3 Core Functions of an FIU (2024)

Financial institutions

Banks were the first institutions to be specifically subjected to the reporting obligations under the original 1990 Recommendations. Nonbank financial institutions were also included in principle, but no list of such institutions was provided in the recommendations. A working group of the FATF was established to set out a minimal list of nonbank financial institutions and other professions dealing with cash that could be made subject to the recommendations. In the 1996 Recommendations, “financial institutions” were subjected to the reporting and other recommendations. These included those that were subject to prudential supervisory regime, such as banks, insurers, and stock dealers, and those that were not, particularly bureaux de change. These are now included in the scope of “financial institutions” in the 2003 Recommendations.⁴⁷

The 2003 Recommendations clarified the scope of the reporting obligation (and other obligations) by, among other things, providing a detailed list of what constitutes “financial institutions.”⁴⁸ The list includes not only the institutions normally subject to prudential supervision, such as those accepting deposits, making loans, underwriting insurance, or managing portfolios, but also formal and informal money- and value-transfer services.

Bank and insurance and securities companies

At the start of the fight against money laundering, the focus of attention was on credit and financial institutions, such as banks and insurance and securities companies. It was recognized that when these institutions were used to launder proceeds from criminal activities, their soundness and stability could be seriously jeopardized and the public’s confidence in the banking system as a whole could be lost.⁴⁹ At the same time, it was clear that keeping the financial system from being used for money laundering was a task that could not be carried out without the cooperation of credit and financial institutions and their supervisory authorities.

The Declaration of Principles adopted in December 1988 by the Basel Committee on Banking Supervision constituted a major step toward involving banks in the prevention of the use of the financial system for money-laundering purposes. Since public confidence in banks, and hence their stability, could be undermined by adverse publicity owing to their inadvertent association with criminals, the Declaration of Principles encouraged banks’ managements to put in place effective procedures to ensure that all persons conducting business with their institutions were properly identified, that transactions that did not appear legitimate were discouraged, and that cooperation with law-enforcement agencies was achieved.⁵⁰

Although, because of its ability to move funds rapidly, the banking system was considered especially vulnerable to money laundering, insurance companies have also been identified as major targets of money laundering, because of the variety of services and investment vehicles offered that can be used to conceal the source of money.⁵¹

Life insurance and, in particular, life insurance products with an investment feature are favored by money launderers. Money can also be laundered, however, by the use of other types of insurance. For example, illegally obtained funds may be used to purchase assets that are deliberately destroyed in order to enable the holder to receive “clean” claim money from an insurer. Most countries have established, in accordance with international standards, reporting duties for life insurance companies. Countries can also consider imposing similar AML/CFT requirements on certain other types of insurance contracts. Insurance intermediaries also play an important part in finding customers for insurance companies and undertaking transactions on their behalf. For this reason, in accordance with the FATF Recommendations, the same principles that apply to insurers should generally apply to insurance intermediaries.

As the sophistication of financial institutions has grown, new and creative ways to hide the source of illegally obtained profits have been devised. Among them, investment products sold by securities and investment firms will be particularly interesting for money launderers who wish to hide the origin of illegally gained proceeds or use them to make long-term investments. Different types of securities and investment companies will have different vulnerabilities to money laundering. For example, Internet-based brokerage accounts will be particularly vulnerable to use by money launderers, since they provide little opportunity for face-to-face contact with customers or for verifying the identity of those logging in.

In many countries, financial groups engage in banking, securities, and insurance businesses, and it has become particularly important for countries to have consistent AML/CFT requirements across sectors and to apply these requirements consistently.

Nonfinancial businesses and professions

The 2003 FATF recommendations widen the reporting obligation beyond financial institutions to casinos; real estate agents; dealers in precious metals and precious stones; and lawyers, notaries, other independent professionals, and accountants. The inclusion of a wider range of businesses and professions in the scope of the reporting obligation may lead to FIUs receiving reports very different from those supplied by financial institutions. The analysis of such reports may require skills that are not commonly available in many FIUs. Moreover, in many countries, these sectors are not supervised as closely as traditional financial sector institutions (and banks in particular). As a result, greater efforts may be needed to achieve the required level of compliance with the reporting requirements, both in terms of quantity and quality of data supplied.

