How supervisors can step up the AML fight

What has changed in the fight against money laundering since you took office as president of the Financial Action Task Force (FATF), in July 2020?

Marcus Pleyer: My presidential term has been very much impacted by the Covid-19 pandemic, so what we see is of course an increase in fraud, including that in relation to government aid. We see a surge in online transactions – that is a high priority for us currently. Also cyber security issues, such as ransomware attacks where the money is laundered through crypto.

Virtual assets have expanded over the years, and are now really increasing. At the beginning, if you compared virtual asset transactions to real money transactions, the gap was huge – it’s still huge but it is diminishing. Virtual assets are creating opportunities for criminals and, without regulation, they could become a safe haven for financial transactions with links to crime or terrorism. This is why it is very important our new rules on virtual assets are effectively implemented.

These one and a half years also saw a huge discussion about stablecoins. We have all observed the decline of Libra or Diem, but I think the discussion will not go away, and neither will the phenomenon. This is something that is much more attractive for normal consumers, so it is something we have to look at. Central banks also have to look at whether they want to work on their own digital currencies.

There is also the whole area of decentralised finance, which tries to promise total anonymity and no centralised control. That is, of course, a challenge. Ultimately, however, if a business provides financial services, then it needs to apply anti-money laundering (AML) rules.

One of your aims has been to drive digital transformation in AML and countering the financing of terrorism (CFT). What are some of the key goals here, and how is that work progressing?

Marcus Pleyer: The FATF has for a long time looked to the risks of digital transformation. But I think we should also look at the opportunities the technology offers for the fight against money laundering.

I am very aware that we see high numbers of suspicious transaction reports (STRs), but they do not correspond with the extremely low numbers for convictions. There is a gap, and digital tools can make the fight more efficient on the side of the private sector, through know-your-customer checks, monitoring and STRs, but also for the operational agencies such as financial intelligence units and law enforcement agencies.

Under my presidency, we began a series of projects on how supervisors, operational agencies and the private sector can harness the opportunities of new technologies. We also highlight examples of best practices in how to overcome the challenges when incorporating these new technologies into your AML workflows.

We see money laundering and terrorist financing cases taking place across financial institutions, across borders and in a speedy manner. On the other side, the AML/CFT authorities need to strengthen their capacity to respond to these threats and also be fast and work with high-quality, efficient measures.

Digital tools can also help with a more granular application of a risk-based approach. This can open up room for financial inclusion, bringing more people into the regulated financial system. By doing that, you also improve the effectiveness of AML/CFT measures.

Our aim is to identify the opportunities of digitalisation, such as digital ID. The FATF has been the first international organisation to publish and advise on digital ID. It came just in time – in spring 2020 when the banks were unsure how to proceed, especially with identification.

We also identify the necessary conditions, policies and practices that need to be in place to successfully implement these technologies. Finally, it is important the public sector better understands how digital technology can help detect and investigate money laundering, and how the private sector uses these technologies.

Would you say authorities are gathering enough data for AML purposes?

Marcus Pleyer: Instead of focusing on whether they collect sufficient data, I would focus on whether such collection is risk-based. The data needs to be focused, targeted and proportional. It needs to help countries respond to the most important risks, to identify the emerging trends. Data collection needs to be tailored to address national AML strategies and priorities.

Having risk-based data collection can also minimise potential data privacy concerns and better respect the rights of individuals. This is something that is important to me, and the FATF has started a project on how digital tools can help information sharing while protecting the data.

In the past two years, we have been looking at the level of digital adoption of our members. More and more countries have been adopting digital solutions, especially to support data collection, data triage and analysis processes. But collecting more data is different to collecting the right kind of usable data. What we see is countries sometimes spending a lot of effort on data cleaning before they can use the data in a meaningful way.

You mentioned the importance of a risk-based approach. Is this method becoming more common among FATF members?

Marcus Pleyer: It is, definitely. We introduced the risk-based approach eight or nine years ago. It is a long process and countries need to move away from a tick-box approach to a more risk-based focus.

Risk-based is, in a way, a kind of proportionality: you have to tailor your measures in a proportional way. You must be effective, but you don’t have to exaggerate. We don’t want firms to de-risk and terminate all of their clients, we want a really tailored approach where institutions concentrate on individual risks.

What digital tools might authorities consider adopting?

