• Changes to the grey list.
• Strategic initiatives to improve global financial inclusion through a risk-based approach.
• The announcement of a new FATF report on combating online child sexual exploitation.
• Leadership transitions with the appointment of a new Vice-President.
• New public consultations to refine FATF standards.
• Initiatives to diversify perspectives and promote women’s leadership within the FATF network.

This article covers some of the key takeaways and what they mean for compliance professionals.

1. Additions to the grey list

Nepal

While Nepal made legislative amendments in 2024 to align with FATF standards, the country has struggled with implementation and enforcement, particularly in financial sector oversight, prosecutorial effectiveness, and regulatory compliance. 

The Asia/Pacific Group on Money Laundering (APG) had previously flagged Nepal’s slow response to key recommendations from its 2022 mutual evaluation report (MER), which highlighted persistent gaps in monitoring high-risk sectors and financial crime enforcement. These shortcomings, coupled with Nepal’s historical challenges in maintaining financial transparency, led the FATF to place the country under increased monitoring.

Laos (The Lao People’s Democratic Republic)

Despite Laos’ steps to address recommendations from its 2023 MER – such as bolstering financial intelligence unit (FIU) resources and eliminating bearer shares – the FATF found significant challenges remained regarding the country’s risk assessment process, regulatory oversight, and law enforcement effectiveness.

As a result, the FATF added Laos to the grey list and highlighted the following key areas for improvement:

• Enhancing risk-based supervision of high-risk sectors, including casinos and special economic zones (SEZs).
• Strengthening the dissemination of financial intelligence to relevant authorities.
• Increasing money laundering investigations and prosecutions, with a focus on transnational financial crimes.

A Guide to the FATF Grey List

Our expert guide takes firms through the importance of the grey list, what FATF assessments look for, and how firms should respond to a grey-listing.

Download now

2. Removals from the grey list

The Philippines 

The decision to remove the Philippines from the grey list follows nearly four years of the country working closely with the FATF to address and rectify strategic deficiencies identified in its financial regulatory framework. 

The FATF commended the Philippines for its significant progress, particularly in enhancing legislative measures – including amending the Anti-Money Laundering Act (AMLA) in 2021 and mandating all relevant agencies to actively participate in national risk assessments concerning money laundering and terrorism financing in October 2023. An on-site evaluation confirmed the effective implementation of these reforms, leading to the country’s removal from the list.

3. Strategic initiatives

Advancing financial inclusion through a risk-based approach

Recognizing that approximately 1.4 billion people worldwide lack access to banking services, the FATF has revised its standards to promote financial inclusion. Following a public consultation with over 140 responses from diverse stakeholders – including non-profit organizations, financial institutions, and academics – the FATF will amend Recommendation 1. 

This change encourages member countries to apply a risk-based approach to AML/CFT measures, allowing FIs to implement simplified procedures where risks are lower, thereby facilitating broader access to financial services. This initiative addresses concerns from a 2021 review, which highlighted issues such as de-risking and financial exclusion resulting from improper application of risk-based approaches.

Targeting online child sexual exploitation

The FATF announced it will release a new report on how financial intelligence can be used to detect, disrupt, and investigate the alarming rise of live-streamed child exploitation and sextortion. According to de Anda, the report will highlight:  

• How financial transactions can reveal offenders, link them to victims, and enable early intervention by authorities.
• New red flags and transaction patterns that indicate suspicious activity linked to online child sexual abuse, including the use of prepaid cards, peer-to-peer transactions, and micro-payments.
• The need for stronger partnerships between financial institutions, law enforcement, and technology companies to disrupt illicit financial networks facilitating child exploitation.

The report’s official launch is scheduled for March 13, 2025.

4. Enhancing global collaboration and leadership

Appointment of a new Vice-President

The plenary selected Giles Thomson from the United Kingdom as the next FATF Vice-President, succeeding Jeremy Weil from Canada. Thomson, currently serving as Director of the Office for Financial Sanctions Implementation (OFSI) and Economic Crime at HM Treasury, will assume the role on July 1, 2025, for a two-year term. 

Public consultations to refine FATF standards

To embed recent changes promoting a risk-based approach and financial inclusion, the FATF is working on updated guidance for policymakers and regulators. Public consultations are being conducted to gather feedback, ensuring practical implementation of these standards. 

Additionally, the FATF is seeking input on potential revisions to Recommendation 16, aiming to enhance payment transparency by standardizing originator and beneficiary information. This effort seeks to balance the facilitation of faster, more affordable payments with robust defenses against illicit finance.

5. Strengthening the global network

Guest jurisdiction initiative

Under the Mexican Presidency, the FATF has intensified efforts to include voices from regions with limited representation. The guest jurisdiction initiative invites countries to participate in plenary discussions on a rotational basis. This session welcomed Kenya – the first guest non-member from the East and Southern Africa Anti-Money Laundering Group (ESAAMLG) – joining the Cayman Islands and Senegal, to provide diverse perspectives and promote regional engagement.

Women in FATF and the Global Network (WFGN) initiative

A successful event was held to support the WFGN program, focusing on advancing women’s careers within the FATF and its global network. Proposals discussed include the launch of the second edition of the FATF Mentoring Programme in March 2025, aiming to provide guidance and support for female professionals in the field.

Next steps

You and your team should familiarize yourselves with the outcomes of the February 2025 plenary, especially the changes to the grey list and updates related to FATF’s strategic initiatives. You may need to update the risk scores for relevant countries added to or removed from the grey list, and ensure that appropriate levels of due diligence are applied going forward.

It’s also important to stay informed about the upcoming FATF report on online child exploitation and any new guidance related to financial inclusion. These developments could influence your team’s approach to regulatory compliance and the implementation of AML/CFT measures in the jurisdictions in which you operate.

The next FATF plenary is due to take place in June 2025.

Previous plenary coverage from ComplyAdvantage can be found here:

• October 2024
• June 2024
• February 2024
• October 2023
• June 2023
• February 2023
• October 2022
• June 2022

The post FATF plenary February 2025: Key grey list changes, strategic initiatives, and updated guidance appeared first on ComplyAdvantage.

In AML, explainable AI is crucial for understanding why certain alerts are generated, the rationale behind blocking or allowing a transaction, or the factors contributing to identifying a high-risk client. This transparency helps financial institutions (FIs) meet regulatory expectations and build trust by allowing clients, auditors, and regulators to see how and why their AI-driven decisions are made, reducing the risk of misrepresentation and improving accountability.

However, in our 2025 State of Financial Crime survey, an interesting contradiction was revealed: while firms expressed confidence in understanding regulatory expectations around AI, 91 percent of respondents still felt comfortable trading off explainability for greater automation and efficiency, which could contradict the transparency increasingly expected by regulators. 

In light of this, compliance leaders need to find ways to ensure their AI tools meet both efficiency goals and regulatory requirements. This article explores:

• What explainable AI (XAI) is and why it matters in financial compliance;
• Regulatory expectations;
• Key benefits of XAI for improving transparency and accountability in AML;
• Challenges and limitations; and
• How ComplyAdvantage approaches explainable AI.