Casinos⁵²

Casinos offer an attractive venue for laundering illegal proceeds, because gambling involves large volumes of cash and many casinos offer their clients a wide variety of financial services. Casinos are also attractive to organized criminal groups who, if they are successful in gaining control of casinos, can use them to disguise their criminal activities. Strict rules on ownership of casinos and close supervision of their activities help mitigate these risks.

Some methods that are often used to launder money may also be banned (and are banned in some jurisdictions), including the following:

• buying chips or tokens with cash, or conducting minimal or no betting and then requesting repayment of the balance by a check drawn on the casino’s account or by a transfer to a bank account;

• using a chain of casinos in different countries and asking for an amount of credit to be made available in a jurisdiction other than the one in which the funds were originally placed, in the form of a check or through a bank transfer; and

• asking that a winner’s check be made out to a third person or without a nominee.

The FATF’s Consultation Paper mentions the importance of certain forms of noncasino gambling, including horse-race betting, card clubs, and lotteries, but in the end, the 2003 Recommendations did not include these forms of gambling. Internet casinos are included, but other forms of internet gambling are not.

Real estate agents and dealers in precious metals and precious stones

Real estate and high-value items, such as gold pieces and precious metals and stones, offer attractive opportunities for money launderers. The purchase of real estate is a known form of investing illicit proceeds and holding them. Precious metals and stones can be used in the same manner and also as a means of transporting illicit proceeds from one jurisdiction to another.

The 2003 FATF Recommendations list real estate agents, dealers in precious metals, and dealers in precious stones among the nonfinancial professionals subject to the reporting requirement. Dealers in precious metals and stones are only required to report suspicious transactions above the designated threshold of US$/EUR 15,000. The second EU directive on preventing the financial system from being used for money laundering includes a broader list of professions in this category, which it describes as “dealers in high-value goods, such as precious stones or metals, or works of art, auctioneers, wherever the payment is made in cash, and in an amount of EUR 15,000 or more.”⁵³ This wider definition can include dealers in automobiles (including used cars), boats, and antiques—traders that so far had been left largely unregulated. Since these traders are not regulated or supervised, their inclusion in the scope of the reporting requirements raises the question of which agency will be responsible for their compliance with the AML/CFT requirements. (See Chapter 4 for a discussion of this point.) Regardless of the choice of supervising agency, ensuring adequate reporting on such trades may well require a determined outreach effort.

Lawyers, notaries, other independent professionals, and accountants

Together with trust and company service providers, lawyers, notaries, and accountants are seen as gatekeepers, because, owing to the nature of some of their activities, they may be in a position to detect the intended use of legal arrangements, such as trusts and corporate vehicles, to launder funds. Indeed, criminals may seek the services of legal professionals precisely to receive assistance in making illegal transactions more difficult to detect or to use the lawyer’s client account as a means of introducing illegal funds into the banking system.⁵⁴

The limited degree to which these professionals may be required to report illegal activity however, stems from the deeply ingrained view that legal professionals are bound by rules of confidentiality and of loyalty to clients that are not easily reconciled with an obligation to report suspicious transactions. The scope of the reporting obligation and the rule against “tipping off have both been cited as alien to the basic duties of lawyers. To date, the international effort to include legal professionals in the scope of the reporting obligation has had mixed results.

