Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) - Materials Concerning Staff Progress Towards the Development of a Comprehensive AML/CFT Methodology and Assessment Process

Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) - Materials Concerning Staff Progress Towards the Development of a Comprehensive AML/CFT Methodology and Assessment Process

Abstract

Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) - Materials Concerning Staff Progress Towards the Development of a Comprehensive AML/CFT Methodology and Assessment Process

I. Introduction

1. This paper serves to inform the Fund and the Bank Executive Directors of recent developments and the latest thinking of the Bank/Fund staff concerning the coverage and modalities of AML/CFT assessments. It provides background for the Executive Boards for further deliberations on Fund/Bank coverage of AML/CFT assessments and the way forward for preparing AML/CFT ROSCs. It is to be discussed in a seminar of the Fund’s Executive Board, and in an informal meeting of the Bank’s Executive Board.

2. This paper consists of three parts. The first part provides an overview of the guidance provided by the Boards of the Fund and Bank, the IMFC, and the Development Committee with respect to the development of a comprehensive AML/CFT methodology and assessment process. The second part reviews Fund/Bank staff plans to work with the FATF and FATF-Style Regional Bodies (FSRB) to move towards the adoption of a comprehensive methodology and assessment process, focusing on the current draft of the Fund/Bank Methodology (Annex I) and the supplement criteria prepared by FATF Working Group to assess those aspects of the FATF 40 AML Recommendations and 8 CFT Recommendations (FATF 40+8) not already covered in the Methodology (Annex II). The third part discusses approaches as to which areas of a comprehensive methodology could be covered by Fund/Bank assessments and what could be the modality for conducting comprehensive assessments and the preparation of ROSCs.

3. Attached are also three sets of background notes. The first attachment discusses considerations relevant to Fund/Bank involvement in AML/CFT assessments. It includes an overview of the contents of a comprehensive methodology, which it describes in terms of three levels of assessment (assessment of AML/CFT rules only, capacities to implement the rules, and effectiveness of implementation) and the three areas of activities subject to AML/CFT rules (prudentially regulated financial sector activities, non-prudentially regulated financial sector activities, and all activities to which criminal laws apply). By comparing the three levels of assessment with the three sectors, the attachment indicates nine areas, described as cells, that need to be included in a comprehensive AML/CFT assessment (Table 1). The attachment then describes past Fund/Bank practice in conducting AML/CFT assessments, especially in the context of FSAPs and OFC assessments. It concludes with a description of the methodology for assessing capacity and implementation with respect to criminal law enforcement.

Table 1.

Matrix of AML/CFT Methodology Assessment Areas

article image

Rules dependent on international bodies for enforcement, e.g., whether countries are in compliance with international conventions observed and enforced by the U.N., are not included in this table.

See Attachment I, Box 1 for a discussion of criteria to assess rules in force that the FATF ROSC Working Group is proposing to move to Annex I.

4. The second attachment reviews a number of options for assessment using the comprehensive methodology, and examines possible modalities for developing a ROSC. It first considers which organizations might conduct assessments using the comprehensive methodology, including whether and how they might cooperate. It also discusses the issues arising from the FATF’s NCCT process, and proposes options as to how assessments and the preparation of assessment reports, including ROSCs, might be completed if the NCCT process is either discontinued or continues.

5. The third attachment reviews the question of the Fund’s and the Bank’s mandate and expertise with respect to AML/CFT. With respect to the Fund, it includes a discussion of the relevant provisions of the Articles of Agreement and Executive Board decisions with respect to how the Fund should implement its mandate and purposes with respect to surveillance, use of Fund resources (UFR), and technical assistance, including the FSAP and OFC assessment programs. With respect to the Bank, it includes a discussion of the relevant provisions of the Articles of Agreement and Executive Board guidance with respect to the Bank’s involvement in AML/CFT activities generally and related law enforcement activities in particular.

6. Attached as annexes are Annex I: Fund and Bank Methodology for Assessing Legal, institutional and Supervisory/Regulatory Aspects of Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT Methodology), and Annex II: Assessment of Implementation of Legal and Institutional Elements Outside of the Supervisory or Regulatory Framework. Both annexes are largely unchanged from those provided to the Executive Directors in April 2002 (SM/02/102, April 2, 2002). For Annex I, the changes (noted by “redline and strike-out” in the annex) reflect the technical comments of standard setters and Directors. Standard setters were the Basel Committee, FATF Working Group, FATF Members, International Association of Insurance Supervisors, International Organization of Securities Commissioners and the Egmont Group. For Annex II, comments reflect the FATF members and Egmont Group. Annex II is also annotated to differentiate among criteria to assess (i) rules in force, (ii) institutional capacity, and (iii) effectiveness of implementation.

II. Guidance to Staff on a Comprehensive AML/CFT Methodology and Assessment Process

7. On November 17, 2001, the IMFC endorsed the IMF’s action plan for enhancing “collaboration with the FATF on developing a global standard covering the FATF recommendations, and working to apply the standard on a uniform, cooperative, and voluntary basis.” Since November 2001, Fund and Bank staff have been cooperating with a FATF ROSC Working Group to develop a comprehensive assessment methodology for the FATF 40 and the 8 Special Recommendations on Terrorist Financing (FATF 40+8).

8. In April 2002, the papers “Intensified Work on Anti-Money Laundering and Combating the Financing of Terrorism” and “Fund and Bank Methodology for assessing Legal, Institutional, and Supervisory/Regulatory Aspects of Anti-Money Laundering and Combating the Financing of Terrorism: Update and Next Steps” were distributed to the Boards of the Fund and the Bank. The second paper focused on progress toward a comprehensive methodology and next steps toward developing an AML/CFT ROSC. Two annexes were attached—Annex I, prepared by the Fund and Bank, which consisted of a revised draft of the Fund/Bank Methodology (now used in FSAP and OFC assessments on a pilot basis), and Annex II, prepared by the FATF ROSC Working Group, which consisted of criteria needed to cover assessment of those aspects of the FATF 40+8 not covered in Annex I (primarily related to the institutional capacity and effectiveness of the criminal justice system).

9. The second paper provided the basis for an IMF Board seminar on April 8, 2002 and was provided to the Bank Committee of the Whole on April 9, 2002, and was discussed at a Bank Board technical briefing on May 7, 2002. During the seminar, the IMF Board discussed both Annex I and Annex II. Directors supported the extension of the methodology to cover the legal and institutional framework, while calling for caution about overstepping the boundaries of the Fund’s expertise by moving into law enforcement. The Bank technical briefing provided opportunity for Directors to raise questions about both Annexes and the need to take into account the developmental stage of the country. Some chairs expressed concern about the scope of possible Bank work in law enforcement, and appreciated the explanations provided by the Bank’s Legal Department on the legal considerations under the Bank’s mandate. They suggested that the Bank’s Legal Department’s views be reflected in the next set of papers sent to the Board for review.

10. On April 20, 2002, the IMFC called on the Fund to complete “the comprehensive AML/CFT methodology, based on a global standard covering the Financial Action Task Force recommendations, and the development of assessment procedures compatible with the uniform, voluntary, and cooperative nature of the ROSC process.”1 On April 21, 2002, the Development Committee recognized the serious risks posed by money laundering and the financing of terrorism and “welcomed the action plans agreed to by the Bank and Fund and enhanced collaboration with other institutions.” The Development Committee encouraged the Bank and the Fund “to continue to integrate [AML/CFT] issues into their diagnostic work in line with their respective mandates, and urged that capacity building assistance be increased so that countries could better address these issues.”

III. Towards a Comprehensive Methodology and Assessment Process

11. It is staffs understanding that the FATF Working Group plans to combine Annex I and Annex II into a draft comprehensive methodology and submit a report on the draft and on assessment options to the FATF membership for consideration at the June 18-21 FATF Plenary meeting. If agreed to by the FATF membership, the draft comprehensive methodology could form the basis for assessment of the full FATF 40+8. The Fund and the Bank have agreed upon a list of areas and associated standards for which a ROSC can be produced. Before AML/CFT ROSCs could be prepared, this list would first have to be modified by the Executive Boards of the Fund and of the World Bank to include AML/CFT as an area and the FATF 40+8 as a standard and decisions would have to be taken concerning assessment modalities.

12. Fund and Bank staff plan to discuss with the FATF the options for assessment modalities, including those that could lead to a ROSC, at the June FATF Plenary. 2 The Bank and Fund staff also plan to discuss these matters with the FSRBs over the next few months. Bank and Fund staff will explain the principles underlying the ROSC process and reiterate that experts from other institutions outside the Fund/Bank could be responsible for conducting assessments of elements of a ROSC module once the conditions for a ROSC are met. 3

13. These discussions will give FATF and the FSRBs a better understanding of the potential role for the Fund and the Bank staffs in assessments. The objective will be to reach a consensus with the FATF and FSRBs on modalities for assessment. The intentions of the FATF with respect to the mutual evaluation and non-cooperating country and territory processes (NCCT), and of the FSRBs with respect to the mutual evaluation processes for their members, will be key issues in reaching this objective.

IV. Unresolved Issues

14. Since the completion of the IMFC and Development Committee meetings last April, two important issues remain unresolved with respect to the development of a comprehensive AML/CFT methodology assessment process. The issues are (i) the appropriate scope of Fund/Bank assessments and (ii) what should be the modality for conducting comprehensive assessments and the preparation of ROSCs.

A. Fund/Bank Coverage of AML/CFT Assessments

The following provides two possible approaches on the coverage of Fund/Bank assessments.

Approach I

15. Fund/Bank staff would assess the compliance with AML/CFT of prudentially regulated financial sector activities (banking, insurance and capital market sectors). Only those parts that pose a money laundering/terrorism finance risk would, however, be subject to assessment using the AML/CFT Methodology. Assessment would include the rules themselves, the capacity to implement them, and the effectiveness of implementation (cells 1, 2, and 3, Table 1). Fund/Bank staff would also assess any other AML/CFT rules in force (cells 4 and 7), including criminal laws, but not capacities or implementation. The remaining elements would be left for others to assess. This approach would not cover assessment of the full FATF 40+8 and the Fund would assess fewer areas than already undertaken in OFCs.4

Approach II

16. The same as Approach I above, except that Fund/Bank staff would also use the AML/CFT Methodology to assess capacities and implementation with respect to non-prudentially regulated financial sector activities and services (cells 5 and 6), but only those parts that are both macro relevant and pose a significant money laundering/terrorism finance risk. This is current Fund/Bank practice in FSAPs, and the Fund in OFCs.4 The Fund/Bank would not assess any other capacities and implementation.

17. Approach I would more clearly delineate the Fund and Bank’s responsibilities for conduc ting assessments from those of other assessors. This would facilitate coordination, since the institutional coverage would largely be the same from country to country. Approach I would reduce the risk that the Fund/Bank would be drawn into more extensive assessments of the non-prudentially regulated sectors, especially given that the pressures to conduct such assessments may increase with the proposed revisions to the FATF Recommendations, which envisage a wider range of activities subject to AML/CFT Recommendations. The wider the range of institutions assessed, the higher the potential resource costs to the Fund/Bank. Under Approach I the Fund/Bank would leave to others to assess the AML/CFT regime of certain non-prudentially regulated financial service providers that are macro relevant.

18. Neither approach would assess the institutional capacity and implementation in the criminal justice system (cells 8 and 9). Broadening the scope of assessments to include these elements could draw the Fund/Bank away from their core areas of expertise and would cost additional resources. Moreover, it would also increase the risk of being drawn into individual enforcement cases, thus appearing to participate in actual law enforcement or interfering with the country’s judicial process.

B. Way Forward for Conducting AML/CFT Assessments and Preparing ROSCs

19. As mentioned above, Fund and Bank staff plan to engage in consultations with the FATF and FSRBs regarding the options for assessment modalities, with the objective of reaching a consensus, including on how the assessment modalities would relate to the existing mutual evaluation processes of the FATF and FSRBs.

20. While these discussions are ongoing, the Fund and Bank would continue with the current AML/CFT assessments, using those portions of the methodology that their Boards agree should be covered by the two institutions, and could prepare and publish both summary and detailed assessments with the member’s consent. The Fund and Bank would also work on an informal pilot basis with the FATF, FSRBs, and other relevant international organizations (including the U.N.) to arrange coverage of the elements not being conducted by the Fund and Bank, but would not be responsible for supervising these assessments. There would be no ROSC.

21. Should the FATF and FSRBs agree to AML/CFT assessment procedures that are consistent with ROSC principles5, they would be eligible to prepare AML/CFT ROSCs. ROSCs could be prepared either by (i) the FATF and/or FSRBs alone when there is no Fund/Bank participation in an assessment, or (ii) jointly with the Fund/Bank when the Fund/Bank participate in an assessment. In the latter case, the ROSC would delineate the responsibility of the preparers for their respective parts. An alternative approach would be for the FATF and/or FSRBs to be solely accountable for the ROSCs, even when there are significant contributions from the Fund/Bank. The experiences with the different approaches to preparing ROSCs would be reviewed after sufficient experience is gained with the different processes.

22. The Fund/Bank would continue assessing those portions of the methodology that their Boards agree should be covered by the two institutions. FATF and the FSRBs could coordinate with the Fund/Bank on the list of countries that volunteer to be assessed. This would avoid duplication of effort, and achieve maximum country coverage of assessments. In addition, it should be noted that in making assessments the Fund/Bank may come across sensitive information not otherwise publicly available that the government might choose not to allow staff publicly to disclose under the current voluntary disclosure policy. If such information were later to come to light, the Fund/Bank could be criticized for having withheld the information. In order to avoid this problem, consideration could be given to requiring that members give ex-ante approval for publication of their detailed assessment. However, such a requirement could discourage members from requesting not only AML/CFT assessments but also FSAPs and OFC assessments, of which AML/CFT assessments are a part. This could reduce the benefits derived from such assessments. AML/CFT assessments could, however, be conducted on a stand-alone basis. Asking for a prior commitment on publication would run counter to the current policies on FSAPs, OFCs, and ROSCs.

23. The foregoing issues will be discussed with the Fund Board at a seminar and the Bank Board at an informal meeting to be scheduled after the FATF meeting.

Comprehensive AML/CFT Methodology

24. This attachment discusses considerations relevant to the Fund and the Bank involvement in AML/CFT assessments. Section A discusses the evolution of Fund and Bank involvement in the development of an AML/CFT assessment methodology and the collaboration with the FATF. Section B reviews the coverage by the comprehensive methodology (summarized in Table 1), noting which areas have been included in Fund/Bank assessments and which have been excluded. Section C discusses the Fund/Bank experience to date with FSAP and OFC assessments, including the application of the test for Fund/Bank involvement. Section D provides considerations for assessment of capacity and implementation of criminal law enforcement elements.

A. Convergence on Comprehensive AML/CFT Methodology

25. Following discussions with Fund/Bank staff, the September 2001 FATF Plenary appointed a Working Group of FATF members, chaired by the U.S., to develop, in conjunction with Fund/Bank staffs, a comprehensive assessment methodology that could be used within the ROSC framework. The FATF Working Group was also charged with developing an AML/CFT assessment process compatible with ROSC principles.

26. In February 2002, Fund and Bank staffs circulated to their Boards an expanded methodology that included assessment elements for the legal and institutional framework and also combating the financing of terrorism. 1 Expanded areas included criteria for assessing AML/CFT laws and regulations in force, criteria assessing both the capacity to implement AML/CFT regulations and the effectiveness of implementation over those parts of the non-prudentially regulated sector that constitute potential risks to the national or international financial system, and criteria based on the eight Special Recommendations on the Financing of Terrorism. Staff began using the expanded methodology in OFC and FSAP assessments beginning in February 2002.

27. In April, Fund and Bank staff circulated to their Boards an update of the Fund/Bank Methodology (Annex I) and from the FATF Working Group the supplemental criteria (Annex II) to assess those aspects of the FATF 40+8 not already covered by Annex I. Together, Annex I and II produced a draft comprehensive methodology for the FATF 40+8. The additional aspects covered by Annex II concern the assessment of the institutional capacity of the law enforcement authorities and effectiveness of criminal investigations, prosecutions, and related court process.

28. Integral to the development of the Fund/Bank Methodology has been the consultation with standard setters—the Basel Committee, FATF, IAIS, IOSCO, and the Egmont Group— as each has a stake in the process. Since the first version in August 2001, there have been three rounds of review by standard setters. The expanded Fund/Bank Methodology, beginning with the February version, including criteria for assessing the legal and institutional framework and the non-prudentially regulated sectors, has been reviewed and commented upon twice. The latest comments from standard setters and from Executive Directors have been incorporated in Annex I, with revisions since the May 2002 version shown in “redline”. In addition, a reference has been added to Annex I that the assessments must consider the stage of institutional and economic development of countries, as requested by the Fund and by the Bank Executive Directors in their comments during the April seminar and by the Bank Executive Directors at their April technical briefing.

29. Annex II has been prepared by the FATF ROSC Working Group to assess elements outside of the supervisory or regulatory framework. The Working Group has revised the April 2002 version of Annex II to reflect comments of FATF members, but it has not yet been agreed to by the full FATF. This revised version, attached at Annex II, has been annotated by the FATF Working Group to differentiate among criteria to assess (i) rules in force, (ii) institutional capacity, and (iii) effectiveness of implementation, consistent with the Matrix of AML/CFT Levels of Compliance Assessment in Table 1, above. The FATF Working Group is proposing that criteria to assess rules in force be moved to Annex I, Part 1 and to be considered by the Fund/Bank Boards for inclusion in the current methodology used in the Fund/Bank assessments (see Box 1 for description of the items that would be moved). The rules found in Annex II largely concern both domestic and cross-border criminal investigations and prosecutions. As is the case with all rule elements, the assessment of these elements requires expertise to interpret relevant terms and concepts (e.g., “human rights,” “controlled delivery”). Both the Fund and Bank Legal Departments currently have such expertise.