What is explainable AI (XAI)?

Explainable AI (XAI) refers to AI systems that make decisions and articulate the how and why behind those decisions. It is also a subset of responsible AI (RAI). While RAI covers the full spectrum of ethical and trustworthy AI practices, XAI focuses specifically on making AI systems transparent and their decisions understandable. For compliance teams, XAI is essential to ensure AI-driven outcomes are interpretable for stakeholders who need to validate and trust these systems.

To achieve this level of transparency, compliance teams often make use of specific XAI techniques, including:

• Rule-based models: Also known as “white-box machine learning models,” straightforward rule-based models apply predefined rules that make them naturally interpretable. For instance, flagging high-value transactions is a simple rule that compliance professionals can easily audit. However, due to a lack of nuance and flexibility, these models’ false positive rate is estimated at over 98 percent.
• Post-hoc explainability: While white-box models offer more transparency upfront, more complex “black-box models” tend to have higher predictive accuracy. These models often require post-hoc methods to allow compliance staff to trace risk scores back to specific input features like transaction type or customer history. 
• Hybrid approaches: Combining rules-based and AI-driven techniques, hybrid models leverage both static rules and adaptable algorithms to improve detection accuracy while maintaining transparency. This balance helps compliance teams capture more nuanced suspicious activity while keeping explanations clear and accessible.

How can XAI improve AML systems?

One of XAI’s primary benefits is its ability to improve alert quality and reduce false positives. Traditional AML models often generate large volumes of alerts, many of which are benign, overloading compliance teams and diverting resources from genuine risks. XAI provides more nuanced insights into each alert’s underlying factors, allowing FIs to refine their detection models and better prioritize cases that warrant deeper investigation.

XAI also significantly strengthens a firm’s ability to audit and justify decisions. For example, if a model identifies a suspicious transaction, explainable AI can articulate the factors driving the alert – such as transaction patterns or the customer’s historical risk profile. This detailed reasoning behind each alert enhances the institution’s readiness for regulatory scrutiny, as it enables compliance teams to confidently demonstrate why an alert was triggered and how their AML systems mitigate the risk of oversight or error.

One of our most practical uses of XAI is through our Advanced Fraud Detectors. Designed with client-facing transparency, the system goes beyond identifying suspicious behavior; it provides clear explanations for each alert, detailing the factors influencing the decision. This not only helps our clients justify actions but also enhances readiness for audits, as they can transparently address regulatory inquiries about specific alerts.

Iain Armstong, Regulatory Affairs Practice Lead at ComplyAdvantage

Moreover, explainability in AI models can help train and upskill compliance teams. When compliance staff understand the logic behind alerts, they can better analyze patterns and develop a deeper understanding of high-risk indicators. This helps build expertise across the team, enabling a more informed approach to AML beyond simple model outputs.

However, XAI doesn’t just enhance compliance and regulatory functions – it plays a crucial role in building better products. 

The relationship between XAI and product excellence is mutually reinforcing, and it’s difficult to achieve a great product without focusing on these elements. At ComplyAdvantage, our model risk management approach not only helps us control risk and deliver XAI to clients but also plays a key role in building high-quality AI systems that underpin best-in-class products and services.

Chris Elliot, Director of Data Governance at ComplyAdvantage

Regulatory expectations surrounding XAI

The regulatory landscape surrounding AI and machine learning is continually evolving, which can create uncertainty for organizations seeking to adopt XAI. As AI technologies become more integral to AML and broader compliance practices, regulators worldwide are sharpening their focus on transparency, fairness, and accountability in AI-driven systems. FIs adopting these technologies must stay attuned to emerging legal standards and best practices, which increasingly emphasize XAI. 

While jurisdictions like the European Union, United Kingdom, and United States have different regulatory frameworks, they share a common concern: ensuring AI applications are transparent and fair, especially in high-stakes sectors like AML.

European Union

Considered “the world’s first comprehensive AI law.” the EU AI Act establishes expectations for transparency, governance, and accountability in AI-powered AML solutions. Having entered into force in August 2024, the Act requires FIs to ensure transparency in their decision-making processes, including clarifying why certain transactions are flagged as suspicious. Additionally, the Act emphasizes the importance of robust data governance frameworks that mandate high-quality data to minimize inaccuracies and bias.

The EU’s General Data Protection Regulation (GDPR) complements these AI-specific standards by enforcing stringent data privacy controls that intersect with XAI goals. GDPR’s “right to explanation” gives individuals insight into automated decisions that affect them, a standard that dovetails with the transparency requirements of the EU AI Act.

United Kingdom

In the UK, the regulatory approach to AI in financial services has been shaped by institutions like the Financial Conduct Authority (FCA) and the Bank of England, which have jointly addressed the need for responsible AI. While the UK has not yet enacted an AI law on par with the EU’s AI Act (as of November 2024), these regulators have issued guidelines highlighting the importance of explainability, particularly for high-risk applications like AML.

The FCA has emphasized in its guidance that AI and machine learning applications must be interpretable, especially when they affect consumer rights or regulatory compliance. The FCA and Bank of England’s Machine Learning in UK Financial Services report underscores that FIs should implement governance frameworks that oversee AI models, including transparency around decision-making processes. They recommend that larger institutions lead by example in adopting advanced analytics, recognizing that smaller firms may face challenges in implementing these standards due to resource constraints.

Moreover, the UK’s proposed AI regulatory framework, introduced in the government’s National AI Strategy, encourages a “pro-innovation” approach that balances AI’s potential with ethical considerations like fairness and transparency. To do this effectively, the UK government has indicated plans to avoid “over-regulation” but will likely monitor AI developments and may impose stricter controls over time.

United States

No federal law specifically regulates AI in financial services in the United States. However, several agencies, including the Federal Reserve, the Office of the Comptroller of the Currency (OCC), and the New York Department of Financial Services (NYDFS), have issued guidance and policy statements that touch on AI transparency and fairness in FIs.

In 2024, the US Treasury Department also introduced a National Strategy for Combatting Terrorist and Other Illicit Financing, highlighting AI technologies’ transformative potential in enhancing AML compliance. This strategy underscores how AI can analyze vast amounts of data to uncover patterns related to illicit financing. Additionally, the Treasury issued a Request for Information (RFI) in June 2024, aimed at gathering insights on the use of AI in the financial sector, particularly concerning compliance with AML regulations. The RFI focuses on the opportunities AI presents and the associated risks, such as bias and data privacy concerns. This proactive stance indicates a commitment to shaping future regulations and guidance that prioritize transparency and fairness in AI applications within financial services​

Benefits of using explainable AI for AML

As FIs look to strengthen their AML capabilities, XAI presents a range of unique benefits that enhance operational efficiency and regulatory compliance, including:

• Reduced operational burden: By improving the quality of alerts and decreasing false positives, XAI helps compliance teams focus their resources on genuine risks rather than sifting through a high volume of alerts that require minimal action. This streamlining can lead to more efficient allocation of human resources.
• Stakeholder engagement: XAI can enhance communication with external stakeholders, such as regulators and clients. Clear explanations of the rationale behind decisions allow FIs to engage more effectively in discussions around compliance practices and risk management strategies.
• Support for continuous improvement: The insights gained from XAI can inform ongoing enhancements to AML strategies. By analyzing the reasons behind alerts and outcomes, organizations can refine their detection models and policies, fostering a culture of continuous improvement in risk management.
• Boosted client trust: FIs can foster greater trust in their AML practices by utilizing XAI. Transparency in decision-making reassures clients that their FI is diligent and fair in its monitoring processes.

