Second Post in a Two-Post Series on Recent FATF Activity
As we just blogged, the Financial Action Task Force (“FATF”) issued a statement from its President on COVID-19 and measures to combat illicit financing during the pandemic (the “Statement”). Before turning its attention to COVID-19, however, FATF issued a more traditional report, and one with potentially longer-term implications: its 3rd Enhanced Follow-up Report & Technical Compliance Re-Rating of the United States’s Anti-Money Laundering (“AML”) and Counter-Terrorist Financing (“CTF”) (the “United States Report”) measures. The United States Report was the third follow-up on a mutual evaluation report of the United States that was adopted in October 2016. During the first two evaluations, “certain technical compliance deficiencies” were identified. The United States Report evaluates the United States efforts’ in addressing those deficiencies. Moreover, FATF evaluated the United States’ progress in implementing new recommendations since February 2016.
FATF’s judgment: The United States has improved, particularly in the area of customer due diligence and the identification of beneficial ownership.
During FATF’s October 2016 review of the United States’ technical compliance with FATF Recommendations, it found the United States either “partially-compliant” or “non-compliant” with 10 of 40 Recommendations:
- Recommendation 1 (Assessing Risk & Applying a Risk-Based Approach) (partially-compliant)
- Recommendation 10 (Customer Due Diligence) (partially compliant)
- Recommendation 12 (Politically Exposed Persons) (partially compliant)
- Recommendation 16 (Wire Transfers) (partially compliant)
- Recommendation 20 (Reporting of Suspicious Transactions) (partially compliant)
- Recommendation 22 (Designated Non-financial Business and Professions (“DNFBPs): Customer Due Diligence) (non-compliant)
- Recommendation 23 (DNFBPs: Other Measures) (non-compliant)
- Recommendation 24 (Transparency and Beneficial Ownership of Legal Persons) (non-compliant)
- Recommendation 25 (Transparency and Beneficial Ownership of Legal Arrangements) (partially compliant)
- Recommendation 28 (Regulation and Supervision of DNFBPs) (non-compliant)
In its review, FATF determined that the United States “has made progress to address the technical compliance deficiencies identified in the MER in relation to Recommendation 10.” The United States’ partially compliant rating with respect to customer due diligence was based on FATF’s finding of a:
lack of customer due diligence requirements to ascertain and verify the identity of beneficial owners, which was a significant shortcoming; investment advisers were not directly covered by the Bank secrecy Act obligations; financial institutions other than in the securities and derivatives sectors were not explicitly required to identify and verify the identity of persons authorized to act on behalf of customers; and some FIs were not explicitly required to understand and obtain information on the purpose and intended nature of the business relationship. FIs were not required to understand the ownership and control structure of customers that are legal persons/arrangements.
Since that finding, 31 C.F.R. § 1010.230 was implemented setting forth beneficial ownership requirements for legal entity customers. Section 1010.230 requires covered financial institutions “to establish and maintain written procedures that are reasonably designed to identify and verify beneficial owners of legal entity customers and to include such procedures in their anti-money laundering compliance program.” Additionally, FATF noted the United States had implemented additional ongoing customer due diligence requirements, “which included the need to have appropriate risk-based procedures on understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile, and ongoing monitoring of the customer relationship to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.”
Accordingly, notwithstanding “a few minor technical gaps,” FATF re-rated the United States’ technical compliance with Recommendation 10 largely compliant. However, the United States’ other ratings above remained unchanged.
In addition to the United States’ technical deficiencies with the above Recommendations, FATF evaluated the United States’ efforts to implement the following Recommendations:
- Recommendation 2 (National Cooperation and Coordination)
FATF noted that “[d]omestic coordination and cooperation, including exchange of information domestically concerning the development and implementation of AML/CFT policies and activities, were considered in the U.S. 4th round MER to be an overall strength of the U.S. system.” FATF additionally noted privacy protections in place that “do not inhibit the implementation of AML-CFT measures or requirements.” Accordingly, FATF rated the United States Compliant with Recommendation 2.
- Recommendation 5 (Terrorist Financing Offense)
FATF described how federal criminal terrorist financing laws “are broad enough to cover this aspect” and noted examples of enforcement actions. Accordingly, FATF rated the United States Compliant with Recommendation 5.
- Recommendation 7 (Targeted Financial Sanctions Related to Proliferation)
With respect to Recommendation 7, the United States had previously been deficient because “the U.S. had applied targeted financial sanctions without delay to most, but not all persons designated by the UN pursuant to UNSCRS 1718 and 1737” but described this as a “minor deficiency.” FATF found this deficiency “not fully addressed” and continued rating the United State Largely Compliant with Recommendation 7.
- Recommendation 8 (Non-profit Organizations)
Here, the United States had been rated Largely Compliant “based on a minor deficiency in relation to the fact that houses of worships were exempt from the requirement of applying to the Internal Revenue Service for recognition of their tax-exempt status.” Finding this deficiency remained, FATF again rated the United States Largely compliant with Recommendation 8.
- Recommendation 15 (New Technologies)
FATF’s methods for evaluating compliance with Recommendation 15 were revised in October 2019 to incorporate virtual assets (“VAs”) and virtual asset service providers (VASPs). The United States had previously been rated Largely Compliant “based on minor deficiencies, including that not all IAs were covered and there were no explicit requirements for FIs to address the risks presented by new technologies.” While the United States has met most of the criteria of new Recommendation 15, “minor deficiencies, such as coverage of IAs, remain.” Accordingly, the United States’ rating remained Largely Compliant with Recommendation 15.
- Recommendation 18 (Internal Controls and Foreign Branches and Subsidiaries)
The United States was rated Largely Compliant with Recommendation 18 “based on minor deficiencies that not all IAs were covered and there was no explicit obligation to inform home supervisors if the host country did not permit proper implementation of AML/CFT measures.” While the United States met the standard for Recommendation 18 revised in February 2018, the deficiencies relating to IAs and home supervisors remained. Thus, the United States Largely Compliant rating remained unchanged.
- Recommendation 21 (Tipping-off and Confidentiality)
FATF found that the United States had previously been and continued to be Compliant with Recommendation 21, which was amended in February 2018 to clarify that anti-tipping provisions are not intended to inhibit information sharing under Recommendation 18.