal and accounting professionals must report suspicious transactions, in the name of or on behalf of a client, when they carry out a certain financial transaction.
Dealers in precious metals and precious stones must report suspicious transactions when they conduct cash transactions with a customer for an amount equal to or exceeding the designated threshold.
Service providers to Trusts and Corporations must report suspicious transactions when, in the name of or on behalf of a client, they carry out a transaction relating to particular activities”.
Recommendation 10: Know your customer: KYC
A separate chapter is dedicated to Recommendation No. 10, on proper customer identification and verification.
In an age where people open accounts online, trade online, shop online, how can one be sure that the person they are dealing with is really who they say they are, or that they really have the skills needed, or that they are not committing crimes with our consent?
Know Your Customer, or rather: do you know your customer?
In Italy, there is a legal obligation (currently the latest update on this matter is contained in Legislative Decree 90/2017, in acquisition of the European Union’s anti-money laundering directives) to implement certain procedures to acquire certain data and information on the identity of users and customers.
The parties obliged to carry out KYC procedures are:
- banking and financial intermediaries
- professionals (accountants, labour consultants)
- notaries and lawyers
- statutory auditors and auditing companies
- real estate agents
- gaming service providers
- virtual currency service providers
It is not just a question of identity, but of all-round knowledge.
The verifier must, based on its relationship with the user, constantly assess the user’s exposure to possible money laundering and financial terrorist risks.
Here are the basic steps:
- Establish the customer’s identity
- Understand the nature of the client’s assets (verifying that the source of the client’s funds is legitimate)
- Assess the money laundering risks associated with that client.
It may be necessary to file a Suspicious Activity Report (SAR) if account activity is considered unusual.
Recommendation 15: the dangers of cryptocurrencies
In the light to the evolution of the means used by criminals, the FATF-GAFI analyses money laundering and terrorist financing techniques, adapting to the new risks.
Important in this perspective is the regulation of virtual assets, which have spread in step with the popularity of cryptocurrencies.
The Guidelines set out the requirements for registering or licensing VASPs, “in particular how to determine in which country(ies) such registration or licensing should take place, which is generally at least the place where they are established or the jurisdiction in which the activity is located if they correspond to a named individual, even though jurisdictions are given the option to require VASPs to be registered or licensed before engaging in activities within or from their jurisdiction”.
SEC Chairman Gary Gensler likened the state of the cryptocurrency industry to the “Wild West” because of its lack of clear rules.
The survival of the fittest is not acceptable, and the most important signal of this was given by the inclusion of Ruja Ignatova, the cryptocurrency queen and creator of OneCoin, on the FBI’s list of the ten most wanted fugitives at the end of June 2022.
The authorities have no intention of lowering their sights on the perpetrator of the biggest scam ever devised in the wake of cryptocurrency success, who has been on the run since 2017, having embezzled millions of euros from unwitting investors.
Interpol had already put her on its list of most dangerous fugitives, but the FBI is offering a $100,000 reward for anyone who can provide information that could lead to Ruja Ignatova’s arrest.
On 25 October 2017, she boarded a Ryanair flight from Sofia to Athens and disappeared into thin air.
There are signs that things are changing, but identifying fraudsters is not enough, punishing them and returning the ill-gotten gains should be the norm, not the exception.
The effort must be made by everyone, including customers, so before you invest your money, inform yourself, if only through a search engine, and if you are concerned, or know, that you have been deceived, have no qualms about reporting it.
Boccadutri International Law Firm’s Forex Litigation Department is at your disposal for advice or information on the topics covered.
Complete the form to request a legal consultation. Our experts will evaluate your case and suggest the best solution.