Challenges and limitations of XAI

While XAI offers numerous benefits, its implementation is not without challenges. Organizations must navigate a complex landscape of technical, regulatory, and operational hurdles to integrate XAI into their compliance frameworks effectively. Understanding these limitations is essential for FIs as they seek to balance transparency with efficiency and effectiveness. Some primary challenges include:

• Data privacy: Ensuring privacy while maintaining transparency can be a delicate balance. For instance, GDPR regulations in Europe mandate strict data protection measures. Organizations must navigate these regulations while providing sufficient transparency in their XAI outputs, which can be challenging when personal data is involved.
• Bias: If the data used to train XAI models is biased or unrepresentative, the explanations generated may perpetuate existing biases, leading to inaccurate or unfair outcomes. In January 2024, the New York Department of Financial Services (NYDFS) raised concerns about algorithmic bias in financial technologies, emphasizing the need for fairness and accuracy in automated decision-making processes.
• Dependence on quality data: XAI’s effectiveness relies heavily on the quality and accuracy of the data it processes. Poor-quality data can lead to misleading explanations and decisions, undermining the very purpose of using XAI. Organizations need to invest in data governance and management practices to ensure their systems function correctly. 

How does XAI work in an AML system?

In AML, explainability can be integrated in multiple ways to create a transparent and auditable system, including:

1. Data ingestion and entity resolution: By consolidating information from multiple sources, AML systems can provide a comprehensive view of entities. XAI can play a critical role here, clarifying how entities are identified and linked to relevant data points, such as transactions, relationships, or risk indicators. For example, suppose an individual is flagged as high-risk due to adverse media. In that case, XAI systems can clearly break down these triggers, helping compliance teams trace data origins and make informed decisions.
   
   
2. Risk assessment and scoring: Risk assessments are a critical component of every AML program, involving the evaluation of data to determine the potential risk associated with specific entities or transactions. XAI facilitates this process by using explainable models that allow users to trace the factors influencing risk scores. As shown in the image below, these models provide a risk breakdown into how specific attributes contribute to an overall risk assessment. This level of detail is vital for compliance officers, as it empowers them to make decisions based on transparent criteria.
   
   
3. Alert generation with explainability: When an AML system generates alerts for potentially suspicious activities, XAI plays a crucial role in ensuring these alerts are accurate and accompanied by clear explanations. Each alert can include details about the specific risk indicators that triggered the alert, providing compliance teams with context and facilitating efficient follow-up actions. This transparency is essential for regulatory reporting and justifying decisions made in response to alerts.
   
   

Tips on how to tell if an AML vendor uses XAI

By asking the right questions, organizations can better assess the transparency and accountability of the AI solutions they are scrutinizing. The following questions, in particular, can serve as a good starting point for this discussion: 

• What methodologies does your AI system employ for decision-making?
  Understanding the underlying algorithms and models the vendor uses can provide insight into whether their AI is explainable. Ask if they utilize rule-based systems, interpretable models, or hybrid approaches that combine multiple techniques. A commitment to transparency in methodology is a good indicator of XAI practices.
• How do you provide explanations for risk assessments and alerts?
  Vendors should be able to articulate how their system generates explanations for risk scores and alerts. Ask for examples of how these explanations are presented to compliance teams, including the specific factors considered in the decision-making process. 
• Can your system demonstrate audit trails for decisions made by the AI?
  A robust XAI system should offer traceability for its decisions, allowing compliance professionals to review the rationale behind alerts and risk assessments. Inquire whether the vendor maintains detailed logs of the decision-making process, which can be critical during regulatory audits and compliance reviews.
• What measures are in place to ensure the fairness and accuracy of your AI models?
  Understanding how vendors address bias and accuracy in their AI systems is crucial. Ask about the data sources used for training their models, how they ensure data quality, and the steps taken to mitigate bias in decision-making. This is especially relevant in light of regulatory expectations for fairness in automated systems.
• How do you handle model updates and validation?
  Continuous monitoring and validation of AI models are essential to maintain their accuracy and reliability over time. Compliance professionals should ask how the vendor ensures their models are regularly tested and updated and whether they explain model performance changes.

How does ComplyAdvantage approach explainable AI?

At ComplyAdvantage, our approach to responsible AI, and by extension XAI, is based on and aligned with the Organisation for Economic Co-operation and Development (OECD)’s AI Principles and the UK’s “A pro-innovation approach to AI regulation: government response” whitepaper. Of the five core themes that lie at the heart of our understanding and implementation of responsible AI, two relate explicitly to XAI: 

• Transparency and explainability: This means we record and make information available about our use of AI systems, including purpose and methodologies.
• Safety, security, and robustness: This means decisions made by our AI systems are explainable, and explanations can be accessed and understood by relevant stakeholders (e.g., users or regulators).

This approach underpins the development of solutions that not only meet regulatory expectations but also deliver meaningful insights.

ComplyAdvantage believes that responsibly developing and managing AI is not only the right thing to do but also leads to better products that engage AI. Responsible AI is best when viewed as part of a best practice and thereby improves outcomes for our clients and their customers. In this way, it is aligned with business needs and not an external force acting on existing processes and competing with priorities.

Chris Elliot, Director of Data Governance at ComplyAdvantage

For more information on ComplyAdvantage’s approach to model risk management, read the full statement here. 

The post Enhancing AML efforts with explainable AI appeared first on ComplyAdvantage.

However, to ensure the stability and integrity of its financial system, Monaco also relies on its own dedicated regulatory authority, the Autorité Monégasque de Sécurité Financière (AMSF), which oversees and regulates financial activities within the country.

What is the AMSF?

The Autorité Monégasque de Sécurité Financière (AMSF) is Monaco’s primary financial intelligence unit (FIU), specializing in supervising the principality’s anti-money laundering and combating the financing of terrorism (AML/CFT) regime. As a key player in the global financial security landscape, the AMSF is a member of the Egmont Group, connecting it with over a hundred other FIUs worldwide. 

In July 2023, the AMSF replaced the Service d’Information et de Contrôle sur les Circuits Financiers (SICCFIN) as Monaco’s FIU. This transition was part of a nationwide legislative reform, transforming the FIU from a state-run administrative service into an independent authority. 

The AMSF’s role and responsibilities

As a result of this reform, the AMSF now has greater autonomy in conducting financial intelligence operations, overseeing compliance, and imposing sanctions – all of which were previously handled by a government minister​. 