Before the 2003 FATF Recommendations were issued, the amended EU directive had already required EU member countries to extend the reach of the reporting obligation to certain activities of legal professionals—they had to submit reports when they participated in certain defined transactions by assisting their clients concerning them, or when they acted on behalf of their clients in financial or real estate transactions. In extending the reporting obligation to lawyers and notaries, the FATF also limited the scope of activities that could trigger the reporting obligation. Lawyers, notaries, other independent legal professionals, and accountants are required to provide suspicious-transaction reports only when, on behalf of a client or for a client, they engage in a financial transaction related to the following activities: “buying and selling of real estate, managing of client money or other assets, management of bank, savings or securities accounts, organization of contributions for the creation, operation or management of companies, and creation, operation or management of legal persons or arrangements, and buying and selling of business entities.”⁵⁵ As is stated in the Consultation Paper, “In essence…, independent legal professionals are brought into the fight against money laundering when they are involved in particularly vulnerable lines of business.”⁵⁶

A large number of bar associations and of international groups of lawyers have expressed their opposition to the extension of the reporting requirements to their profession; and in some countries, attempts to implement the initiative have proved difficult. In two countries, Monaco⁵⁷ and Canada,⁵⁸ attempts to extend the reporting obligation to attorneys were successfully challenged in the courts. Nevertheless, the reporting obligation for the legal profession exists in a number of countries, although the obligation is tailored to meet the special situation of lawyers. In the United Kingdom, the reporting obligation is subject to an exception for privileged information.⁵⁹ In Slovenia, the obligation is limited to certain acts performed by legal and other professionals on behalf of their clients.⁶⁰ In Belgium, the obligation is also limited to certain acts performed by lawyers on behalf of their clients (as set out in the revised EU directive), and the circ*mstances in which reports must be submitted are more limited than they are for the financial professions. Moreover, lawyers furnish their reports to the head of the bar association, who transmits it to the FIU if he finds that the legal conditions requiring the report are met.⁶¹ In Australia, the reporting obligation of solicitors is limited to cash transactions above a prescribed minimum amount (AU$10,000) to which they are a party in the course of their practice.⁶²

It should be noted that although the number of suspicious-transaction reports produced by legal professionals may not be large when compared with the number provided by financial institutions, they may be of an entirely different nature and could require considerable expertise to analyze. Financial transactions involving complex legal arrangements, multiple trusts, and corporate vehicles are only some of the structures that would require scrutiny. Thus, extension of the reporting obligation to these professions may well have staffing and cost implications for the FIU.

Trust and company service providers

Trust and company service providers are also brought under the new FATF reporting standard. They include persons not otherwise covered in the FATF Recommendations who provide to third parties services such as acting as a formation agent of legal persons, a director or secretary of a company, a partner of a partnership, or in a similar position in relation to other legal persons; providing a registered office, business address, or accommodation for a company or partnership; acting as a trustee to an express trust; and acting as a nominee shareholder for another person.⁶³

Others

Some countries extended the reporting obligation beyond the international standards. For example, in South Africa, although only designated institutions must report transactions above a specified amount, any person who operates, is in charge of, manages, or is employed by a business must report certain defined suspicious transactions.⁶⁴ In Colombia, the reporting obligation and other related obligations are extended to entities involved in foreign trade.⁶⁵

What is a suspicion?

A suspicion is a conclusion to which a reporting institution arrives after consideration of all relevant factors. The definition of the suspicion needs to be expressed in the clearest terms possible. The requirement of clarity in the definition of a suspicious transaction is particularly important in countries where criminal sanctions are attached to failures to comply with the reporting requirement. It is also important in other jurisdictions, since complex and expensive systems have to be put in place to implement the reporting obligation.

In many countries, the law requires that “suspicious” transactions be reported but does not define “suspicious.” The terms “suspicious” and “suspicion” have a fairly wide range of meanings and may include situations where a very low “evidentiary threshold” is involved. For example, in the context of the laws of the United Kingdom and of Scotland, it has been noted that the ordinary meaning of the word would include the idea of “imagining something without evidence or on slender evidence.”⁷² Similarly, in the United States, the term “suspicion” has been defined as “the imagination or apprehension of the existence of something wrong based only on slight or no evidence, without definitive proof.”⁷³ In French, the equivalent term “soupçon” also has a number of meanings, some of which also imply very little evidence such as, for example “a simple conjecture, opinion, advice or hypothesis or intuition…”⁷⁴ Although these definitions do not have the force of law, they clearly show that the term “suspicious” and “suspicion” can have a variety of meanings.