Marcus Pleyer: To be clear, the FATF does not prescribe particular tools but, in our project on the opportunities of new technology, we highlight how different types of digital technology – from advanced analytics to machine learning – can have the best potential to improve the efficiency and effectiveness of AML/CFT measures. For example, machine learning reduces the need for manual input into monitoring, it reduces false positives and it helps identify complex cases. Artificial intelligence (AI) can detect patterns of suspicious transactions much more easily than the human brain. Then there is natural language processing (NLP) and soft computing techniques that are useful for analysing a vast amount of data from disparate sources, such as the text in STRs.

Again, we are not concentrating on particular companies or fintechs, but highlighting what the technology can offer. FATF is a great platform for information exchange. You may know that our members and regional bodies equate to more than 200 countries. So, if there are great solutions in one or two parts of the world, they can easily be exchanged globally. It’s a wonderful knowledge platform.

Are you seeing greater use of innovative forms of data, more use of unstructured data, text data, and so on?

Marcus Pleyer: If a financial intelligence unit receives millions of STRs a year, NLP can help categorise and analyse the information.

There is much more data to explore, not only payment information but also companies that bring in new data. When you identify your customer, this is not only about scanning their passport, you can also find out if the person’s mobile phone is in the particular part of the world we would expect this person to be.

This is interesting because – and this is what we found with our paper on digital identification – with all this digital information, you can be much more accurate than in the analogue world.

You previously mentioned the rise of crypto – or virtual – assets. Do authorities need to take more action in this regard?

Marcus Pleyer: Crypto assets are very attractive to individuals and businesses because of their speed and global reach but, at the same time, they are attractive to criminals and terrorists. In the past decade we have seen extensive use of crypto assets for a range of crimes.

Just before this interview, I looked up numbers that [cryptocurrency research firm] Chainalysis provided. They found that, in 2021, more than $14 billion was connected with illicit crypto addresses. This is a huge increase if you compare it with past years.

The FATF issued new standards on digital assets in 2019; we were the first binding standard-setter in this area. We reviewed progress twice, most recently in 2021, and found less than half of countries worldwide reported they had the necessary legislation in place to implement these standards.

So we are still far away from global, coherent regulation of virtual assets, but this is what we need. It is so clear that a virtual asset is a tool that can be easily used across borders, so the risk of leaving loopholes is high, the risk of regulatory arbitrage is very high. FATF is pushing countries very hard to implement our new standards.

Our strategy is to perform mutual evaluations of countries. We will focus on whether countries have implemented these new standards, and if they have not, we have processes in place to address this.

How much of a problem is it for authorities to trace crypto assets when they are used in illicit activities?

Marcus Pleyer: It depends on the assets. Bitcoin is something you can very easily follow. But then there are these ‘mixers’ that mix virtual assets, which then make it more difficult to follow the trace. Take a case of a ransomware attack where the ransom was collected in bitcoin and then the bitcoins were exchanged into monero. It is then more challenging for law enforcement to follow that trace.

How important is co-operation between different authorities, both domestically and internationally? Do authorities need to put more effort into improving co-operation?

Marcus Pleyer: Co-operation is absolutely vital between agencies and internationally. It is important for the national AML/CFT co-ordinating agency to have a national AML/CFT information-sharing strategy.

There are so many agencies involved in each jurisdiction, and not only the agencies; it starts with the private sector, which is patrolling the first line of defence. Sometimes we go into a country and hundreds of agencies are involved in AML/CFT. They all need to talk to each other. So co-operation is absolutely vital, and this is why the FATF encourages countries to facilitate interagency and public-to-private information sharing.

We have seen great initiatives, for instance in the UK with the Joint Money Laundering Intelligence Taskforce. I think these kinds of public-private partnership can pave the way for information-sharing at a cross-
border level.

You previously noted there can be tension between AML enforcement and privacy laws. Is there a way to resolve – or at least mitigate – that tension?

Marcus Pleyer: I don’t see this as tension if we work together. Both issues are important policy objectives and they can be compatible.

On one side, we need to fight money laundering/terrorist financing effectively and, for that, supervisors need more data than is sometimes available to them. Being able to access relevant data held by other parties can help a lot. If banks can get a fuller picture of their clients’ activities through collaborative analytics, for example, then they are much more likely to detect suspicious transactions.

On the other side, privacy and data protection comes from human rights, a very important issue – especially for me as a European president [of the FATF]. Both are significant public interests that serve important policy objectives. They are not mutually exclusive. For that reason, I have started a project that looks into ways digital technology can help us reconcile these
important issues.