The table below highlights the responsibilities of the AMSF outlined in Law No. 1,549 – which amends Act No. 1,362 – according to the FIU’s three main functions: 

Financial institutions monitored by the AMSF

The same law that expanded Monaco’s FIU powers also widened its supervisory scope to include notaries, bailiffs, and lawyers who must now report suspicious transactions to the AMSF instead of the Public Prosecutor. The full list of entities regulated by the AMSF can be found in Articles 1 and 2 of Law No. 1,549, which includes:

• Credit institutions 
• Payment institutions.
• Electronic money institutions (EMIs).
• Gambling and gaming institutions.
• Money transmitters.
• Currency exchange services.
• Property dealers.
• Auditors.
• Tax consultants.
• Cash transport services.
• High-value dealers (including jewelry, precious metals and stones, aircraft, and pleasure crafts). 
• Third-party intermediaries.

However, the AMSF’s authority is not limited to institutions based solely within Monaco’s borders. It also extends to branches operating within the principality, even if their main offices are located abroad.

Regulatory framework of the AMSF

In December 2022, the Committee of Experts on the Evaluation of Anti-Money Laundering Measures and the Financing of Terrorism (MONEYVAL) published Monaco’s fifth mutual evaluation report (MER). The report analyzed the level of compliance with the Financial Action Task Force’s (FATF) 40 Recommendations and the level of effectiveness of Monaco’s AML/CFT system. Overall, the effectiveness of Monaco’s AML/CFT system was described as “uneven,” with the authority saying Monaco needs to “step up its efforts.” 

Since then, Monaco’s AML/CFT legislative framework has undergone some “modernization”. Law No. 1,549 – which replaced SICCFIN with the AMSF – is only one part of the principality’s four-pronged AML reform. The three other laws are:

• Law No. 1,550 (August 2023), focusing on the transparency of legal entities.
• Bill No. 1080, focusing on enhancing the powers of judicial authorities in relation to financial crime investigations, prosecution, and sanctions.
• Bill No. 1084, concerning the regulation and transparency of trusts.

As of September 2024, the latter two bills are in various stages of review and will be made publicly available on Legimonaco once they are officially enacted. Until then, updates can typically be tracked via the Conseil National website.

The AMSF’s AML requirements

The AMSF has outlined the following AML obligations for regulated entities: 

1. Adopt risk-based due diligence procedures that focus on addressing the risks associated with the nature of a firm’s business and its clientele, specifically targeting money laundering, terrorist financing, corruption, and the proliferation of weapons of mass destruction.
2. Conduct risk assessments to identify and understand a firm’s exposure to these risks. This includes documenting the nature of their products or services, transaction conditions, distribution channels, and client characteristics.
3. Perform know your customer (KYC) measures before establishing a business relationship with a client, using photographic ID to identify the client, the agent, and, where applicable, the beneficial owner.
4. Document all monitoring and analysis measures related to the vigilance of money laundering and terrorism financing risks and keep all relevant documents available for supervisory authorities. 
5. Implement ongoing monitoring throughout the business relationship to verify all transactions and/or account activity are consistent with the customer’s risk profile.

The impact of the AMSF on Monaco’s financial sector

Despite making some progress since Moneyval’s evaluation in 2023, in June 2024, the FATF highlighted multiple gaps in Monaco’s AML regime. As a result, the principality was added to the grey list. 

Monaco’s government reaffirmed its commitment to rectifying these issuess, placing particular emphasis on the AMSF. Since the FIU’s reform, the AMSF has been tasked with increasing regulatory oversight and enforcement in the financial sector, especially by improving risk-based supervision and enhancing compliance measures across FIs and non-financial entities.

The AMSF’s expanded mandate ensures Monaco’s financial sector is better equipped to meet international standards, with stricter sanctions for non-compliance and enhanced efforts to identify and seize criminal assets. These steps are essential to restoring confidence in the principality’s financial system and will be key to its removal from the grey list. As the country moves toward the FATF’s 2025 milestones, the AMSF’s impact is expected to be pivotal in both addressing the FATF’s concerns and maintaining Monaco’s reputation as a secure financial hub​.

A Guide to the FATF Grey List

Our expert guide takes firms through the importance of the grey list, what FATF assessments look for, and how firms should respond to a grey-listing.

Download now

AMSF compliance challenges

Monaco has the highest concentration of millionaires and billionaires in the world. While Monaco’s status as a hub for the wealthy presents unique opportunities for financial firms, it also comes with significant compliance obligations. With such inordinate wealth within its borders, firms face the challenge of scrutinizing their customers’ sources of wealth and sources of funds (SoW/SoF), employing enhanced due diligence (EDD) measures to ensure compliance with AMSF’s regulations. 

Given the international profile of many Monaco residents, firms must also navigate a complex web of international laws and regulations. This includes the need to understand and implement the requirements of foreign jurisdictions, particularly those related to tax obligations and reporting standards such as Europe’s Common Reporting Standard (CRS) and the United States’ Foreign Account Tax Compliance Act (FATCA).

Additionally, given the dynamic nature of the global financial landscape and its constantly evolving threats and regulatory updates, firms in Monaco need to be agile. They must continuously update their compliance programs and staff training to detect financial crimes effectively.

Tips for firms to comply with AMSF regulations

As Monaco’s AML/CFT landscape continues to evolve, it’s imperative for firms operating within the jurisdiction to monitor and adapt to legislative updates continuously. To effectively mitigate the risk of non-compliance, these entities should integrate robust processes and policies into their compliance frameworks. 

This includes conducting regular risk assessments, implementing strong due diligence procedures, and ensuring staff are well-trained on the latest regulatory standards. By proactively addressing these critical areas, firms can avoid taking a “tick-box” approach to compliance that gears toward doing the bare minimum to appease regulators. Rather, firms should:  

• Implement advanced due diligence to identify and verify high-net-worth individuals (HNWIs) and ensure thorough screening of beneficial owners. This should include enhanced checks for politically exposed persons (PEPs), individuals from high-risk jurisdictions, and any past involvement in illicit activities.
• Continuously monitor corporate clients and their ownership structures to detect changes in beneficial ownership or suspicious activity. Given Monaco’s high concentration of complex financial structures, ongoing scrutiny is critical to preventing the misuse of shell companies and offshore vehicles.
• Use automated transaction monitoring tools to detect unusual patterns, large cash movements, or other red flags, particularly in high-value sectors such as real estate and luxury goods, which are prevalent in Monaco. Real-time tracking helps ensure timely reporting of suspicious transactions to the AMSF.
•  Check adverse media sources regularly to identify clients or entities with potential ties to criminal activity or regulatory breaches. This is especially crucial when dealing with Monaco’s ultra-wealthy clients, who might attract public scrutiny.

The post What is the Autorite Monégasque de Sécurité Financière (AMSF)? appeared first on ComplyAdvantage.

This article focuses on the CSSF, outlining its role, the entities it regulates, and guidance on how to best meet regulatory obligations and avoid noncompliance penalties.

What is the CSSF?

