111 510 510 libonline@riphah.edu.pk Contact

FATF and AML compliance requirements

1. Legal Measures: Criminalization of Offences, Investigations and Prosecutions:

FATF recommendations require Criminalization of money laundering through domestic legislation.1 The recommendations also provide to specify the scope of liability in relation to AML. The recommendations2 also require that for prosecutorial authorities resources should be provided by member states.

The recommendation requires maintenance of statistics of investigations, prosecutions and convictions under AML law and regulations.3 Recommendations also require that a member state enacts a comprehensive set of laws to counter AML/CTF.4

Proceeds of crime, confiscation and asset freeze: Member country’s law relating to AML/CTF has to specify the character of property which will be subject to confiscation5 including the proceeds of crime. Among the legal measures, and in conformity with UN Security Council Act, 1947 laws should prohibit such financing.6

FATF recomendations7 require that enacted laws provide for broader investigation powers including the matters namely: a. discovery and inspection; b. enforcing the attendance of any person, including any officer of a banking company or a financial institution or a company, and examining him on oath; c. compelling the production of records; d. receiving evidence on affidavits; e. issuing commissions for examination of witnesses and documents; and f. any other matter which may be prescribed.

Statistics, cross border declarations and disclosures: The recoemndation8 also lays down responsibility to provide for structure, funding and technical resources for law enforcement authorities. All the law enforcement authorities must provide statistics in relation to their obligations9 including effectiveness in convictions and law enforcement.10 The domestic legal system must provide for Cross Boarder Declarations and Disclosures11

Cash movement control: Countries should ensure that their competent authorities have the legal authority to stop or restrain currency or bearer negotiable instruments that are suspected to be related to terrorist financing or money laundering, or that are falsely declared or disclosed.

Control of false declarations: Countries should ensure that effective, proportionate and dissuasive sanctions are available to deal with persons who make false declaration(s) or disclosure(s). In cases where the currency or bearer negotiable instruments are related to terrorist financing or money laundering, countries should also adopt measures, including recommendation consistent legislation.12

2. Institutional measures The regulatory quality is an indicator that measures the ability of governments to formulate and implement sound policies and regulations that permit and promote private sector development.

Framework for collecting information: The domestic law should provide for collecting of data in the form of Suspected Activity Reports (SAR) and Cash Transaction Reports (CTR).

Political exposed persons:13 The control of corruption is an indicator that takes into account the patterns of official corruption as well as it takes into consideration a laissez-faire attitude toward the business and banking communities that make a jurisdiction vulnerable to ML/FT.

Politically Exposed Persons (PEPs) are individuals who are, or have been, entrusted with prominent public functions, such as heads of state or government.14 A considerable number of jurisdictions expect financial institutions to treat a prominent public official’s family and close associates as PEPs.15

The identification of PEPs requires effective Customer Due Diligence (CDD) processes, including the identification of beneficial owners. Building on this requirement, financial institutions have to place appropriate risk-management systems for determining whether a customer is PEP or not.

A bank should have risk management systems to identify if the customer is PEP, by asking necessary questions, performing a database check, referring to publicly available information, and so forth.

Banks are required to check whether a potential customer, existing customer, or beneficial owner, is PEP. This check is often made before the establishment of a business relationship; the account could not be opened until all relevant investigations, such as beneficial ownership and PEPs identification takes place.

Once PEP has been identified, senior management is required to decide whether to continue the business relationship, and if so, apply Enhanced Due Diligence (EDD) measures in line with national legal and regulatory requirements.

Setting up of FIUs: The Financial Intelligence Units16 on the one hand, point out clear instructions and lines of action to their own entities, and on the other, provide feedback of the inquiries that are being carried out. The main function of the FIU can be summarised as follows:

a. Collection of Information: act as the central reception point for receiving Cash Transaction Reports (CTRs) and Suspicious Transaction Reports (STRs) from various reporting entities;

b. Analysis of Information: analyse received information to uncover patterns of transactions suggesting suspicion of money laundering, terrorist financing and related crimes;

c. Disseminating/Sharing of Information: share information with national intelligence/law enforcement agencies, regulatory authorities and foreign Financial Intelligence Units (FIUs);

d. Act as Central Repository: establish and maintain a national database on cash transactions and suspicious transactions on the basis of the reports received from reporting entities;

e. Co-ordination: co-ordinate and strengthen collection and sharing of financial intelligence through an effective national, regional and global network to combat money laundering, terrorist financing and related crimes;

f. Research and analysis: monitor and identify strategic key areas on ML trends, typologies and developments.

