London, September 10 2019
Queen Mary University London
As prepared for delivery
Thank you for inviting me to talk today about the work of the Financial Action Task Force or FATF. I am delighted to be making the first official speech as President of the FATF at this Inaugural Queen Mary University of London/HSBC Annual Lecture on Financial Crime.
Background on the FATF
The FATF is an international standard-setting body, originally created 30 years ago by the G7 governments as a task force responsible for measures to combat money laundering. Today we are also responsible for combating the financing of terrorism and the proliferation of weapons of mass destruction. The FATF Standards are based on agreement that we need a globally standardised approach to these issues.
The FATF Standards are set out in 40 Recommendations, which establish key requirements on jurisdictions. 205 jurisdictions in the FATF’s global network have committed to implement those standards through their national laws. The FATF Recommendations are backed-up in many areas by the legal authority of UN Conventions and Security Council Resolutions, and by strong political support from the G20.
In this lecture, I will address three main points:
I will use the examples of FATF’s work on virtual assets and digital ID to demonstrate these points.
THREATS AND OPPORTUNITIES PRESENTED BY NEW TECHNOLOGY
Technology holds enormous potential to improve the provision of financial services and to enhance efforts to combat money laundering and terrorist financing along the way. The uptake of smart phones and the near ubiquity of the internet means that more individuals have access to online financial services.
One of the most important implications is the increase in digital financial inclusion, which has important implications for economic growth and development. With more people using these services and coming into the formal financial markets, we are also strengthening AML/CFT efforts. Virtual assets and block-chain technology can facilitate cheaper and faster wire transfers and a range of actors are investing in this technology.
The rapid pace of innovation in digital identity has reached an inflection point. These products are reaching a point where reliable digital ID solutions are commercially available at scale. The use of smart phone technology holds enormous opportunities for digital ID providers and for financial institutions to authenticate their customers. Other technologies such as more reliable, lower-cost biometric technology (including fingerprints and behavioural biometrics), artificial intelligence/machine learning (e.g., for determining validity of government-issued ID); and distributed ledger technology are also important tools that are being more widely used. Reliable digital ID solutions have the potential to improve the trustworthiness, security, privacy, convenience and efficiency of identifying individuals in the financial sector, to the benefit of both customers and regulated entities.
In a digital world, we must also use technology (appropriately) to help us better identify ML and TF activity. While there is much more data to sift through, tools like machine learning & smarter screening can help both financial institutions and government authorities become more effective in their AML/CFT efforts. In relation to preventive measures, we are seeing faster and better screening tools and pooled KYC via hashing & information sharing.
We have seen that the digital era and new technology also means new threats. There is a significant increase in cyber-enabled crime, particularly fraud. The dark net, bots, phishing, ransomware. We have developed a whole new vocabulary to describe these activities that barely existed ten years ago. Criminals, terrorists and those seeking to finance proliferation are quick to find these new means to commit crime or to change the way they traditionally committed crime.
The National Police in Spain discovered this back in 2016, when they dismantled an organised crime group specialised in crimes against intellectual property. The crime group laundered funds by investing their illicit profits into technology to mine Bitcoin. They bought 140 computers in 6 Bitcoin mining centres to do this. Once the Bitcoins were mined, they were stored in a wallet, and held by the organisation. Spanish law enforcement estimates that the IT systems owned by the organisation were able to produce one Bitcoin per day. During the police operation around 78 Bitcoins were seized of the value of about USD 0.5 million. The bitcoin were among other traditional goods such as luxury cars, motorbikes, a small aircraft, cash, and so on. This reflects how new technologies are now part of the criminal’s tool kit to launder money.
Technology enables more transactions, among many more people, sometimes more anonymously. We have seen the emergence of new unregulated spaces like virtual assets. FATF recognises the significant benefits that financial innovation such as blockchain may deliver to the financial system and the broader economy - they have the potential to make certain financial services cheaper and faster, and to make them more accessible to people. However, virtual assets pose serious money-laundering and terrorist-financing risks that criminals and terrorists can exploit - and that they are already exploiting. We have seen cases of money laundering and terrorist financing using virtual assets, as well as attempts to use virtual assets to evade UN sanctions. We are closely monitoring risks in this space, with regular reporting on risk, as well as on mitigating measures taken by countries to counter suspicious or illegal financial activity facilitated by virtual assets. The emergence, attractiveness and use of virtual assets by criminals and terrorists has risen to the top of the political agenda. The FATF has been reporting regularly to the G20 on developments in this area.
