Speech by David Lewis
FATF Executive Secretary
AI & Blockchain Summit
Smart City Expo World Congress
Barcelona, 21 November 2019
Thank you for inviting me to speak to you today.
When people first meet me, they find out I work for the Financial Action Task Force, the FATF… and a few questions usually come up. Some people say to me:
You must know a lot about money laundering… got any tips?
They are usually joking. I think. Tips is probably not the right word… but yes, I know a few things about money laundering.
Other people say:
The Financial Action Task Force, what’s that?
The FATF is the global money laundering and terrorist financing watchdog. We set international standards for more than 200 countries and jurisdictions to help authorities go after the money that enables serious crime, corruption and terrorism. And countries that don’t comply with our rules are named and put on a blacklist, which can have serious economic consequences for the country concerned.
I’m sure everyone here knew that answer
Stopping money laundering is not just about stopping some accountant from fixing the books.
Stopping money laundering is about saving peoples’ lives. It’s about going after the money in people trafficking that sees hundreds of thousands of people being forced into prostitution and forced labour.
Stopping money laundering is not just about getting banks to carry out extra due diligence checks on suspicious customers.
It’s about stopping drug dealers from laundering their money which can be used to fuel gun crime, stabbings and murders.
Everyone here today, stopping money laundering is not just a box ticking exercise for your organisations.
Stopping money laundering is about helping people and creating a just society. It is about preventing corrupt politicians from using tax havens to plunder a country’s finances while the local population live in extreme poverty. It is about stopping exploitation.
So… for those of you who work in governments or the finance industry or tech or other industries… that are involved in implementing our standards…. Don’t think of this as just a technical exercise that you have to do to because the FATF tells you to do it.
The FATF global standards are here, ultimately, to protect society.
To stop the harm caused by serious crime… and you can be part of making a difference.
As part of making that difference, today I want to focus on a new push by the Financial Action Task Force to ensure that our standards keep up to date with the latest technology. In particular, Digital ID.
Digital identity is growing rapidly all over the world… and it can make a drastic difference to peoples’ lives.
Ironically, a member of my staff who is leading this project could have possibly benefitted from some. She’s an Australian - born in India - trying to get married in France… and is currently facing major problems proving her identity. Neither the Australian or the Indian government will attest that her birth certificate is valid.
So this is just one example of how digital ID, if it was around decades ago, might have made a difference.
The new technology involves everything from electronic ID cards to face, iris and fingerprint scans… and enables a person’s identity to be proved online.
It has the potential to revolutionise the way we interact with public institutions and the private sector.
Because the number of online transactions keeps growing, we need to have better ways of establishing our electronic identity.
The UN and World Bank have already set goals to provide everyone on the planet with a legal identity by 2030 – for countries to build inclusive, trustworthy ID systems. This has meant that some developing countries are leapfrogging ahead and going straight to digital ID systems.
There are already numerous national electronic ID schemes being launched.
India’s is the most famous. There have been significant challenges, but it’s Aadhaar national biometric ID scheme has enrolled more than a billion people – covering welfare, tax payments and access to social services.
ePassports are increasingly being used and digital driving licence projects are being pushed in the US, UK and Australia.
And some countries, like Estonia, are at the forefront of developments…. where citizens can vote online, get an online prescription from a doctor, pay taxes online and Estonia has even developed an e-residency programme.
So the changes are big. Things that used to require queuing up for hours, and signing and producing lots of paperwork, are now being handled on someone’s mobile phone.
And as the technology becomes more sophisticated and efficient, it is likely to gain more mainstream appeal as we move towards more mobile societies.
So as people become more mobile and use their mobiles more – the implications for digital ID are profound.
And this will present challenges to governments and companies.
The way to ensure these systems are safe and secure, is for close collaboration between the financial sector, public authorities and digital firms – to ensure the implementation of best practices.
That’s where the Financial Action Task Force comes in.
We are developing guidance to clarify how digital ID systems can be used by banks and others to identify and verify a person’s identity. This is a critical part of preventing money laundering and terrorist financing – to know who you are dealing with or providing services to.
There are a number of elements to this.
One is focusing on helping banks use digital ID for existing and new customers.