The use of such a broad standard gives considerable discretion to the reporting entity in its decisions to report or not to report transactions. This discretion is consistent with the view that decisions on what transactions are suspicious should be made by staff of the financial institutions on the basis of their skills, experience, and knowledge of the customer, rather than on the basis of a rigid set of rules. Such a standard places a significant burden on the reporting entities, however, and also tends to increase the number of suspicious-transaction reports received by the FIU. This places an additional burden on the FIU, which needs more staff and other resources (including access to information) to analyze the reports. Some countries, in view in particular of the penalties attached to failures to report, have acted to limit the discretion of reporting entities. Some have done so by adding specificity to the required “suspicion,” while others have avoided the use of the “suspicious” criteria altogether.

Certain countries have tried to make the meaning of the word “suspicion” clearer by requiring, in the law itself, that the suspicion be grounded in some factual observation. For example, the Swiss money-laundering law refers to a “soupçon fondé” (“a founded suspicion” in the unofficial translation issued by the Swiss authorities)⁷⁵—that is, a suspicion grounded in some factual basis, however slim. The Australian law also uses a more objective criterion and requires cash dealers to report transactions when they have “reasonable grounds to suspect that information” they have may be relevant to the investigation or prosecution of an offense.⁷⁶ These laws may have made the standard more objective, but it has been observed that they may also have made the “evidentiary threshold” higher.⁷⁷

Another way of limiting, to some extent, the range of possible interpretations of the term “suspicion” consists in establishing a mechanism under which a body is charged with providing more specificity to the term. This has been done in Luxembourg, where the Commission de Surveillance du Secteur Financier (CSSF) has issued a circular that contains a set of indicators that is intended to specify the reporting obligation.⁷⁸ The indicators are similar to the 39 indicators of money laundering issued earlier by the Swiss Federal Banking Commission under a provision of the Anti-Money Laundering Law dealing with the detection of high-risk transactions.⁷⁹ In Lithuania, decisions of the government set out criteria clarifying what “suspect” transactions are.⁸⁰ In other countries, for example Canada,⁸¹ the FIU has issued guidelines, which are not part of the law or regulations, and are not binding, to assist reporting entities in detecting suspicious transactions.

Other jurisdictions have avoided using the term “suspicion” and its variants in the law, and have attempted to base the reporting obligation on a more objective criterion. It may be noted in this respect that the EU directive on the prevention of money laundering requires countries to obligate concerned entities and persons to inform the competent authorities “of any fact which might be an indication of money laundering.”⁸² The Spanish law requires the reporting of “any fact or transaction with regard to which there is an indication or there is certainty that it is related to laundering….”⁸³

Another approach that avoids the use of the term “suspicion” as the basis for the reporting obligation is found in the Netherlands, where the reporting obligation is based on the “unusual” nature of transactions. The Dutch law requires persons subject to the reporting obligation to report “unusual” transactions.⁸⁴ Under this approach, there is no requirement to link a transaction with a suspected criminal offense; it suffices that the transaction be “unusual.” The ministers of justice and finance have joint responsibility for issuing “indicators,” if necessary, for each category of transaction, for a period not exceeding six months, after consultation with the FIU. Once approved by the government, the indicators become permanent.⁸⁵ The current list of indicators contains generally applicable indicators, as well as indicators related to certain types of transactions, such as life insurance contracts, credit card transactions, and casino transactions.⁸⁶

In an “intermediate” approach, both the “unusual” and “suspicious” criteria are used in different steps in the identification of transactions to report. In Colombia, for example, any transaction that is inconsistent with the customer’s profile or that falls within a category of objective alerts predetermined by the reporting institution is to be considered “unusual.” The transaction is checked further by the reporting institution in order to determine whether it has an economic and legal explanation. If it does not, it is considered “suspicious” and is reported to the FIU.⁸⁷

The 2003 FATF Recommendations leave it to each country to decide on the exact nature of the suspicion necessary to trigger the reporting obligation. Recommendation 13 refers to a financial institution that “suspects or has reasonable grounds to suspect” that funds are related to criminal activity.⁸⁸ While the manner in which the obligation is defined varies from country to country, the fact remains that financial institutions, and other reporting entities subject to the know-your-customer standard are in the best position to detect suspicious or unusual transactions.