The anonymity afforded by virtual assets is being exploited by serious criminals. They have been used to pay members of organised crime groups in Russia involved in drug trafficking, and in complex money-laundering schemes, such as the US authorities uncovered in their prosecution of BTC-e, through which more than USD 4 billion flowed. This activity is likely to be growing quickly with law-enforcement agencies only seeing the tip of the iceberg.
The sheer volume and pace of transactions is in itself a challenge. We have talked about identifying suspicious activity like finding a needle in a haystack; well that haystack is getting bigger and bigger and moving all the time. This makes our job ever more challenging unless we ourselves can better harness technology to work for us.
There has been an increase in the number of providers of financial services and the types of financial products developed. We are seeing financial services being provide by big banks but also small start-ups. The ability to provide online financial services allows a broader range of actors to enter the market. While this should be encouraged, the challenge is to ensure that the appropriate controls in place are in line with the risks identified.
FATF’S WORK TO MITIGATE AGAINST THE RISKS AND HARNESS THE OPPORTUNITIES
Now, I would like to tell you about what FATF is doing to mitigate some of the risks we are seeing and to harness the opportunities presented by the digital era. For us, promoting responsible financial innovation means two things:
In June this year, FATF finalised the adoption of a set of measures to prevent the misuse of virtual assets for money laundering and terrorist financing and the financing of proliferation. Before getting into the details of this, I would like to stress that, when adjusting the Standards, FATF sought to strike the right balance between supporting technological innovation and managing any ML/TF risks that arise. Dialogue and co-operation between the FATF and the virtual asset sector has been ongoing – and started with the FATF FinTech/RegTech Forum launched in 2017. We wanted to avoid any unintended consequence of AML/CFT measures that could prevent or impair technological developments and innovation. In addition, the final requirements are intended to have sufficient flexibility that countries and relevant entities can apply them to existing technologies as well as to evolving and emerging technologies without requiring additional revisions. They also apply irrespective of the technological platform involved.
So with the adoption of the Standards finalised in June 2019, virtual asset activities and virtual asset service providers are now subject to the FATF requirements. As such, they will need to comply with a number of obligations, as other FATF financial entities and non-financial entities. The amended FATF Standards focus on the role of intermediaries – the virtual asset service providers - as gatekeepers to virtual asset transactions, equivalent to financial institutions in the traditional financial sector.
The basic principle is that virtual asset service providers have to be regulated, licensed or registered, and supervised or monitored for AML/CFT purposes. They also need to implement preventive measures, including conducting due diligence on their customers, keeping records, monitoring their activities, as well as identifying and reporting suspicious activities to the financial intelligence unit. They should also be subject to a range of sanctions in case of non-compliance with their obligations.
This means that the relevant national authorities will now have to develop the appropriate institutional, legal, regulatory and supervisory framework to ensure that the FATF requirements can be fully implemented at national level. In line with the overall FATF approach, national authorities will also have to assess the ML and TF risks associated with their national virtual asset and virtual asset service providers industry, and design commensurate measures to mitigate them.
This will be a major challenge since virtual asset activities and providers are still unregulated in most jurisdictions, and the virtual asset service providers sector’s compliance culture is still nascent or non-existing. FATF recently published some guidance to help national authorities and virtual asset service providers get a better understanding of the applicable AML/CFT requirements. It also strongly encouraged national authorities, including supervisors, to enter into a dialogue with their “domestic” virtual asset service providers, with a view to develop a deeper understanding of their relevant business models and operations, their potential exposure to ML/TF risks, as well as their associated ML/TF risks. FATF itself has initiated a dialogue with the private sector prior to the adaptation of its Standards, and will pursue this dialogue in order to monitor the implementation of the requirements, and the definition of technical solutions in particular with regard to VA transfers, and assess the impact on the development of the sector and of VA-related activities.
Finally, on virtual assets, it is important to note that some countries have chosen to prohibit virtual assets and related activities and providers. In that case, countries would still have to apply mitigation measures, which would include identifying virtual asset service providers or other obliged entities that may engage in virtual asset activities, that operate illegally in the jurisdiction and applying proportionate and dissuasive sanctions to such entities. Based on the country’s risk profile, prohibition should still require outreach and enforcement actions by the country as well as risk mitigation strategies that account for the cross-border element of virtual asset activities and virtual asset service providers’ operations.
In most cases, the FATF standards are technology neutral. However, we have taken an active role in clarifying how technological innovation can be a part of AML/CFT efforts. The FATF’s role is to establish a framework that national governments can tailor to their needs and context.
