Insights from recent Financial Action Task Force (FATF) Guidance.
The FATF recently published guidance in relation to Risk-Based Supervision. While the guidance is aimed at Supervisors (i.e., national Regulatory bodies) there are still some great learnings you can take away from it particularly in relation to your own internal oversight and assurance activities. In this blog, we identify they key take outs from the guidance and highlight how you might apply the same approaches in your own business.
Risk-Based Supervision Guidance.
The guidance highlights Supervisors are tasked with three core roles:
- increasing reporting entities awareness
- monitoring and enforcing compliance, and
- taking action when needed.
Recognising that supervisors have finite resources; the guidance emphasises the need to tailor responses to the risks faced and decrease the regulatory burden on lower-risk sectors. Interestingly, in Oct 2020, FATF amended its recommendations to ensure the assessment of proliferation financing (PF) as a specific risk. This guidance now highlights the need for supervisors to consider PF exposure and monitor how entities assess this in practice. Something to add to your risk assessment refresh if you haven’t already.
Overall, there is a LOT of information in this one but relevantly, FATF focuses on measuring outcomes, which should include how well a supervisor:
1) Understands the risk
2) Targets its supervisory strategy to focus on the higher risks
3) Positively influences Reporting Entities behaviours
4) Monitors the evolving environment
5) Is equipped with the right resources
6) Coordinates with other authorities (locally and internationally)
So how you do think our own regulator AUSTRAC would be assessed in terms of these objectives? Having undergone multiple restructures in recent years, they are increasingly targeting specific sectors of the reporting entity population they regulate. Have they got the balance right between monitoring and enforcement yet?
MWC recently met with AUSTRAC’s new National Head of Legal, and Enforcement and we believe they are looking to diversify the range of tools available to them in their regulatory toolkit – although with high profile cases like Crown looming, it is hard to see them stepping away from the larger-scale actions any time soon.
There also appears to be an increasing appetite for longer-term enforcements – similar to monitorship appointments applied internationally where an entity is subjected to ongoing oversight by an external party. This enables the focus to remain on what needs to be done with a view to changing and internal culture and ensuring lasting outcomes (not just remediations).
There is also a large sector of the population willing to comply but lack the people or skill set to implement the required frameworks. This would be an ideal sector to target with more collaborative compliance measures.
How might you apply FAFT’s approach in your own business
- Don’t forget AML/CTF is risk based. Having done your own ML/TF Risk Assessment you should now be aware of the areas in your own businesses (products, channels, customers, jurisdictions) which pose the most risk – focus your attention and resource on those higher risk areas.
- Take every opportunity to increase awareness about your specific ML/TF risks – don’t treat training as an annual compliance burden. Remember the more your business is thinking about what might be unusual or suspicious the more they will raise it with you demonstrating your Program is operating effectively.
- Review your monitoring and oversight plan for the year – have you got the right resources to conduct it? Are you focused on the highest risks? Are you escalating issues and is it receiving the right level of management attention and action?
- Track issues, those arising from your own monitoring and oversight, audit or regulatory findings and ensure they are actioned, or appropriate consequences are applied where they are not – this is an often-overlooked obligation in your Part A Program.
A bit about FATF
Who is FATF?
The Financial Action Task Force (FATF) is the global money laundering and terrorist financing watchdog. The inter-governmental body sets international standards that aim to prevent these illegal activities and the harm they cause to society. As a policy-making body, the FATF works to generate the necessary political will to bring about national legislative and regulatory reforms in these areas.
What do they do?
The FATF’s objectives are to set standards and promote effective implementation of legal, regulatory and operational measures for combating money laundering, terrorist financing and other related threats to the integrity of the international financial system.
FATF monitors countries’ progress in implementing the FATF Recommendations; reviews money laundering and terrorist financing techniques and countermeasures; and promotes the FATF Recommendations’ adoption and implementation globally. Countries are generally subject to a Mutual Evaluation (ME) process every six years where a team of experts reviews the countries compliance with the FATF Recommendations considers how effective they are and provides a scorecard by way of public report rating compliance (compliant / partially compliant / not yet compliant) against each of the recommendations.
Worst case scenario countries who do not adhere to the FATF Recommendations or cannot demonstrate an effective risk framework has been implemented might be added to a follow up list (‘the grey list’) or sanctioned. This has the effect of increasing the cost of doing business with a country and financial institutions in it due to weak AML/CTF controls.
Australia’s next ME is expected in 2022/ 23 which may seem like a long way off, but it is ALWAYS preceded by a flurry of activity including legislative reform and enforcement as the country prepares for its own on-site regulatory review.