FATF Methodology

About

Contents

List of recommendations

Technical compliance assessment

Recommendation

Interpretive Note

list of
results

Glossary

RECOMMENDATION 1

ASSESSING RISKS AND APPLYING A RISK-BASED APPROACH5 The requirements in this recommendation should be assessed taking into account the more specific risk based requirements in other Recommendations. Under Recommendation 1 assessors should come to an overall view of risk assessment and risk mitigation by countries and financial institutions/DNFBPs as required in other Recommendations, but should not duplicate the detailed assessments of risk-based measures required under other Recommendations. Assessors are not expected to conduct an in-depth review of the country’s assessment(s) of risks. Assessors should focus on the process, mechanism, and information sources adopted by the country, as well as the contextual factors, and should consider the reasonableness of the conclusions of the country’s assessment(s) of risks.

OBLIGATIONS AND DECISIONS FOR COUNTRIES

Risk assessment

1.1Countries6 Where appropriate, ML/TF risk assessments at a supra-national level should be taken into account when considering whether this obligation is satisfied. should identify and assess the ML/TF risks for the country,
1.2Countries should designate an authority or mechanism to co-ordinate actions to assess risks.
1.3Countries should keep the risk assessments up-to-date.
1.4Countries should have mechanisms to provide information on the results of the risk assessment(s) to all relevant competent authorities and self-regulatory bodies (SRBs), financial institutions and DNFBPs.

Risk mitigation

1.5Based on their understanding of their risks, countries should apply a risk-based approach to allocating resources and implementing measures to prevent or mitigate ML/TF.
1.6Countries which decide not to apply some of the FATF Recommendations requiring financial institutions or DNFBPs to take certain actions, should demonstrate that:
1. there is a proven low risk of ML/TF; the exemption occurs in strictly limited and justified circumstances; and it relates to a particular type of financial institution or activity, or DNFBP; or
2. a financial activity (other than the transferring of money or value) is carried out by a natural or legal person on an occasional or very limited basis (having regard to quantitative and absolute criteria), such that there is a low risk of ML/TF.
1.7Where countries identify higher risks, they should ensure that their AML/CFT regime addresses such risks, including through: (a) requiring financial institutions and DNFBPs to take enhanced measures to manage and mitigate the risks; or (b) requiring financial institutions and DNFBPs to ensure that this information is incorporated into their risk assessments.
1.8Countries may allow simplified measures for some of the FATF Recommendations requiring financial institutions or DNFBPs to take certain actions, provided that a lower risk has been identified, and this is consistent with the country’s assessment of its ML/TF risks.7Where the FATF Recommendations identify higher risk activities for which enhanced or specific measures are required, countries should ensure that all such measures are applied, although the extent of such measures may vary according to the specific level of risk.
1.9Supervisors and SRBs should ensure that financial institutions and DNFBPs are implementing their obligations under Recommendation 18The requirements in this criterion should be assessed taking into account the findings in relation to Recommendations 26 and 28..

OBLIGATIONS AND DECISIONS FOR FINANCIAL INSTITUTIONS AND DNFBPS

Risk assessment

1.10Financial institutions and DNFBPs should be required to take appropriate steps to identify, assess, and understand their ML/TF risks (for customers, countries or geographic areas; and products, services, transactions or delivery channels)9 The nature and extent of any assessment of ML/TF risks should be appropriate to the nature and size of the business. Competent authorities or SRBs may determine that individual documented risk assessments are not required, provided that the specific risks inherent to the sector are clearly identified and understood, and that individual financial institutions and DNFBPs understand their ML/TF risks.. This includes being required to:
1. document their risk assessments;
2. consider all the relevant risk factors before determining what is the level of overall risk and the appropriate level and type of mitigation to be applied;
3. keep these assessments up to date; and
4. have appropriate mechanisms to provide risk assessment information to competent authorities and SRBs.