3. Financial institutions prevention KYC, customer due diligence, and EDD etc:

States are required to introduce laws and regulations which prescribe for customer due diligence, including enhanced and reduced mearues.17 These measures must formulate and implement client identification program incorporating the necessary requirements and regulations should also provide that at the time of opening an account or executing any transaction, what steps are to be taken to maintain records and how to verify identity, current address or addresses (including permanent address or addresses of the client), and the nature of business of the client and his financial status. CDD must be undertaken on an occasional transaction, and so all transactions undertaken are covered by institutions. The CDD provisions, at the level of law and regulation, should refer to situations where there is a suspicion of money laundering or terrorist financing or where an institution has doubts about the veracity or adequacy of previously obtained customer identification data. These requirements relating to customer due diligence are applicable to securities sector, money changers, payment technologies, introduced businesses and unusual transactions.18 Furthermore record keeping is required,19 for example casinos are required to maintain that. Casinos20 are not required to perform enhanced due diligence for higher risk categories of customer, nor is there a requirement to undertake CDD when there is a suspicion of money laundering or terrorist financing.21 Accountants, dealers in precious metals and stones, lawyers and real estate agents are not required to go for customer identification but record keeping requirements are to be maintained.22 None of the DNFBP sectors is subject to obligations that relate to recommendations 6, 8 or 11 (except for casinos in relation to R.11).23

Wire transfer:24

FATF wants to strengthen the transparency of wire transfers through feedback on the procedures that are commonly used by the financial mediators on all the fund transfers, specifically on the cross-border ones.

It is important that to conduct an assessment of the practices through by which electronic transfers are performed and it is also important to conduct such assessments in order to determine and establish minimum standards.

The jurisdiction’s domestic legal framework is required to allow the financial institutions which send, receive or act as correspondent in order to share information among them, and to meet the requirements prescribed by law.

Suspicious transaction reporting:25 As part of its required AML Program, a casino must have procedures for filing a report of any activity when there is a suspicion of money laundering or terrorist financing. This suspicious activity reporting obligation applies to all casinos and card clubs. Casinos must file a report of any suspicious transaction that it believes is relevant to the possible violation of any law or regulation or has reason to suspect that the transaction (or a pattern of transactions of which the transaction is a part). Involves funds derived from illegal activity or is intended or conducted in order to hide or disguise funds or assets derived from illegal activity, is designed, whether through structuring or other means, to evade any requirements of this part or of any other regulations. Has no business or apparent lawful purpose or is not the sort, in whom the particular customer would normally be expected to engage, involves use of the casino to facilitate criminal activity.

Protection from liability and tipping off:26 Casinos, and any directors, officers, employees, or agents of such casinos, like other financial institutions, enjoy broad protection from civil liability for making reports of suspicious transactions.

4. DNFBP prevention: Casinos27 are required to report suspicious transactions; however, there is a threshold on that obligation. Accountants, lawyers, real estate agents and TCSPs are not subject to the “tipping off” provision or protected from liability when they choose to file a suspicious transaction report. Accountants, lawyers, real estate agents and TCSPs are not required to implement adequate internal controls. Dealers in precious metals, precious stones, or jewels are required to implement AML programs; however, the effectiveness of implementation cannot yet be assessed.

There are no specific obligations on accountants, lawyers, real estate agents or TCSPs to give special attention to the country advisories. The key AML/CFT requirements which are applicable to casinos are contained here in, casinos must meet the following requirements: the reporting of suspicious activity, the reporting of each transaction in currency, detailed recordkeeping, a written compliance program, reports of transportation of currency or monetary instruments, reports of foreign financial accounts, filing of timely and complete reports, identification required, records and identification required for purchase of certain monetary instruments with USD 3,000 to USD 10,000 in cash, records by persons having financial interests in foreign financial accounts, records of transmittals of funds in excess of USD 3,000 requiring recordkeeping, verification of identity, irretrievability and reporting of this information to other financial institutions in the payment chain, regardless of the method of payment, nature of records and retention period, structured transactions.

