Countries all over the world are constantly amending their AML regulations to counter the latest money laundering and terrorist financing strategies. Recent innovations like non-fungible tokens (NFTs) and stablecoins—while generating considerable hype and investment—have presented new security challenges, and regulators are taking note. This has led to a range of new AML laws worldwide, which businesses must follow to avoid heavy fines and penalties.
Financial Action Task Force Recommendations
The Financial Action Task Force (FATF) is a global AML standard-setting authority that aims to combat terrorist financing and prevent organized crime. While FATF recommendations are not legally binding, an increasing number of countries are becoming FATF members and following the authority’s recommendations. Therefore, when it comes to local regulators, chances are they’re also following FATF recommendations. So businesses should monitor the FATF’s changing AML policies to avoid penalties in the jurisdictions where they operate.
In 2015, the FATF released guidance which extended its recommendations to the crypto sector. The guidance was updated in 2018 and 2019, clarifying requirements for centralized platforms operating as intermediaries in transactions.
2021 FATF Recommendations
This past year, the FATF renewed its guidance to account for the increasing adoption of NFTs and stablecoins. On October 28th, 2021, the FATF finalized these updates, clarifying the terms “virtual assets” (VA) and “virtual assets service provider” (VASP):
- VA is a digital representation of value that can be digitally traded or transferred and used for investment or payment purposes.
- VASP is any natural or legal person who has any digital business activities related to VA.
In addition to the above, the FATF also clarified its position in several other areas:
Stablecoins have become a popular alternative to national currencies, with more investors using them in financial transactions. Therefore, the FATF now considers stablecoins as either VAs or traditional assets, recommending that providers of stablecoin-related services comply with AML regulations.
The latest guidelines specify the obligations of decentralized services. Accordingly, owners and operators of decentralized services must comply with AML regulations if they perform financial operations using VAs on behalf of their customers. However, developers of decentralized services don’t fall under the regulations.
The Travel Rule requires financial institutions and VASPs to collect and share the personal data of participants in transactions exceeding 1,000 USD/EUR. The FATF has consistently amended this rule to prevent money laundering and terrorist financing in peer-to-peer transactions. The new guidelines expand the number of obligated businesses and require financial institutions and crypto businesses to collect information on senders and recipients of virtual assets.
Information Exchange between National Authorities
The FATF now encourages national authorities in member countries to share information about VASPs with each other. With these changes, the FATF aims to create a higher level of transparency among its members, as well as stronger protections against money laundering. For businesses, these new guidelines will mean greater implementation of KYC to avoid fines and penalties.
Where You Can Find Out More
You can learn more about the updated FATF regulations in another Sumsub article: FATF Targets Decentralized Finance in Its Revised Guidance on Virtual Assets
Bank Secrecy Act
The Federal Financial Institutions Examinations Council (FFIEC) is a U.S. interagency body established to promote uniform supervision of financial institutions, holding companies, and non-financial institution subsidiaries. Among other areas, FFIEC is in charge of updating the Bank Secrecy Act (BSA) to fight money laundering activities. In 2021, the BSA, also known as the “Anti-Money Laundering Examination Manual”, was updated twice—in June and December.
June 2021 Updates
Upon releasing its June 2021 updates, the FFIEC specified that “updates should not be interpreted as new instructions or as a new or increased focus on certain areas.” Instead, these updates aim to “offer further transparency into the examination process and support risk-focused examination work.” The release focuses on four AML topics:
- Purchase and Sale of Monetary Instruments Recordkeeping. Banks are now required to keep the records of any individual making a financial transaction of at least $3,000 or more. In addition, the scope of records that bank examiners can review has been widened.
- International Transportation of Currency or Monetary Instruments Reporting. Bank examiners can now more effectively evaluate the risk of money laundering and terrorist financing.
- Reports of Foreign Financial Accounts. Any US-based individual is now required to file such a report if they have a financial interest in any financial account that is over $10,000. In addition, the bank examiners now have to analyze if foreign bank systems are compliant with the report’s filing requirements.
- Special Measures. This part of the manual clarifies the details and duration of the five special measures:
- Recordkeeping and reporting of certain financial transactions;
- Obtaining information relating to beneficial ownership;
- Obtaining identifying information relating to customers using payable-through accounts;
- Obtaining identifying information relating to customers using correspondent accounts;
- Imposing conditions on the opening or maintaining of correspondent accounts or using payable-through accounts.
The first four measures can now be enforced without prior notice, but for a limited period. Meanwhile, the last measure can only be imposed after the public has had an opportunity to comment on the proposed rule.
December 2021 Updates
If the BSA’s June update focused on the examination processes, the December updates concentrated on customers. The manual introduces a new chapter devoted to customers, which states that no given customer should automatically fall into a high-risk category. Instead, each case should be analyzed individually by financial institutions. Moreover, the institutions should not be prohibited from providing services to customers that fall into a high-risk category.