Risk mitigation

1.11Financial institutions and DNFBPs should be required to:
1. have policies, controls and procedures, which are approved by senior management, to enable them to manage and mitigate the risks that have been identified (either by the country or by the financial institution or DNFBP);
2. monitor the implementation of those controls and to enhance them if necessary; and
3. take enhanced measures to manage and mitigate the risks where higher risks are identified.
1.12Countries may only permit financial institutions and DNFBPs to take simplified measures to manage and mitigate risks, if lower risks have been identified, and criteria 9 to 11 are met. Simplified measures should not be permitted whenever there is a suspicion of ML/TF.

RECOMMENDATION 2

NATIONAL CO-OPERATION AND CO-ORDINATION

OBLIGATIONS AND DECISIONS FOR COUNTRIES

2.1Countries should have national AML/CFT policies which are informed by the risks identified, and are regularly reviewed.
2.2Countries should designate an authority or have a co-ordination or other mechanism that is responsible for national AML/CFT policies.
2.3Mechanisms should be in place to enable policy makers, the Financial Intelligence Unit (FIU), law enforcement authorities, supervisors and other relevant competent authorities to co-operate, and where appropriate, co-ordinate and exchange information domestically with each other concerning the development and implementation of AML/CFT policies and activities. Such mechanisms should apply at both policymaking and operational levels.
2.4Competent authorities should have similar co-operation and, where appropriate, coordination mechanisms to combat the financing of proliferation of weapons of mass destruction.
2.5Countries should have cooperation and coordination between relevant authorities to ensure the compatibility of AML/CFT requirements with Data Protection and Privacy rules and other similar provisions (e.g. data security / localisation).10For the purposes of technical compliance, the assessment should be limited to whether there are mechanisms in place enabling co-operation and co-ordination between the relevant authorities.

RECOMMENDATION 3

MONEY LAUNDERING OFFENCE

3.1ML should be criminalised on the basis of the Vienna Convention and the Palermo Convention (see Article 3(1)(b)&(c) Vienna Convention and Article 6(1) Palermo Convention11Note in particular the physical and material elements of the offence.)
3.2The predicate offences for ML should cover all serious offences, with a view to including the widest range of predicate offences. At a minimum, predicate offences should include a range of offences in each of the designated categories of offences12Recommendation 3 does not require countries to create a separate offence of “participation in an organised criminal group and racketeering”. In order to cover this category of “designated offence”, it is sufficient if a country meets either of the two options set out in the Palermo Convention, i.e. either a separate offence or an offence based on conspiracy..
3.3Where countries apply a threshold approach or a combined approach that includes a threshold approach13Countries determine the underlying predicate offences for ML by reference to (a) all offences; or (b) to a threshold linked either to a category of serious offences or to the penalty of imprisonment applicable to the predicate offence (threshold approach); or (c) to a list of predicate offences; or (d) a combination of these approaches., predicate offences should, at a minimum, comprise all offences that:
1. fall within the category of serious offences under their national law; or
2. are punishable by a maximum penalty of more than one year’s imprisonment; or
3. are punished by a minimum penalty of more than six months’ imprisonment (for countries that have a minimum threshold for offences in their legal system).
3.4The ML offence should extend to any type of property, regardless of its value, that directly or indirectly represents the proceeds of crime.
3.5When proving that property is the proceeds of crime, it should not be necessary that a person be convicted of a predicate offence.
3.6Predicate offences for money laundering should extend to conduct that occurred in another country, which constitutes an offence in that country, and which would have constituted a predicate offence had it occurred domestically.
3.7The ML offence should apply to persons who commit the predicate offence, unless this is contrary to fundamental principles of domestic law.
3.8It should be possible for the intent and knowledge required to prove the ML offence to be inferred from objective factual circumstances.
3.9Proportionate and dissuasive criminal sanctions should apply to natural persons convicted of ML.
3.10Criminal liability and sanctions, and, where that is not possible (due to fundamental principles of domestic law), civil or administrative liability and sanctions, should apply to legal persons. This should not preclude parallel criminal, civil or administrative proceedings with respect to legal persons in countries in which more than one form of liability is available. Such measures are without prejudice to the criminal liability of natural persons. All sanctions should be proportionate and dissuasive.
3.11Unless it is not permitted by fundamental principles of domestic law, there should be appropriate ancillary offences to the ML offence, including: participation in; association with or conspiracy to commit; attempt; aiding and abetting; facilitating; and counselling the commission.

