AML/CFT Regulation

FATF recommendations provide guidance on what actions institutions should implement internally to reduce the risk of money laundering and financing of terrorism, such as customer due diligence, record keeping, and reporting. In order to maintain a reasonable standard of AML/CFT compliance, countries are advised to adopt measures in proportion to the potential risk of money laundering and the financing of terrorism.

AML/CFT Measures Required at the National Level

Countries have an obligation to protect the financial integrity of their financial system. However, countries have flexibility in how they achieve this objective and can adopt a risk-based approach. For example, if the authorities decide that an institution's operations represent a low risk for money laundering and the financing of terrorism, they can exempt some financial service providers from compliance with AML/CFT regulations. If, on the basis of risk analysis, national authorities decide that there is a need to implement AML/CFT regulations, they still have considerable latitude in how to implement the measures. Establishing a risk-based approach to regulation requires a good understanding of the extent of risk for money laundering and the financing of terrorism within the country/jurisdiction.

AML/CFT Measures Required at the Institutional Level

At the institutional level, AML/CFT compliance involves four main activities: internal controls, customer due diligence, surveillance and record keeping, and reporting of suspicious activities. Establishing new internal controls may require financial institutions to change client intake forms, operating procedures, and information systems. Training staff in new procedures is vital to the successful implementation of internal controls and overall AML/CFT compliance. Background checks on board members, shareholders, and employees help protect the institution. Donations and contributions should also be verified to ensure they are from legitimate sources.

FATF requires financial institutions to be able to verify the identity of their clients. Implementing customer due diligence measures can help institutions to comply with the regulations. Although FATF's AML/CFT recommendations do not specifically mention the address of customers in reference to customer due diligence, some countries have included verification of client addresses in their national AML/CFT frame- works. FATF says that "there are circumstances in which it would be reasonable" for a country to allow its financial institutions to apply customer due diligence measures "on a risk-sensitive basis". A few countries have shown flexibility in implementing customer due diligence requirements that accommodate the situation of low-income people. Uganda, Tanzania, and Kenya all accept letters from the local authority in rural villages as identification for their clients who do not have an official identity card. More work is needed to ensure a high level of security in customer due diligence that does not threaten poor people's access to services. Financial service providers, working closely with their industry associations and national authorities, are well placed to develop effective methods of verifying the identity of their clients.

Box 2 FATF Definition of Financial Institutions and Their Activities

"Financial institutions" refers to any person or entity conducting as a business one or more of the following activities or operations for or on behalf of a customer:

1. Acceptance of deposits and other repayable funds from the public, including private banking

2. Lending - includes, inter alia, consumer credit; mortgage credit; factoring, with or without recourse; and finance of commercial transactions (including forfeiting)

3. Financial leasing - does not extend to financial leasing arrangements in relation to consumer products

4. The transfer of money or value - applies to financial activity in both the formal or informal sector, e.g., alternative remittance activity. See the Interpretative Note to Special Recommendation VI. It does not apply to any natural or legal person that provides financial institutions solely with message or other support systems for transmitting funds. See the Interpretative Note to Special Recommendation VII.

5. Issuing and managing means of payment (e.g., credit and debit cards, checks, traveler's checks, money orders and bankers' drafts, electronic money)

6. Financial guarantees and commitments

7. Trading in:

8. Participation in securities issues and the provision of financial services related to such issues

9. Individual and collective portfolio management

10. Safekeeping and administration of cash or liquid securities on behalf of other persons

11. Otherwise investing, administering, or managing funds or money on behalf of other persons

12. Underwriting and placement of life insurance and other investment related insurance - applies both to insurance undertakings and to insurance intermediaries, i.e., agents and brokers

13. Money and currency changing When a financial activity is carried out by a person or entity on an occasional or very limited basis (having regard to quantitative and absolute criteria), such that there is little risk of money laundering activity occurring, a country may decide that the application of anti-money laundering measures is not necessary, either fully or partially.

In addition, institutions are encouraged to monitor transactions and keep detailed transaction records. For financial services providers working with low-income clients, surveillance and record keeping could involve new information systems.

Box 3 Financial Intelligence Units

FATF recommendations require the creation of a specialized government unit, usually called a financial intelligence unit (FIU), as a central point for monitoring transactions and collecting information. In addition, local regulators - and in some cases, industry associations as well - issue guidance notes or circulars on how to interpret sections of the laws or regulations.

FIUs at a minimum receive, analyze, and disclose information on suspicious or unusual financial transactions provided by financial institutions to competent authorities. Although every FIU operates under different guidelines, under certain provisions they can exchange information with foreign counterpart FIUs. In addition, many FIUs can provide other government administration data and public record information to their counterparts, which can also be helpful to those investigating money laundering and financing of terrorism. There are currently 94 countries with recognized operational FIUs, with others in various stages of development. The ongoing development of FIUs exemplify how countries around the world continue to intensify their efforts to focus on research, analysis, and information exchange in order to combat money laundering and financing of terrorism, and other financial crimes.

Specific software can reduce the operational cost and time required to comply with the need to monitor complex, unusual, and large transactions and patterns of transactions. Finally, FATF recommendations make it clear that financial institutions have an obligation to report all suspicious transactions to their national authorities.