Luxembourg’s CSSF is the financial regulatory body responsible for supervising the financial sector, which includes banks, investment firms, insurance companies, and other financial service providers. Established in 1998, the CSSF aims to maintain the safety and stability of the financial system in Luxembourg. Its duties encompass licensing financial institutions (FIs), ensuring regulatory compliance, protecting investors, and enforcing market integrity.

The role and obligations of the CSSF

Before the CSSF was established, financial oversight in Luxembourg was fragmented among various authorities: the Institut Monétaire Luxembourgeois (IML), which handled monetary policy and banking regulation, and the Commissariat aux Bourses, which oversaw securities markets. The growing complexity of financial markets and the need for a unified regulatory framework led to the CSSF’s formation under the law of December 23, 1998, which aimed to centralize supervision and adapt to European Union directives. 

Today, the CSSF performs several duties:

• The CSSF conducts regular and ad hoc inspections, both on-site and off-site, to assess FIs’ financial health, risk management practices, and regulatory compliance. 
• To ensure financial products and services are transparent and consumers are treated fairly, the CSSF handles consumer complaints and mediates disputes between FIs and clients. 
• In addition to implementing and enforcing anti-money laundering and counter-terrorist financing (AML/CTF) regulations, the CSSF ensures firms have robust AML systems to detect and report suspicious activities and collaborates with authorities to enhance the effectiveness of anti-financial crime measures.
• The regulator oversees the proper functioning of financial markets and the conduct of market participants. It monitors trading activities to prevent market abuse and ensures accurate and timely market information disclosure. 
• To support innovation, the CSSF provides guidance and frameworks to help firms navigate the evolving technological landscape while maintaining regulatory standards. The authority takes a “proactive, flexible” regulatory approach to financial innovation, assessing each project “on the basis of the services effectively provided regardless of the technology used.”

Institutions regulated by the CSSF

The CSSF regulates a wide range of FIs and entities operating in Luxembourg. These institutions include:

Regulatory framework of the CSSF

The CSSF enforces a robust regulatory framework composed of several key laws and regulations:

• The Law of 5 April 1993 and the Law of 23 December 1998 establish the legal foundation for the operation and supervision of FIs.
• The Law of 12 November 2004 on the fight against money laundering and terrorist financing and CSSF Regulation No. 12-02 outline various AML requirements of FIs, including customer due diligence (CDD), transaction monitoring, and reporting of suspicious activities.
• Regulation (EU) No 596/2014 on market abuse (MAR) seeks to ensure financial markets are fair and transparent by preventing insider trading, market manipulation, and other forms of market abuse. 
• The Law of 22 March 2004 ensures the fair treatment and protection of consumers in financial transactions.
• The Law of 10 August 1915 on commercial companies provides the general framework for corporate governance in Luxembourg.

Penalties for non-compliance with CSSF regulations include fines, administrative sanctions, license revocations, and other corrective measures. For example, in May 2024, the CSSF imposed an administrative fine of €3 million on a credit institution for various AML violations relating to managing high-risk clients, including failing to adequately verify the source of funds, insufficiently monitoring transactions, and closing certain accounts without informing the Cellule de Renseignement Financier (Luxembourg’s financial intelligence unit).

Compliance challenges

Frequent updates and amendments to regulations have required firms to continually adapt their compliance strategies. For example:

• The Fourth AML Directive (4AMLD) expanded the scope of enhanced due diligence (EDD) to include domestic politically exposed persons (PEPs) and mandated central registries for beneficial ownership, increasing transparency and scrutiny. 
• The Fifth AML Directive (5AMLD) further strengthened these measures by making beneficial ownership information more accessible to the public, extending EDD requirements to cryptocurrency exchanges and prepaid cards, and imposing stricter rules on trusts. 

These updates required many firms to increase their investment in staff training, technology upgrades, and the development of new compliance frameworks. Balancing compliance with business agility remains a constant challenge as companies strive to meet regulatory demands without stifling innovation or operational efficiency.

Best practices for firms to comply with CSSF

1. Implement sophisticated transaction monitoring solutions
   In accordance with CSSF Regulation No. 20-05, obligated entities are required to “implement adequate procedures to detect, monitor, and report suspicious transactions.” Utilizing sophisticated transaction monitoring systems equipped with machine learning algorithms can help firms better identify unusual patterns in real-time.
2. Strengthen CDD practices
   To ensure robust compliance with the CSSF, firms should establish a thorough CDD framework, including verifying customer identities, assessing associated risks, and maintaining ongoing monitoring for suspicious activities. Best practices within CDD involve having access to quality, up-to-date PEP data and applying EDD measures to manage associated risks. 
3. Invest in comprehensive staff training
   According to CSSF Circular 19/732, FIs must provide “regular training for all employees on AML/CFT issues.” Tailored training programs for different roles ensure that each staff member understands their specific compliance responsibilities and contributes effectively to the firm’s AML strategy.
4. Conduct thorough risk assessments and audits
   Regulated firms are required to take a risk-based approach to AML/CFT efforts. Employing dynamic risk assessment models that adapt to new threats and changes in the business environment provides a comprehensive overview of potential risks, aligning with CSSF’s expectations.

The post What is the Commission de Surveillance du Secteur Financier (CSSF)? appeared first on ComplyAdvantage.

The Corporate Transparency Act (US)

The Corporate Transparency Act (CTA) introduces requirements around beneficial ownership transparency in the US and came into force on January 1, 2024. It requires firms to report their beneficial owners to the government, setting out requirements around how this information should be recorded and reported. Beneficial ownership information includes (BOI): full name, date of birth, current address, and a distinctive identification number.

The Act applies to US and foreign entities doing business in the US. Company directors who do not comply could pay up to $500 per day (up to $10,000) and face jail time of up to two years. Businesses will need to update FinCEN with any material changes. 

A new AML package for Europe (EU)

The EU’s latest AML package is anticipated to be agreed upon in Q1 2024, followed by a three-year transition period. It was introduced after a series of AML/CFT scandals that rocked members of the European Union and to harmonize AML/CFT measures across the EU. The package consists of four separate instruments: (1) A regulation to establish an AML Authority (AMLA), which is anticipated in 2024; (2) A new 6th Anti-Money Laundering Directive for countries to improve their domestic AML/CFT frameworks; (3) A new piece of regulation providing more clarity and guidance for obliged entities required to meet AML/CFT obligations, and (4) An updated Transfer of Funds Regulations (TFRs) clarifying requirements for information accompanying crypto asset transfers. The TFRs were adopted in June 2023. 

Economic Crime Plan 2 (UK)

The UK published an Economic Crime Plan 2 (ECP2) in 2023. It commits the government to decreasing money laundering and increasing asset recovery, tackling kleptocracy and combatting sanctions evasion, reducing fraud, and lowering the threat of international illicit finance to the UK and its interests. The ECP2 indicated it would increase resources for law enforcement, expand the National Crime Agency (NCA)’s capacity to fight corruption through its Combatting Klpetocracy Cell (CKC) and support the Crown Dependencies and British Overseas Territories in introducing beneficial ownership registries. It also detailed “cross-cutting system reforms” with a focus on information sharing, data, and technology, boosting law enforcement capacity via a public-private workforce strategy, reforming the criminal justice system, and providing additional funding to the tune of £400 million until the end of the 2025 financial year.