FATF Working Group Proposal to Move certain Criteria in Annex II regarding Rules in Force from Annex II to Annex I, Part 1.

The FATF Working Group proposes that the below criteria from Annex II be moved to Annex I, Part 1. These criteria involve assessment of rules in force and would be considered by the Fund/Bank in its review of criminal laws (cell 7 of Table 1).

3A. Criminalization of ML and FT

Criteria

3.11 There should be an adequate legal basis, consistent with individual human rights, for the use of a wide range of investigative techniques, including controlled delivery, lawful interception provisions, undercover operations, etc.

3.12 Law enforcement authorities should be able to compel production of bank account records, financial transaction records, customer identification records, and other records maintained by financial institutions and other financial intermediaries, through lawful process (for example, subpoenas, summonses, search and seizure warrants, or court orders could be used), as necessary to conduct investigations of ML, FT, and the predicate offenses (see FATF 12, 37).

3.13 There should be authority to require witnesses, through lawful process and consistent with individual human rights, to provide testimony for cases involving ML and FT (see FATF 37).

4A. Confiscation of proceeds of crime or assets used to finance terrorism

Criteria

4.13 Additionally, authorized government officials should have the authority to identify and freeze the assets of suspected terrorists whose names may not appear on the list(s) maintained by the re levant committees of the U.N. Security Council (see FATF I, III).

4.14 In addition to confiscation and criminal sanctions, if permissible under the jurisdiction’s legal system, the jurisdiction should consider establishing an asset forfeiture fund into which all or a portion of confiscated property will be deposited and will be used in the management of seized and confiscated assets, as well as for law enforcement, health, education or other appropriate purposes (see Interpretative Note to FATF 38).

6A. International cooperation in AML/CFT matters

Laws should permit bilateral and multilateral cooperation.

Criteria

6.7 There should be arrangements in place for competent agencies to exchange information regarding the subjects of investigations with their international counterparts, based on agreements in force and by other mechanisms for cooperation.

30. All through the evolution of the comprehensive methodology, the FATF has been engaged in a process to extensively revise the FATF 40+8 (see Box 2).In view of this, the draft comprehensive methodology would need to undergo subsequent conforming revisions. As the revisions of the recommendations are expected to be completed only in the second half of 2003, it would be helpful for FATF to endorse the comprehensive methodology for use in assessments in the interim period.

Extension of FATF Recommendations to Service Providers outside the Financial Sector

The FATF 40 recommendations that apply to customer identification, record keeping, suspicious transaction reporting, internal AML controls, and integrity already apply beyond the prudentially regulated sector to other financial sector businesses (FATF 8). In addition, the FATF 40 recommend that national authorities consider applying these rules to non-financial sector businesses that conduct financial sector transactions (FATF 9). The FATF is now reviewing whether to require that jurisdictions to apply its Recommendations specifically to cover six types of non-financial sector businesses and professions as follows: (i) casinos and other gambling businesses, (ii) dealers in real estate and high value items, (iii) company and trust service providers, (iv) lawyers, (v) notaries, and (vi) accountants and auditors.

Last, in conjunction with the issuance of the 8 CFT recommendations in October 2001, the FATF has recommended scrutiny of other non-financial sector intermediaries (that do not normally have customers for financial transactions), especially non-profit and charitable organizations. While the nature of such scrutiny has yet to be spelled out, it is likely to focus on some form of adherence to integrity and transparency standards.

B. Assessed Elements—Rules, Capacity, and Implementation

31. The matrix of AML/CFT assessment (see Table 1) illustrates how areas would be assessed within the draft comprehensive methodology. Assessment of compliance with AML/CFT elements has three levels identified in the rows of the matrix. The first level assesses if the rules themselves are adequate. The second assesses if the authorities charged with AML/CFT compliance have sufficient capacity to implement the rules. The third involves assessing whether the rules have actually been implemented.

32. These three levels of compliance are applied to three different areas of activities, prudentially regulated financial sector activities (banking, insurance, and capital markets sectors), non-prudentially regulated financial sector activities and services, and all activities (including both prudential and non-prudential) that are subject to criminal laws. The prudentially regulated sectors are required to comply with certain AML/CFT duties, including customer due diligence, record keeping, suspicious transaction reporting, and AML/CFT internal controls; they are also required to comply with integrity standards. These AML/CFT duties and integrity standards are found primarily in Part 1, elements 1 and 2, with some rules specific to banking, insurance, and capital markets sectors found in part 2. Non-prudentially regulated financial sector activities and service providers are defined as activities other than those that are prudentially regulated that also require the maintenance of AML/CFT duties and integrity standards. While these activities are typically subject to regulation other than AML/CFT duties and integrity, some may not be.2

33. The authoritycharged with implementing AML/CFT duties and integrity standards may differ depending on the sector and, within the sector, the type of financial service provider (FSP). For example, in the prudentially regulated sectors, the authority charged with implementing both prudential regulations and AML/CFT duties and integrity standards is often the same, but in other cases a single authority, often an FIU, may be charged with implementing AML/CFT duties, including in the prudentially regulated sectors. Criminal laws, on the other hand, apply not only to the first two areas but to all activities. These rules are implemented by the criminal justice system.

Assessments of Cells

34. Cells 1, 2, and 3. These address the prudentially regulated sectors (banking, insurance, and capital markets sectors). The criteria assess AML/CFT duties and integrity standards, the capacity to implement AML/CFT duties and integrity standards, and the effectiveness of implementation. The assessments would cover those sectors that pose an AML/CFT risk. In virtually all cases banking, and in most cases insurance and capital markets, would be included.

35. Cells 4, 5, and 6. These cells address non-prudentially regulated financial sector activities and services. The criteria assess AML/CFT duties and integrity standards, the capacity to implement AML/CFT duties and integrity standards, and the effectiveness of implementation with regard to non-prudentially regulated financial sector activities and services. They include two categories:

  • Financial sector activities that (i) create a potential vulnerability to the national or international financial system because of macroeconomic or systemic relevance (e.g., could include non-prudentially regulated financial sector institutions such as investment funds or trust and company service providers, bureaux de change, formal and informal payment systems) and (ii) pose an AML/CFT risk (see Box 3).

    Tests For Determining Fund and Bank Involvement in Assessing AML/CFT Compliance

    Fund and Bank involvement in assessing AML/CFT has been driven by macro-relevance concerns and the propensity that an activity is vulnerable to money laundering. Fund staff has used a two-step test: whether the sector or activity is both (i) macro relevant and (ii) vulnerable to the risk of money laundering and/or terrorist financing. Bank and Fund involvement in assessing AML/CFT concerns in FSAPs has been in response to international concerns that money laundering or terrorist financing could pose risks to financial sector stability or, in the case of the Bank, the risk that undermining financial system integrity could pose a threat to development.

    Macro-relevance test

    The macro-relevance test has been based on the size of the activity and the potential effect that the activity has on the country’s economy. This test is similar to the one that is applied in determining which sectors of the financial system would warrant assessment in the context of FSAPs. Informal remittance systems are macro relevant in some countries but not in others, and this test would screen out the sector for assessment in the latter countries.

    Vulnerability to risk of money laundering and terrorist financing test

    Different countries have had different experiences concerning activities that are vulnerable to money laundering or terrorist financing, and not in all cases will the same or similar activity pose the same vulnerability to ML or FT. Factors influencing vulnerability to money laundering and terrorist financing risk include (i) frequent receipt or disbursal to or from customers or clients of significant amounts of currency or negotiable instruments, and/or (ii) receipt of negotiable instruments for which the origin was likely to have included a currency transaction (e.g., receipt of cashiers or travelers checks). Useful in the determination of vulnerability for a particular sector or activity will be the actual country experience with money laundering crime.

    Insurance provides an example of an activity that is often macro-relevant but whose vulnerability to money laundering risk varies among jurisdictions. In jurisdictions where the purchase/sale of life insurance policies with cash are frequent, there may be a higher likelihood that insurance activities could be used for money laundering. If cash is rarely used in purchasing or selling policies, insurance activities would naturally have a lower risk of money laundering.

    The effect of these tests is to limit the Fund/Bank AML/CFT assessment of sectors and activities. Concerning the prudentially regulated sectors, in virtually all cases the banking system would be assessed for AML/CFT; however, securities or insurance activities would be assessed based on the vulnerability to AML/CFT. Concerning non-prudentially regulated activities, assessments have covered trust and company service providers for some offshore financial centers where these activities pose a significant risk of money laundering and are sufficiently large to pose reputational risk that could affect the viability of the center concerned.

    The FATF adopts a somewhat different approach in determining which activities should be assessed. The FATF has sought that governments implement the FATF 40+8 in all cases to banking and bureau de change. There is as well a presumption that the recommendations would also routinely apply to insurance, securities, and now money remitters. In addition, the FATF envisages to revise its 40 Recommendations. Proposals have been made to extend the coverage to a wider group of non-financial sector activities, including (i) casinos (and other gambling business), (ii) dealers in real estate and high value items, (iii) company and trust service providers, (iv) lawyers, (v) notaries and (vi) accountants and auditors.

  • Financial sector activities that do not have macroeconomic or systemic relevance to the national or international financial system, but that pose an AML/CFT risk (e.g., those in the first category plus lawyers, accountants, dealers in real estate and other high-value items and non-profit organizations). Not all of these are yet included in the scope of the FATF 40+8 Recommendations.

36. In most cases, the first category will include few or no activities, although in the case of OFCs, trust and company service providers will often be included. For FSAPs and OFCs, the Bank/Fund currently assess the first category; the second category has not been assessed by the Bank/Fund.

37. Cells 7, 8, and 9. These address all activities, including both the prudentially and non-prudentially regulated, but only with respect to application of criminal laws. The capacity of the criminal justice system to implement rules and the effectiveness of implementation is also included. Only cell 7, criminal laws themselves, is currently assessed by the Fund/Bank in FSAPs and OFCs. However, in the case of the UK FSAP, the UK Authorities requested the FATF Working Group to nominate an expert to conduct an independent parallel assessment of the criminal justice elements.

38. In sum, current FSAPs and OFC assessments cover the FATF 40+8 recommendations except for the institutional capacity and effectiveness of implementation for (1) regulation of financial sector activities that either are not of systemic importance to the national or international financial system or do not pose an AML/CFT risk and (2) the criminal justice system.

C. Fund/Bank AML/CFT Experience

39. Fund and Bank expertise in AML/CFT assessments has come primarily from conducting FSAPs and OFC assessments. Additional experience has come from reviewing AML/CFT questionnaires in the context of Article IV consultations (Fund only), a survey of AML/CFT laws undertaken on request of Fund management (Fund only), and technical assistance. Experience has focused on the same areas as in the FSAP and OFC assessments. However, in the technical assistance area, some work has also been done in assessments of capacity and effectiveness in the full range of non-prudential regulation, as well as the capacities of the criminal justice system. The Bank has been involved in analytical and advisory work as well as lending operations at the country level that support judicial and legal reforms, supervision of non-traditional financial sector institutions, and anti-corruption measures.

40. Both the Fund and the Bank also have other expertise outside of the AML/CFT area that may be relevant to AML/CFT assessment. For instance, in the context of conditionality, technical assistance, and surveillance, both the Bank and the Fund have been assessing not only the legislation of member states but also the effective implementation of these laws (e.g., in cases of widespread corruption or defective judicial systems). Similarly, both the Bank and the Fund have been involved in making assessments of capacity and effectiveness of banking supervision and tax administration regimes, which generally have investigative and prosecutorial dimensions, on a regular basis. The Bank makes assessments and supports the strengthening of the institutional framework and effectiveness of civil courts including, but not restricted to, commercial, registry, and bankruptcy matters and is also involved in supporting anti-corruption programs and authorities in about 100 countries. In a few instances the Fund has made assessments of similar matters.

D. Assessments of Criminal Law Enforcement—Capacity and Implementation

Institutional capacity of the criminal justice system (cell 8)

41. Cell 8 includes criteria for assessing the capacity of investigators, prosecutors, and courts to enforce AML/CFT laws. The FATF and FATF-style regional organizations assess institutional capacities in the context of self and mutual evaluations. Capacity is generally assessed through a review of measures and resources allocated to carry out the mandate of the criminal justice authority, which primarily includes investigations, prosecutions, and related court procedures.

42. Institutions involved in such reviews by FATF and the FSRBs include the FIU, investigating authorities (such as the police, tax, or customs authorities), and prosecutorial and judicial bodies. The capacities assessed include the overall funding, adequacy of staff, training, available technological resources, delegation and division of responsibility within the main bodies, (e.g., within the police department and within the ministry of justice), and mechanisms for interagency coordination. These capacities would be assessed with respect to criminal prosecutions, collection, analysis and dissemination of financial intelligence, confiscation or freezing of proceeds, property or instrumentalities of crime, and provisions for carrying out international cooperation and mutual legal assistance.

43. The FATF and FSRBs assessment process for institutional capacity requires meetings with authorities to ascertain the level of delegation of responsibilities for AML/CFT matters within each authorized body responsible for AML/CFT, the reporting structure of the each authorized body responsible for AML/CFT, the balance of the AML/CFT responsibilities with other responsibilities within each authorized body, and the experience levels of the personnel of the investigative and prosecutorial bodies. In addition, the assessment includes a review of the authorities’ freedom from political interference, their independent ability to carry out legislatively delegated functions, and the knowledge and depth of understanding of personnel, including awareness of the sources of illicit money in the jurisdiction.

44. Of specific concern is the institutional capacity to pursue a variety of investigative techniques, to invoke provisional powers for freezing and seizing of assets and to seek or provide prompt mutual legal assistance for ongoing investigations. Much of this capacity is dependent on the existence of internal procedures to carry out these functions and mechanisms to coordinate among agencies within the jurisdiction. Accordingly, the assessment analyzes the demarcation of responsibilities for implementation of AML/CFT measures among different authorized bodies. The investigative, analytical, and legal skills of the participants are also factors in evaluating the institutional capacity of the criminal justice system, particularly with respect to their ability to handle shifts in workload due to implementation of AML/CFT measures.

The effectiveness of implementation of laws by the criminal justice system (cell 9)

45. Cell 9 concerns the criteria to assess the effectiveness of the implementation of laws by investigators, prosecutors, and courts conferred through laws and rules. The FATF and FSRB to a certain extent, the effectiveness of implementation of laws and the criminal justice system in the context of self and mutual evaluations. These are assessed through a review of available statistics on exercise of the authority such as numbers of investigations, prosecutions, and convictions and through observance of the steps taken to effectively rely on the investigative and prosecutorial powers conferred by laws. Statistics reviewed might include, where available, the number of suspicious transaction reports filed, the number of reports from the FIU to law enforcement or supervisory authorities, the number of investigations started, the number of prosecutions started, the number of convictions, and the number and value of assets frozen and confiscated. The available statistics may also encompass the number of requests for information and mutual legal assistance (including for evidence, extradition/prosecution, and asset freezing and confiscation) from foreign authorities.

46. These statistics are reviewed in light of the overall crime situation and crime statistics within the jurisdiction. Studies or other research on the level of drug problems or other crimes generating illicit money shed light on the overall impact of money laundering within the jurisdiction and whether the statistics on investigations, prosecutions, and convictions are appropriate in the overall context. The understanding of the overall crime situation, i.e., typologies and trends, also informs the level of confiscations and seizures. Further, the assessment provides observances on the relationship between the number of suspicious transactions reported, investigations started, prosecutions initiated and convictions obtained to come to a conclusion on the overall effectiveness of implementation. Finally, the reliance and use of up-to-date methods for carrying out investigations and prosecutions is included in the assessment of effective implementation.

47. The Bank and the Fund do not currently assess cells 8 and 9. Both institutions have, in the context of technical assistance, on occasion reviewed processes for investigations, prosecutions, and related court proceedings in areas such as tax administration and public governance (especially anti-corruption). This expertise could be relevant for supervising potential outside experts retained to conduct an assessment of the institutional capacity of the criminal law system. The Fund and the Bank could supervise consultants engaged to assess the effectiveness of implementation of the criminal law framework only as long as this did not require involvement in specific law enforcement cases. However, this would draw both institutions away from their core expertise and would require a decision by the Boards and considerable additional resources.

Options for Conducting AML/CFT Assessments and Preparing ROSC

This attachment reviews basic options for conducting AML/CFT assessments (Section A). It then discusses considerations for preparing AML/CFT assessment reports including possible ROSCs (Section B).

A. Responsibilities for Conducting AML/CFT Assessments

48. There are three options for conducting assessments of a comprehensive AML/CFT methodology: (i) the FATF, FSRB, and perhaps the U.N. are responsible, (ii) Fund/Bank share responsibility with the FATF, FSRB, and the U.N., and (iii) the Fund/Bank are alone responsible. The modalities and pros and cons are summarized in Table 3. The options are not mutually exclusive.

Option 1—FATF (FSRB, U.N.) responsibility for assessment

49. In the first option, the FATF, FSRBs, or the U.N. would be responsible and accountable for the AML/CFT assessment. The pace of assessments would be determined by the assessing organization, based in part on its priorities (which may differ from the Bank and Fund) and its resource constraints. There would be no incremental costs to the Fund/Bank if they continued with the present level of assessments.