What is criminal activity for purposes of the reporting obligation?

The basic intent of the reporting obligation, as stated in the 1996 FATF Recommendations, is to provide the FIU with information on transactions involving funds that could stem from criminal activity.⁸⁹ The expression “criminal activity” is repeated in the 2003 Recommendations. In practice, however, the range of criminal offenses that constitute “criminal activity”—and thus give rise to an obligation to report a transaction to which they are related—varies from country to country. Although many countries define the obligation by reference to money laundering, others take a different approach. For example, in Belgium, where the predicate offenses are defined very broadly by reference to all crimes,⁹⁰ the reporting obligation is limited to cases where the funds are suspected of originating in one of a limited number of crimes.⁹¹

The 2003 Recommendations have attempted to provide further guidance in this respect. The new Recommendation 13 and its Interpretative Note define the standard for the reporting obligation by reference to the standard for the definition of predicate offenses in the criminalization of money laundering, which is set out in Recommendation 1. The standard for criminalization, in turn, refers to the 1988 Vienna Convention and the Palermo Convention. The Vienna Convention referred only to drug-related offenses as predicate offenses, but the more recent Palermo Convention sets out the general principle that predicate offenses should include “the widest range of predicate offenses” and “all serious crimes,” which the convention defines as conduct constituting an offense punishable by imprisonment for a period of at least four years.⁹²

Building on the Palermo Convention, FATF Recommendation 1 (2003) states that “countries should apply the crime of money laundering to all serious offenses, with a view to including the widest range of predicate offenses.” It also specifies that, at a minimum, the law should include a range of offenses within each of the designated categories of offenses set out in the glossary. The reporting obligation is then defined in Recommendation 13 by reference to a suspicion that funds are “proceeds of criminal activity,” which is defined in the Interpretative Notes as “a) all criminal acts that would constitute a predicate offense for money laundering in the jurisdiction; or b) at a minimum to those offenses that would constitute a predicate offense as required by Recommendation 1.” The Interpretative Note adds that countries “are strongly encouraged to adopt alternative a. A similar obligation is contained in the International Convention for the Suppression of the Financing of Terrorism, which sets as a standard the reporting of “transactions suspected of stemming from a criminal activity.”⁹³

Confidentiality of customer information

The officers and staffs of financial institutions are generally subject to a duty not to disclose client-related information that they acquire as a result of their business. Such a duty is usually viewed as an implied condition of the contract between the financial institution and its customer. In some countries, in addition to this duty of discretion, laws establish an obligation of secrecy, the breach of which may lead to the imposition of criminal penalties.¹⁰⁵

Other laws may reinforce the protection of customer information. This is the case for laws adopted in many countries with the objective of protecting the confidentiality of personal information contained in electronic databases. These laws often restrict the use financial institutions may make of their client information and the circ*mstances in which they may provide such information to third parties.¹⁰⁶ These various restrictions on the power of financial institutions to disclose customer information must be overcome in order to allow the anti-money-laundering reporting system to function. This is usually done through specific provisions in the laws establishing the reporting obligation. The duty to provide information should cover not only the provision of suspicious-transaction reports and other reports but also the institution’s duty to respond to further requests for information from the FIU, including requests for relevant documents.

The 2003 FATF Recommendations contain a general provision to the effect that “[c]ountries should ensure that financial institutions’ secrecy laws do not inhibit the implementation of the FATF Recommendations.”¹⁰⁷ The extension of the reporting obligation to certain nonfinancial professions as part of the implementation of the G-8’s Gatekeeper initiative has raised difficult issues with regard to the duty of confidentiality that is attached to the exercise of these professions. This is particularly the case for the legal professions, where, traditionally, the requirement of confidentiality has been very strong.

Rules against “tipping off”

To avoid suspect funds being transferred out of the reporting institution and to avoid prejudicing investigations by making suspects aware of them, it is important that reporting institutions not inform account holders and customers of the suspicious-transaction reports they provide to the FIU.¹⁰⁸ Such a provision is found in many AML laws and is set out in FATF Recommendation 14.