Tranche 2 reforms (Australia)

Australia is expected to introduce Tranche 2 reforms in 2024/2025 to avoid getting added to the FATF grey list. The Attorney General announced a consultation on AML/CFT reforms and indicated that the government had accepted recommendations included in the Senate’s Inquiry into the adequacy and efficacy of Australia’s anti-money laundering and counter-terrorism financing regime.

Tranche 2 reforms have long been a point of contention in Australia. The Senate report included an overview of the regulation of Tranche 2 entities, current and emerging challenges in AML, and various recommendations for improvement. Tranche 2 entities include lawyers, real estate agents, casinos, other gambling service providers, auditors, and precious metal and stone dealers.

Recommendations include introducing gatekeeper regulation and improving the AML/CFT framework. It also advises simplifying AML/CFT rules, supporting the use of technologies to meet know your customer (KYC) obligations, applying a risk-based approach to regulation, pursuing a beneficial ownership register, increasing penalties for money laundering and terrorist financing, and boosting resourcing in AUSTRAC. The Australian government committed AUS$14.3 million over four years to support necessary legislative and regulatory reforms. 

AI regulations (G7)

In October 2023, the G7 issued a Statement on the Hiroshima AI Process, announcing the Hiroshima Process International Guiding Principles for Organizations Developing Advanced AI Systems and the Hiroshima Process International Code of Conduct for Organizations Developing Advanced AI Systems to address identified priorities. In November, the United Kingdom brought together government and technology leaders with twenty-eight governments, including the UK, US, EU, Australia, and China, aggregating to the Bletchley Declaration on AI safety. The declaration highlights the need for international cooperation to address risks associated with AI to harness the “transformative positive potential of AI” while ensuring the development of human-centric, trustworthy, and responsible AI. Companies also agreed to test new models with governments before they are released to manage risks. 

Crucially for AML/CFT professionals, regulators, and policymakers are beginning to sketch out how AI could be regulated nationally. Legislative proposals are at various stages of development across – amongst others – the EU, US, Canada, and UK, with more codified requirements likely to be published through 2024. 

The State of Financial Crime 2024

Download our roadmap for the year ahead, built on a survey of 600 financial crime leaders and insights from our regulatory affairs experts.

Download now

The post 5 AML regulations set to shape financial crime in 2024 appeared first on ComplyAdvantage.

We’ve summarized the key developments:

• Changes to the grey list.
• Increasing beneficial ownership transparency globally.
• Leveraging digital transformation: Virtual assets.
• Payment transparency.
• Protecting non-profit organizations from abuse for terrorist financing.
• New FATF presidency.
• Expanded statement on the Russian Federation.

#1: Kenya and Namibia added to the grey list

Kenya

Despite making progress on some recommended actions since September 2022, the FATF has added Kenya to the grey list in light of the country’s need to improve supervision, enhance preventive measures, designate an authority for regulation, and improve the use of financial intelligence.

Since being subject to increased monitoring, Kenya’s national treasury has stated it is fully committed to implementing the action plan of the FATF, stating the move will have only minimal effects on its financial stability. According to a FATF report published in 2022, Kenya is primarily at risk of terrorism financing through money flows from both within and outside its borders. Additionally, the report highlights that cryptocurrencies introduce further risks to the country.

Namibia

Namibia also committed to strengthening its AML/CFT regime with the help of the FATF and Eastern and Southern Africa Anti-Money Laundering Group (ESAAMLG). Since September 2022, the FATF noted Namibia’s progress in ensuring a common understanding of money laundering, terrorist financing, and proliferation financing risks among key stakeholders. However, the watchdog noted several key areas that required improvement, including: 

• Risk-based supervision.
• Preventive measures.
• Beneficial ownership information filing.
• Financial intelligence unit (FIU) resources.
• Operational capabilities of authorities involved in money laundering and terrorist financing investigations and prosecutions.

In contrast with Kenya’s addition to the grey list, Namibia’s Financial Intelligence Centre said that putting Namibia on the grey list could negatively impact the country’s foreign direct investment.

#2: Barbados, Gibraltar, Uganda, and the United Arab Emirates removed from the grey list

Barbados

In 2020, Barbados was added to the grey list due to a series of weak AML/CFT measures it had in place, including a lack of risk-based supervision for financial institutions (FIs) and designated non-financial businesses and professions (DNFBPs). After being satisfied with the country’s progress alongside its agreed strategic plan, the FATF removed it from the grey list in February 2024. In particular, the FATF noted Barbados’ improved measures to prevent legal persons and arrangements from being misused for criminal purposes.

Gibraltar

The FATF also welcomed Gibraltar’s significant progress in improving its AML/CFT regime, ultimately removing the country from the grey list. While Gibraltar should continue to work with MONEYVAL to sustain its improvements in its AML/CFT system, the FATF specifically highlighted two improvements:

• The country’s application of effective, proportionate, and dissuasive sanctions for AML/CFT breaches in non-bank FIs and DNFBPs sectors. 
• Pursuing final confiscation judgments commensurate with the risk and context of Gibraltar. 

Uganda

In February 2020, the FATF placed Uganda on its increased monitoring list, which prompted a series of AML reforms, including:

• The adoption of a national AML/CFT and countering the proliferation financing (CPF) strategy.
• Enhancing the use of mutual legal assistance.
• Maintaining robust reporting methods and statistics.
• Implementing risk-based supervision of the financial and DNFBP sectors and establishing procedures to trace and seize proceeds of crime. 

As a result of these reforms, the FATF removed Uganda from the grey list.

The United Arab Emirates (UAE)

Kumar also acknowledged the UAE’s significant progress in enhancing its AML/CFT regime to meet the commitments in its action plan to address the strategic deficiencies identified by the FATF in February 2022. 

The UAE achieved this by:

• Increasing outbound mutual legal assistance (MLA) requests.
• Enhancing its understanding of money laundering and terrorist financing risks.
• Developing a better understanding of the risk of legal persons being abused.
• Providing additional resources to its FIU.
• Increasing investigations and prosecution of money laundering
• Ensuring effective implementation of targeted financial sanctions (TFS).

As a result of these improvements, the UAE is no longer subject to the FATF’s increased monitoring process. However, the FATF noted that the UAE should continue to collaborate with the Middle East and North Africa Financial Action Task Force (MENAFATF) to maintain its progress in its AML/CFT system.

#3: Strategic initiatives

Echoing Kumar’s objectives presented at the first plenary under his presidency in June 2022, the FATF discussed multiple strategic initiatives, including improving beneficial ownership transparency and countering illicit finance related to cyber-enabled crime. 

Increasing beneficial ownership transparency globally

The FATF has updated its guidelines on beneficial ownership and transparency of legal arrangements following revisions to recommendation 25, which were adopted in February 2023. The updated guidance aims to help stakeholders assess and mitigate money laundering and terrorist financing risks and complements existing guidance on legal persons. 