This is about encryption technologies, which can allow the responsible sharing of data while upholding a high level of data protection. There are other technologies we have learned about through this project; for example, travelling algorithms – you don’t pool the data but the algorithm goes to one bank, looks at the data, then migrates to the next bank. If it finds any strange connections, it raises the alarm.

You mentioned co-operation, which we usually think of as co-operation between AML agencies. But we also need co-operation between the different ‘bubbles’: the bubble of AML people, the bubble of technology developers and the bubble of data protection people. These people need to work together on solutions.

Has there been much progress in that regard?

Marcus Pleyer: We started this project a year ago when we brought these people together. They are now sitting in one room and working on a solution. But it is complicated. We are a global organisation trying to find best practices that are valuable for all our jurisdictions with their very different cultural and legal backgrounds.

The technology is developing. At the beginning of the project, we heard people say they had the idea but it still needed development. Now it is emerging. In German we say “it’s still in children’s shoes”.

Are there particular things central banks should be doing to improve their AML/CFT oversight?

Marcus Pleyer: As supervisors, central banks monitor financial institutions’ activities, risk exposure and the implementation of AML/CFT regulation, at least in some parts of the world. The data gathered during supervisory activity is crucial to the identification, assessment and understanding of AML/CFT risks at a national level.

Even in cases where a supervisor is only supervising prudentially, it is very important they co-operate with the AML supervisor. AML supervision does not work in an independent room – it needs to be connected with information from the banks.

Data must be gathered, assessed and analysed effectively. It must be done in a way that improves money laundering/terrorist financing risk understanding. I think there are some things that central banks could do – one thing I mentioned earlier is that supervisors need to understand the technology that banks use to mitigate money laundering/terrorist financing risk. More and more technology people are needed, not only classical supervisors who can read balance sheets, but also people who understand how AI works.

Central bank digital currency (CBDC) must have financial integrity by design. Some say virtual assets are digital cash, but that is not true. Digital money will always leave a trace and, for that reason, if a central bank issues CBDC, they must ensure this money cannot be misused for money laundering or terrorist financing.

Might the issuance of CBDC assist with AML efforts, if it brings transactions from the crypto industry into the central bank’s own systems?

Marcus Pleyer: Yes, of course. If I as a consumer can choose between virtual assets issued by some private company or a virtual asset issued by the central bank, my confidence is much more with the central bank. Money is all about trust. The trust will be much higher with central bank-issued digital money, I think.

You mentioned a need for CBDC not to be exactly cash-equivalent. I think many central banks are now moving in that direction, towards some sort of trade-off between pure anonymity and the need to tackle AML/CFT risks. Is there an upside to the declining use of cash from an AML standpoint?

Marcus Pleyer: There are different cultures in different countries. Some stick very much to cash, and cash is an expression of freedom in many countries, so that is something we have to respect. On the other side, we know that cash can be misused, and we see from Europol and other surveys that cash is still king.

For that reason, the FATF is not pushing countries to abolish cash, but just to address the risks that are involved with using cash. That can be addressed by reporting above a certain threshold, and so on. If people move more into the digital area, it’s easier to detect money laundering/terrorist financing. But we have to respect jurisdictions that still want to use cash as they have always done.

You previously mentioned the proliferation of AML/CFT challenges. Are you optimistic the situation will improve in the coming years?

Marcus Pleyer: I would not be in this position if I were not an optimist, but of course it is a never-ending battle. As long as there is money there will be money laundering.

What I can say is our members, in the past 30 years, have improved their AML/CFT systems incredibly, especially when it comes to what we call ‘technical compliance’. They have implemented our standards to a great extent into law.

Where we still see a lot of room for improvement is in applying these rules on the ground, what we call ‘effectiveness’. That is something we are concentrating on in our new round of mutual evaluations. We are currently in our fourth round, which will come to an end in the next one to two years, depending on the pandemic. Then we will start a fifth round, evaluating all 200 jurisdictions. We will have increased focus on measuring the effectiveness of their systems.

Money laundering fuels serious crimes and, for that reason, it is important that all jurisdictions effectively implement our standards.

Marcus Pleyer became president of the Financial Action Task Force (FATF) on July 1, 2020, having previously held the position of vice-president for two years. He also currently serves as deputy director general in the German finance ministry, where he is responsible for policy development and international engagement on global financial markets, as well as AML, digital finance and more. Pleyer holds a master of law degree from the University of Edinburgh, a master of business administration from the University of Wales and a PhD from the University of Dresden. He also studied law at the National University of Singapore and University of Heidelberg before qualifying as a judge in 1997.