Financial Services

Key impacts for EU traditional and cryptoasset based financial services following FATF’s publication of its February 2023 Plenary Session

Written by

Dr. Michael Huertas

RegCORE Client Alert | Banking Union

Financial Crime


The Financial Action Task Force (FATF) is the organisation that sets global standards (Recommendations) to prevent money laundering (AML) and financing of terrorism (CFT) as well as financial crime generally. FATF members are in charge of their own AML/CFT legislative and regulatory frameworks, but they do so using the risk assessment standards and methods outlined in FATF’s Recommendations.

On 20 February 2023 FATF hosted FATF Week and from 22-24 February hosted a Plenary Session to advance a number key changes. Delegates representing 206 members of FATF’s Global Network and observer organisations, including the International Monetary Fund, the United Nations, the World Bank, INTERPOL and the Egmont Group of Financial Intelligence Units, participated in the Working Group and Plenary meetings in Paris during FATF Week. EU legislative and regulatory policymakers were also present and participated in (re-)shaping FATF Recommendations. These in turn may need reflecting in the EU’s own legislative and regulatory rulemaking instruments, including in the forthcoming AML Regulation (AMLR), which is expected to replace the EU’s existing AML Directives (AMLDs) as well as the creation of a new centralised AML Authority (AMLA) – both developments will, as detailed in standalone coverage from our EU RegCORE, likely have a wide-reaching impact on traditional as well as cryptoasset focused financial services market participants as well as across the wider body of persons designated under AML/CFT legislation as “obliged entities”.

This Client Alert assesses the key announcements from this meeting and its implications for the EU and in particular financial services, especially given recent changes to the availability of transparency registers in the EU following landmark rulings from the Court of Justice of the European Union. See separate coverage from our EU RegCORE available here.Show Footnote

Strategic initiatives – beneficial ownership

FATF used the Plenary Session to communicate developments across a number of its strategic initiatives, including in particular on transparency and workstreams focusing notably on:

  1. Beneficial ownership of legal persons; and
  2. Beneficial ownership of legal arrangements;

In March 2022, the FATF agreed on tougher global beneficial ownership standards by requiring FATF members to ensure that competent authorities have access to adequate, accurate and up-to-date information on the true and ultimate owners of companies. As a result, FATF’s revised Recommendation 24 requires that members ensure that beneficial ownership information is held by a public authority or body functioning as a beneficial ownership registry, or an alternative mechanism they will use to enable efficient access.

EU legislative requirements implemented the requirements of Recommendation 24 into the AMLDs. This worked well until effective compliance ran into difficulty following a judgment from the Court of Justice of the European Union that was published 22 November 2022 (as discussed here) that effectively brought public access to beneficial ownership registers to an immediate halt. EU policymakers are currently, as at the time of writing hereof, using the finalisation of the AMLR and AMLA legislative and subsidiary rulemaking instruments to reconcile the concerns expressed in that judgment on the fundamental right to privacy balanced against the obligations imposed by FATF, to which the EU agrees to be bound, to facilitate access to registers on beneficial ownership of legal persons and legal arrangements.

Welcomingly, the FATF Plenary announced that it had now finalised a guidance document which, will be made available in March 2023 (see our forthcoming coverage on that) which aims to assist FATF members in implementing the revised requirements of Recommendation 24. This also includes assessing and mitigating the AML/CFT risks associated with foreign companies to which their countries are exposed. This guidance is the result of several months of intense consultation with external stakeholders and the private sector to ensure that the guidance is clear and addresses the questions that stakeholders in the public and private sectors may have. The guidance aims to facilitate the implementation of the necessary measures so that shell companies can no longer be a safe haven for illicit proceeds with links to crime or terrorism.

The FATF Plenary equally announced it had agreed on enhancements to FATF Recommendation 25 on legal arrangements and to bring those requirements broadly in line with those for Recommendation 24 on legal personsthusensuringabalancedandcoherentsetofFATFstandardsonbeneficialownership. Indoingso, the FATF sought input from relevant stakeholders, including through a White Paper consultation and a public consultation on proposed changes. FATF will start working on a guidance document to help countries implement the revised requirements of Recommendation 25.

It is very conceivable that the relevant EU authorities as well as certain national competent authorities (NCAs) may publish their own further (more directly applicable) guidance and communications on their respective supervisory expectations throughout the remainder of 2023 on topics that are addressed in FATF’s Recommendations 24 and 25 and respective interpretative guidance documents that are to be published.