The FATF’s strengthened standards will aid in identifying corrupt individuals, sanctions evaders, money launderers, and tax evaders who conceal their criminal activities. The guidance will be published at the end of February 2024.

Leveraging digital transformation: Virtual assets

Closing the plenary, Kumar highlighted that many countries have not fully implemented the FATF’s revised recommendation 15. As a result, there are significant loopholes that are being exploited by criminals and terrorists due to the borderless nature of virtual asset activity. 

In February 2023, the FATF agreed on a roadmap to strengthen the implementation of the FATF standards on virtual assets and virtual asset service providers. The FATF conducted a stocktake of current implementation levels across the global network and agreed to publish an overview of the steps taken by FATF and FATF-style regional bodies (FSRB) member jurisdictions. 

This overview will include the most significant virtual asset activity regarding trading volume and user base, as well as the regulatory and supervisory measures taken to address AML/CFT concerns for virtual asset service providers (VASPs). Kumar explained that this exercise aims to help the FATF network regulate and supervise VASPs for AML/CFT purposes and encourage jurisdictions to implement recommendation 15 fully.

Payment transparency

The FATF also proposed amendments to recommendation 16 – which aims to improve the transparency and traceability of transactions – to keep up with the fast development of cross-border payment systems and changing industry standards. These revisions aim to make cross-border payments quicker, cheaper, transparent, and inclusive while ensuring AML/CFT compliance. 

Kumar noted that the revisions, which will be released for public consultation, will also ensure that FATF recommendation 16 remains technology-neutral. 

Protecting non-profit organizations from abuse for terrorist financing

In October 2023, the FATF changed recommendation eight to safeguard non-profit organizations (NPOs) from potential terrorist financing abuse. The revisions clarified that the recommendation only applies to NPOs that fall within the FATF definition. At the same time, the FATF updated its best practices to help countries, FIs, and the non-profit sector understand how to protect vulnerable NPOs from abuse for terrorist financing while still allowing legitimate NPO activities to continue.

Following this plenary session, the FATF has agreed to update its assessment methodology for the upcoming round of mutual evaluations. This update will further clarify the obligations to apply risk-based measures to protect NPOs most vulnerable to potential terrorist financing abuse. 

#4: New FATF presidency

Ms. Elisa de Anda Madrazo of Mexico was also appointed as the next President of the FATF for a two-year term. Ms de Anda Madrazo, who served as FATF Vice President from July 2020 to June 2023, will assume her duties on July 1, 2024, a day after the two-year Presidency of Mr. T. Raja Kumar ends.

#5: Expanded statement on the Russian Federation 

Following Russia’s invasion of Ukraine in 2022, the FATF issued a statement expanding their previous statement from February 2023. The watchdog noted continued concern over the risks posed by the Russian Federation, including growing economic connectivity with countries subject to FATF countermeasures, proliferation financing, and malicious cyber activities. Due to the severity of these risks, the FATF urged members to continue taking proactive measures to safeguard themselves and the global financial system. 

Next Steps

Compliance staff should ensure they are familiar with the outcomes of the February plenary – particularly relating to any upcoming MERs in countries they operate in. Regarding the changes to the grey list, firms must update the risk scores of relevant countries, with appropriate levels of due diligence being administered as required going forward. 

Dates related to forthcoming guidance issued by the FATF should also be noted. Such guidance will help shape and inform the future regulatory approach national bodies take.

The next FATF plenary is due to take place in June 2024.

Previous plenary coverage from ComplyAdvantage can be found here:

• FATF plenary October 2023
• FATF plenary June 2023
• FATF plenary February 2023
• FATF plenary October 2022
• FATF plenary June 2022
• FATF plenary March 2022

The post FATF plenary February 2024: Key takeaways and initiatives appeared first on ComplyAdvantage.

This article discusses the nuances of the 50 Percent Rule, exploring its origins, implementation, repercussions for non-compliance, and offering insights on how companies can navigate this complex regulatory landscape.

What is OFAC’s 50 Percent Rule?

OFAC’s 50 Percent Rule is a mechanism employed to address situations where sanctioned entities attempt to evade restrictions by hiding behind complex ownership structures. The rule stipulates that if a blocked person or entity owns a 50 percent or greater interest in another entity, that second entity is also considered blocked, regardless of whether it is explicitly listed on OFAC’s Specially Designated Nationals and Blocked Persons List (SDN).

Why was the 50 Percent Rule implemented?

In December 2022, OFAC released an updated version of its regulations for multiple sanctions programs. Previously, OFAC regulations stated that any entity would be considered blocked if it was “50 percent or more owned by” a blocked person. However, the new regulations specify that an entity is blocked if it is “directly or indirectly owned, whether individually or in aggregate, 50 percent or more by one or more persons” who are blocked. While not a significant change, the update formally confirmed OFAC’s previous interpretation of the rule.

The reason behind the rule and its 2022 update was to counteract the practice of sanctioned individuals or entities using corporate veils and intricate ownership arrangements to evade sanctions. By closing this loophole, OFAC aims to ensure that economic restrictions effectively achieve their intended goals, preventing sanctioned parties from benefiting indirectly through obscured ownership ties.

How does OFAC’s 50 Percent Rule work?

While the 50 Percent Rule can appear straightforward, there are some nuances to be aware of to avoid non-compliance:

• If a sanctioned entity holds a substantial ownership stake in another entity through intermediary entities, these ownership connections are cumulatively considered. 
• If multiple sanctioned individuals or entities collectively own or control 50 percent or more of a non-sanctioned entity, the 50 Percent Rule is triggered. 
• Once the 50 Percent Rule is triggered, the non-sanctioned entity is brought under the same sanctions as the blocked person or entity that meets or exceeds the 50 percent ownership threshold.

Entities are encouraged to conduct robust due diligence to navigate the complexities of international transactions and business dealings. This involves a thorough assessment of ownership structures to identify any potential exposure to sanctioned individuals or entities. 

The Evolving Use of Sanctions

Explore the evolution of the current international sanctions environment and the biggest issues in sanctions today.

Download now

Penalties for non-compliance with the 50 Percent Rule

Non-compliance with sanctions is considered a serious threat to national security and foreign relations. In the first half of 2023, OFAC fined companies over $556.5 million for breaking sanctions rules. In one instance, a $2 million fine was imposed on a global bank for processing transactions that violated the 50 Percent Rule.

In addition to monetary fines, firms that fail to comply with the 50 Percent Rule can face some of the following penalties:

• Entities found to be non-compliant may face the loss of specific licenses or authorizations granted by regulatory authorities. 
• Negative publicity can tarnish the image of the non-compliant entity, affecting its relationships with clients, partners, and stakeholders.
• Following a violation, entities may be subject to enhanced scrutiny and monitoring by regulatory authorities. This increased oversight can be a burden on normal business operations and may persist for an extended period.

How can companies comply with the 50 Percent Rule?