50. An advantage of having the FATF prepare the assessment is that it is the standard setter for the FATF 40+8. However, the FATF’s involvement with the NCCT exercise and limited membership might make it an unacceptable assessor to some jurisdictions. In this case, the five current FSRBs could participate, although their membership coverage is limited.1 The U.N. might be approached to collaborate in the assessments of non-members. Uniformity of treatment would require adoption of a common methodology by the different organizations.

Option 2—Shared responsibility for assessments

51. The Fund and the Bank could share responsibility for assessments with the FATF and perhaps other organizations. The Fund/Bank would focus on those areas that their Boards decide should be covered, with other organizations accountable for assessing the remaining elements. A clear division of accountability for various parts of the assessment report would be required. In practice this could be handled through joint missions that would ensure comprehensive coverage of the standard. Collaboration would have the advantage of maintaining the viability and assessment role of the FATF and FSRBs, which now play a significant role for their membership through the mutual evaluation process in contributing to upgrading AML/CFT regimes and practices in their member countries. In addition, the FSRBs play a role in coordinating technical assistance for their members and involvement in the assessment process would improve their ability to arrange subsequent TA.

52. Dividing responsibility and accountability for the assessment would require close coordination. The pace and sequencing of assessments would need to be coordinated with the other assessors. While assessments by the Fund/Bank are currently carried out in the context of FSAPs and OFC assessments, other assessors may have different priorities. An understanding on cost sharing would need to be developed as was done between the Fund and the Bank in the context of the FSAP. Costs might be duplicative in certain areas of assessment.

Option 3—Fund/Bank responsibility for assessment

53. The Fund and the Bank could be solely responsible and accountable for assessments. If the Boards decided that parts of the assessment should not be undertaken by Bank/Fund staff or consultants directly, other organizations could be asked to contribute to the assessment process.2 The Fund and the Bank have relied on the expert opinion outside its areas of expertise in other cases.3 The Fund and the Bank would have direct control over the assessment. The assessment could clearly state that assessments of some elements were done by outside experts and not reviewed by Bank-Fund staff. This option would involve the greatest resource commitment by the Fund and the Bank.

54. The issue of expertise and the increased resource cost could be avoided if the scope of assessment was narrowed to less than the full standard, although limiting assessments as presented in Approaches I or II in Part IV of the Cover Paper would not constitute an assessment of the full FATF 40+8.

Table 2.

Comparison of Options for Preparing AML/CFT Assessments

article image

B. Options for preparing AML/CFT Assessment Reports and Possible ROSCs

ROSC Principles

55. ROSCs are summary assessments and follow a standardized format with three main elements: (i) a description of country practice, (ii) assessment of observance against each element of the standard, and (iii) prioritized recommendations for reform. The Boards of the Bank and the Fund agreed on a list of areas and associated standards for which ROSC can be produced. Fund Executive Directors stressed that the list should only be reviewed and modified by the Executive Board of the Fund, in consultation with the World Bank, where appropriate.

56. The Boards agreed on the following modalities for ROSCs:

  • Participation in the assessment process and publication of the ROSC would be voluntary.

  • ROSCs would allow for different stages of economic development, the range of administrative capacities, and different cultural and legal conditions.

  • ROSCs would provide the context for assessment, including progress made in implementation of the standard and the authorities’ plans for further implementation.

  • ROSCs would not resemble ratings for countries or make use of pass-fail judgments.

  • Authorities would be given opportunity to have their views on the ROSC circulated to the Fund and the Bank and/or published alongside the ROSC.

  • Factual updates to ROSCs would be prepared and circulated to the Fund Board at the time of subsequent Article IV report.

57. Before a comprehensive assessment of the FATF 40+8 standard with Bank/Fund involvement were produced, the standard would need to be added to the list of standards that are useful to the operational work of the Bank and the Fund and for which assessments are prepared, even if this were not to result in a ROSC.

FATF prepared ROSC

58. If FATF were to adopt assessment procedures consistent with the ROSC principles, it would be eligible to prepare a ROSC, if willing to do so, either as the sole assessor or in collaboration with the Fund/Bank. The advantage is that the FATF, as the standard setter, is well placed to prepare a ROSC.

59. FATF undertakes assessments in two ways, although both are based on and consistent with the FATF 40 Recommendations. They are: (a) mutual evaluations of FATF members; and (b) the NCCT process for non-FATF members. The FATF has employed two different assessment criteria for conducting these two assessments. Under the NCCT exercise, the FATF can judge a jurisdiction to be “non-cooperative”, and consider the recommendations of added sanctions. This process contravenes the principles for undertaking ROSCs:

  • the use of different methodologies, even if they were similar, for assessing different countries contravenes the principle of uniformity;

  • the fact that countries were not asked whether they wished to participate in the NCCT process contravenes the voluntary nature of ROSCs;

  • labeling a jurisdiction as “non-cooperative” is inconsistent with the principle that ROSCs should not provide a pass-fail judgment;

  • the prospect of sanctions by the FATF on jurisdictions they find non-cooperative is at odds with the policy of the Fund and the Bank that the adoption of standards should be voluntary;

  • failing to give economies an opportunity to publish a right of reply alongside the assessment is at odds with the modalities for undertaking ROSCs.

60. Adoption by FATF (and FSRBs) of a single assessment methodology for the AML/CFT standard to be used in all cases would address the issue of uniformity of assessment. However, these above concerns would need to be addressed before the FATF could be invited to produce a ROSC either on its own or in cooperation with the Fund and the Bank. Currently, there are no NCCT evaluations underway or planned; however, the FATF has not indicated its intent to forgo additional rounds of NCCT evaluations.

Other options to prepare a ROSC

61. Fund/Bank collaboration with organizations other than FATF, who would agree to conduct assessments consistent with the ROSC principles (e.g., the FSRBs and U.N.) to prepare comprehensive assessments. Alternatively, the FSRBs (and potentially U.N.) could prepare comprehensive assessments on their own. Discussions with these organizations would be necessary to determine if they would agree to the ROSC principles.

62. Fund/Bank responsibility for the ROSC. The Fund/Bank could be solely responsible for the ROSC drawing on outside expertise to assess those elements outside their core areas of expertise. The advantage of this is that there would be assurance that the assessments would be fully consistent with the ROSC process; however this would draw the Fund/Bank away from the core areas of their expertise and respective mandates. It pose significant additional costs.

63. Both of the above approaches could result in two assessments of a country’s AML/CFT regime—one by the FATF (if NCCT is retained) and the other by the Bank/Fund/FSRBs/U.N. Unless coordinated, this could represent a duplication of efforts.

Other options for preparing assessment reports

64. Summaries of Fund/Bank assessments of less than the comprehensive methodology could be published. The Fund/Bank would continue to conduct assessments of less than the comprehensive methodology. Summaries of these could be published with the consent of the member. The assessments may not cover the entire FATF 40+8 standard and would not result in a ROSC. Under this approach, accountability and responsibility for assessment of the less than comprehensive assessment would be distinguished and consistent with the competencies of the Bank and Fund as determined by the two Boards. These assessments, if published, could be used as input for the FATF and FSRB mutual evaluation processes.

65. The member could invite the FATF/FSRBs/U.N. to carry out detailed assessments of the elements not covered by the Fund and the Bank. These detailed assessments could be conducted in parallel as presently undertaken in the FSAP for the United Kingdom, or at different times. The member could also choose to publish these detailed assessments or summaries of the assessments.

C. Transparency and Information Disclosure

66. In addition, it should be noted that in making assessments the Fund/Bank may come across sensitive information4 not otherwise publicly available that the government might chose not to allow staff publicly to disclose under the current voluntary disclosure policy. If such information were later to come to light, the Fund/Bank could be criticized for having withheld the information. However, staff could not disclose such information without the consent of the member because of the constraints under the present voluntary disclosure arrangements.5 While such considerations can also arise in the course of the Bank’s and Fund’s other country-related work, including surveillance and technical assistance, the subject area, money laundering and terrorist financing is, like government corruption, particularly sensitive. Furthermore, the likelihood of uncovering such information in AML/CFT assessments would increase as the scope of assessments conducted by Bank and Fund staff broadens (e.g., to assessment of compliance with elements of the eight special recommendations on terrorist finance).

67. To protect staff and the institutions, consideration should be given to placing disclosure conditions on members that request an assessment. For example, members could (i) give (ex-ante) approval for publication of their detailed assessment, and (ii) agree that the Fund/Bank could report to appropriate authorities any information subject to disclosure under existing AML/CFT legislation. However, such a requirement could discourage members from requesting not only AML/CFT assessments but also FSAPs and OFC assessments, of which AML/CFT assessments are currently a part. This could reduce the benefits from all these assessments.

68. With regard to protection of the Boards from receiving confidential information on individual FSPs, disclosure procedures for AML/CFT assessments could be similar to those used for the Financial Sector Assessment Program (FSAP).6 Information on individual FSPs or of a confidential nature gathered by staff or other assessors would not be disclosed to the Boards. If an AML/CFT ROSC process is developed, ROSCs based on the detailed assessments would be shared with the Boards (and could be published under the existing publication guidelines, along with the detailed assessments, and subject to guidelines on deletions). In any event the summary of the detailed assessments, without confidential information, would be shared with the Boards.

Fund and Bank Mandate and Expertise

This attachment discusses the Fund and Bank mandates and expertise and their application to the work on AML/CFT. To date work on AML/CFT has been a fully joint responsibility of the Fund and the Bank.

A. Fund

Mandate

69. On April 13, 2001, the Board agreed “the Fund has an important role to play in protecting the integrity of the international financial system, including through efforts to combat money laundering.”1 Fund Directors in the November 2001 Board meeting stressed that “the Fund has a key role to play in combating money laundering and terrorism finance as part of international efforts to prevent the abuse of financial systems and to protect and enhance the integrity of the international financial system.” Accordingly, on the basis of these decisions, participation in AML/CFT work is within the mandate of the Fund.

70. At the Board meeting of April 13, 2001, Directors noted “the important role played in law enforcement by various national and international agencies, but confirmed that it would not be appropriate for the Fund to become involved in law enforcement activities.” In the November 2001 Board Meeting, Directors confirmed that “it would be inappropriate for the Fund to become involved in law enforcement issues” and that “primary responsibility for enforcement of anti-money laundering and anti-terrorism financing measures will continue to rest with national authorities.”

71. The fundamental principle limiting the involvement of the Fund in its members’ policies is that the Fund cannot exercise their sovereign powers. In other words, the Fund cannot pass laws, appoint government officials, adjudicate disputes, close banks, arrest, and prosecute individuals, etc. The Fund cannot exercise any of the powers of the executive, legislative or judicial branches of its members. The prohibition against law enforcement by the Fund is only one aspect of this more general principle. It means that any form of enforcement of national laws by the Fund is excluded. This exclusion is not limited to criminal laws. Enforcement of any law is beyond the authority of the Fund. For instance, the Fund cannot enforce a country’s banking laws, e.g., by imposing a fine on a bank, suspending its managers or revoking its license. These powers can only be exercised by the country’s authorities.

72. This principle does not preclude the Fund, however, from advising its members on the exercise of their powers (technical assistance), assessing the compliance by each member in the exercise of its powers with its obligations under the Articles (surveillance, approval jurisdiction over exchange policies), or conditioning its financial assistance on the exercise of these powers to achieve certain objectives (conditionality) when the exercise of these powers is within the Fund’s mandate under its Articles. Assessing the effective implementation of a statute or regulation may raise questions concerning the expertise of Fund staff for that assignment or the need to conduct such assessments but it does not contravene the prohibition against the exercise by the Fund of its members’ sovereign powers. It is for the Fund to determine the extent to which an assessment of laws and their implementation is necessary or feasible.

Expertise

73. In the context of surveillance and conditionality, financial sector issues have been recognized by the Executive Board as one of the core areas in the work of the Fund.2 The focus of the Fund’s work within financial sector issues was identified in the 1998 Review of Bank-Fund Collaboration in Strengthening Financial Systems and endorsed by the two Boards.3 In that context, Directors agreed that the mandate of the Fund—to exercise surveillance over macroeconomic and stabilization policies—should continue to provide the basis for the delineation of its responsibilities in financial sector work.4 In addressing financial sector issues, the Fund should adopt a disciplined and collaborative approach that respects the expertise, scope, and mandate of other relevant institutions.

74. The 1998 Review identified the Fund’s expertise and responsibility to be in the banking system and international capital markets (that may have macroeconomic implications and spillover effects) and the related supervisory and regulatory policies; the monetary authorities’ institutional capabilities to formulate and implement monetary and exchange rate policies; the adequacy of the institutional, legislative, supervisory and prudential frameworks that could entail risks for the soundness of the financial system; certain topics in payment systems that are related to risk management and the transmission mechanism of monetary and exchange rate policies (such as large value transfer systems and foreign exchange settlement systems); and the functioning of financial markets that ensure the effective implementation of monetary and exchange rate policies (such as through money market and foreign exchange and government securities markets).

75. In considering how the Fund could extend its activities on AML/CFT work, in April 2001 the Fund Directors “agreed that the Fund has an important role to play in protecting the integrity of the international financial system, including through efforts to combat money laundering. They emphasized, however, that the Fund’s involvement in this area should be strictly confined to its core areas of competence.” They confirmed, in particular, that it would be inappropriate for the Fund to be involved in law enforcement issues. Directors generally agreed that the Fund should, inter alia, intensify its focus on anti-money laundering elements in all relevant supervisory principles (which were identified in the Board paper as BCP, IAIS and IOSCO principles (or cells 1-3)).

76. In its November 2001 discussion on AML/CFT, the Board emphasized that the Fund should adopt a disciplined and collaborative approach that respects the expertise, scope, and mandate of other relevant institutions, and that the roles of the various institutions involved should be clarified. Directors reaffirmed that the Fund’s primary efforts should be in assessing compliance with financial supervisory principles and providing corresponding technical assistance. They confirmed, in particular, that it would be inappropriate for the Fund to become involved in law enforcement issues.

77. Nevertheless, Directors supported expanding the Fund’s involvement beyond anti-money laundering to efforts aimed at countering terrorism financing.5 Further, most Directors considered it appropriate to expand coverage to legal and institutional issues in the AML methodology. With respect to the coverage of the assessment methodology, several directors supported an evolutionary approach whereby the staff would work on expanding coverage while experience in the implementation of the present Methodology Document accumulates. Some directors considered that the methodology document should eventually cover all the FATF 40+8 recommendations. Directors also supported the use of the expanded AML/CFT methodology in FSAP and OFC assessments.

78. The Board’s directions regarding involvement in AML/CFT issues are similar to the approach adopted with respect to OFCs. During the July 2000 discussion, Directors emphasized that the OFC assessment process will need to be flexible, depending on the financial services provided in each jurisdiction and on the nature of the risks and vulnerabilities. Directors indicated that the Fund’s involvement should evolve in manner consistent with its mandate, expertise, and resources. In particular, Directors generally considered that the focus of the Fund’s assessment should be on financial supervision, covering not only banking, but also insurance and securities as appropriate - the standards within the regulated financial sector.6

79. The experience of the Fund (and Bank) staff in implementing the Board’s guidance in this area since the November 2001 Board discussion is described in Attachment I.

B. Bank

Mandate

80. The appropriate scope for the Bank’s role in assessments using the draft comprehensive AML/CFT methodology requires consideration of both the Bank’s mandate with respect to involvement in law enforcement activities and guidance provided by the Bank’s Executive Directors. The framework for cons ideration of these issues was the guidance of the Board in April 2001 that the Bank’s role must be anchored in its development mandate and that it would not be appropriate for the Bank to become involved in law enforcement activities. 7

81. The Directors agreed that money laundering is a problem of global concern, which affects major financial markets and smaller ones, and which has development costs even though they may be difficult to measure. Directors recognized that national and international efforts to counter money laundering are needed. Such global efforts will require a cooperative approach involving many different institutions given the cross-cutting agenda-encompassing financial sector supervision and regulation, good governance, judicial and legal reform, and effective law enforcement.

82. Directors agreed that the Bank can play a supportive role in partnership with others, especially the Fund, but that this role must be anchored in its development mandate. The principal contribution that the Bank can make—and is indeed already making—is to assist countries address the root causes of financial abuse by helping them strengthen their economic, financial, governance and legal foundations. Directors noted the steps taken by the Bank in recent years to step up its programs in these areas, including the joint efforts with the IMF on the FSAP and the ROSC.

83. Consistent with this approach, Directors agreed that the Bank should, in close collaboration with the IMF, take the following steps to support efforts to combat money laundering:

  • Ensure close collaboration with relevant anti-money laundering groups including FATF, the regional groups and the UN;

  • Give attention to anti-money laundering issues in the Bank’s diagnostic work, especially the voluntary FSAP and the ROSC exercises;

  • Based on diagnostic work and policy dialogue, be prepared to provide technical assistance and support for capacity building in the areas of the Bank’s domain and within the framework of its country strategies; and

  • Improve the understanding of the development costs and impact of money laundering and financial abuse, and publicize the importance of collective actions in this area.

84. While the Directors found that it was proper for the Bank to assess, and assist member countries with, their legal frameworks, including regulatory and criminal aspects, they also endorsed caution against involvement in individual law enforcement cases. The decision to refrain from involvement in individual law enforcement cases is based upon the limitations, and the underlying considerations, provided in the Bank’s Articles regarding prohibition against interference in political affairs and non-economic considerations. Article IV, Section 10 of the Bank’s Articles provides:

“The Bank and its officers shall not interfere in the political affairs of any member; nor shall they be influenced in their decisions by the political character of the member or members concerned. Only economic considerations shall be relevant to their decisions, and these considerations shall be weighed impartially in order to achieve the purposes stated in Article I.”