RECOMMENDATION 38

MUTUAL LEGAL ASSISTANCE: FREEZING AND CONFISCATION

38.1Countries should have the authority to take expeditious action in response to requests by foreign countries to identify, freeze, seize, or confiscate:
1. laundered property from,
2. proceeds from,
3. instrumentalities used in, or
4. instrumentalities intended for use in, money laundering, predicate offences, or terrorist financing; or
5. property of corresponding value.
38.2Countries should have the authority to provide assistance to requests for co-operation made on the basis of non-conviction based confiscation proceedings and related provisional measures, at a minimum in circumstances when a perpetrator is unavailable by reason of death, flight, absence, or the perpetrator is unknown, unless this is inconsistent with fundamental principles of domestic law.
38.3Countries should have: (a) arrangements for co-ordinating seizure and confiscation actions with other countries; and (b) mechanisms for managing, and when necessary disposing of, property frozen, seized or confiscated.
38.4Countries should be able to share confiscated property with other countries, in particular when confiscation is directly or indirectly a result of co-ordinated law enforcement actions.

RECOMMENDATION 39

EXTRADITION

39.1Countries should be able to execute extradition requests in relation to ML/TF without undue delay. In particular, countries should:
1. ensure ML and TF are extraditable offences;
2. ensure that they have a case management system, and clear processes for the timely execution of extradition requests including prioritisation where appropriate; and
3. not place unreasonable or unduly restrictive conditions on the execution of requests.
39.2Countries should either:
1. extradite their own nationals; or
2. where they do not do so solely on the grounds of nationality, should, at the request of the country seeking extradition, submit the case without undue delay to its competent authorities for the purpose of prosecution of the offences set forth in the request.
39.3Where dual criminality is required for extradition, that requirement should be deemed to be satisfied regardless of whether both countries place the offence within the same category of offence, or denominate the offence by the same terminology, provided that both countries criminalise the conduct underlying the offence.
39.4Consistent with fundamental principles of domestic law, countries should have simplified extradition mechanisms88 Such as allowing direct transmission of requests for provisional arrests between appropriate authorities, extraditing persons based only on warrants of arrests or judgments, or introducing a simplified extradition of consenting persons who waive formal extradition proceedings. in place.

RECOMMENDATION 40

OTHER FORMS OF INTERNATIONAL CO-OPERATION

General Principles

40.1Countries should ensure that their competent authorities can rapidly provide the widest range of international co-operation in relation to money laundering, associated predicate offences and terrorist financing. Such exchanges of information should be possible both spontaneously and upon request.
40.2Competent authorities should:
1. have a lawful basis for providing co-operation;
2. be authorised to use the most efficient means to co-operate;
3. have clear and secure gateways, mechanisms or channels that will facilitate and allow for the transmission and execution of requests;
4. have clear processes for the prioritisation and timely execution of requests; and
5. have clear processes for safeguarding the information received.
40.3Where competent authorities need bilateral or multilateral agreements or arrangements to co-operate, these should be negotiated and signed in a timely way, and with the widest range of foreign counterparts.
40.4Upon request, requesting competent authorities should provide feedback in a timely manner to competent authorities from which they have received assistance, on the use and usefulness of the information obtained.
40.5Countries should not prohibit, or place unreasonable or unduly restrictive conditions on, the provision of exchange of information or assistance. In particular, competent authorities should not refuse a request for assistance on the grounds that:
1. the request is also considered to involve fiscal matters; and/or
2. laws require financial institutions or DNFBPs to maintain secrecy or confidentiality (except where the relevant information that is sought is held in circumstances where legal professional privilege or legal professional secrecy applies); and/or
3. there is an inquiry, investigation or proceeding underway in the requested country, unless the assistance would impede that inquiry, investigation or proceeding; and/or
4. the nature or status (civil, administrative, law enforcement, etc.) of the requesting counterpart authority is different from that of its foreign counterpart.
40.6Countries should establish controls and safeguards to ensure that information exchanged by competent authorities is used only for the purpose for, and by the authorities, for which the information was sought or provided, unless prior authorisation has been given by the requested competent authority.
40.7Competent authorities should maintain appropriate confidentiality for any request for cooperation and the information exchanged, consistent with both parties’ obligations concerning privacy and data protection. At a minimum, competent authorities should protect exchanged information in the same manner as they would protect similar information received from domestic sources. Competent authorities should be able to refuse to provide information if the requesting competent authority cannot protect the information effectively.
40.8Competent authorities should be able to conduct inquiries on behalf of foreign counterparts, and exchange with their foreign counterparts all information that would be obtainable by them if such inquiries were being carried out domestically.

