Compliance Digest—November 2024
Learn about all the latest compliance updates from the past month.
Every month, Sumsub’s Compliance Team prepares a digest with all the latest updates in the world of AML and beyond. We cover multiple industries from crypto to gaming.
If you want to get the latest news every month in one place, subscribe to our newsletter.
AML
Global 🌎
The Financial Action Task Force (FATF) revises AML standards
What happened? In the last days of October 2024, the Financial Action Task Force (FATF) launched a public consultation regarding proposed amendments to its recommendations, specifically focusing on Recommendations 1, 10, and 15. This consultation aims to gather feedback from stakeholders on how to enhance global standards for combating money laundering and terrorist financing.
Who’s affected? The consultation affects government authorities, financial institutions, and other stakeholders involved in anti-money laundering (AML) and counter-terrorist financing (CFT) efforts. It is particularly relevant for countries that must align their regulations with FATF standards and organizations that implement these recommendations.
Deadline: Responses should be submitted by 6 December 2024 (18:00 CET).
Read more: Public Consultation on AML/CFT and Financial Inclusion – proposed changes to FATF Standards
Gambling
The Philippines 🇵🇭
The Philippines prohibited offshore gambling
What happened? On November 8, 2024, the Presidential Palace of the Philippines issued an executive order banning Philippine Offshore Gaming Operators (POGOs) and other forms of offshore gaming. This decision was made in response to growing concerns regarding illegal gambling activities, tax evasion, and their negative impact on local communities.
Who’s affected? The ban directly affects Philippine Offshore Gaming Operators (POGOs), their employees, and associated businesses involved in offshore gaming activities. Additionally, it impacts the broader gaming industry and foreign investors who have interests in these operations.
Deadline: The executive order is effective immediately upon issuance, meaning POGOs must cease operations without a specified grace period for compliance.
Read more: Executive Order No. 74, s. 2024
Brazil 🇧🇷
Brazil updated betting regulations
What happened? Brazil issued Ordinance No. 1,857 on November 25, 2024, regulating the transfer of data and resources from bettors in the fixed-odds lottery modality between legal entities within the same economic group and specifying the cases in which such transfers are prohibited.
Who’s affected? Brazilian betting operators
Deadline: Companies seeking to migrate player data to their licensed operations must place a formal request to do so with the SPA by December 13, 2024.
Read more: PORTARIA SPA/MF Nº 1.857, DE 25 DE NOVEMBRO DE 2024
Suggested read: Brazil Gambling Regulations: All You Need to Know in 2024
Crypto
EU 🇪🇺
European countries are implementing DAC8
What happened?
European legislators are working on the DAC 8 regulations, which are designed to align with the OECD’s Crypto-Asset Reporting Framework (CARF) and the revised Common Reporting Standard (CRS), both of which encompass provisions for information sharing with tax authorities in non-EU countries. The proposed legislation includes measures to support future information exchanges regarding CARF with tax authorities in third countries through multilateral administrative agreements (MCAAs). Some jurisdictions have already started work on national laws to align with DAC 8.
On November 4, 2024, the German Federal Ministry of Finance (BMF) announced the issuance of a new draft law to implement Council Directive (EU) 2023/2226, aimed at incorporating DAC 8 requirements into German national law. This draft law, known as the Crypto Assets Tax Transparency Act (KStTG), introduces regulations on due diligence and reporting obligations for crypto service providers (CSPs) and outlines the automatic exchange of reported information. Additionally, it will amend various German laws, including the German CRS Law (FKAustG) and the Platform Tax Transparency Act (Plattformen-Steuertransparenzgesetz).
Denmark has also opened a consultation on a draft bill to implement DAC 8 and CARF, introducing new reporting obligations.
Other EU member states are still considering regulatory amendments in accordance with DAC 8.
Who’s affected? Crypto Asset Service Providers (CASPs) operating in EU countries. Other organizations involved in financial transactions related to crypto assets may also be impacted by the amendments to existing laws.
Deadline: The EU mandate requires that these regulations be incorporated into national law by December 31, 2025. The provisions of DAC 8 will apply starting January 1, 2026.
Read more: Tax transparency rules for crypto-asset transactions (DAC8)
South Africa 🇿🇦
South Africa’s FIC tightens crypto asset compliance with the Crypto Travel Rule
What happened? The Financial Intelligence Centre (FIC) of South Africa released Directive 9, pursuant to section 43A(2) of the Financial Intelligence Centre Act, 2001 (Act 38 of 2001), concerning the Travel Rule for accountable institutions involved in crypto asset transfers.
Who’s affected? CASPs
Deadline: 30 April, 2025
Suggested read: FICA in South Africa—How to Stay Compliant in 2024
Anti-fraud
Singapore 🇸🇬
Singapore implements the Shared Responsibility Framework (SRF) aimed at combating phishing scams
What happened? On October 24, 2024, the Monetary Authority of Singapore (MAS) and the Infocomm Media Development Authority (IMDA) announced the implementation of the Shared Responsibility Framework (SRF) aimed at combating phishing scams. The SRF assigns specific responsibilities to financial institutions (FIs) and telecommunication operators (telcos) to mitigate phishing-related losses. Under this framework, entities that fail to meet their obligations will be held accountable for any scam losses incurred, following a “waterfall” approach. The framework will officially take effect on December 16, 2024.
Who’s affected? Financial institutions and telecommunication operators in Singapore. Financial institutions are required to implement several duties, including real-time fraud surveillance and notification systems for unauthorized transactions. Telecommunication operators must ensure that only authorized aggregators deliver SMS messages and implement anti-scam filters to protect users from malicious content.
Deadline: The Shared Responsibility Framework will be implemented on December 16, 2024. Additionally, a new duty requiring financial institutions to establish real-time fraud surveillance will have a six-month transition period, allowing them until June 16, 2025, to comply with this specific requirement.
Read more: MAS and IMDA Announce Implementation of Shared Responsibility Framework from 16 December 2024
Suggested read: Anti-Money Laundering (AML) in Singapore: Complete Guide 2024
Other (consumer protection)
USA 🇺🇸
USA CFPB finalizes regulation on federal oversight of major digital payment applications to safeguard personal information, mitigate fraud, and prevent illegal “debanking”
What happened? On November 21, 2024, the Consumer Financial Protection Bureau (CFPB) announced an expansion of its oversight to include digital payment services such as Apple Pay, Google Pay, and other similar platforms. This move aims to enhance consumer protections and ensure that these services comply with federal regulations regarding transparency and fairness in financial transactions.
Who’s affected? The expansion of oversight affects digital payment service providers, including major companies like Apple and Google, as well as consumers who use these platforms for transactions. Financial institutions that partner with these services may also be impacted by the new regulatory requirements under several circumstances.
Deadline: While the CFPB has initiated this oversight expansion, specific deadlines for compliance or changes have not been detailed in the announcement. The agency is expected to outline further steps and timelines in subsequent communications.
