Remarks by David Lewis
FATF Executive Secretary
XXV International Financial Congress
St Petersburg, 1 July 2016
Thank you to the Governor of the Central Bank for inviting me. It is wonderful to be here in Russia and especially in St Petersburg.
I'd like to cover three areas briefly today:
- the FATF and our current priorities;
- the importance of financial inclusion for fighting money laundering and terrorist financing; and
- the risks and opportunities of FinTech.
Brief introduction to FATF and current priorities
The FATF was created in 1989 by the then G7 in Paris, in order to deprive the cartels of the proceeds of drug trafficking. In 2001, following the terrorists attacks in the United States, our remit was extended to counter terrorist financing. And in 2012, our remit was extended again to counter the financing of the proliferation of weapons of mass destruction. Today the FATF comprises 35 countries and 2 regional bodies. Russia is a key member. It sits on the FATF Steering Group that advises the President on strategic issues, it leads our work on tracking risks, trends and methods; and is providing leadership in our fight against ISIL.
Today 198 jurisdictions have committed at the highest level to implement the FATF standards and we work in close partnership with the United Nations, the Egmont Group of Financial Intelligence Units, the G20 and others. The FATF does three things:
- it researches the ways criminals and terrorists launder and raise funds;
- it sets global standards to mitigate the risks of this; and
- it evaluates the action countries are taking to implement FATF measures.
As a result of our work over 26 years, most countries now have the legal, regulatory and operational frameworks in place to be able to prevent and detect money laundering and terrorist financing.
We are now focused on assessing how effectively countries are using these measures and it will come as no surprise that following the emergence of ISIL, our top priority is counter terrorist financing. Beyond this, our work to improve financial transparency by promoting standards to reveal the beneficial owners of companies and trusts has, following the Panama Papers, been recognised as more critical than ever to tackling a wide range of criminal activity from corruption to sanctions and tax evasion.
The importance of financial inclusion for anti-money laundering and terrorist financing
At the core of our mission is financial transparency, and that means financial inclusion and reducing the dependency on cash and informal systems.
This is because the use of cash and informal systems makes it more difficult for the authorities to detect and follow illicit financial flows.
So from the very beginning the FATF has been a leading advocate of financial inclusion.
For the same reason the FATF is concerned about the current trend of the largest banks to exit whole categories of customers, where compliance costs have reduced profitability and their risk appetite.
But this creates opportunities as well, including for challenger banks and FinTechs. Greater competition in financial services is good for customers and for financial stability and integrity.
The risks and opportunities of FinTech
Technological innovations in financial services have the potential to dramatically improve financial integrity and stability.
They reduce dependency on the small number of global financial institutions, where risk is currently most concentrated.
They provide new and more robust ways to increase the transparency of transactions.
At the same time, they are increasing financial inclusion, which is a prerequisite to being able to detect and disrupt money laundering and terrorist financing.
In terms of the fundamentals of anti money laundering – customer due diligence, knowing the source and destination of money flows and identifying suspicious activity – these technological innovations provide an opportunity to bring AML into the 21st century.
This fall into two categories, RegTech which we heard about before lunch, which can make customer identification more robust and effective, and FinTech, covering the provision of financial services in new innovative ways.
We have yet to see the bigger banks adopt RegTech, partly as they are chained to legacy systems. The banks are being left behind as innovators in countries such as India and in Africa lead the introduction of such systems. This is especially important in developing countries where customer due diligence based on names and addresses is just not possible.
In a time when teenagers can create false IDs on their computers in their bedrooms in minutes, the value of customer identification using photo ID cards is becoming increasingly limited.
At the same time these teenagers – and many of us – are posting everything about ourselves on the Internet and through a myriad of devices, and are leaving a unique digital footprint. So we now have the possibility to exploit FinTech and RegTech to update and substantially improve customer due diligence.
But the speed at which these innovations are coming to the market and with little awareness or consideration of the regulatory requirements for financial services, means we are in danger of failing to recognize and mitigate the risks, design risk mitigation measures and exploit these opportunities.
The greatest risks of FinTech are often the lack of oversight or governance and the anonymity they can provide, a characteristic they share with cash. While cash is still king for criminals and terrorists, we need to be careful that FinTech does not become the method of choice for criminals and terrorists to move money.
We are seeing increasing use of online payments, including through social media, mobile services, pre-paid cards and virtual currencies by organised crime groups, paedophiles and most recently, ISIL and foreign terrorist fighters. We know for example that the terrorists that attacked Paris last year used pre-paid cards to rent cars and accommodation.
I'd like to quickly reference three case studies1 to illustrate some of the risks we are seeing in this area.
The first is from Saudi Arabia and includes social network fundraising with pre paid cards.
Individuals associated with ISIL called for donations via Twitter and asked the donors to contact them through Skype. Once on Skype, those individuals asked donors to buy an international prepaid card and send them the number of this prepaid card via Skype. Then, the fundraiser sent this card number to one of his followers in a neighbouring country from Syria, who would sell this card number at a lower price and give the cash proceeds to ISIL.
The second is from Russia and includes large-scale crowdfunding scheme, with e-wallets
A group organised a scheme to raise funds via social networks and the internet. They registered numerous e-wallets, credit cards and mobile phone numbers. The details were placed on the internet (including social networks) under the pretext of collecting donations for Syrian refugees, people in need of medical and financial aid, and for the construction of mosques, schools and kindergartens. Investigations showed the funds were sent to support terrorists and their families. The money was sent either to credit card accounts or to e-wallets. Collected funds were moved through a chain of transfers and were withdrawn in cash to be further transported by couriers. The payment instruments were managed via the internet (using mobile devices as well).
And the final one is from the United States and concerns the promotion of virtual currency to fund terrorism.
In August 2015, Ali Shukri Amin was sentenced to 11 years in prison. Amin pleaded guilty
to using Twitter to provide advice and encouragement to ISIL and its supporters. Amin provided instructions on how to use Bitcoin to mask the provision of funds to ISIL, and facilitate the travel of ISIL supporters to Syria to fight with ISIL. Amin used Twitter to publicize an article he had written entitled Bitcoin and the Charity of Jihad. The article suggested using Dark Wallet, a new bitcoin wallet, which keeps the user of bitcoins anonymous. It included advice on how to set up an anonymous donations system to send money, using bitcoin, to the mujahedeen.
The FATF future strategy for FinTech and the role of regulation
The FATF recognizes the risks but also the opportunities that FinTech offers. We have already produced Guidance for a Risk-Based Approach to Prepaid Cards, Mobile Payments and Internet-Based Payment Services and we are closely tracking the use of Fintech by terrorists.
We recognize that AML/CFT can be one of the many regulatory barriers that FinTechs need to jump in order to come to the market and grow. And we know it is in our interest to help Fintech overcome these hurdles, while at the same time helping them identify and consider the risks in their business models.
To this end in the Objectives for the Spanish Presidency of the FATF (2016-2017), we plan to foster a much closer dialogue between regulators globally and the Fintech – and also RegTech – community. We will create a forum to help Fintech talk to regulators and so that AML authorities can work with Fintech providers as they develop new business models. The objective is to increase awareness on all sides, to identify risks and design risk mitigation measures.
The most important thing is that we maintain financial transparency, and that the authorities continue to be able to follow the money of criminals and terrorists, from sender to receiver.
At the same time RegTech offers opportunities to reduce the cost of compliance and improve the efficiency and effectiveness of customer due diligence. These solutions will help big and small players alike to provide financial services safely and transparently, and support growth and innovation.
1. Source case studies: Emerging Terrorist Financing Risks , FATF, October 2015