Ensuring compliance with the 50 Percent Rule requires a proactive and comprehensive approach. To do this, firms can adopt the following strategies:

• Seek guidance from legal and compliance experts specializing in sanctions regulations to navigate the complexities and ensure ongoing adherence to OFAC requirements.
• Conduct thorough due diligence on business partners, investors, and entities in the supply chain to identify any potential connections to sanctioned parties. As part of this, firms should ensure their transaction screening solution can access and screen against current sanctions lists. 
• Establish mechanisms for continuous monitoring of ownership structures and changes, promptly updating records to reflect any shifts that may impact compliance. 
• Provide training to employees involved in compliance functions, emphasizing the importance of understanding and adhering to OFAC regulations. Training should also include historical sanctions screening data and the company’s sanctions risks as determined by its enterprise-wide risk assessment (EWRA).

At the heart of all of these strategies, however, is having access to quality sanctions data that is up-to-date with the most recent of designations. ComplyAdvantage’s category-leading sanctions screening and monitoring solution features a proprietary real-time risk database, providing customers with a comprehensive perspective of risks based on reliable and current information. Moreover, sanctions data experts regularly review the data to ensure its accuracy and relevance.

The post OFAC’s 50 Percent Rule explained appeared first on ComplyAdvantage.

“Our research shows funds are being laundered faster than ever across multiple jurisdictions and sectors, leaving a trail of victims,” said FATF President T. Raja Kumar. “Left unchecked, this threat will only grow further in an increasingly digitalized world.”

The state of cyber-enabled fraud

While the global scale of CEF is difficult to ascertain, it is estimated that 80 percent of all fraud in the UK is cyber-enabled. The report notes that the growth of CEF can be attributed to the increasing use of new technologies, smartphones, and remote financial transactions, which have made users more vulnerable to fraudulent activities. Additionally, anonymity-enhancing technologies like virtual private networks (VPNs) have made it easier for criminals to carry out illicit activities while remaining anonymous.

When highlighting common tactics used in CEF, the FATF highlighted the use of shell companies and individual money mules. In many situations, criminals will recruit money mules via job offers and social media and sometimes instruct them to act as strawmen or open corporate accounts to hide criminal ownership. In cases of online trading fraud, criminals may also use these shell companies to create virtual point-of-sale accounts with merchant services companies to process payments and transfers from victims.

According to the FATF, the following typologies are considered types of CEF: 

• Business email compromise (BEC) fraud.
• Phishing fraud.
• Social media and telecommunication impersonation fraud.
• Online trading/ trading platform fraud.
• Online romance fraud.
• Employment scams.

While illicit financing related to ransomware and other malware-enabled crimes are considered cyber-enabled crimes, these typologies are not within the scope of this report. For more information on these areas, the FATF points to its March 2023 guide on Countering Ransomware Financing.

Risk indicators 

Drawing from experience and data received from jurisdictions across the FATF Global Network, the Egmont Group, and the private sector, the report highlights several risk indicators of CEF, including:

• Transactions that are rapid or high-value, soon after the account opening, which are not consistent with the account’s purpose.
• Large and frequent transactions that do not match the economic profile of the account holder.
• Small initial payments to a beneficiary, followed by larger payments to the same beneficiary in quick succession.
• Transaction requests marked as “Urgent”, “Secret”, or “Confidential”.
• Transactions directed to known beneficiaries but with different account information to what was previously used.
• Transactions with device time zone mismatches.
• Online behavior anomalies such as delays in entering data, hesitation, multiple failed login attempts, and signs of automation.
• Presence of negative news on customers or counterparties, such as being a known or suspected victim of a scam, mule, or identity theft.
• Abnormal activity of virtual assets from peer-to-peer platform-associated wallets with no logical business explanation.

While an indicator may be discovered in relation to a customer account or transaction, the FATF notes that a single red flag may not warrant suspicion of cyber-enabled fraud on its own. Nor will a single indicator necessarily provide a clear indication of such activity. However, should compliance staff identify any additional indicators, teams should undertake further monitoring and examination as appropriate.

Anti-fraud requirements and controls

In light of these risk indicators, the FATF also provided examples of how anti-fraud measures can be adopted in parallel with anti-money laundering and combatting the financing of terrorism (AML/CFT) controls. Useful for financial institutions (FIs), virtual asset service providers (VASPs), and other financial and payment institutions, the ten measures listed by the FATF include:

1. Robust know your customer (KYC) and know your business (KYB) processes: This may include utilizing biometric features during onboarding and identifying a single mobile or secure device for authenticating online banking transactions.
2. Cooling-off periods: By introducing a cooling-off period for first-time enrolment of online banking services or secure devices, the full suite of banking services will not be immediately available on opening, and the number or value of financial transactions for the customer will be limited.
3. Definition of expected transactions: This could include the number of transactions, amounts, types of counterparties, and countries involved. This will help detect suspicious transactions and tighten fraud detection rules and triggers to block illicit transactions pre-emptively.
4. Verification of payee services: These services allow the originator/payer/debtor of a transfer order to check that the beneficiary/payee/creditor mentioned in the payment messages matches the name of the account holder.
5. Reducing communication: By reducing communication via email and social media with clients to general information only, customers should be better equipped to spot fraudulent communications and scam attempts.
6. Voice recognition and artificial intelligence: This could include adding voice recognition software and artificial intelligence support in communication with clients to ensure their true identity.
7. Multi-factor authentication mechanisms: These mechanisms could be used for customer verification and for performing financial transactions.
8. Client identification processes: Improving the reliability of the client identification process through methods like liveness tests can play a vital role in verifying the user’s identity during remote setup. It can also prevent criminals from accessing multiple accounts using the account information of money mules or victims. 
9. Expanding customer data: Additional information may include mobile phone numbers, IP addresses, GPS coordinates, device IDs, etc. As a result, analysts have more data to work from if and when anomalous behavior is detected.
10. Real-time transaction monitoring: By implementing a risk-based real-time transaction monitoring system, firms can ensure that any abnormal activity is swiftly detected, investigated, and, where relevant, reported through the filing of a suspicious transaction report. The sophistication of the monitoring system should be commensurate with the volume and nature of transactions handled by the FI.

Key takeaways: What should compliance staff prioritize?

With cyber-enabled crimes expected to grow, the FATF concludes its report with three strategies to enhance risk mitigation efforts:

• Break down silos within compliance teams.
• Promote collaboration across the public and private sectors on a domestic and international level.
• Enhance detection and prevention measures by promoting awareness and vigilance and facilitating reporting of such crimes. 

To this end, firms should ensure their compliance teams are well-trained in recognizing the risk indicators highlighted in the FATF’s report. Organizations may also consider reviewing their ongoing monitoring measures to ensure their system can detect and prevent fraudulent transactions within specific cybercrime scenarios. This may include creating bespoke rulesets in their transaction monitoring and fraud detection solutions to better detect common patterns of fraudulent behavior they might be particularly exposed to. 

To learn more about the key takeaways from October’s plenary session, read our coverage here.

The post FATF publishes report on illicit financial flows from cyber-enabled fraud appeared first on ComplyAdvantage.