85. The Bank is not expected to ignore political factors that have an impact on its development activities, but “to limit itself to the necessary analysis needed for the purposes of its work and not to interfere in any way in the political events or factors in place.. .[and] to limit its concern to the direct and obvious economic effects relevant to its work8.”Similarly, while the Bank is not prohibited from providing clients with diagnostics and technical assistance and advice with regard to the criminal justice system, the nature of its involvement must be scrutinized in each case.

86. Within this context, on January 22, 2002, the Bank’s Directors, as a Committee of the Whole, considered the appropriate extent of the Bank’s role in AML/CFT-related law enforcement activities in discussing the “Proposed Action Plan for Enhancing the Bank’s Ability to Respond to Clients in Combating Money Laundering and the Financing of Terrorism.”9 As the paper describing Bank’s management’s approach to the question of the law enforcement aspects of the Bank’s AML/CFT assessment work stated, “The expanded AML/CFT methodology would draw on the new FATF eight Special Recommendations for combating the financing of terrorism that were adopted at the October plenary session but would avoid any involvement in law enforcement. Thus, the methodology could include the criteria for assessing compliance with institutional measures, such as the enactment of legislation to permit seizure of property that is connected to the financing of terrorism, but leave examination of law enforcement activities, such as the actual seizure of assets, to other bodies ( e.g., FATF) [emphasis supplied].”

87. At the January 22, 2002 meeting, the Directors took the view that specific law enforcement-related activities should be left to other appropriate authorities. While the Directors found that it was proper for the Bank to assess, and assist member countries with, their legal frameworks, including regulatory and criminal systems, they also agreed with Management’s preclusion against involvement in individual cases.

88. The Bank’s mandate would permit the Bank to examine certain enforcement aspects of financial and criminal laws and regulations that are relevant to the AML/CFT assessments, while respecting the guidance of the Bank’s Directors that the Bank should not become involved in individual law enforcement cases. On the one hand, assessments conducted by the Bank would not be restricted to textual review of the laws and regulations in place, as laws on the books may not be effective. On the other hand, because of the limitations of its Articles of Agreement prohibiting interferences in political affairs and non-economic considerations, the Bank will not get involved in individual enforcement cases. In carrying out AML/CFT assessments, therefore, utmost care must be taken by the Bank, including its consultants, that there is no involvement in individual enforcement cases in light of the Management’s earlier recommendations, Directors’ guidance and the Articles.

89. Management also noted in the paper discussed on January 22 that the Bank would need to consider at a later time whether to extend its work to further assessing elements of the AML/CFT methodology covering unsupervised financial intermediaries (such as retail currency exchanges and informal methods of wiring funds between jurisdictions). These financial intermediaries are outside of the current scope of the Bank’s AML/CFT assessment, advisory and technical assistance work. In addition, the FATF is considering the revision of the FATF 40 that could in the future cover entities outside the financial system (attorneys, accountants, casinos, etc.). Both of these areas remain outside the Bank’s scope pending further discussion with the Board after the FATF plenary meeting scheduled for June 18-21, 2002.

Expertise

90. As noted in the Board papers10 and confirmed by the Directors, the Bank’s work in AML/CFT assessments is rooted in its expertise in financial and legal sector issues, in particular its work in promoting financial sector development within sound legal, regulatory, and supervisory environment.11

91. The Bank has long standing expertise and responsibility with respect to (i) a full range of financial sector institutions and systems, including inter alia banks, securities, insurance, pensions, capital markets, micro finance, SME finance, mutual funds, housing finance, and (ii) the legal, judicial, legislative, accounting/auditing, corporate governance, and supervisory and regulatory framework in which these institutions and systems operate. This expertise can be called upon, as necessary, in AML/CFT diagnostics and capacity building.

Annex I

Preliminary Draft (June 7, 2002 version)

Fund and Bank Methodology for Assessing Legal, Institutional and Supervisory/Regulatory Aspects of Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT Methodology)

Prepared by

The IMF and World Bank in consultation with the Financial Action Task Force ROSC Working Group, the Basel Committee, the International Association of Insurance Commissioners, the International Organization of Securities Commissioners and the Egmont Group

I. Introduction

1. Money laundering (ML) and the financing of terrorism (FT) are global problems that affect not only security, but can harm the integrity of financial systems, potentially adversely affecting economic prosperity and impeding economic development. The global agenda to curb ML and the FT calls for a cooperative approach among many different international bodies. Efforts to establish an international standard against ML and the FT have been led by the Financial Action Task Force (FATF) with the development of the FATF 40 Recommendations and, later, the 8 Special Recommendations (FATF 40+8).1 The Boards of the Fund and the Bank have recognized these recommendations as the appropriate standard for anti-money laundering and combating the financing of terrorism (AML/CFT).

2. Since April 2001, the Fund and the Bank have intensified their work first in global AML and, since September 11, CFT, including the assessment of AML/CFT elements in the context of the joint Fund/Bank FSAP and the Fund’s OFC initiative. The IMFC and Development Committee in November 2001endorsed the Fund and Bank enhanced participation in AML and CFT efforts.

3. This draft Methodology incorporates comments received from standard setters following the release of the February 8, 2002 version.2 Both this version and that of February 8 include assessment of the adequacy of laws (including decrees, regulations, etc.) necessary for an effective AML/CFT legal and institutional framework and assessment of the implementation of laws that are part of the supervisory or regulatory framework, but does not include assessment of implementation of other AML/CFT laws. In consultation with staff, the FATF Working Group has prepared Annex II, which includes criteria to cover the assessment of implementation of AML/CFT laws not covered in Annex I. When taken together, Annexes I and II would constitute a comprehensive Methodology for assessing the entire FATF 40+8. In order to indicate that both Annex I and II have the same thematic organization, criteria in Annex II are numbered to correspond to the related criteria in Annex I. Similarly, criteria in Annex I noted as “Reserved” are to be found in Annex II.

4. This Methodology has been organized in the following sections. Section II provides a summary of the three parts to the Assessment Methodology. Section III discusses the relationship between this Methodology and the FATF 40+8. Section IV provides the detailed guidance, including criteria, to be used for the AML/CFT Assessment. Tables 1 and 2 show the connection between the Methodology and the FATF 40+8.

II. Overview of the Assessment of AML/CFT

This section provides an overview of the AML/CFT Assessment Methodology.

The three-part AML/CFT Assessment

5. The AML/CFT Assessment is divided into three parts. As experience accumulates, scrutiny of individual areas could be increased or decreased. On a jurisdiction-specific basis additional scrutiny would be applied to individual areas if staff has reason to believe that significant deficiencies exist. The assessment process will include the designation of an AML/CFT Coordinator. The coordinator will work closely with the Mission Chief and other assessors to determine the scope of the AML/CFT Assessment.

Part 1: Legal and institutional framework. Effective AML/CFT requires an adequate legal and institutional framework, which should include both binding substantive rules and adequate sanctions for non-observance. This section draws significantly from the FATF 40+8, plus relevant U.N. Security Council Resolutions and international conventions.3 For this section, assessors will evaluate the adequacy of rules for (i) customer due diligence (including customer identification, record keeping, suspicious transaction reporting, AML/CFT internal controls, sanctions); (ii) integrity standard; (iii) criminalization of ML and terrorism financing; (iii) confiscation of related assets; (iv) processes for collection, analysis, and dissemination of financial information and intelligence; and (v) international cooperation.

Part 2: Supervisory and regulatory framework for prudentially-regulated financial sectors (banking, insurance, and securities).4 The assessment criteria for the prudentially-regulated sectors consist of a set of core criteria drawn from the common elements of supervisory/regulatory standards (BCP, IOSCO, and IAIS), plus additional sector-specific standards that are consistent with the FATF 40+8. For each financial sector, assessors will evaluate core and sector-specific criteria for a common set of AML/CFT elements as follows (i) organizational and administrative arrangements; (ii) customer due diligence; (iii) suspicious transaction reporting; (iv) record-keeping and other controls; (v) information sharing and cooperation; and (vi) licensing and authorization.

6. Part 3: Regulatory framework for certain other providers offinancial services. Included in the category of certain other providers are foreign exchange houses, money remittance/transfer companies, and trust and company service providers. The AML/CFT elements and assessment criteria draw primarily from the FATF 40+8. Assessors will evaluate the same six AML/CFT elements as in Part 2. To ensure proper focus of the mission, in preparation for the mission the AML/CFT Coordinator should receive and review existing AML assessment information such as mutual evaluation reports and self-assessment surveys. As part of this review, the AML/CFT Coordinator should ensure that the AML/CFT questionnaire has been circulated to the jurisdiction in advance of the mission and obtain copies of relevant AML/CFT legislation, regulations, circulars, etc. Such information will be instrumental for the purposes of assessing the adequacy of the legal and institutional framework. Where possible, it is best that the legal and regulatory materials be reviewed for adequacy in advance of the mission.

7. The AML/CFT Coordinator should request in advance the most recent mutual and/or self-evaluations conducted under the auspices of the FATF or FATF-style regional bodies (e.g., the Asia Pacific Group on Money Laundering, Caribbean FATF and Council of Europe/PC-R-EV, Eastern and Southern African AML Group (ESAAMLG), and the FATF for South America (GAFISUD)).

Other conditions to an effective AML/CFT effort

8. A truly effective AML/CFT effort requires that other conditions not covered by the AML/CFT Methodology also be in place. These include sound and sustainable financial sector policies and a well-developed public sector infrastructure. More particularly, effectiveness depends on a proper culture of deterrence shared and reinforced by government, financial institutions, other providers of financial services, industry trade groups, and self-regulatory organizations (SROs). The infrastructure requires ethical and professional lawyers, examiners, accountants, auditors, police officers, prosecutors, and judges, etc., and a reasonably efficient court system whose decisions are enforceable. An essential aspect of assessing the adequacy of these conditions is the existence of a system for ensuring the ethical and professional behavior on the part of examiners, accountants and auditors, and lawyers, including the existence of codes of conduct and good practices, as well as methods to ensure compliance such as registration, licensing, and supervisory bodies.

9. Weaknesses or shortcomings in these areas may significantly impair the implementation of an effective AML/CFT Program. Although the AML/CFT Methodology does not cover these conditions, apparent major weaknesses or shortcomings identified should be noted in the report.

Assessment of the legal and institutional framework under Part 1

10. The methodology incorporates guidance for assessing adequacy of the laws needed for an effective AML/CFT Program. In this regard, there needs to be substantive rules that are properly drafted and legally binding. The laws should also establish administrative authorities to ensure compliance with these rules.

11. Assessors should be aware that the legislative and supervisory framework for AML may differ substantially from one jurisdiction to the next, and that there are acceptable variations in ways in which jurisdictions can implement international standards for combating ML and FT. These considerations should allow for different stages of economic development, the range of administrative capacities, and different cultural and legal conditions. Moreover, the report should provide the context for the assessment, and make note of the progress in implementing the standard.

Financial Intelligence Unit (FIU)

12. It is essential for national authorities to have in place mechanisms whereby financial disclosures and other information concerning ML or FT is received, analyzed, and disseminated to appropriate supervisory and law enforcement authorities. While such information can be useful to supervisors when assessing compliance with prudential supervisory principles, such information is primarily used by law enforcement officials to develop investigations. Integral to this process is the requirement that financial institutions and, in certain cases, other financial service providers report instances when there is reasonable basis for suspicion of ML or FT.5

13. For these reasons, Part 1 includes a section on FIUs.6 This section relies on best practices as indicated by a review of the existing laws and regulations on FIUs of 14 Fund/Bank member countries and standards and principles adopted or used by the Egmont Group of FIUs or by the UNDCCP model laws.

Areas to be assessed under Part 2 and Part 3

14. For the prudentially supervised sectors, the banking sector will be part of the AML/CFT Assessment in all cases. An AML/CFT review of securities and insurance will be undertaken where such sectors are relevant. The assessors will use the core and sector-specific criteria to evaluate compliance with six AML/CFT elements for the prudentially-regulated sectors. For each sector, the AML coordinator should ensure that the core criteria are assessed consistently across sectors, particularly to the extent that more than one assessor is involved in evaluating compliance. For the six AML/CFT elements, there are not in all cases sector-specific criteria. For example, the core criteria for licensing and authorization are applicable to all three sectors, and sector-specific criteria were not needed.

15. The FATF has recommended heightened scrutiny of shell corporations, trust and company service providers, non-profit and charitable organizations and similar entities. While the nature of such scrutiny has not been spelled out by FATF, it is likely to focus on some form of adherence to integrity standards. The FATF is currently developing guidance for reviewing the activities of these entities, which will be incorporated in the AML/CFT Methodology once completed.

III. Relationship Between the AML/CFT Methodology and the FATF 40+8

16. The Fund and the Bank have been participating in the FATF ROSC Working Group in its efforts to prepare a complete Assessment Methodology for the FATF 40+8. With the expansion of the Fund and Bank Methodology to include legal and institutional framework elements, aspects of each of FATF 40+8 are now covered. Only those aspects of the FATF 40+8 involving implementation of legal rules (other than those of a supervisory or regulatory nature) are not covered.

17. Following the Hong Kong plenary meeting in January 2002, the focus of the FATF ROSC Working Group has been to develop the additional draft guidance for assessing implementation of the laws not already included in the AML/CFT Methodology. By combining the additional draft guidance from the Working Group with the AML/CFT Methodology, there would be comprehensive coverage of the FATF 40+8. The Working Group’s draft guidance was included as Annex II in the Update to the Executive Boards, which included this Methodology as Annex I. In order to indicate that both Annex I and II have the same thematic organization, criteria in Annex II are numbered to correspond to the related criteria in Annex I. Similarly, criteria in Annex I noted as “Reserved” are to be found in Annex II.

18. Tables 1 and 2 show how the detailed criteria in the AML/CFT Methodology correspond to the FATF 40+8. The first column in the tables provides a summary of each of the FATF Recommendations. The criteria listed in column two show the extent that the particular recommendation is covered through the assessment of legal and institutional framework elements under Part 1. The criteria listed in column three indicate the extent to which the AML/CFT elements are assessed under Part 2 or Part 3. The criteria in the last column indicate additional AML/CFT elements that would be assessed using the Working Group’s draft guidance.

Criteria for assessing observance of the AML/CFT elements

19. The assessment of the adequacy of a jurisdiction’s AML/CFT framework will not be an exact process, and the vulnerability that one jurisdiction would have to ML and FT will be different depending on both domestic and international circumstances. Because techniques for both ML and FT are evolving, AML/CFT policies and best practices will need also to evolve.

20. This section provides detailed criteria for AML/CFT elements subject to assessment under the three parts of the AML/CFT Methodology. Part 1 covers the legal and institutional framework, Part 2 the prudentially-regulated financial sectors (banking, insurance and securities), and Part 3 other regulated financial service providers (e.g., foreign exchange houses, money remitters).

21. Full compliance is demonstrated when each criterion is substantially met. The individual criteria come from four key sources, the FATF, The Basel Committee on Banking Supervision, the IOSCO, and the IAIS. The assessment criteria should always be reviewed in connection with other relevant papers from the appropriate standard setter to obtain an entire view of accepted practices.

22. A requirement is considered compliant whenever all essential criteria are generally met without any significant deficiencies. A requirement is considered largely compliant whenever only minor shortcomings are observed, which do not raise major concerns and when corrective actions to achieve full observance with the requirement are scheduled within a prescribed period of time. A requirement is considered materially non-compliant whenever, despite progress, the shortcomings are sufficient to raise doubts about the authority’s ability to achieve observance. A requirement is considered non-compliant whenever no substantive progress toward observance has been achieved. A requirement is considered not applicable whenever, in the view of the assessor, the requirement does not apply, given the structural, legal and institutional features of a jurisdiction.

A. Part 1: Assessing the Adequacy of the Legal and Institutional AML/CFT Elements

23. In the review of the legal and institutional framework, the assessors are to review whether the rules in force meet the appropriate standard.

24. Most AML/CFT rules concerning customer due diligence, integrity standards, and financial transparency are applied to prudentially regulated financial institutions (i.e. banking, insurance, and securities) through the supervisory process. These rules may also be applied through a regulatory framework to other financial services providers. In these instances, the assessment of the implementation of rules in Part 1, sections 1 and 2, would be carried out in Parts 2 and 3 of the Methodology. Assessment of implementation under Part 1, sections 1 and 2, would largely be limited to financial service providers that are not supervised or otherwise subject to regulation.

For purposes of this Methodology, Financial Services Providers (FSP) consist of:

(1) Regulated Financial Institutions consist of prudentially regulated financial institutions (banks, insurance entities, and market intermediaries and collective investment schemes that are subject to prudential regulation under BCP, IAIS, and IOSCO supervisory principles) and other regulated financial institutions, including foreign exchange houses and money remittance or transfer companies; and

(2) Other FSP, which consist of persons who engage, other than on an occasional basis, in financial services on behalf of clients or customers as noted in the Annex to FATF Recommendation 9.

(3) Authorized government official consists of any governmental agency, body, or person (whether legal or physical), who is authorized by law to perform a particular function or act. The term may have different meanings in the methodology depending on the particular context.

(4) Financing of terrorism (FT) includes the financing of terrorist acts, and of terrorist organizations.

(5) Laws include any legislation, decree, regulation, or other rule that is both in force and with which compliance is mandatory.

Note: Criteria are in italics; elaborations of those criteria are in plain type.