Strategic initiatives – ransomware

In addition to the above, FATF furthermore announced that its members had approved a report on stopping the flow of money related to ransomware. FATF’s focus on this area flows from the noticeably significant increase in the scale and number of ransomware attacks over the recent years. Threat actors are increasingly using more sophisticated techniques to carry out their attacks. Such attacks can have a crippling impact on business activity and lead to disruptions of essential infrastructure and services – including those well beyond the financial services sector.

FATF reported that it had completed research that analyses the methods that criminals use to carry out their ransomware attacks and how they launder ransom payments. Criminals have easy access to virtual asset service providers around the world and jurisdictions with weak or non-existent AML/CFT controls are of concern. Given the transnational nature of ransomware attacks, FATF reminded members that it is essential that authorities in each country build on and leverage existing international cooperation mechanisms to successfully tackle the laundering of ransomware payments. Moreover, FATF warned that authorities also need to develop the necessary skills and tools to quickly collect key information, trace the nearly instantaneous virtual transactions and recover virtual assets before they dissipate. This means that authorities must extend their collaboration beyond their traditional counterparts to include cyber-security and data protection agencies. EU efforts in this area are expected to gather pace in the remainder of 2023 and through to 2024 and will likely announce further concrete measures that dovetail FATF publishing its research and guidance in March 2023 (see our coverage on that development). This FATF publication will also include a list of risk indicators that aim to help public and private sector entities identify suspicious activities related to ransomware. Relevant EU-level authorities and NCAs may publish their own additional guidance and supervisory expectations on risk factor identification, mitigation and management.

Additional strategic initiatives were announced by FATF in respect of virtual assets and virtual asset service providers as well as in the art and antiquities markets.

Improving implementation of FATF requirements for virtual assets and virtual asset service providers

Building on the work on ransomware, FATF also highlighted that the current absence of regulation in many countries on virtual assets leads to arbitrage and other opportunities that can be exploited by bad actors. FATF reminded members of its Recommendation 15, which was strengthened in October 2018, requiring members to introduce or revise existing requirements in respect of the “travel rule”. The travel rule, requires obtaining, holding and transmitting originator and beneficiary information relating to virtual assets transactions. The travel rule is implemented both at the EU level and equally in some EU Member States at the national level.

The Plenary agreed on a roadmap to strengthen implementation of FATF Standards on virtual assets and virtual asset service providers, which anticipates inclusion of a stocktake of current levels of implementation across FATF’s global network. In the first half of 2024, the FATF will report on steps FATF members and FSRB (FATF-style regional body) countries with materially important virtual asset activity have taken to regulate and supervise virtual asset service providers.

Raising the bar on AML/CFT risk prevention in the art and antiquities markets

On 27 February 2023, FATF finalised its report on AML/CFT risks in the art and antiquities market. Available here.Show Footnote The report also looks at how terrorist groups can get money for their operations by selling cultural items from places where they are active. FATF noted that criminals, organised crime groups and terrorists use the market for art, antiquities and other cultural items to wash their dirty money and pay for their activities. Criminals try to take advantage of the sector's history of privacy and use of third-party intermediaries and terrorist groups can use cultural objects from areas where they are active to fund their operations.

Most people who take part in these markets are not involved in illegal activities. However, there are risks that come with these markets, and many places do not know or understand them well enough. This makes it hard to investigate across borders because there aren't enough resources or people with the right skills.

FATF’s report has a list of risk indicators that can help public and private organisations spot suspicious activity in the art and antiquities markets. It also talks about how important it is to quickly find and track down cultural objects that are being used to launder money or fund terrorism. In order to deal with their problems, some countries have set up specialised units, given their people access to relevant databases, and worked with experts and archaeologists to help identify, track, investigate, and return cultural objects.

Suspending FATF membership of the Russian Federation

A year after the Russian Federation's heinous re-invasion of the Ukraine, FATF expressed its “deepest sympathies for the people of Ukraine for the needless loss of life and destruction of Ukrainian infrastructure and society.” FATF equally stated that the on-going “war of aggression against Ukraine runs counter to FATF’s principles of promoting security, safety and the integrity of the global financial system and the commitment to international cooperation and mutual respect upon which FATF Members have agreed to implement and support the FATF Standards.” As a result, the FATF Plenary suspended the Russian Federation’s membership. FATF equally reiterated that “...all jurisdictions should be vigilant to current and emerging risks from the circumvention of measures taken against the Russian Federation in order to protect the international financial system.”