The state gaming commissions typically investigate the qualifications of each applicant seeking a gaming license, issue casino licenses, promulgate regulations (eg, on the types of games offered, the integrity of the games and consumer protection issues, internal controls, etc), investigate violations of these gaming regulations, initiate regulatory compliance actions against licensees, hear and decide licensing cases, and interact with other regulators and law enforcement agencies.

It is common for many state regulators also to impose internal control standards on the casinos that they license. Although these state standards vary somewhat from each other, they typically include procedures for handling table games, rules of the game, electronic gaming devices, casino cashiering and credit, check cashing, casino accounting, internal audit, surveillance, security, etc.

Internal controls: AML programme requires setting up of internal controls.28 Program must be in writing and must have, among other things; System of internal controls to assure ongoing compliance; Internal and/or external independent testing for compliance; Training of personnel (eg, providing education and/or training of appropriate personnel); Designation of an individual or individuals (eg, a compliance officer) responsible for day-to-day compliance; Procedures for using all available information to determine; the name, address; the occurrence of any transactions or patterns of transactions.

Regulation, supervision and monitoring:29 Regulations in this regard are required to provide for: registration of real estate agents, Gem and Jewellery exporter, accountancy professionals and lawyers.

Guidance for DNFBPs:30 States are required to provide substantive guidance to the DNFBPs, how to fulfil their statutory obligations.

Measures to encourage modern and secure techniques for conducting financial transactions: States are required to encourage the development and use of modern and secure techniques for conducting financial transactions.

Beneficial ownership:31 The purpose of this recommendation is to provide the Financial Institutions with more specific faculties in order to:

(i) Identify the customer and verify its identity;

(ii) Identify the beneficial owners of a legal person and take reasonable measures to verify its identity from its creation, elaboration of the company’s By Laws and verify the names of staff members. It is also important to verify the address of the principle offices and confirm the identity of the shareholders and of those who have the corporative control over the entity, and also the identity of the administrative officers; and

(iii) To identify the beneficial owners of corporate vehicles (legal arrangements).

The process of identifying the beneficial ownership is required to be linked with the actual risk it encompasses and may not be applied to all cases. This would allow delimiting the performance of such identification to higher risk clients.

5. Informal Sector Prevention

Trusts and charities:

Trusts are not legal entities and are governed by the trust deed (if it exists) and applicable local laws. Where tax on a discretionary trust is assessed in the hands of the trustee, after-tax distributions to the beneficiaries are exempt from tax in their individual hands. The trustee is required to file a tax return disclosing information about the income and assets of the trust he or she administers. However, generally, information about beneficiaries of the trust is not required to be filed. For public and charitable trusts that are required to register, the applicable statutes have requirements relating to the information that must be provided and filed annually with the various statutory authorities. Law enforcement and other competent authorities have powers to obtain or access information in respect of these public charities. Requirements are to be laid down in law to obtain, verify and retain adequate, accurate and current information on the beneficial ownership and control of private trusts. Minimal adequate and accurate information concerning the beneficial owners of private trusts should obtain or accessed by the competent authorities in a timely fashion.

6. National co-operation

States are required to establish intelligence units to enhance co-ordination between various enforcement agencies. The unit is usually responsible for:

a. to consider various aspects of intelligence relating to economic security and evolve strategy for effective collection and collation of such intelligence and its dissemination to identified user agencies and departments;

b. review measures to combat economic offences and formulate a co-ordinate action strategy for the various enforcement agencies;

c. review important cases involving inter-agency co-ordination and approve modalities for improving such co-ordination;

d. consider and approve measures to strengthen the functioning of individual intelligence and enforcement agencies;

e. examine the changing dynamics of economic offences, including new modus operandi for such offences and approve measures for dealing with them effectively;