1. Legal requirements for financial service providers

FSP should be required to verify and keep records of the identity of customers, to keep records of financial transactions, and to report unusual or suspicious transactions to an FIU (see FATF 2, 6, 8, 10, 11, 12, 17, 18, 19, 20, 21, 23, 26, VI, VII, VIII).

Criteria

1a. Customer due diligence

1a.1 FSP should be required to identify on the basis of an official identifying document, and to record the identity, of their customers, either occasional or usual, when establishing business relations or conducting transactions, and to renew identification when doubts appear as to their identity in the course of their business relationship8 (see FATF 10, 11, 20).

1a.2 If the customer is a legal entity, FSP should be required adequately to verify its legal existence and structure, including information concerning the customer’s name, legal form, address, directors, and provisions regulating the power to bind the entity, and to verify that any person purporting to act on behalf of the customer is so authorized and identify that person (see FATF 10).

1a.3 If it appears to a FSP that a person requesting to enter into any transaction, whether or not in the course of a continuing business relationship, is acting on behalf of another person, the FSP should be required to take reasonable measures to establish the true identity of any person on whose behalf or for whose ultimate benefit the applicant may be acting in the proposed transaction, whether as trustee, nominee, agent or otherwise (see FATF 10).

1a.4 FSP should be required to include originator information and related messages on funds transfers that should remain with the transfer through the payment chain. Originator information should include name, address, and account number (when being transferred from an account) (see FATF VII).

1b. Record keeping

1b.1 FSP should be required to maintain records on customer identity (e.g., copies where possible or other records of identity documents) for at least five years following the termination of an account or business relationship (or longer if requested by an authorized government official) and these documents should be available for inspection by authorized government officials (see FATF 12, 20).

1b.2 FSP should be required to maintain customer transaction records for at least five years following completion of the transaction (or longer if requested by an authorized Government Official) regardless of whether the account or business relationship is terminated and these documents should be available for inspection by authorized Government Officials (see FATF 12, 20).

1b.3 Transaction records should be sufficient to permit reconstruction of individual transactions so as to provide, if necessary, evidence for prosecution of criminal behavior. Records should include the customer’s (or beneficiary’s) name, address (or other identifying information normally recorded by the intermediary), the nature and date of the transaction, the type and amount of currency involved, and the type and identifying number of any account involved in the transaction (see FATF 10).

1c. Suspicious transactions reporting

1c.1 FSP should be required to scrutinize all complex or unusual transactions, and complex or unusual patterns of transactions, that have no apparent or visible economic or lawful purpose, to examine as far as possible the background and purpose of such transactions, to set forth their findings in writing, and to report promptly the information to the FIU (see FATF 14).

1c.2 FSP should be required to scrutinize transactions with persons in jurisdictions that do not have adequate systems in place to prevent or deter ML or FT and to examine the background and purpose of such transactions (see FATF 21).

1c.3 FSP should be required to give enhanced scrutiny to funds transfers that do not contain originator information (see FATF VII).

1c.4 If, as a result of scrutinizing transactions or for any other reason, a financial service provider suspects that assets involved in a transaction either stem from a criminal activity or are to be used to finance terrorism, the financial service provider should be required to report promptly its suspicions to the FIU in the form of a “suspicious transaction report” (“STR”) (see FATF 15, IV).

1c.5 No confidentiality or secrecy law or agreement should prevent effective transaction reporting or monitoring by authorized government officials, and FSP (including any directors, officers, and employees) should be protected from any liability for breach of any restriction on disclosure of information in the course of making available findings or reporting suspicions in good faith to authorized government officials (see FATF 2, 16).

1c.6 FSP (including any directors, officers and employees) should be prohibited from warning (“tipping off”) their customers when information relating to them is reported to authorized government officials. Directors, officers and employees should observe the instructions from the FIU to the extent that they carry out further investigation or review (see FATF 17, 18).

1d. AML/CFT internal controls

1d.1 Regulated financial institutions should be required to establish and maintain internal procedures to prevent their institutions from being used for ML or FT purposes (see FATF 19, 26, VI).

1d.2 Regulated financial institutions should be required to take adequate measures to make employees aware of domestic laws relating to ML and FT, and related procedures and policies, and to ensure adequate compliance with these laws, procedures, and policies. This should include providing employees with appropriate training in the identification and handling of money-laundering or FT transactions (see FATF 19, 26).

1d.3 Regulated financial institutions should be required to designate an AML/CFT compliance officer at management level (see FATF 19, 26).

1d.4 Regulated financial institutions should be required to screen applicants for employment to prevent the use of their institutions by money launderers or terrorists (see FATF 19, 26).

1e. Sanctions

1e.1 Adequate sanctions should be provided for failure to comply with any of the requirements, and one or more authorized government officials should have jurisdiction to enforce compliance with the above criteria by all covered persons (see FATF 6, 18, 26).

2. Integrity standard

Laws should be adopted to prevent criminals and criminal organizations from controlling regulated financial institutions. Laws should be adopted to ensure that shell corporations, trust and company service providers, charitable or not-for-profit foundations, or others similar entities are not used for criminal purposes (see FATF 25, 29, VIII).

Criteria

2.1 Criminals should be prohibited from holding a significant investment in regulated financial institutions, or from holding any management functions including in executive or supervisory boards, councils, etc (see FATF 25, 29, VIII).

2.2 Laws should require registration, authorization, and licensing of regulated financial institutions to assist authorized government officials in ensuring inter alia that criminals do not hold a significant investment interest or any management function therein (see FATF 25, 29, VIII).

2.3 Regulated financial institutions should be required to put in place measures to guard against the holding of management functions and prevent the controlling or acquisition of significant investment therein by criminals (see FATF 29, VIII).

2.4 Authorities should pay enhanced scrutiny to entities susceptible to being used as conduits for criminal proceeds or FT (including to escape any asset freezing measures, or to conceal or obscure the clandestine diversion of funds intended for legitimate purposes), such as shell corporations, trust and company service providers, charitable or not-for-profit organizations, or other similar entities (see FATF 25, VIII).

2.5 Laws should allow authorized government officials to require shell corporations, trust and company service providers, charitable or not-for-profit organizations, or other similar entities to produce the names of controlling owners/shareholders/trustees (including executive or supervisory boards or councils).

2.6 Adequate sanctions should be provided for failure to comply with any of the requirements. Authorized government officials should have jurisdiction to enforce compliance.

3. Criminalization of ML and FT

Laws should provide for the criminalization of ML and FT as serious offenses (see FATF 1, 4, 5, 6, II).

Criteria

3.1 ML and FT should be criminalized as serious offenses. ML should extend to the proceeds of all serious offenses (including FT) and should be consistent with the definitions set out in the Vienna Convention, Palermo Convention, and the FATF 40 Recommendations The definitions of FT should be consistent with the definition set out in the Convention for the Suppression of the Financing of Terrorism (see FATF 1, 4, 5, II).

3.2 The jurisdiction should have enacted into law the provisions of the UN Convention Against Illicit Traffic in Narcotic Drugs and Psychotropic Substances (Vienna Convention), the UN Convention for the Suppression of the Financing of Terrorism, and the UN Convention Against Transnational Organized Crime (Palermo Convention) relevant to AML/CFT (see FATF 1, I) (see FATF 1, I).

3.3 The offense of ML should extend not only to those persons who have committed ML, but should also extend to persons who have committed both laundering and the predicate offense.

3.4 It should not be necessary that a person be convicted of a predicate offense to establish that assets were the proceeds of a predicate offense and to convict any person of laundering such proceeds.

3.5 Predicate offenses for ML should extend to all serious crimes, including FT. It is possible to identify ML predicate offenses by list or generically, including by length of penalty (see FATF 4).

3.6 The offense of ML should not be restricted to laundering of monetary instruments or securities, but should extend to all assets that represent the proceeds of crime.

3.7 The predicate offenses to ML should extend to those crimes committed extraterritorially. However, to ensure that ML does not address activities deemed lawful domestically, jurisdictions may elect to include only those acts that would have constituted a predicate offense had they occurred domestically.

3.8 The offenses of ML and FT should apply at least to those individuals/entities that knowingly engaged in ML or FT activity. Laws should provide that the intentional element of the offenses of ML and FT may be inferred from objective factual circumstances. If permissible under the jurisdiction’s legal system, the offenses of ML and FT should extend to those who “should have known” that the assets were processed for the purpose of ML or FT (see FATF 5).

3.9 If permissible under the jurisdiction’s legal system, the offenses of ML and FT should extend to entities (e.g., companies, foundations) (see FATF 6).

3.10 through 3.21. [RESERVED]

3.21 Proportionate and dissuasive sanctions (which can include criminal, civil, and administrative sanctions) for ML and FT should be provided. Sanctions should include loss of authority to do business (removal of license etc) (see FATF 6, 7).

4. Confiscation of proceeds of crime or assets used to finance terrorism

Laws should provide in criminal cases for the confiscation of assets laundered or intended to be laundered, the proceeds of ML predicate offenses, assets used for FT, or the instrumentalities of such offences (“assets subject to confiscation”), but should adequately protect the rights of bona fide third parties (see FATF 7, 35, 38, III).

Criteria

4.1 Laws should provide for confiscation in criminal cases, including income or gains from such assets, proceeds, or instrumentalities (see FATF 7, III).

4.2 Laws and other measures should provide for (a) extending confiscation to assets which are the proceeds of or traceable to ML and FT; (b) extending confiscation to assets which facilitate or are used in the commission of ML and FT; (c) identifying and tracing assets subject to confiscation; and (d) freezing or seizing assets subject to confiscation prior to the issuance of a confiscation order.

4.3 If permissible under the jurisdiction’s legal system, laws should provide for the confiscation of assets of organizations that are found to be primarily criminal in nature (i.e., organizations whose principal function is to perform or assist in the performance of illegal activities) (see FATF 7, 38, III).

4.4 Laws should provide for confiscation of assets of equivalent value, in the event assets subject to confiscation are not available (see FATF 7, III).

4.5 Without prior notification or appearance in court of the parties in control of the property (i.e., on an ex parte basis), the law should provide for provisional measures, e.g., seizing or freezing of assets subject to confiscation during an investigation with adequate legal safeguards to protect the property and due process rights of owners of frozen or seized assets (see FATF 7, 38, III).

4.6 If permissible under the jurisdiction’s legal system, in addition to the system of confiscation triggered by a criminal conviction, confiscation of assets subject to confiscation should be made possible through non-criminal process (e.g., civil process for common law jurisdictions should be considered) (see FATF 7, III).

4.7 Orders to identify and trace assets suspected of being proceeds of crime or used for FT should be allowed (see FATF 7, III).

4.8 Laws should provide protections for the rights of innocent or bona fide third parties, i.e. parties that acquired legal interests in assets without knowledge that they are assets subject to confiscation.9 Such protections should be consistent with the standards provided in the Palermo Convention and Strasbourg Convention, where applicable.

4.9 In addition to confiscation and criminal sanctions, if permissible under the jurisdiction’s legal system, there should be authority to void contracts or render them unenforceable where parties to the contract knew or should have known that as a result of the contract the authorities would be prejudiced in their ability to recover financial claims resulting from the operation of AML/CFT laws (see FATF 7).

4.10 through 4.14 [RESERVED]

5. Processes for receiving, analyzing, and disseminating disclosures of financial information and intelligence

An FIU should be established that meets the Egmont Group definition10 that is responsible for the receiving, analyzing, and disseminating disclosures of financial and other relevant information and intelligence concerning suspected ML or FT activities. The FIU should be empowered to receive information necessary for the discharge of its functions, and to exchange information domestically or internationally. The FIU should have additional responsibilities, in particular to conduct research in Money Laundering typologies and provide training (see FATF 13, 15, 18, 23, 26, 27, 28, 31, 32, IV).

Criteria

5.1 An FIU should be established responsible for receiving, analyzing, and disseminating disclosures of financial and other relevant information and intelligence concerning suspected ML or FT activities.

5.2 The FIU should be responsible for analyzing financial transaction reports to determine the presence of possible ML or FT activities.

5.3 Reporting parties should be required to send all financial transaction reports required by law to the FIU.

5.4 The FIU or another competent authority should be authorized to issue guidelines for the identification of complex or unusual transactions or patterns of transactions(see FATF 28, IV).

5.5 The manner in which transactions should be reported should be determined by law or regulation. The FIU should be authorized to issue guidelines on related administrative matters, including the specification of reporting forms (see FATF 18).

5.6 The FIU should be authorized to require reporting parties to provide additional documentation needed to assist in its analysis of a particular financial transaction or a series of transactions.

5.7 The FIU should be authorized either to enter the premises of any reporting party during ordinary business hours so as to inspect the documentation maintained by such reporting party or to request another authorized government official to do so.

5.8 The FIU should be authorized either to order a temporary freezing or blocking of transactions that it suspects are connected to ML or FT or to request another authorized government official to do so.

5.9 It should be considered to authorize the FIU either to order administrative sanctions or penalties (including meaningful fines and license suspensions) against reporting parties for failure to comply with their reporting obligations or to request another authorized government official to do so.

5.10 The FIU should be empowered to obtain or request financial information other than financial transaction reports to enable it adequately to undertake its responsibilities.

5.11 The FIU should have access to sources of financial , administrative and law enforcement information, on a real-time or expedited basis, including databases, to assist in its analysis.

5.12 The FIU should be authorized to disseminate financial information and intelligence, either on its own initiative or upon request, to domestic authorities for investigation or action when there are reasonable grounds to suspect ML or FT.

5.13 Laws should provide adequate safeguards, including confidentiality, to ensure that authorized government official use the information and intelligence disseminated by the FIU for anti-money laundering purposes (see FATF 32).

5.14 The FIU should be authorized to request from or to disseminate to its foreign counterparts financial information and intelligence, either on its own initiative or upon request, to foreign authorized government officials.

5.15 The FIU should be authorized to share information and intelligence with foreign counterpart FIUs only if they provide adequate safeguards to ensure that this exchange of information is consistent with international agreed principles on privacy and data protection (see FATF 32).

5.16 The FIU should be authorized to enter into agreements/memoranda of understanding with foreign counterpart FIUs to facilitate international cooperation and exchange of information in ML or terrorism finance matters (see FATF 26).

5.17 through 5.20 [RESERVED]

5.21 The FIU should be authorized to undertake ancillary activities relating to fulfilling its responsibilities, including monitoring compliance with reporting obligations, conducting research into ML and terrorism financing trends and typologies, providing training to reporting institutions, and advising the government and parliament on ML and terrorism financing policy and on necessary amendments to legislation (see FATF 13, 31).

5.22 The FIU should be adequately funded, staffed, and provided with sufficient equipment and other resources to fully perform its authorized functions.

5.23 The FIU should have a governance structure sufficient to ensure that its functions are properly executed, including that adequate confidentiality is maintained.

5.24 The FIU can be established either as an independent governmental authority or within an existing authority or authorities, but in either case it should have sufficient independence and autonomy to ensure that (i) it is free from unauthorized outside influence or interference in its functions and decisions; and (ii) that information and intelligence held by it will be securely protected and disseminated only in accordance with the law (see FATF 32).

5.25 There should be periodic reports of the activity of the FIU to the governmental authorities.

5.26 The FIU should have adequate safeguards with respect to maintaining confidentiality of information (see FATF 32).

5.27 The FIU should have adequate internal rules and procedures to ensure effective operation.

5.28 The FIU, including its employees, should have adequate legal protections against suits arising from the execution of their duties.

5.29 The FIU, including its employees, should have adequate protection against legal process to ensure adequate confidentiality of information.

6. International cooperation in AML/CFT matters

Laws should permit bilateral and multilateral cooperation and the provision of mutual legal assistance (including exchange of information, investigation, prosecution, seizure and forfeiture actions, and extradition) in AML/CFT matters based on accepted international practices (see FATF 3, 32, 33, 34, 35, 36, 37, 38, 39, 40, I and V).

Criteria

6.1 There should be provisions for the sharing of information and intelligence relating to ML and FT with other jurisdictions (see FATF 32, 36, V).

6.2 There should be laws and procedures for mutual legal assistance in ML and FT law enforcement matters regarding the use of compulsory measures including the production of records by financial institutions and other persons, the search of persons and premises, seizure and obtaining of evidence for use in ML and FT investigations and prosecutions and in related actions in foreign jurisdictions (see FATF 3, 32, 34, 36, 37, 38, 40, I and V).

6.3 There should be appropriate laws and procedures to provide effective mutual legal assistance in a ML or FT investigation or proceeding where the requesting jurisdiction is seeking:

(i) the production of all types of documents, including financial documents; the production of other types of evidence, including the production of records by financial institutions, other corporations (legal persons), or other private persons (natural persons); searches of offices of financial institutions, offices of other legal persons; and homes of private persons; and seizure of the records held by financial institutions, and third parties; (ii) the taking of witnesses’ statements; and (iii) identification, freezing, seizure, or confiscation of assets laundered or intended to be laundered, the proceeds of ML and pf assets used for or intended to be used for FT, as well as the instrumentalities of such offences, or assets of corresponding value (see FATF 33, 37, 38, V).

6.4 Assistance should be provided in investigations and proceedings where persons have committed both laundering and the predicate offense as well as in investigations and proceedings where persons have committed laundering only (see FATF 3).

6.5 To the greatest extent possible, differing standards in the requesting and in the requested jurisdiction concerning the intentional elements of the offense under domestic law should not affect the ability to provide mutual legal assistance (see FATF 33).

6.6 International cooperation should be supported, such as through the use of bilateral or multilateral mutual legal assistance treaties or other formal arrangements, but also through informal mechanisms (see FATF 3, 33).