Exchange of Information between FIUs

40.9FIUs should have an adequate legal basis for providing co-operation on money laundering associated predicate offences and terrorist financing89 FIUs should be able to provide cooperation regardless of whether their counterpart FIU is administrative, law enforcement, judicial or other in nature. .
40.10FIUs should provide feedback to their foreign counterparts, upon request and whenever possible, on the use of the information provided, as well as on the outcome of the analysis conducted, based on the information provided.
40.11FIUs should have the power to exchange:
1. all information required to be accessible or obtainable directly or indirectly by the FIU, in particular under Recommendation 29; and
2. any other information which they have the power to obtain or access, directly or indirectly, at the domestic level, subject to the principle of reciprocity.

Exchange of information between financial supervisors90 This refers to financial supervisors which are competent authorities and does not include financial supervisors which are SRBs.

40.12Financial supervisors should have a legal basis for providing co-operation with their foreign counterparts (regardless of their respective nature or status), consistent with the applicable international standards for supervision, in particular with respect to the exchange of supervisory information related to or relevant for AML/CFT purposes.
40.13Financial supervisors should be able to exchange with foreign counterparts information domestically available to them, including information held by financial institutions, in a manner proportionate to their respective needs.
40.14Financial supervisors should be able to exchange the following types of information when relevant for AML/CFT purposes, in particular with other supervisors that have a shared responsibility for financial institutions operating in the same group:
1. regulatory information, such as information on the domestic regulatory system, and general information on the financial sectors;
2. prudential information, in particular for Core Principles supervisors, such as information on the financial institution’s business activities, beneficial ownership, management, and fit and properness; and
3. AML/CFT information, such as internal AML/CFT procedures and policies of financial institutions, customer due diligence information, customer files, samples of accounts and transaction information.
40.15Financial supervisors should be able to conduct inquiries on behalf of foreign counterparts, and, as appropriate, to authorise or facilitate the ability of foreign counterparts to conduct inquiries themselves in the country, in order to facilitate effective group supervision.
40.16Financial supervisors should ensure that they have the prior authorisation of the requested financial supervisor for any dissemination of information exchanged, or use of that information for supervisory and non-supervisory purposes, unless the requesting financial supervisor is under a legal obligation to disclose or report the information. In such cases, at a minimum, the requesting financial supervisor should promptly inform the requested authority of this obligation.

Exchange of information between law enforcement authorities

40.17Law enforcement authorities should be able to exchange domestically available information with foreign counterparts for intelligence or investigative purposes relating to money laundering, associated predicate offences or terrorist financing, including the identification and tracing of the proceeds and instrumentalities of crime.
40.18Law enforcement authorities should also be able to use their powers, including any investigative techniques available in accordance with their domestic law, to conduct inquiries and obtain information on behalf of foreign counterparts. The regimes or practices in place governing such law enforcement co-operation, such as the agreements between Interpol, Europol or Eurojust and individual countries, should govern any restrictions on use imposed by the requested law enforcement authority.
40.19Law enforcement authorities should be able to form joint investigative teams to conduct cooperative investigations, and, when necessary, establish bilateral or multilateral arrangements to enable such joint investigations.

Exchange of information between non-counterparts

40.20Countries should permit their competent authorities to exchange information indirectly91 Indirect exchange of information refers to the requested information passing from the requested authority through one or more domestic or foreign authorities before being received by the requesting authority. Such an exchange of information and its use may be subject to the authorisation of one or more competent authorities of the requested country. with non-counterparts, applying the relevant principles above. Countries should ensure that the competent authority that requests information indirectly always makes it clear for what purpose and on whose behalf the request is made.