FATF Recommendations that can benefit your business

#1: Risk-based approach. Approach your program with your product and business’s specific
AML/CFT risks and vulnerabilities in mind. You should identify relevant threats, monitor
customers to understand how much risk they present, and use this knowledge to implement
customized preventative measures.

#2: Comply with national regulations. All countries should have national AML/CFT policies
enforced by their FIU. It’s your responsibility to understand and comply with any laws your
governing FIU sets out.

#6-#7: Targeted financial sanctions. If your FIU has issued a sanction against parties known to
be involved in money laundering or financial terrorism, your business must adopt a sanctions
screening protocol. It is your responsibility to ensure your customers are not named on any
applicable sanctions list and avoid doing business with sanctioned individuals, entities, or
countries.

#8: Non-profit organizations. Even if your business is a non-profit, you must follow your
country’s legislation and any regulations set out by the FIU. Providing the same scrutiny and
analysis to non-profits ensures there is no terrorism financing hidden behind a legitimate entity.

#9: Financial institution secrecy. Privacy and secrecy procedures at your business must not
hinder the implementation of FATF Recommendations. This means you must follow regulatory
best practices even when determining internal processes. Your business’s policies should not
conceal illegal activity.

#10: Customer due diligence. Your business must implement KYC procedures to confirm all
new customers are who they say they are. In addition, you should use ongoing CDD measures to
monitor customer activity, confirm identities, and investigate any suspicious or unexpected
transactions.

#11: Record-keeping. Your business should maintain records of all customer transactions and
activity for at least five years. This will ensure you can respond quickly to any inquiries or
investigations by the authorities.

#12: PEPs (Politically Exposed Persons). Your business must have a process to identify PEPs
and acknowledge the risks they present. Use the regulatory requirements that govern your
business to determine when you should conduct KYC measures, identify individuals’ SOF
(Source of Funds/Source of Wealth), and maintain a process to continuously monitor these
individuals.

#13: Correspondent banking. Financial institutions must apply additional measures beyond
Customer Due Diligence when working with cross-border accounts. You should use Enhanced
Due Diligence (EDD) procedures, which involve a higher level of scrutiny, for any transaction or
customer deemed high risk.
#14: Money transfers. Countries are responsible for ensuring all parties that transfer money are
licensed and registered. When conducting these kinds of transactions, you should ensure the
service complies with FIU regulations.

#15: New technologies. As technology continues to change and develop, FIUs must continue to
assess the risks these new products present. Before adopting any new technology in your
business, you should ensure the system can support and comply with all relevant measures set
out by your governing FIU.

#16: Wire transfers. Any wire transfers you send must include identifying information, such as
the originator and beneficiary information. This will ensure any suspicious activity or party
involved in the transaction will be traceable by the proper authorities.

#17: Reliance on third parties. When working with other entities subject to regulatory
legislation, you must ensure to the best of your ability that they are also following appropriate
CDD measures.

#18: Internal controls. Financial institutions are required to implement widespread internal
measures to combat money laundering and terrorist financing. As this is open to interpretation,
it’s important to consult legal experts to evaluate the adequacy of your internal controls.

#19: High-risk countries. You should implement Enhanced Due Diligence (EDD) measures
when working with countries identified as high risk by FATF or other relevant governing bodies.

#20: Reporting suspicious transactions. Financial institutions (and any other business) should
promptly report suspicious transactions and activity to the appropriate FIU such as FinCEN. This
allows authorities access to information that may lead to further investigatory action.

#21: Confidentiality. Employees and businesses that report suspicious activity are protected
against criminal and civil liability. You should educate yourself and all employees on relevant
whistleblower legislation in your jurisdiction.

#22-23: Designated non-financial businesses and professions (DNFBPs). These are

requirements that apply to specific types of businesses including casinos, real estate agents,
lawyers, dealers of precious metals, and trust service providers. If your business falls into one of
these categories, it’s essential to consult with experts who understand your FIU’s regulatory
requirements.

#24/25: Transparency and beneficial ownership. You should conduct CDD and EDD
measures to identify the Ultimate Beneficial Owners (UBO) of any entity you work with. This
will help you ensure no parties are sanctioned or known to be involved in money laundering or
other financial crimes.

#32: Cash couriers. If transporting currency over physical borders, you must follow the
disclosure or declaration system set out by your FIU.
FATF Recommendations actionable by FIUs
The following Recommendations are more relevant to FIUs and other governing bodies directly.
We’ve included them here to provide the full picture of FATF’s purpose and to aid in your
understanding.

#3-4: Money laundering as a criminal offense. Authorities should be given the right to
investigate and confiscate any funds derived from this illegal activity.

#5: Financial terrorism as a criminal offense. The funding of individual terrorists or terrorist
organizations must be illegal in member states.

#26: Regulation and supervision of financial institutions. Countries must ensure all banks are
regulated and that they properly implement FATF standards.

#27: Power of supervisors. Supervisors must have adequate power to investigate and ensure
compliance.

#28: Designated non-financial businesses and professions (DNFBPs) regulation. These

businesses, which include casinos, real estate agents, lawyers, and more, must be registered and
subject to appropriate regulatory controls.

#29: FIUs. All countries must appoint a designated Financial Intelligence Unit to be a national
center for the receipt and analysis of information regarding money laundering, financing of
terrorism, and other financial crimes.

#30: Responsibility of law enforcement. Law enforcement and other authorities must promptly
investigate allegations around money laundering and financing of terrorism.

#31: Power of law enforcement. Authorities must have access to documents and all other
necessary information for the purpose of investigation.

#33: Statistics. Countries should track and maintain information regarding the efficiency and
effectiveness of all AML processes.

#34: Guidance and feedback. FIUs should aid individual businesses by establishing guidelines
around the Recommendations.

#35: Sanctions. There must be a range of appropriate, dissuasive sanctions for financial crimes.

#36: International instruments. Countries must implement relevant international conventions

such as the Vienna Convention, the Palermo Convention, and the Terrorist Financing
Convention.

#37: Mutual legal assistance. When money laundering situations arise, all countries should
rapidly and constructively provide legal assistance to assist with persecution.
#38: Freezing and confiscation. Countries must provide legal assistance to freeze, confiscate,
and otherwise take action on illegally obtained assets.

#39: Extradition. Money laundering and financing terrorism are extraditable offenses; countries
should manage all requests promptly.

#40: Other international cooperation. Countries must take all necessary steps to cooperate
with FATF Recommendations.