6.7 [RESERVED]

6.8 Cooperative investigations, including controlled delivery, with other countries’ appropriate competent authorities should be authorized, provided that adequate safeguards are in place (see FATF 3, 36).

6.9 There should be arrangements for coordinating seizure and forfeiture actions, including, where permissible, authorizing for the sharing of confiscated assets with other countries when confiscation is directly or indirectly a result of co-coordinated law enforcement actions (see FATF 38, 39).

6.10 There should be procedures to extradite individuals charged with a ML or FT offense or related offenses or to permit prosecution domestically when not extraditable (see FATF 3, 39, 40, V).

6.11 and 6.12 [RESERVED]

7. Controls and monitoring of cash transactions

The assessors should report on the existence of controls on the import and export of bank notes, and the procedures for the monitoring of and recording of cross-border movements of cash (e.g., declaration of large amounts of cash on entry and exit. In addition, the assessors should note whether general financial conditions influence the use of cash. Any particular factors that have resulted in increase or decrease in the use of cash in transactions should be recorded (e.g., existence of financial transaction taxes, use of credit or debit cards; limitations on size denomination of bank notes; confidence in the banking system, etc). (FATF 22-24, 30).

7.1 The jurisdiction is considering or has considered the feasibility of establishing system to collect and process information on domestic and international currency transactions above a fixed amount from financial services providers, who would make reports to national central agency for entry into a computerized database. If such a system exists, the database should be adequately maintained, available to the appropriate competent authorities, and used to support law enforcement efforts (see FATF 22, 23).

7.2 Financial services providers may, subject to domestic laws, regulations or rules, be required to identify, record and report all international currency transactions above a fixed amount to the FIU. A system should be considered or established to monitor and verify the data collection system (see FATF 22, 23).

7.3 Jurisdictions may require persons to report to a governmental authority significant cross border movements of currency or other negotiable instruments, or of other high value commodities such as gold or diamonds (see FATF 22, 23).

7.4 Aggregate statistical information on unusual international shipments of currency or other negotiable instruments, precious metals, or gems, etc. should be conveyed, as appropriate, to the Customs Service or other authorities of the jurisdiction from which the shipment originated and/or to which it is destined (see FATF 22, 30).

7.5 Development of modern money management techniques should be encouraged, so that cash transfer activity is increasingly replaced by other secure techniques of money management to enhance monitoring capabilities. Use of checks, payments cards, direct deposit of salary checks, and book entry recording of securities should be encouraged (see FATF 24).

B. Part 2: Assessment of the AML/CFT Elements in the Prudentially-Regulated Financial Sectors

25. For the prudentially regulated sectors—banking, insurance, and securities—the AML/CFT elements and assessment criteria draw from the supervisory and regulatory principles issued by the four standard setters. A core set of assessment criteria (Module 1— Core Criteria) has been drawn largely from the FATF Recommendations, which is broadly applicable across all three sectors.11 The core criteria has been supplemented by sector-specific assessment criteria developed from information and documentation issued by the Basel Committee (Module 2—sector-specific criteria for the banking sector); the IAIS (Module 3—sector specific criteria for the insurance sector); and the IOSCO (Module 4— sector specific criteria for the securities sector).12

26. The assessors will use the core and sector-specific criteria to assess compliance with six AML/CFT elements for the prudentially-regulated sectors. The six AML/CFT elements are as follows (i) organizational and administrative arrangements; (ii) customer due diligence and due diligence; (iii) monitoring of suspicious transactions; (iv) record keeping, compliance and audit; (v) information sharing and cooperation; and (vi) licensing and authorization. The six AML/CFT elements will be assessed for each of the banking, insurance, and securities sectors. For the six AML/CFT elements there is not in all cases sector-specific criteria. For example, the core criteria for licensing and authorization are applicable to all three sectors, and sector-specific criteria were not needed.

27. Within the core and sector specific criteria, the reference to supervisor/regulator would include the SRO commonly found in the securities industry. In addition, for the detection and prevention of ML and TF, the supervisor/regulator may work alone or in conjunction with other competent authorities, including law enforcement agencies and FIUs.

28. The banking sector will be subject to the AML/CFT Assessment in all cases. As a matter of principle the insurance and securities sectors will be included as well in all cases, except in those where the actual size of the considered sector is too small to be included. To the extent that banking, securities, or insurance activities are fully integrated for purposes of supervision and regulation, the AML/CFT Assessment could be similarly integrated.

29. Particular attention should be directed to whether there is (i) indication of high usage of cash or cash equivalents for securities or insurance transactions (e.g., are securities purchased routinely for cash); and (ii) the prevalence of financial products that are particularly vulnerable to ML (e.g., the single-premium life insurance policy).

Module 1—Core criteria

1. Organizational and administrative arrangements

The supervisor/regulator are playing a primary role in the prevention and detection of ML offenses, as well as for appropriate reporting of suspected money-laundering activities. The supervisor/regulator determines that regulated entities have in place policies, systems and procedures that are adequate to deter improper use of the regulated entities by criminal elements and prevent their use for money laundering. The supervisor/regulator promotes high ethical and professional standards by regulated entities.

Criteria

1.1 A competent authority (e.g., supervisor/regulator) should be designated to require an effective implementation of the FATF Recommendations through administrative supervision and regulation of financial service providers. The implementation of the FATF Recommendations should be imposed uniformly on all regulated entities, including those that do not conduct financial activities with residents or resident companies of the jurisdiction (see FATF 27).

1.2 The supervisor/regulator has adequate resources (financial, human and technical) to require effective implementation of FATF Recommendations. Resources should include specialist expertise on financial fraud and ML prevention obligations (see BCP 1 and 15).

1.3 The supervisor/regulator has adequate enforcement powers (regulatory and/or criminal prosecutory) to take action against a regulated entity, its management, and directors for noncompliance with supervisory, regulatory, or legal requirements for deterring ML (see FATF 6, 26).

1.4 The supervisor/regulator should require that foreign branches and subsidiaries of regulated entities are able to observe appropriate AML/CFT measures consistent with the home jurisdiction requirements. Moreover, regulated entities should inform their home jurisdiction supervisor/regulator when a foreign branch or subsidiary is unable to observe appropriate AML/CFT measures of the home jurisdiction (see FATF 20).

1.5 The supervisor/regulator requires that regulated entities have adequate screening procedures to ensure high standards when hiring employees (see FATF 19(i)).

1.6 The supervisor/regulator requires that regulated entities have developed training programs against ML. Training should educate new and existing staff in the importance of AML/CFT policies and requirements. Periodic and ongoing training should be available to keep employees informed of new developments. Training for new employees should include (i) description of the nature and processes of ML; (ii) explanation of the underlying legal obligations contained in relevant laws; and (iii) explanation of the vigilance policy and systems, including particular emphasis on customer due diligence, suspicious activity and reporting requirements (see FATF 19(ii)).

1.7 The supervisor/regulator determines that regulated entities have a policy statement on ethics and professional behavior that is clearly communicated to all staff (see BCP 15 and EC 11).

2. Customer identification and due diligence

The supervisor/regulator determines that as part of AML/CFT requirements, regulated entities have documented and enforced policies for identification of customers and those acting on their behalf. There should be a minimum set of customer identification information with additional identification requirements commensurate with the assessed risk of ML.

Criteria

2.1 The supervisor/regulator should require that regulated entities identify their customer or clients, either occasional or usual, when establishing business relations (in particular opening of accounts, entering into fiduciary transactions, renting of safe deposit boxes) or conducting transactions (in particular conducting large cash transactions) (see FATF 10).

2.2 Policy statements from the supervisor/regulator or guidance notes developed by the industry require that regulated entities develop clear customer acceptance policies and procedures (see CDD paper, paragraph 20).

2.3 The supervisor/regulator should require that regulated entities do not keep anonymous accounts or accounts in obviously fictitious names. Rules, whether laws, regulations, agreements between supervisory authorities and financial institutions, or self-regulatory agreements among financial institutions (e.g., guidance notes) should define the official or reliable identifying documents to verify a customer’s identity (see FATF 10) the supervisor/regulator or guidance notes developed by the industry require that regulated entities seek to ensure that transactions are not conducted with customers or clients that fail to provide satisfactory evidence of their identity (see CDD paper paragraph 22).

2.4 The supervisor/regulator should require that regulated entities fulfill identification requirements concerning legal entities. Regulated entities should take measures to verify (i) the legal existence and structure of the customer by obtaining proof of incorporation, including information concerning the customer’s name, legal form, address, directors and provisions regulating the power to bind the entity; and (ii) that any person purporting to act on behalf of the customer is so authorized and identify that person (see FATF 10, 25).

2.5 The supervisor/regulator should require that regulated entities are aware of the potential for abuse of shell corporations by money launderers. Supervisor/regulator should consider whether additional measures are required to prevent unlawful use of such entities (see FATF 25).

2.6 The supervisor/regulator should require that regulated entities take reasonable measures to obtain information about the true identity of the persons on whose behalf an account is opened or a transaction conducted if there are any doubts as to whether these clients or customers are acting on their own behalf. An example is the domiciliary company (i.e. an institution, corporation, foundation, trust, etc. that does not conduct any commercial or manufacturing business or any other form of commercial operation in the jurisdiction where its registered office is located) (see FATF 11).

2.7 The supervisor/regulator should require that regulated entities pay special attention to ML threats inherent in new or developing technologies that favor anonymity or allow “non-face-to-face” interaction with the entity, and take measures, if needed, to prevent their use in ML schemes (see FATF 13).

3. Monitoring and reporting of suspicious transactions

The supervisor/regulator determines that regulated entities have adequate formal procedures to recognize and report suspicious transactions. Regulated entities and competent authorities (e.g., FIUs) should establish and regularly revise systems for detection of unusual or suspicious patterns of activity that provide managers and compliance officers with timely information needed to identify, analyze and effectively monitor customer accounts.

Criteria

3.1 The supervisor/regulator should require that regulated entities pay special attention to all complex, unusual large transactions, and all unusual patterns of transactions, which have no apparent economic or visible lawful purpose (see FATF 14).

3.2 The supervisor/regulator should require that regulated entities report promptly to the FIU or other competent authority those instances where there is the suspicion that funds derive from a ML offense (see FATF 15, 18).

3.3 The supervisor/regulator should determine that regulated entities have clear procedures, communicated to all personnel, for reporting suspicious transactions to (i) the appropriate official(s) responsible for AML compliance within the regulated entity; and (ii) the FIU or other competent authority (see BCP 15, EC 5 and CDD para. 55).

3.4 The supervisor, regulator, competent authority and/or through self-regulatory arrangements should establish guidelines which will assist regulated entities in detecting suspicious patterns of behavior by their clients and customers. It is understood that such guidelines must develop over time, and will never be exhaustive. It is further understood that such guidelines will primarily serve as an educational tool for financial institutions’ personnel (see FATF 28).

3.5 The supervisor/regulator should require that regulated entities give special attention to business relations and transactions with financial institutions, persons, companies, and other corporate vehicles from countries/jurisdictions that do not apply sufficient AML/CFT measures (see FATF 21).

3.6 The supervisor/regulator/FIU or other competent authority as needed advises regulated entities of concerns about weaknesses in the AML systems of other countries, and can require that regulated entities exercise special care when conducting transactions with customers in those countries (see FATF 21, 28).

3.7 The supervisor/regulator should require that the regulated entity, as far as possible, establishes in writing those instances where there is a suspicion that funds or transactions derive from a ML offense. The written reports and other documentation should be available to help supervisors, auditors, and law enforcement agencies (see FATF 14, 21).

3.8 The supervisor/regulator should require that regulated entities and their employees do not warn customers when information about them is reported to the FIU or other competent authority and that the regulated entities and employees follow the instructions from the competent authority to the extent that there is a need for further investigation or review (see FATF 17, 18).

3.9 The supervisor/regulator should determine that if regulated entities suspect or have reasonable grounds to suspect that funds are linked or related to, or are to be used for terrorism, terrorist acts or by terrorist organizations, that the regulated entity reports promptly their suspicions to the FIU or other competent authority (see FATF IV).

4. Record keeping, compliance, and audit

The supervisor/regulator determines that regulated entities have formal record keeping systems for customer due diligence and individual transactions including a defined retention period of five years. Record keeping procedures should be regularly reviewed for compliance with applicable laws, regulations, guidance notes, and the internal policies of the regulated entity.

Criteria

4.1 The supervisor/regulator should require that regulated entities maintain, for at least five years, all necessary records on transactions, both domestic or international, to enable them to comply swiftly with information requests from the competent authorities. Such records must be sufficient to permit reconstruction of individual transactions (including the amounts and types of currency involved if any) so as to provide, if necessary, evidence for law enforcement purposes (see FATF 12).

4.2 The supervisor/regulator should require that regulated entities keep records on customer identification (e.g., copies or records of official identification documents like passports, identity cards, driving licenses or similar documents), account files and business correspondence for at least five years after the account is closed (see FATF 12).

4.3 The supervisor/regulator reviews record keeping mechanisms in regulated entities to ensure that client/customer and transaction information is available to domestic competent authorities in the context of relevant law enforcement investigations and proceedings (see FATF 12).

4.4 The supervisor/regulator determines that regulated entities have internal policies, procedures, and controls, including the designation of a compliance official (or officials as appropriate) at management level, with explicit responsibility for the compliance strategy and implementation, and that internal policies and procedures are, at a minimum, in accordance with local statutory and regulatory AML/CFT requirements (see FATF 19(i)).

4.5 The supervisor/regulator should require that internal audit and compliance departments of regulated entity monitor the implementation and operation of internal control systems and assure ongoing compliance with all relevant laws and regulations. Reporting systems should be in place to alert senior management and/or the board of directors if AML/CFT procedures are not properly followed (see FATF 19(iii)).

5. Cooperation between regulators and FIU or other competent authority FIU or other competent authority and supervisors/regulators should be able to exchange information related to suspected offenses.

Criteria

5.1 The supervisory/regulatory agency is able on its own initiative, or upon request, to exchange information or lend expertise relating to suspicious transactions, persons, and corporations involved in those transactions with the appropriate competent authority (see FATF 26 and 32).

5.2 Strict safeguards should exist to ensure that any exchange of information and/or provision of assistance by or with the supervisory/regulatory agency is consistent with national and applicable international provisions on privacy and data protection, but that these protections should not be conceived so as to inhibit implementation of appropriate AML/CFT measures consistent with FATF Recommendation 2 (see FATF 2, 32).

5.3 Clear guidance (by law, regulation or other measure) is provided on the gateways for the competent authorities (domestic and international) to obtain and/or exchange information related to suspicious activities, through both formal and informal mechanisms (see FATF 32).

6. Licensing and authorizations

The licensing authority should take the necessary legal or regulatory measures to ensure that only qualified persons control financial institutions. Measures should prevent control or acquisition of a material participation in financial institutions by criminals or their confederates.

Criteria

6.1 The regulator/supervisor should evaluate proposed directors and senior management as to expertise and integrity. The criteria for qualification could consider (i) skills and experience in relevant financial operations commensurate with the intended activities of the regulated entity, and (ii) no record of criminal activities or adverse regulatory judgments that make a person unfit to uphold important positions in a regulated institution (see BCP 3, EC 7).

6.2 The competent authority should ensure that necessary legal or regulatory measures are in place to guard against control or acquisition of a significant participation in a regulated entity by criminals or their confederates (see FATF 29).

6.3 In the case of a change in control or new significant participation in a regulated entity, the supervisor/regulator should carry out a background check on new owners or participants in manner similar to at the time of licensing (see FATF 29).

6.4 The home supervisor/regulator is aware of the high reputational risk that operating in some countries could create, and is able to implement additional safeguards where appropriate, and if necessary require that the regulated entity close down the operation in question (see FATF 21 and CDD paper, paragraph 67).

6.5 The licensing authority should ensure that branches and/or subsidiaries located abroad are able to observe appropriate AML/CFT measures consistent with the home jurisdiction requirements as a condition to licensing. Regulated entities should inform their home jurisdiction supervisor/regulator when a branch or subsidiary located abroad is unable to observe appropriate AML/CFT measures of the home jurisdiction (see FATF 20).

6.6 The supervisor, regulator or other competent authority in practice is able to stop quickly and effectively persons or entities from engaging in fraudulent or illegal conduct involving operation of a financial services business (see FATF 29).

6.7 The supervisor, regulator or other competent authority is able to withdraw the license on the grounds of substantial irregularities; e.g., if the regulated entity no longer meets the licensing requirements or seriously infringes the law in force (see FATF 6, 29 and BCP 22).

Module 2—Sector-specific criteria for the banking sector

Beyond Basel Core Principle (BCP) 15, other principles and related criteria are relevant for AML efforts. While several core principles also have relevance, of particular importance are principles that address weaknesses in banks’ management, organization and procedures, notably internal control and audit (BCP 14), in banking regulations and supervision, especially with regard to arrangements for sharing information between supervisors (BCP 1) and cooperation between the home and host bank supervisor (BCPs 23 to 25). Also related are the licensing and structure principles, which review bank licensing and suitability of owners of banks (BCP 3 to 5).

The section below expands on the criteria available in Basel Core Principles and also draws extensively from the Basel Committee’s policy papers related to the prevention of ML. These papers are the December 1988 “Prevention of criminal use of the banking system for the purpose of money-laundering” and the October 2001 “Customer due diligence for banks.”

1. Organizational and administrative arrangements—no applicable banking sector-specific criteria

2. Customer identification and due diligence—banking sector-specific criteria

2.1 The supervisor should require that banks conduct more extensive due diligence for private banking activities and higher risk customers, especially politically exposed persons,13 their families and associates, and should ensure that decisions to enter into such business relationships are taken at a senior management level. Banks should make reasonable efforts to ascertain that the customer’s source of wealth is not from illegal activities and review of the customer’s credit and character, and of the type of transactions the customer would typically conduct (see CDD paper, paragraph 20 and 54).