f. advice on amendments of laws and procedures for plugging loopholes in taking effective action against economic offenders;

g. review measures to combat the generation and laundering of illicit money and approve a strategy for dealing effectively with illicit money operators and tax evaders;

h. interact through its secretariat, on matters having bearing on national and economic security;

i. consider and approve lists of annual tasks, including the periodical updating of such lists, for each of the agencies concerned in consultation with the departments and agencies that finally receive the information;

j. consider and introduce a system of annual monitoring and evaluation (qualitative and quantitative) of the performance (in the field of intelligence collection, prompt dissemination, follow-up etc) of all agencies;

Reviewing the effectiveness of AML/CFT regimes

There is several ways to review the existing regimes. For example in India there are several systems in place for the regular review of the effectiveness and functioning of India’s AML/CFT system. The Economic Intelligence Council, chaired by the Finance Minister of India, conducts periodical reviews at the national level regarding both the effectiveness of the legal framework and the processes in place by law enforcement agencies. The CEIB and the REIC also organise regular review meetings to discuss and examine strategies including the assessment of the efforts to combat money laundering and terrorist financing. The Revenue Secretary regularly reviews the functioning and effectiveness of both the Directorate of Enforcement and the FIU-IND.

The Inter-Ministerial Co-ordination Committee on Combating Financing of Terrorism and Prevention of Money Laundering (IMCC) reviews the effectiveness of the systems for AML/CFT on a regular basis and ensures that steps are taken to update AML/CFT measures, as necessary. As a result of such exercises, the UAPA and PMLA have been amended and the National Investigation Agency has been set-up under a separate statute to investigate and prosecute terrorists involved in terrorist activities, including terrorist financing.

7. Entity transparency32

The “Entity Transparency” component principally measures the power of competent authorities to obtain adequate information on beneficial ownership of trusts. The entity transparency component is composed by the sum of the recommendations rating values:33

The “International Co-operation” component measures the extent to which countries have laws and other measures that give a country the ability to provide the widest range of international co-operation. The international co-operation component is composed by the sum of the recommendations.

In many countries the prevention of ML/FT is hampered by difficulties in identifying or lack of commitment to identify the ultimate beneficial owners of funds/assets, which is illustrated by the lack of standardised data on beneficial ownership held in most countries, and the nature of information collected will vary in the absence of any relevant guidance. For example, information on the companies’ register typically pertains only to founders and composition of the board of directors (as opposed to beneficial ownership), which is neither verified nor reliable. In addition, in some countries, providers of trust services who are not lawyers or accountants but members of professional bodies are not monitored for their AML/CFT obligations; it is therefore not clear how reliable the information they maintain would be.

Mechanisms to provide adequate and timelier access to adequate and accurate information on beneficial ownership and control of legal persons could be improved. While competent authorities have some powers to access information on the beneficial owner and control of some types of legal persons and arrangements, the mechanisms in place appear to be insufficient.

8. International cooperation34

For international co-operation steps required are to accede to conventions, resolutions, and international instruments. In this regard accession, implementation and adoption of the following instruments are necessary for enhancing the international co-operation:

a. The FATF ‘Forty Recommendations’ of 1990

b. Council of Europe’s Convention 141 on Laundering, Search, Seizure and Confiscation of the Proceeds from Crime of 8 November 1990.

c. EC Directives of 10 June 1991

d. Commonwealth Model Law for the Prohibition of Money Laundering & Supporting Documentation (May 1996)

e. Convention on Combating Bribery of Foreign Officials in International Transactions (1997)

f. United Nations’ Model Legislation on Laundering, Confiscation and International Co-operation in Relation to the Proceeds of Crime (1999)

g. UN International Convention for the Suppression of the Financing of Terrorism (1990)

h. UN Convention Against Transnational Organised Crime (December 2000)

i. The Wolfsberg Principles (2001) and Basle Committee on Banking Supervision (2001)

j. The Wolfsberg Principles on Private Banking; the Wolfsberg Group in 2002 Published the Wolfsberg Global Anti-Money Laundering Guidelines for Private Banking

k. Wolfsberg AML Principles for Correspondent Banking, 5 November 2002

l. The United Nations Convention against Corruption (2003)

m. Model Legislation on Money Laundering and Financing of Terrorism, IMF, December 1, 2005

n. The European Directives (2005 and 2006) Third Directive

o. The Wolfsberg Group on PEPs (2008)

p. Model Provisions on Money Laundering, Terrorist Financing, Preventive Measures and Proceeds of Crime (for common law legal systems), IMF, April 2009.