We don’t want rules and regulations to hold back banks from embracing technological change, and end up with a reliance on old paper-based systems.
If we can ensure digital ID systems are safe – with clear and effective customer due diligence in place – then we want people to be able to use them.
Which is why we want banks and other financial institutions to take a risk-based approach to digital ID.
The FATF is currently consulting the private sector to get their opinions on the best ways to ensure digital ID is safe – to combat the specific money laundering and terrorist financing risks.
We are asking for authorities, banks and crypto currency firms to think about the risks involved… about what data is captured and how is it verified … what kinds of records are kept and so on. We are also consulting them on the implementation of know your customer rules and anti-fraud measures.
All these things are needed to make digital ID systems as secure as possible - to help fight against money laundering and terrorist financing.
For example, it is not uncommon to see people establish accounts with a real identity and then sell or give this identity to an organised crime group which uses it to launder funds.
Digital ID could help check that the person using the account is the same person that opened it.
So a lot of possibilities.
The second thing we are focusing on is financial inclusion.
According to the World Bank, around one billion people don’t have any official proof of identity, any relevant paper ID…
In low-income countries, one in two women do not have identification.
This lack of documentation is a critical barrier to accessing services and banks…
It means people can’t use financial services and excludes them from economic opportunities, even limiting their political and social rights. It also increases potential money laundering risks as people then are operating in a black market.
So secure, protected Digital ID systems are crucial. They can potentially help people engage with their country’s legitimate economy and not the black economy.
For example, Digital ID can make it easier for people to open a bank account, as they would not always rely on strict paper documentation requirements.
And practically, Digital ID could mean new bank customers are brought on board remotely… and make the process cheaper. There are a lot of potential benefits.
Thirdly, digital ID presents an opportunity to put in place good working practices of collaboration and cooperation between authorities, banks, the tech and private sector – and between governments and the FATF – to work together to create a safer financial system.
Some people think digital ID schemes are only provided for by governments. But the private sector is getting increasingly involved – and what is important is ensuring reliable, independent systems.
Those systems would help combat money laundering.
It is very hard to estimate how much money is laundered around the world – but various reports and investigations put the figure at somewhere between the many hundreds of billions of US dollars and trillions of dollars every year.
Money laundering allows drug dealers, arms traffickers, corrupt politicians – you name it -- to conceal their dirty cash.
So cooperation between governments, banks and the private sector is crucial to creating a more secure financial system.
At the moment, many countries are playing by their own digital ID rules.
But what we are seeing develop is a growing, global digital ID world… and the FATF global standards can help collaboration between major players. We have been very proactive in engaging with digital ID experts and the private sector to develop something that can work.
And we are asking for feedback to help us create the best and most effective standards.
Finally, I want to talk to you about risks.
Traditional forms of identification obviously carry well-known risks. But when discussing the possibilities of Digital ID’s we also have to look at the dangers… and for that matter, learn a whole new vocabulary.
Phishing. Cyber attacks. Man in the middle attacks. Synthetic identities. Credential stuffing. These are just some of the terms used. Do you know all of them?
The fact is that criminals are becoming more technologically sophisticated.
That’s why a key aim of our guidance is to increase the broader awareness of what digital ID is and what it involves, to understand the risks.
The risks can occur at different stages.
Criminals can try to impersonate another person by stealing their identity. They can create a ‘synthetic identity’ by mashing together real and fake information.
Large databases could also lead to opportunities for fraud and identity theft. And sophisticated attacks online could target many people in one go.
Another risk is the period when an identity is being authenticated. Stolen, weak or default passwords are behind more than 80 percent of data breaches.
There are going to be risks in the future that we don’t even know about. I’m not going to go all Donald Rumsfeld known unknowns on you – but you get my point. Systems are constantly developing – and criminals will seek to exploit them in new ways.
The FATF Guidance provides advice on how to assess and manage these risks. And sets out an overall framework that focuses not only on Digital ID, but also issues such as data protection, resourcing, maintenance and much more.
We want to help the world get ready for the technological change that is already underway and changing the financial landscape fast. With common sense, cooperation and good will we can take important steps to take action on money laundering and terrorist financing.
Stakeholders have until the end of the month of provide us with feedback.
We aim to finalise the guidance in 2020.