Mutual evaluation assessments of Indonesia and Qatar

FATF also used the Plenary to discuss and adopt the mutual evaluation report of Indonesia and of Qatar. Indonesia has been a FATF observer since June 2018 and Qatar is involved in FATF by way of the Gulf Cooperation Council. FATF will publish the Indonesia and Qatar reports by May after the FATF's quality and consistency evaluation is finished.

FATF evaluated Indonesia in the context of its application for FATF membership. According to the mutual evaluation, Indonesia has a solid legal, regulatory, and institutional framework, which results in robust technical compliance in a number of sectors. Indonesia is also doing well in combating terrorist financing by utilising financial intelligence and internal and international cooperation, but it has to focus more on pursuing larger-scale money launderers and improving asset seizures. Indonesian authorities are being urged to strengthen risk-based oversight of designated non-financial enterprises and professions, as well as to deploy effective and dissuasive punishments in both the financial and non-financial sectors for noncompliance with preventive measures. Indonesia will keep working to meet the FATF's membership requirements.

The Plenary Session noted that Qatar had made a range of welcome changes to its AML/CFT framework in recentstandardsandthusitstechnicalcompliancewithFATFStandardswasnotedas“verystrong”. Qatar has also made positive steps to strengthen national understanding of the hazards of money laundering and terrorist funding, confiscate illegal assets, supervise the financial and non-financial sectors, and apply targeted financial sanctions for terrorist financing. Qatar has to make significant progress in a number of areas, including its law enforcement response to money laundering and terrorism financing, as well as its use of financial intelligence. Qatar should also increase law enforcement and competent authorities' access to beneficial ownership information, as well as strengthen the implementation of targeted financial sanctions fo r proliferation financing.

Announcing future scrutiny: 5th round of FATF mutual evaluations and other country specific developments

Aside from assessing Indonesia and Qatar, FATF announced jurisdictions (new to the list are South Africa and Nigeria) that are subject to “increased monitoring” Available here.Show Footnote (also known as the “black list”) as well as reiterating comments (as opposed to adding new jurisdictions) that apply to those that are subject to a “call for action” Available here.Show Footnote. A country subject to increased monitoring commits itself to resolve identified strategic deficiencies within agreed timelines.

FATF equally confirmed that both Morocco and Cambodia ceased to be subject to increased monitoring in particular given the efforts that each country has addressed in resolving technical deficiencies to meet the commitments of its action plan identified and agreed with FATF in February 2019 (Morocco) and 2021 (Cambodia)

Lastly, FATF members decided on the sequence of nations to be reviewed during the first year of the assessment cycle in preparation for the next round of mutual evaluations, which will begin in 2024. When the FATF approved the “Methodology and Procedures for the 5Th Round of Mutual Evaluations” in March 2022, delegates agreed that the Fifth Round would last six years. This necessitates the FATF evaluating around seven countries each year. The Methods and Processes for the 5th round of mutual assessments were released in March 2022, although they are not yet in effect and are subject to change until the next round begins. The FATF also discussed the FSRBs' preparations for the upcoming round of mutual evaluations.

Outlook and next steps

Another key development that sets the tone for the outlook ahead is that the FATF Plenary selected Jeremy Weil, from Canada to be the next FATF Vice President for two years beginning 1 July 2023. Mr. Weil succeeds Ms. Elisa de Anda Madrazo from Mexico who has led this role since 1 July 2020.

The Plenary Session packs in a number of key developments that affect both FATF members in future legislative and regulatory rulemaking as well as supervisory scrutiny. Particularly the EU will be under pressure to deliver in a timely manner. This in turn will impact financial market participants as well as the wider range of persons that are “obliged entities”. More importantly, all such private sector participants will want to consider how the range of announcements by FATF feed into their AML/CFT and financial crime prevention efforts both in documented policies and procedures as well as respective systems and controls including beyond updates to changes in country assessments that most will have reflected. The focus on ransomware, the arts and antiquities markets and a general step up vigilance on cryptoassets will all mean that regulators and regulated persons alike will have to prepare for a busy rest of the year ahead of new mutual evaluations and further change already scheduled for 2024.

About us

PwC Legal is assisting a number of financial services firms and market participants in forward planning for changes stemming from these developments.

One of the focal points of PwC Legal's Dispute Resolution practice is the representation of companies in the defence against class and mass actions, also using state-of-the-art legal tech solutions. In particular, the dispute team has extensive practical experience with the instrument of collective legal protection already provided for in German law - the model declaratory action. The same applies to the defence of representative actions under Germany’s Injunctions Act (UKlaG).

If you would like to discuss any of the developments mentioned above, or how they may affect your business more generally, please contact any of our key contacts or PwC Legal’s RegCORE Team via or our website.