q. Revised FATF Recommendations (February, 2012)

r. Proposed Fourth FATF Directive (2013)

Mutual legal assisstance35

States are required to provide for mutual legal assistance in criminal matters including money laundering and terrorist financing.

Dual criminality relating to MLA36

States are required to provide for assistance where there is an offence under investigation in another country without formally imposing dual criminality as a condition for MLA.

Freezing, seizing and confiscation37

States are required to provide assistance to requests for tracing, identification, and attachment of property desired or obtained from the commission of an offence committed in the requesting state.


States are required to enact laws so as to declare money laundering and terrorist financing as extraditable offence.

Data protection and privacy:39

An international understanding on how to implement key AML/CFT and data protection standards, which at the same time takes into consideration certain national specificities, is essential in a globally interconnected economic and financial environment.

The FATF considerations on how to enable financial institutions to properly implement AML/CFT standards while at the same time ensuring full protection of clients’ personal data in line with data protection standards. It is indeed crucial for the European banking sector to be able to process data on crime and AML/CFT risks and exchange information in an effective way. We also welcome the reflections of the FATF on how to clarify the mechanisms for international banking groups, which face different national requirements.

A new obligation of authorities, within and between jurisdictions, to have better mechanisms in place to balance the often contradictory targets of AML/CFT on one hand and data protection on the other is a positive step. However the inability of different authorities to sometimes agree on the appropriate mechanisms and balance between AML/CFT and data protection priorities should not lead to financial institutions finding themselves in legal uncertainty about their specific duties and procedures which is a key issue in their day-today activities.

Conditions governing the exchange of data within groups of affiliated companies acting on the same level of data protection should be further harmonised and simplified. Such a framework would be for the benefit of financial institutions and their customers whose data could continue to be processed securely.

(The writer is an advocate and is currently working as an associate with Azim-ud-Din Law Associates)

1. FATF: Recommendations 1 & 2.

2. Id See recommendation 30.

3. Id See recommendation 32.

4. Id See special recommendation II.

5. Id See recommendation 3.

6. Id See special recommendation III along-with UNSCRs 1267 and 1373.

7. Id see recommendation 28.

8. Id see recommendation 30.

9. Id see recommendation 32.

10. Id see recommendation 27 and 28.

11. Id see special recommendations IX.

12. Id consistent with recommendation 3 read with special recommendation III.

13. Id see recommendation 6.

14. FATF Glossary; Article 52(1), UNCAC.

15. FATF Glossary; Article 52(1), UNCAC.

16. Id recommendation 26.

17. Id see recommendations 5, 6, 7 and 8.

18. Id see recommendations 6-9 and 11.

19. Id recommendation 10.

20. Id see recommendation 12.

21. Id see recommendation 5.

22. Id see recommendation 5 & 10.

23. Id see recommendation 12.

24. Id special recommendation VII.

25. Id see recommendation 13.

26. Id see recommendation 14.

27. Id see recommendation 16.

28. Id see recommendation 15.

29. Id see recommendation 24-25.

30. Id see recommendation 25.

31. Id recommendation 26, 33, and 34.

32. Id see recommendation 33, 34 and special recommendation VIII.

33. Id see recommendation 34 and S.R. VIII

34. See recommendation 35, 36, 37, 38, 39, 40 and special recommendation V.

35. Id see recommendation 36, 37 and 38.

36. Id see recommendation 37.

37. Id see recommendation 38.

38. Id see recommendation 37, 39 and special recommendation V.

39. Id recommendation 4.a

Zafar Azeem, "FATF and AML compliance requirements," Business recorder. 2013-03-14.