In addition, the FFIEC updated chapters on three higher-risk types of customers:
- charities and nonprofit organizations;
- independent automated tellers;
- politically exposed persons.
Under the updated manual, the above customers are supposed to meet customer due diligence (CDD) requirements imposed by specific financial institutions.
How the updates affect businesses
To comply with the updated manual, businesses should pay attention to their risk assessment systems and ensure that their internal controls are designed to meet all examination requirements. If you want to learn more about BSA, check our article on the topic.
The Sixth Anti-Money Laundering Directive (6AMLD) was due to come into force on December 3, 2020, but businesses had time to implement them until June 3, 2021. Unlike FATF recommendations, 6AMLD has to be implemented by all EU Member States (except Denmark and Ireland). By introducing the new Directive, the EU aims to bring consistency to AML procedures across the bloc.
What’s Changed Under 6AMLD
6AMLD expands on 5AMLD by recommending remote customer identification methods and legal online onboarding (making it equal to the face-to-face method). Besides that, 6AMLD clarifies certain terms and sets common AML standards across the EU. In particular, the new Directive introduces:
Similar to all other harmonizing initiatives in the EU, this one aims to define what falls under money laundering activities (e.g. tax crimes). 6AMLD provides a list of 22 such activities, introducing two new types of crime—environmental and cyber crime.
A New Definition of Money Laundering
Under 5AMLD, penalties were applied only to those profiting from money laundering. 6AMLD expands penalties to include businesses “aiding and abetting” money laundering.
Extended Criminal Liability
The new Directive states that only individuals can be punished for money laundering activities. At the same time, the definition of “individual” has been extended to legal persons and companies, making them liable for money laundering activities.
An Updated Prison Sentence Requirement
Under 6AMLD, the minimum prison sentence for money laundering activities is set at four years, up from a minimum of one year under 5AMLD.
In addition to 6AMLD, the EU has presented an AML legislative package that focuses on creating a new authority to fight money laundering and terrorist financing. The authority is planned to begin operating in 2024.
Where You Can Find Out More
You can learn more about complying with the new Directive in the article 6AMLD is Here: Key Requirements and Compliance Challenges for Businesses written by Sumsub.
Securities and Futures Commission
In 2021, the Securities and Futures Commission (SFC), an independent statutory body that regulates Hong Kong’s securities and futures markets, updated its AML guidelines for licensed corporations in Hong Kong. The updated SFC Guidelines introduce several initiatives:
- Institutional Assessment of AML Risks. Going forward, financial institutions should conduct adequate risk assessments depending on the type of customers, products, and services they deal with. Such assessments should be conducted at least once every two years.
- Additional Measures Under the Risk-Based Approach. The SFC has loosened CDD measures for low-risk customers (e.g. reducing the number of record reviews). Meanwhile, high-risk customers will be subject to enhanced measures.
- Updated CDD Requirements for Cross-Border Correspondent Relationships. Financial institutions need to adopt CDD and mitigating requirements for such relationships until March 2022.
- Indicators for Suspicious Transactions. The SFC provided a list of indicators for suspicious transactions. By using this list, financial institutions will be able to identify high-risk customers.
As these updates show, the importance of identifying high-risk customers and fighting money laundering is increasing in Hong Kong. Therefore, businesses that operate there need to take additional measures to comply with AML requirements.
Where You Can Find Out More
Read Sumsub’s article, Everything You Need to Know About Hong Kong’s New Crypto Exchange Licensing Regime, about the SFC’s cryptocurrency policy updates of 2021.
The Monetary Authority of Singapore
The Monetary Authority of Singapore (MAS) is Singapore’s central bank and integrated financial regulator. The biggest recent project of MAS was the introduction of a digital platform called “Collaborate Sharing of ML/TF Information & Cases” (COSMIC). The platform aims to help financial institutions share information on customers and transactions, preventing the spread of money laundering and minimizing information gaps between financial institutions.
The COSMIC initiative was published on October 1, 2021. The platform is in the early stages of development, and is supposed to launch in the first half of 2023. Moreover, the launch process will also be done in phases. The first phase will deal with the main issues regarding AML procedures, detecting the following activities:
- trade-based money laundering;
- misuse of legal persons;
- proliferation financing.
It should be noted that not all information will be shared through COSMIC. This information will be shared only in cases if a financial institution is suspicious of a customer’s activities. Within COSMIC, financial institutions will be able to request and share information about such customers, as well as put out alerts on COSMIC’s watchlist.
While it’s difficult to provide updates on every single country’s AML regulations in one article, this overview can clarify some major global trends in the fight against money laundering and terrorist financing. If you want to learn more about updates in other countries, check out our blog. You can also subscribe to our newsletter to get all the latest news on compliance as well as our in-depth research articles.