FATF RECOMMENDATIONS ON DUE DILIGENCE PROCEDURES FOR FINANCIAL INSTITUTIONS

The international Anti Money Laundering (AML) and combating the financing of terrorism (CFT) standards are embodied in the Forty plus Eight Recommendations of the Financial Action Task Force (“FATF”). The Financial Action Task Force on Money Laundering (FATF), also known by the French name Groupe d'action financière sur le blanchiment de capitaux (GAFI), is an inter-governmental body founded in 1989 by the G7. The purpose of the FATF is to develop policies to combat money laundering and terrorist financing. The FATF Secretariat is housed at the headquarters of The Organisation for Economic Co-operation and Development (OECD) in Paris.

The Financial Action Task Force on Money Laundering accepted the Basel CDD paper as a benchmark document when undertaking a review of its Forty Recommendations for Money Laundering, and sought to extend the principles in the Basel paper to non-bank financial institutions and non-financial institutions such as lawyers and accountants. There is much in the Revised FATF Forty Recommendations that were published in June 2003 that reflect the work of the Basel Committee and the content of its CDD paper. There are some differences in the wording of the Revised Forty Recommendations as compared with the CDD paper. However, the differences are not points of substance.

They reflect the different focus of the FATF and the Basel Committee, as follows:

- the CDD paper is solely concerned with banks while the Revised Forty Recommendations cover all financial institutions and some designated non-financial businesses and professions. This distinction is reflected in the explanatory note attached to the Revised Forty Recommendations where it is stated “the principles set out in the Basel CDD paper concerning the identification of existing customers should serve as guidance when applying customer due diligence processes to institutions engaged in banking activities and could apply to other financial institutions where relevant”;

- the FATF’s area of concern is money laundering and terrorist financing whereas the Basel Committee’s focus is on banks’ risk management practices;

- the Revised Forty Recommendations are to be seen as a minimum standard which will be monitored by independent assessors whereas the CDD paper provides guidance on the essential elements of KYC standards for world wide implementation for all banks.

One important aspect of the Revised Forty Recommendations not stated so overtly in the CDD paper, and which is also reflected in the Methodology agreed by the FATF in February of 2003 for assessing compliance with those recommendations and the FATF 8 Special Recommendations on combating terrorist financing, is the emphasis placed on a risk based approach to customer due diligence.

The Forty Recommendations were first formulated in 1990 to address the laundering of proceeds of crime, in particular the proceeds of drug trafficking. In October 2001, following the terror attacks of 9/11, a strategic decision was taken by the FATF to broaden its scope and that of the money laundering control framework to combat the funding of terrorism. Eight Special Recommendations on Terrorist Financing were therefore adopted to supplement the Forty Recommendations. The Forty Recommendations were substantially revised in 2003. In their current form they provide detailed standards that countries and financial institutions must meet to combat money laundering and financing of terrorism.

Non-compliance with the Recommendations can impact negatively on the economy of a country. Financial institutions are required to give special attention to transactions and clients that are linked to non-compliant countries. These due diligence procedures slow down and, in certain cases, hamper the relevant transactions and clients. Non-compliant countries may also be subjected to appropriate countermeasures by other countries.

Customer identification and verification

The 2003 Forty Recommendations require financial institutions to identify their customers and to verify a customer’s identity using reliable, independent source documents, data or information. These procedures form part of general customer due diligence (“CDD”) procedures.

Whilst the current FATF CDD requirements are more detailed and strict than the pre-2003 requirements, they also allow countries to follow a risk-based approach in respect of CDD. It works like this.  The general rule is that customers must be subject to the full range of CDD measures. Nevertheless it is recognized that there are circumstances where (i) the risk of money laundering or terrorist financing is lower, (ii) information on the identity of the customer and the beneficial owner of a customer is publicly available, or (iii) where adequate checks and controls exist elsewhere in national systems. In such circumstances a country may allow its financial institutions to apply simplified or reduced CDD measures with respect to identification and verification.  For higher risk categories of customers or transactions, on the other hand, financial institutions are expected to perform enhanced due diligence.

The Recommendations must be read in conjunction with other relevant international standards.  Two publications of the Basel Committee on Banking Supervision provide an important CDD benchmark for banks.  The 2003 publication (the “Basel Guide”) requires specific information to be obtained from clients and for it to be verified as set out in the Guide. The guidelines are strict, but also allow a risk-based approach.

Residential address requirements

The 2003 FATF Recommendations do not explicitly require information to be gathered about a client’s residential address and for this information to be verified. The Recommendations simply require as a general  principle that a client’s identity should be established and verified using independent, reliable source documents, data or information (referred to as ” identification data”).  However, international best practice is that the client’s residential address should be obtained and preferably verified. Certain advanced jurisdictions such as the UK and the USA require residential addresses to be obtained and verified but allow institutions to accept non-standard verification documentation (for instance, a letter of a person in a position of responsibility or information relating to the address of next of kin) when persons are reasonably believed to be incapable of producing standard documentation or where they do not have a residential address.