2.2 The supervisor should require that banks establish a systematic procedure for identifying new customers that requires that they not establish a banking relationship until the identity of a new customer is satisfactorily verified (see FATF 11 and CDD paper, paragraph 22).

2.3 The supervisor should require that banks have appropriate due diligence practices for introduced business and client accounts opened by professional intermediaries consistent with guidance set out in Customer due diligence for banks paper (see FATF 11 and CDD paper, paragraph 35-40).

2.4 The supervisor should require that banks document and enforce policies for identification of customers and those acting on their behalf. Procedures should address specific identification issues set out in Customer Due diligence for banks paper (see FATF 11, and CDD paper, paragraph 23, 32-34).

2.5 The supervisor should require that banks have appropriate identification procedures when entering into activity with non-face-to-face customers. (See guidance set out in Customer due diligence for banks paper, especially CDD paper, paragraph 45-48).

2.6 The supervisor should require that banks refuse to enter into or continue a correspondent banking relationship with a bank incorporated in a jurisdiction in which it has no physical presence and which is unaffiliated with a regulated financial group (i.e. shell banks).(see CDD paper, paragraph 51)

2.7 The supervisor should require that banks pay particular attention when continuing relationships with respondent banks located in jurisdictions that do not apply sufficient AML/CFT measures (see CDD paper, paragraph 51).

2.8 The supervisor should require that banks pay particular attention to correspondent banking services, notably (i) for wire transfer services; and (ii) that correspondent accounts might be used directly by third parties to transact business on their own behalf (e.g. payable-through accounts). Such arrangements give rise to most of the same considerations applicable to introduced business and should be treated in accordance with similar criteria (see CDD paper, paragraph 52).

2.9 Rules in a jurisdiction should require that banks include accurate and meaningful originator information (name, address, and account number) on funds transfers and related messages that are sent, and the information should remain with the transfer or related message through the payment chain. Countries should take measures to require that banks conduct enhanced scrutiny of and monitor for suspicious funds transfers, which do not contain complete originator information (name, address, and account number) (see FATF VII).

3. Monitoring and reporting of suspicious transactions

3.1 The supervisor/regulator should require that banks monitor accounts on a consolidated basis. Customers frequently have multiple accounts with the same bank, but in offices located in different countries. To manage its risks arising from such accounts, the supervisor should require banks to aggregate and monitor significant balances and activity in these accounts on a fully consolidated worldwide basis (see CDD paper, paragraph 16).

4. Record keeping, compliance and audit

4.1 The supervisor/regulator should require that banking groups apply Know Your Customer standards on a global basis, including requirements for documentation, and compliance testing by the parent.20

5. Cooperation between supervisors

5.1 The host jurisdiction supervisor/regulator should ensure that home jurisdiction supervisors have no impediments in accessing information, including from onsite examinations, needed to verify foreign operations’ compliance with Know Your Customer policies and procedures of the home jurisdiction.21

6. Licensing and authorizations—no applicable banking sector-specific criteria

Module 3—Sector specific criteria for the insurance sector

Insurance entities are expected to adopt and enforce AML/CFT policies that will govern the activities of their staff. They also need to ensure that their internal control systems are such as to ensure that policies adopted by their boards and management for preventing and deterring ML and FT are fully implemented, and that prompt follow-up action, such as reporting suspicious transactions to the FIU or other competent authority is taken.

The IAIS Core Principles of Insurance Supervision (Insurance Core Principles or ICP). Principles 1, 2, 3, 4, 5, 10, and 16, contain criteria that are relevant for AML/CFT efforts. Most important among these principles for AML/CFT purposes are internal controls. That said, experience with ICP assessments has revealed that in many cases internal control procedures within insurance entities are not well established and supervisors have been weak in promoting their development. If management and supervisors are not able to rely on internal control systems for general operating purposes, it will be unlikely that company management and staff will have effective AML/CFT controls.

The sector-specific criteria draws extensively from the IAIS “AML Guidance Notes for insurance supervisors and insurance entities” as of January 2002.

1. Organizational and administrative arrangements—no applicable insurance sector-specific criteria

2. Customer identification and due diligence—insurance sector specific criteria

2.1 The supervisor should determine that the insurance entity establishes to reasonable satisfaction that every verification subject relevant to the application for insurance business actually exists. All the verification subjects of joint applicants for insurance business should normally be verified. Where there are a large number of verification subjects (e.g., in the case of group life and pensions) it may be sufficient to carry out verification to the letter on a limited group only, such as the principal shareholders, the main directors of a company, etc.

2.2 The supervisor should require that the insurance entity does not enter into a business relationship or carry out a significant one-off transaction unless it is fully implementing the above systems. An important pre-condition of recognition of a suspicious transaction is for the insurance entity to know enough about the customer to recognize that a transaction or a series of transactions are unusual.

2.3 The supervisor should require that an insurance entity carries out verification in respect of the parties entering into the insurance contract. On occasion there may be underlying principals and, if this is the case, the true nature of the relationship between the principals and the policyholders should be established, and appropriate inquiries performed on the former, especially if the policyholders are accustomed to act on their instruction. Anonymous accounts or fictitious names should be prohibited.

2.4 If claims, commissions, and other monies are to be paid to persons (including partnerships, companies, etc). other than the policyholder then the proposed recipients of these monies should be the subjects of verification.

3. Monitoring and reporting of suspicious transactions—insurance sector specific criteria

3.1 The competent authority provides guidance to identify suspicious transactions. Examples would include (i) any unusual or disadvantageous early redemption of an insurance policy; (ii) any unusual employment of an intermediary in the course of some usual transaction or financial activity e.g., payment of claims or high commission to an unusual intermediary; and (iii) any unusual method of payment; transactions involving persons, companies or other entities from countries or other jurisdictions where AML/CFT measures are viewed to be inadequate.

3.2 The supervisor should verify that insurance entities are alert to the implications of the financial flows and transaction patterns of existing policyholders, particularly where there is a significant, unexpected and unexplained change in the behavior of policyholders account (e.g., early surrenders). The insurance entity and the insurance supervisor should be extra vigilant to the particular risks from the practice of buying and selling second hand endowment policies, as well as the use of single premium unit-linked policies. The insurance entity should check any reinsurance or retrocession to ensure the monies are paid to bona fide re-insurance entities at rates commensurate with the risks underwritten.

4. Record keeping, compliance and audit—insurance sector specific criteria

4.1 The supervisor should require that the insurance entity maintain records to assess (i) initial proposal documentation including: where completed, the client financial assessment (the “fact find”), client’s needs analysis, details of the payment method, illustration of benefits, and copy documentation in support of verification by the insurance entity; (ii) postsale records associated with the maintenance of the contract, up to and including maturity of the contract; and (iii) details of the maturity processing and/or claim settlement including completed “discharge documentation.”

4.2 The supervisor should issue guidelines and verify that if an appointed representative of the insurance entity is licensed under the insurance law in the insurance supervisor’s jurisdiction then the insurance entity, as principal, can rely on the representative’s assurance that the person will keep records on the insurance entity’s behalf. The insurance entity may keep such records. In such a case it is important that the division of responsibilities be clearly agreed between the insurance entity and the representative. If an agency is terminated, responsibility for the integrity of such records rests with the insurance entity as product provider.

4.3 Rules, regulations or guidelines should specify if the appointed representative is not itself licensed, it is the direct responsibility of the insurance company or intermediary as principal to ensure that records are kept in respect of the business that such representative has introduced to it or effected on its behalf.

4.4 Guidelines should recommend that insurance and reinsurance companies foster close working relationships between underwriters and claims investigators. Reporting systems should be in place to alert senior management and/or the board of directors if AML/CFT procedures are not properly followed.

4.5 Consistent with Insurance Core Principle criterion 5.8, the supervisor should have the authority to require that insurance entities have an ongoing audit function of a nature and scope appropriate to the nature and scale of the business. This includes ensuring compliance with all applicable policies and procedures and reviewing whether the insurer’s policies, practices, and controls remain sufficient and appropriate for its business.

5. Cooperation between supervisors and competent authorities—no applicable insurance sector-specific criteria

6. Licensing and authorizations—no applicable insurance sector-specific criteria

Module 4—Sector-specific criteria for the securities sector

The IOSCO principles described in this Methodology have been taken from the IOSCO document “Objectives and Principles of Regulation” (IOSCO Principles, February 2002) and the Principles for the Supervision of Operators of Collective Investment Schemes (CIS, September 1997). The criteria are those deemed relevant in relation to efforts to counter ML and are drawn from the following source: IOSCO Technical Committee, “Report on Money Laundering,” October 1992. Assessment criteria also draws from the 1997 IOSCO resolution on Principles for record keeping, collection of information, enforcement powers and mutual cooperation to improve the enforcement of securities and futures laws.

1. Organizational and administrative arrangements—no applicable securities sector-specific criteria

2. Customer identification and due diligence—no applicable securities sector-specific criteria

3. Monitoring and reporting of suspicious transactions—no applicable securities sector-specific criteria

4. Record keeping, compliance and audit—no applicable securities sector-specific criteria

4.1 The competent authority should require that market intermediaries comply with standards for internal organization and operational conduct that aim to protect the interests of clients, ensure proper management of risk, and under which management of the intermediary accepts primary responsibility for these matters (IOSCO Principles 12.1).

4.2 The competent authority should require that market intermediaries maintain records necessary as confirmation that regulatory rules and procedures have been complied with. Legible, comprehensible, and comprehensive records should be maintained of all transactions involving collective investment assets and transactions (IOSCO CIS 9).

5. Cooperation between regulators

5.1 Information sharing and assistance arrangements, whether formal or informal, should consider (i) assistance in obtaining public or non-public information, for example, about a license holder, listed company, shareholder, beneficial owner or a person exercising control over a license holder or company; (ii) assistance in obtaining banking, brokerage or other records; (iii) assistance in obtaining voluntary cooperation from those who may have information about the subject of an inquiry; (iv) assistance in obtaining information under compulsion—either or both the production of documents and oral testimony or statements; and (v) assistance in providing information on the regulatory process in a jurisdiction, or in obtaining court orders, for example, urgent injunctions (IOSCO Principles 9.4, FATF 32).

6. Licensing and authorizations—securities sector specific criteria

6.1 Regulation should provide for minimum entry and eligibility standards for operators of collective investment schemes and market intermediaries (IOSCO Principles 11.1, 12.1).

C. Part 3: Assessment of the AML/CFT Elements for Other Service Providers

Part 3 sets out the criteria for assessing implementation of AML/CFT elements for foreign exchange houses, money remittance, funds transfer companies, and, on a case by case basis, trust and company service providers and other financial service providers22 where inclusion is necessary to ensure an effective AML/CFT regime. The FATF is revising its guidance on relevant AML/CFT measures that should apply to other financial service providers, and further guidance as to criteria to determine inclusion of other service providers and the assessment procedures will be developed over time as relevant data and standards become available. For purposes of Part 3, the financial service providers include both specific financial entities and individuals that provide financial services.

The FATF Recommendations oblige that AML/CFT principles such as customer due diligence and the monitoring of suspicious transactions apply to other financial service providers outside of the prudentially regulated financial sector. The decision on which financial service activities to include as part of the AML/CFT assessment should be determined by the mission head in consultation with the AML/CFT coordinator, national authorities, and others as appropriate.

Prior AML assessments will be particularly useful for determining scope of coverage especially for inclusion in the AML/CFT assessment those other financial service providers.

After considering the areas to include in the assessment under Part 3, assessors will evaluate a common set of AML/CFT elements, which are the same as in Part 2 (i) organizational and administrative arrangements; (ii) customer due diligence; (iii) monitoring of suspicious transactions; (iv) record keeping; (v) cooperation among competent authorities; and (vi) licensing and authorization requirements where appropriate.

1. Organizational and administrative arrangements

The competent authority provides for the prevention and detection of ML and other criminal activity, as well as for appropriate reporting of suspected money-laundering activities. Legal obligations could include a training requirement depending on nature of specific activity.

Criteria

1.1 A competent authority should be designated to ensure an effective implementation of the FATF Recommendations through administrative supervision and regulation of financial service providers (see FATF 27).

1.2 The competent authority has adequate resources (financial, human and technical) to ensure effective implementation of FATF Recommendations (see FATF 19).

1.3 The competent authority ensures that regulated entities have developed training programs against ML. Training should educate new and existing staff in the importance of AML/CFT policies and requirements (see FATF 19).

2. Customer identification and due diligence

The competent authority should require that the legal provisions for customer due diligence (see Section IV. A. 1a) are in place and observed commensurate with the assessed risk of ML or FT posed by the financial service activity. There should be a minimum set of customer identification information with additional identification requirements commensurate with the assessed risk of ML.

Criteria

2.1 The laws, regulations or other guidance to financial service providers for customer due diligence should be properly disseminated to the service providers, who should be periodically reminded of their legal obligations for customer due diligence (see FATF 10).

2.2 The relevant regulator or supervisory body should set rules or guidelines that obligate money remittance/transfer companies to obtain accurate and meaningful originator information (name, address, and account number) on funds transfers and related messages that are sent, and the information should remain with the transfer or related message through the payment chain and that records are maintained in good order and accessible to the relevant regulator, supervisory body and the FIU or other competent authority (see FATF 11, VII).

2.3 With respect to prudentially-regulated company and trust service providers, the relevant regulator or supervisory body should require that the service providers are informed of the legal arrangements governing corporate and other vehicles, particularly for nonresident customers the relevant regulator, supervisory body and industry association, should be aware of the potential abuses of shell corporations by money launderers and consider additional measures to prevent unlawful use of such entities (see FATF 25).

3. Monitoring and reporting of suspicious transactions

The competent authority determines that financial service providers have procedures to recognize and report suspicious transactions.

Criteria

3.1 The law or mandatory regulation should require that financial service providers pay special attention to all complex, unusual large transactions, and all unusual patterns of transactions, which have no apparent economic or visible lawful purpose. Attention also needs to be paid to risks stemming from new technologies that favor anonymity (see FATF 10, 14).

3.2 The law or mandatory regulation should require that the regulated entity, as far as possible, establishes in writing those instances where there is a suspicion that funds derive from a ML offence. The written reports and other documentation should be available to help supervisors, auditors, the FIU or other competent authority and law enforcement agencies (FATF 14, 21).

3.3 The law or mandatory regulation should require that financial service providers report to the FIU or other competent authority those transactions where it is suspected that funds stem from a ML offense (see FATF 15).

3.4 The regulator, supervisory body, the FIU or other competent authority should inform financial service providers of their duty not to warn customers when information relating to them is being reported to the FIU or other competent authority and that they should comply with the instructions from the regulator, supervisory body or the FIU or other competent authority (see FATF 17, 18).

3.5 The law or mandatory regulation should require that financial service providers that suspect or have reasonable grounds to suspect that funds are linked or related to, or are to be used for terrorism, terrorist acts or by terrorist organizations, that the financial service provider reports promptly their suspicions to the FIU or other competent authority (see FATF IV).

4. Record keeping

The law or mandatory regulation determines that financial service providers maintain records regarding customer identification and individual transactions. Records should be maintained for a period of five years.

Criteria

4.1 Rules, whether laws, regulations, or guidance notes should define which identifying documents are to be maintained, and that those rules and regulations are well known, easily available, and well understood by financial service providers (see FATF 12).

4.2 The competent authority should require that financial service providers maintain necessary records on transactions to enable them to reconstruct individual transactions. These records should be kept for a minimum of five years (see FATF 12).

5. Cooperation among competent authorities

Competent authorities in this field (regulators, supervisors and FIU) should be able to exchange information (typically through the FIU) related to suspected or actual criminal activities.

Criteria

5.1 The relevant regulator, supervisory body and/or the FIU should be able on its own initiative, or upon request, to exchange information or lend expertise relating to suspicious transactions, persons, and corporations involved in those transactions with the appropriate other competent authorities domestic or foreign (see FATF 26, 32). Moreover the FIU or other competent authority is able to exchange information spontaneously or upon request with foreign counterpart FIUs.

5.2 Strict safeguards should exist to ensure that any exchange of information and/or provision of assistance by or with competent authorities are consistent with national and applicable international provisions on privacy and data protection (see FATF 22, 23, 32).

5.3 Clear guidance (by law, regulation or other measure) is provided on the gateways for the competent authorities (domestic and international) to obtain and/or exchange information related to suspicious activities (see FATF 32).

6. Licensing and authorizations

The regulatory or supervisory authority that authorize the provision of financial services should take the necessary legal or regulatory measures to ensure that delivery of financial services are by properly qualified persons. Measures should prevent control or acquisition of a material participation in financial service provider by criminals or their confederates.

Criteria

6.1 Where appropriate, the competent authority should ensure that only qualified persons control financial service providers. Relevant qualification criteria shall consider (i) skills and experience commensurate with the intended activities; and (ii) record of criminal activities and/or adverse regulatory judgments (see FATF 29).

6.2 The competent authority should require that necessary legal or regulatory measures are in place to guard against control or acquisition of a significant participation in a regulated entity by criminals or their confederates (see FATF 29).

6.3 With respect to foreign exchange houses, the competent authority has or is taking measures to know the existence of all natural and legal persons who, in a professional capacity, perform foreign exchange transactions. At a minimum, countries should have a system whereby the foreign exchange houses are known or declared to the competent authority (whether regulatory or law enforcement) (see FATF 8, 9).

