SCOOP: FATF to Possibly Issue New Anti-Money Laundering Recommendation
Matt Squire of MoneyLaundering.com reported a nice little scoop (subscription required) yesterday that Financial Action Task Force (FATF), “may issue a formal recommendation on standards to minimize the use of international trade to help launder money and finance terrorism, a person familiar with the organization says.” The next meeting of the FATF takes place October 8-12 in Paris and a discussion on trade-based money laundering is scheduled.
What makes this scoop newsworthy is that while terrorists have been working night and day on new schemes to skirt current banking regulations and technology, the FATF doesn’t update or issue new recommendations with any sense of urgency.
The FATF issued its annual report back in August, but has been quite awhile since this august body has updated its 40 Recommendations to counter money laundering (2003) and and its Nine Special Recommendations to combat terrorist financing (2004).
According to the official FATF website, this international policy making board of 34 members regularly meets to monitor “members’ progress in implementing necessary measures, reviews money laundering and terrorist financing techniques and counter-measures, and promotes the adoption and implementation of appropriate measures globally. In performing these activities, the FATF collaborates with other international bodies involved in combating money laundering and the financing of terrorism.”
If the FATF is in a rare mood to issue new recommendations, here’s hoping this post draws their attention to a serious flaw in the board’s Know Your Customer (KYC) recommendations.
Currently, Recommendation Five of the 40 Recommendations states
“The customer due diligence (CDD) measures to be taken are as follows:
a) Identifying the customer and verifying that customer’s identity using reliable, independent source documents, data or information.
b) Identifying the beneficial owner, and taking reasonable measures to verify the identity of the beneficial owner such that the financial institution is satisfied that it knows who the beneficial owner is. For legal persons and arrangements this should include financial institutions taking reasonable measures to understand the ownership and control structure of the customer.
c) Obtaining information on the purpose and intended nature of the business relationship.
d) Conducting ongoing due diligence on the business relationship and scrutiny of transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the institution’s knowledge of the customer, their business and risk profile, including, where necessary, the source of funds.”
Here’s the problem: Independent source documents are easily and often fake. There is a world-wide black market economy surrounding the production of fake identities so the only real way to determine who is who is to use an identity resolution solution. To catch a sophisticated criminal, compliance officers need to implement sophisticated similarity search techniques to resolve multiple identities into one unified view.
Identity resolution is an operational intelligence process whereby organizations can search disparate data sources with a view to understanding possible identity matches and non-obvious relationships across those sources. It analyzes all of the information relating to individuals from multiple sources of data, and then applies likelihood and probability scoring to determine which identities are a match and what, if any, linkage exists between those identities.
So if a customer uses a false identity, it’s still possible for a compliance officer to triangulate a real identity if he/she can access multiple data sources, not just a single, unreliable document.
If the FATF is open to outside recommendations, we’d recommend an update to the nine recommendations out of the 40 that concern customer due diligence due to technological advances since the original recommendations were issued in 2003.
I have some questions to ask about this article. Gladly would have addressed them to the writer and/or by telephone but, as I cannot find these details:
Any update on whether FATF is going to go ahead with this apparently proposed new recommendation?
Regarding ‘identity resolution solution’ and the ensuing sentence. What does the term mean? Will it check, for example, photographs? Is a software ‘solution’ implied? Or a new method of recording/proving ID such as an ID card backed up by say fingerprints/DNA?
Re: the ‘multiple sources’ mentioned. Does this include electoral registers and other government lists of data? Or other things entirely? Or all of the above?
Is the main thrust of the article an argument for a software algorithm/solution/etic as a compulsory tool for CDD in the absence of an agreed, unified and trustworthy ID format?
Does ‘CDD’ cover just the initial ID check at start of relationship and/or ongoing monitoring also?
Thought-provoking article, by the way (certainly prompted all these questions) and an excellent blog.