A good example of this is that we are currently developing guidance on how digital ID can be used for customer due diligence purposes under FATF Recommendation 10. We are clarifying how a variety of digital ID solutions can be used to identify ‘who a person is’ and if ‘they are who they say they are’ for the purposes of accessing the financial system.
Governments need to understand these digital ID solutions and their risks and benefits so they can take a tailored risk-based approach in allowing financial institutions to use them. This is an important step to encourage innovation and not hinder it.
The Guidance will also help banks assess these solutions in terms of what opportunities or risks they bring in their AML/CFT efforts. It will also help providers of digital ID services to understand the expectations of AML/CFT regulators when they are developing their products.
We are developing this guidance to illustrate that reliable, independent digital ID can bring enormous benefits. The guidance is in draft form but it advocates a risk-based approach to adopting new technology. FATF leaves flexibility for these solutions to develop. We are not saying the government or private sector or hybrid solutions are to be preferred. The important thing is to look at the technology and to understand the opportunities and risks that need to be mitigated.
Technological innovation allows us to draw links like never before. The use of new technologies is growing at a very fast rate. We need to pause and reflect on whether we are using all these new tools in an effective way. For example, in the context of digital ID, banks have been using digital forms of authentication at a high level to protect themselves from fraud. Let us ask ourselves, how can these very same technologies be used to better understand our customers? How can they be used not just to identify fraudulent transactions, but a whole range of suspicious transactions?
For government, how can services used to verify customers for government services be extended to improve solutions available to the private sector? How can solutions being used by the private sector be extended to develop more coherent and comprehensive systems? How can AML/CFT regulators work with cyber security experts, government service providers and government digital innovation experts to better tailor solutions in a national context?
HELPING AUTHORITIES PROMOTE RESPONSIBLE INNOVATION
So virtual assets and digital identity are two areas where the FATF is already very active in making sure that new technologies and even new sectors can flourish, without creating safe spaces for crime and terrorism. As you know we adopted new global standards on virtual assets a few months ago, and we will publish guidance on digital identity under my presidency.
But our agenda on promoting responsible innovation goes much further than these two areas. In particular, I want to say a few words about how technology is driving a transformation of the way we apply the familiar anti- money laundering measures in the context of traditional financial services and traditional financial institutions. There is a great deal of innovation in both public and private sectors:
On the private sector side, we are seeing increasingly sophisticated screening tools used for identifying potentially suspicious transactions or sanctioned people. The machine-learning tools already being used by some banks are able to cut the rates of false-positives in half — freeing the anti-money laundering staff to focus their attention on the cases that really need it. Tools for maintaining and sharing know-your-customer information are also being developed. While these are not yet widely deployed, they have the potential to avoid the need for repeated on-boarding processes with different institutions — by sharing customer information across borders and between institutions while also taking into account privacy considerations. The FATF has worked on how to remove legal obstacles to responsible information sharing, and we will continue to keep a close eye on how these technologies are deployed.
These examples highlight practical issues for FATF members: how should supervisors oversee the rollout of these technologies by the institutions that they supervise?
As FATF President, I have launched a new initiative to create a Supervisors’ Forum, which will bring together financial and professional supervisors from around the world to consider the use of new technology. It will look at:
- the extent to which supervisors should review and approve the deployment of new technologies by financial institutions to meet the AML requirements, and
- the tools and skills that supervisors will need in order to adequately supervise how these technologies are used.
Supervising the use of an automated system needs a different approach to traditional financial sector supervision – inspectors themselves will need to have IT tools which can help them analyse the data produced by banks, and will need to have an understanding of the technologies involved and how they work. Therefore, the rollout of new technology in the private sector is placing a new burden on supervisors.
However, there is also an upside for public authorities from new technology - and national authorities are starting to implement systems which bring real benefits in the fight against money laundering:
None of these technologies is universal - and some of them are being used only by a very few countries. So, there is a huge degree of potential still un-realised for us to use technology to improve the way we implement the AML/CFT controls.
While standard setting is the FATF’s key role, the FATF also plays an role in supporting authorities to put the standards in practice — by facilitating dialogue between countries, and by developing good practises so that the global AML/CFT community can benefit from these technologies in future years. The Supervisors’ Forum, and the FATF’s focus on technology issues - FinTech, RegTech, and SupTech - under the Chinese FATF Presidency - will help make sure we can realise those benefits.
I think this is a suitable point to close my lecture. I have seen the developments in anti money-laundering systems over time, and I feel we have seen a transformation of the risk environment for money laundering and terrorist financing, and a transformation in the way we fight those risks. But when I look ahead I see even greater transformations on the horizon. One of my biggest objectives as FATF President is to make sure we are ready for that.