Table 1.

Mapping of the Fund-Bank AML/CFT Methodology to the FATF 40 Recommendations23

article image
article image
article image
article image
article image
article image
Table 2.

Mapping of the Fund-Bank AML/CFT Methodology to the FATF 8 CFT Recommendations

article image
article image

Annex II

Assessment of Implementation of Legal and Institutional Elements Outside of the Supervisory or Regulatory Framework

As proposed by the FATF ROSC Working Group

Introduction

This Annex was prepared by the FATF Working Group in consultation with Fund and Bank staff.1 It includes criteria to cover the assessment of implementation of legal and institutional elements not already covered in the AML/CFT Methodology (Annex I). The criteria in this Annex are more recent and therefore less well developed than the criteria in Annex I, and staff anticipate further refinements as consultations with the Boards, with FATF, with other standard setters, and with the Egmont Group continue.

Criteria are numbered to correspond with the related criteria found in Annex I.

When taken together, Annexes I and II would constitute a comprehensive methodology for assessing the entire FATF 40+8 Recommendations. While Annex II is not part of the current AML/CFT Methodology to be used by Fund and Bank staff, it does provide a basis for a considered discussion of what, in practical terms, would be involved in an assessment of the implementation of the legal and institutional framework for an AML/CFT regime.

In the review of the implementation of legal and institutional framework, the assessors are to determine whether the laws in force are adequately implemented. In assessing implementation, due consideration is to be given to the level of development of the jurisdiction, how long the laws have been in effect and the jurisdiction’s particular vulnerabilities to ML and FT (including the existence of any offshore financial services). On occasion, additional considerations are noted as an aid to the assessor.

article image

3A. Criminalization of ML and FT

Laws providing for the criminalization of ML and FT should be enforced effectively (see FATF 1, 4, 5, 6, II).2

Criteria

3.2A The jurisdiction should be implementing the provisions of the 1988 United Nations Convention against Illicit Traffic in Narcotic Drugs and Psychotropic Substances (the Vienna Convention), the United Nations International Convention for the Suppression of the Financing of Terrorism, and the United Nations Convention against Transnational Organized Crime (the Palermo Convention) relevant to AML/CFT of these Conventions (see FATF 1, I).

3.10 The necessary legal means and resources should be established to enable an effective implementation of ML and FT laws.

3.11 There should be an adequate legal basis, consistent with individual human rights, for the use of a wide range of investigative techniques, including controlled delivery, lawful interception provisions, undercover operations, etc. Where permitted, such techniques should be used, as appropriate, in conducting investigations of ML, FT, and the predicate offenses (FATF 36 and Interpretative Note to FATF 36).

3.12 Law enforcement authorities should be able to compel production of bank account records, financial transaction records, customer identification records, and other records maintained by financial institutions and other financial intermediaries, through lawful process (for example, subpoenas, summonses, search and seizure warrants, or court orders could be used), as necessary to conduct investigations of ML, FT, and the predicate offenses (see FATF 12, 37).

3.13 There should be authority to require witnesses, through lawful process and consistent with individual human rights, to provide testimony for cases involving ML and FT (see FATF 37).

3.14 Appropriate mechanisms (such as a “task force”) should be considered or available to ensure, where required, adequate cooperation and information sharing among different government agencies involved in investigations of ML, FT, and the predicate offenses (e.g., the national federal police, local or regional police, customs service, financial intelligence unit, and/or other entities).

3.15 Adequate resources, including funding, equipment, and staff, should be allocated to investigate and prosecute ML and FT.

3.16 Authorities should keep statistics of the number of ML and FT investigations, prosecutions, and convictions. The number of convictions should be sufficient given the number of prosecutions and the number of prosecutions should be sufficient given the number of investigations (see FATF 1, II).

3.17 Authorities should keep statistics of investigations initiated on the basis of STRs, and as a result of “on the street” or predicate offenses investigations. The number of cases initiated on the basis of financial transaction reports should be sufficient taking into account the total number of reports received.

3.18 Typologies and trends should be reviewed on a regular, interagency basis to enable law enforcement personnel to be kept abreast of the latest developments in ML and FT modalities, such as “trade based ML” and “alternative remittance systems,” as well as others.

3.19 Sufficient training should be provided to administrative, investigative, prosecutorial, and judicial authorities for enforcing laws to combat ML and FT, in particular concerning to the scope of predicate offenses, ML and FT typologies, and techniques to investigate and prosecute them.

3.20 Where appropriate, jurisdictions may specially train and/or certify financial investigators for, inter alia, investigations of ML, FT, and the predicate offenses.

3.21 Adequate efforts should be made to address problems encountered by the authorities in achieving successful investigations, proceedings, prosecutions, and convictions.

3.22A Authorities should keep statistics on criminal, civil, or administrative sanctions applied (see FATF 6, 7).

4A. Confiscation of proceeds of crime or assets used to finance terrorism

Competent authorities should effectively use laws providing for the confiscation of assets to deprive criminals, including money launderers and those who finance terrorism, of their assets and financial gains, but should adequately protect the rights of innocent or bona fide third parties. Forfeiture/confiscation orders should be reciprocally enforced and, where necessary, seizure or freezing orders issued by foreign courts (see FATF 7, , 38, 39 III).3

Criteria

4.10 Authorities should keep statistics on the amounts of assets traced, frozen, seized, or confiscated relating to ML and/or FT (see FATF 7, 38).

4.11 Sufficient training should be provided to administrative, investigative, prosecutorial, and judicial authorities for enforcing laws related to freezing, seizure, and confiscation of assets.

4.12 The assets of persons that are identified as being terrorists under United Nations Security Council Resolutions relevant to the prevention and suppression of the FT (e.g., U.N.SCRs 1267, 1269, 1390) should be subjected to the provisional measures provided by these resolutions, and authorities should keep statistics on the amounts of assets frozen and the number of individuals or entities whose assets have been frozen. Other provisions of the relevant U.N.SCRs, including U.N.SCR 1373, should be implemented, as well (see FATF I, III).

4.13 Additionally, authorized government officials should have the authority to identify and freeze the assets of suspected terrorists whose names may not appear on the list(s) maintained by the relevant committees of the U.N. Security Council (see FATF I, III).

4.14 In addition to confiscation and criminal sanctions, if permissible under the jurisdiction’s legal system, the jurisdiction should consider establishing an asset forfeiture fund into which all or a portion of confiscated property will be deposited and will be used in the management of seized and confiscated assets, as well as for law enforcement, health, education or other appropriate purposes (see Interpretative Note to FATF 38).

4.15 The jurisdiction should consider asset sharing mechanisms, when possible, to enable it to share confiscated property with other jurisdictions, particularly when confiscation is directly or indirectly the result of coordinated enforcement actions. Unless otherwise agreed, such reciprocal sharing arrangements should not impose conditions on jurisdictions receiving the shared assets (see Interpretative Note to FATF 38).

5A. Processes for receiving, analyzing, and disseminating disclosures of financial information and intelligence

The FIU should be operational and functioning effectively (see FATF 15, 23, 26, 27, 28, 31, 32, IV).4

Criteria

5.17 Authorities should, where appropriate, keep statistics on the number of suspicious or unusual transaction reports (STRs) received by the FIU as well as the number of STRs analyzed and disseminated. The number of STRs analyzed and disseminated should be adequate based on the number of STRs received (see FATF 15, IV).

5.18 Authorities should keep statistics on the number of STRs resulting in investigation, prosecution, or convictions (see FATF 15, IV).

5.19 Authorities should keep statistics on the number and types of requests for assistance received by the FIU, from both domestic and foreign authorities, as well as the number and types of responses provided to the requests received (see FATF 32).

5.20 Authorities should keep statistics on the number of spontaneous referrals made by the FIU to both domestic and foreign authorities (see FATF 32).

5.21 If the jurisdiction requires the reporting of large currency transactions, statistics should be kept on the number of reports filed (see FATF 23).

6A. International cooperation in AML/CFT matters

Laws should permit bilateral and multilateral cooperation and the provision of mutual legal assistance should be used to the fullest extent possible to give effect to requests for assistance from foreign authorities relative to ML and FT investigations, prosecutions, confiscations, extraditions, and other actions and proceedings (see FATF 1, 3, 32, 33, 34, 35, 36, 37, 38, 39, 40, I and V).5

Criteria

6.7 There should be arrangements in place for competent agencies to exchange information regarding the subjects of investigations with their international counterparts, based on agreements in force and by other mechanisms for cooperation. The authorities should record the number, source and purpose of the request for such information exchange, as well as its resolution (see FATF 34, V).

6.11 Relevant authorities should be provided adequate financial, human or technical resources to ensure adequate oversight and to conduct investigations and to respond promptly and fully to requests for assistance received from other countries.

6.12 The authorities should give timely and effective follow up to requests for mutual legal assistance (see FATF 37, 38).

1

Communique of the International Monetary and Financial Committee of the Board of Governors of the InternationalMonetary Fund(April 20, 2002).

2

The FATF Working Group will meet June 18, 2002.

3

For a discussion of the ROSC principles see, Summing Up by the Acting Chairman Assessing the Implementation of StandardsA Review of Experience and Next Steps, SUR/01/13 (2/9/01), Executive Board Meeting 01/10, January 29, 2001. Assessing the Implementation of StandardsA Review of Experience and Next Steps, SecM2001-0032, January 17, 2001

4

OFCs typically assess compliance of the trust company service provider sector. A few of the AML/CFT assessments in FSAPs using Annex I have also reviewed the implementation of the regulatory framework in the case of exchange bureaus.

5

They would have to observe an approach that was uniform, including using the same methodology for all assessments (the FATF’s NCCT process uses a different methodology from those of mutual evaluations), voluntary (the F ATF NCCT process is mandatory and can result in the imposition of sanctions) and cooperative, including not using a pass-fail approach (the FATF NCCT process labels jurisdictions either “cooperative” or “non-cooperative”) and giving the jurisdiction the opportunity to publish a right of reply alongside the ROSC (the FATF NCCT process does not allow such a right of reply).

1

See Fund and Bank Methodology for Assessing Legal, Institutional, and Supervisory Aspects of Anti-Money Laundering and Combating the Financing of Terrorism (SM/02/40, February 8, 2002), and SECM2002-0006 January 22, 2002 Proposed Action Plan for Enhancing the Bank’s Ability to Respond to Clients in Combating Money Laundering and the Financing of Terrorism.

2

In these cases the FIU or general civil or criminal justice system is typically charged with implementation.

1

Some regions such as West and Central Africa, the Middle East, and Central Asia are not covered by FSRBs.

2

Under Artide X of Agreements, the Fund must cooperate with any general international organization and with public organization having specialized responsibilities in related fields (see Annex to Selected Decisions). Outside experts from cooperating institutions routinely participate in FSAP exercises, including for assessments of standards and codes. Use of outside experts is necessitated by a wide range of expertise required for the FSAP and assessment of standards and codes within the FSAP. At the time of the latest FSAP review, the number of cooperating institutions including central banks, supervisory and standard setting agencies providing experts exceeded 50. See staff report SM/00/263: Financial Sector Assessment Program (FSAP)A Review: Lessons from the Pilot and Issues Going Forward, section “Involvement of outside experts”, pp. 23-25.

3

For example, in the cases of misreporting in Russia (1999) and Ukraine (2000), the Fund relied on external auditors’ reviews (PriceWaterhouseCoopers) of central banks’ accounts.

4

While because of the way in which staff undertakes AML/CFT assessments it is unlikely information on individual cases would come to light (assessments are of the regulator’s capacity and implementation efforts, and not of the financial sector persons themselves), it is still possible.

5

ROSCs publication is voluntary (see Transparency and Fund PoliciesDecisions and Modalities (SM/00/190, Supplement 7, 1/11/00). In the period January 4, 2001 through March 31, 2002, about three-quarters of ROSCs and about half of the Financial System Stability Assessments (FSSAs) have been published (see “The Fund’s Transparency PolicyReview of the Experience and Next Steps, “ (EBS/02/90, May 28, 2002). The “Review of Technical Assistance Policy and Experience “ (forthcoming) a broadening of the policy on the dissemination of technical assistances reports.

6

FSAP documents, which are not shared with the Boards of the Bank or the Fund (nor published), normally contain detailed and confidential information on individual FSPs. Systemic information on financial sector vulnerability is drawn from the FSAP into Financial Sector Stability Assessments (FSSAs) for discussion by Fund’s Board, and broad financial sector development issues from the FSAP are the basis for Financial Sector Assessments (FSAs) for the Bank’s Board.

1

Summing Up—Enhancing Contributions to Combating Money Laundering (BUFF/01/54 April 13, 2002).

2

The core issues for surveillance are exchange rate policies and their consistency with macroeconomic polices; financial sector issues; the balance of payments and capital account flows and stocks, and related cross-country themes. See Summing Up by the Acting Chairman for 2000 Biennial Review of Surveillance (SUR/00/32).

3

SM/98/224, 09/02/98.

4

Concluding Remarks by the Acting Chairman Bank-Fund CollaborationReport of the Managing Director and the President; and Review of Collaboration in Strengthening Financial Systems Executive Board meeting 98/102, 9/22/1998.

5

The Acting Chairman Summing Up—Intensified Fund Involvement in Anti-Money Laundering and Combating the Financing of Terrorism Executive Board Meeting 01/116 (BUFF /01/176).

6

Summing Up by the Acting Chairman for Offshore Financial Centers—The role of the IMF (BUFF/00/98).

7

SecM2001-0228, April 30, 2001 Enhancing Contributions to Combating Money Laundering: Policy Paper.

8

I.F.I. Shihata, Prohibition of Political Activities in the Bank’s Work, July 11, 1995 (SecM95-707, July 12, 1995) reproduced at Shihata, World Bank Legal Papers at p. 229.

9

See January 22, 2002 Proposed Action Plan for enhancing the Bank’s Ability to Respond to Clients in Combating Money Laundering and the Financing of Terrorism (SecM2002-0006).

10

SecM2001-0228, April 5, 2001 Enhancing contributions to Combating Money Laundering: Policy Paper: SecM200-0532, August 31, 2001 Anti-Money Laundering (AML)—Progress Report SecM2002-0006 January 22, 2002 Proposed Action Plan for enhancing the Bank’s Ability to Assist Clients in Combating Money Laundering and the Financing of Terrorism; and SecM2002-0165, April 9, 2002 Intensified Work on Anti-Money Laundering and Combating of Financing of Terrorism (AML/CFT)

11

See April 5, 2001 Enhancing Contributions to Combating Money Laundering: Policy Paper (SecM2001-0228.

1

FATF press release October 30, 2001.

2

The draft was sent for information to the Boards of the Fund and Bank on February 8, 2002 and, simultaneously, to standard setters for comment. See SM/02/40; February 8, 2002.

3

Part IV. A. 1. (v), the processes for collection, analysis, and dissemination of financial information and intelligence, relies on best practices as indicated by a review of the existing laws and regulations on FIUs of 14 Fund/Bank member countries, as well as on standards and principles adopted or used by the Egmont Group of FIUs and by the UNDCCP model laws.

4

Other financial services subject to regulation (e.g., company and trust service providers in OFCs) for assessment purposes are addressed under Part 3.

5

FIUs may also play important roles in helping to uncover crimes other than ML or terrorism finance (e.g., bank fraud). However, because the subject of this methodology is AML/CFT only, these other roles are not subject to assessment.

6

The Egmont Group of FIUs defines an FIU as a central, national agency responsible for receiving (and, as permitted, requesting) analyzing and disseminating to the competent authorities, disclosures of financial information (i) concerning suspected proceeds of crime; or (ii) required by national legislation or regulation in order to counter ML.

8

Financial service providers should ensure that the criteria relating to customer due diligence are also applied to branches and majority owned subsidiaries located abroad, subject to local laws and regulations.

9

See Criterion 3.8 for appropriate knowledge standards.

10

The FIU is a central, national agency responsible for receiving (and, as permitted, requesting), analyzing and disseminating to the competent authorities, disclosures of financial information (i) concerning suspected proceeds of crime; or (ii) required by national legislation or regulation, in order to counter money laundering.

11

Criteria drawn from draft materials prepared by the FATF Working Group collaborating on the assessment methodology for the FATF 40 Recommendations.

12

It should be understood that the sector-specific information in the AML/CFT methodology will not replace any of the individual core principles of the actual standards issued by the Basel Committee, IAIS and the IOSCO.

13

As defined in Customer due diligence for banks (Basel publication 85—October 2001), politically exposed persons are individuals who are or have been entrusted with prominent public functions, including heads of state or of government, senior politicians, senior government, judicial or military officials, senior executives of publicly owned corporations and important political party officials.

20

Ibid-Paragraph 64.

21

Ibid-Paragraphs 68 to 69.

22

Other financial service providers that could be included are institutions or individuals that (i) accept deposits or funds from the public; (ii) make loans or leases; (iii) provide financial guarantees and commitments; and (iv) provide safekeeping and administration of cash or liquid securities on behalf of clients (see Annex to FATF Recommendation 9).

23

Table references are to the relevant criteria within the AML/CFT methodology.

1

The consultation with the Fund and Bank does not constitute endorsement or approval of the Working Group’s proposal.

2

All core elements embody both institutional capacity (the capacity needs of supervisory authorities to ensure effective implementation of AML/CFT rules) and implementation (implementation of AML/CFT rules).

3

See footnote 2.

4

See footnote 2.

5

see footnote 2.

Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) - Materials Concerning Staff Progress Towards the Development of a Comprehensive AML/CFT Methodology and Assessment Process
Author: International Monetary Fund