Immunity of reporting entity and its staff for reports made in good faith

A corollary of the obligation to report suspicious transactions is that a person who makes such a report in good faith should be immune from liability for the legal consequences of having made the disclosure. The FATF Recommendations have made this a standard since 1990.

There are two aspects to this immunity. First, the law requiring the suspicious-transaction reports should make it clear that those making the reports are exempt from legal requirements of professional secrecy and confidentiality. Second, persons making the required reports in good faith should also be protected against potential liability to the persons named in the reports, who, if they were to learn of the disclosure, might attempt to recover damages from the persons who made the reports.

Laws on the immunity of reporting entities vary in their scope. The Belgian law is particularly comprehensive in this regard. It states that “No civil, criminal, or disciplinary proceedings may be initiated and no professional sanction imposed upon the institutions or individuals referred to in [the AML law], their employees and representatives who in good faith have provided information pursuant to [the relevant provisions of the AML].”¹⁰⁹ In Liechtenstein, the law addresses the two aspects of the recommendation specifically, as follows: “Anyone who reports to the FIU […] in accordance with [the law] - and if it is found that such reporting was unjustified - is exempt from any liability, provided that he/she has acted neither intentionally nor with gross negligence. This action of reporting is not illegal within the meaning of the criminal law, provided that the person had no intention of communicating false information.”¹¹⁰ In South Africa, the law also covers the two aspects: “No action, whether criminal or civil, lies against [a reporting person or institution] complying in good faith with a provision of this Act [….]”¹¹¹ In the Netherlands, the immunity against liability for damages to third parties is qualified by the terms “unless, considering all circ*mstances, it is plausible that no disclosure should have been made.”¹¹²

Outreach actions

Before sanctions are levied on delinquent entities, a number of other actions may be taken to enhance the quality and flow of reports. One possible approach is to assess the reporting practices of sectors so as to be able to direct training and other outreach activities to the sectors most in need of them. For this purpose, the FIU may analyze basic data on each reporting entity in a sector, the volume of transactions, the market share, the nature of the business, and other factors to arrive at a general estimate of the number of reports each entity could be expected to generate. Then the reporting practice of each sector is monitored; and if the numbers of reports “expected” and received do not match, different actions may be envisaged.

Training programs may be directed at the institutions in the sectors which show the greatest need for improvement. Training may also be directed at sectors that are being added to the list of reporting institutions. The immediate objective of the participation of the FIU staff in training of the targeted sectors would be to foster improved reporting, but it could also be seen as the start of the bilateral relationship between the FIU and the entities in the sector. The quality of reports received from each sector may also be analyzed.¹¹⁶ Findings may be reported back to the reporting entities in each sector on either an aggregated basis in sector-wide meetings or individually.

Another tool, used by some FIUs, is to request from reporting entities (based upon a legal requirement) that they report periodically to the FIU on their work on AML/CFT, including statistical data on reports sent to the FIU. The FIU can then check whether the data reported and the reports actually received match. If they do not, the FIU or the supervisory body should go back to the reporting entity and request an explanation for any discrepancy. This system promotes the use of efficient systems by reporting entities to monitor their reporting activities.

Administrative sanctions

After an outreach program has been in place for a certain length of time, the FIU¹¹⁷ needs to consider the case of entities that fall below the level of reporting of the sector as a whole. In this regard, the difference between failures to report “cash” or other transactions above a set amount and failures to report suspicious transactions should be noted. For the former (or any other reporting obligation based on an objective criterion), there is a factual test to determine whether a transaction should have been reported; for suspicious transactions, a subjective judgment, based on all facts of the case, is involved. Hence the usefulness of internal guidelines on the detection of suspicious transactions.

Where there is a low level of suspicious-transaction reports, the examination of a sampling of transactions may reveal to what extent transactions that should have been reported were not. Assuming a high level of unreported transactions is found, the FIU may try to determine whether the reporting entities have followed the applicable guidelines on the detection of suspicious transactions. In this context, individual decisions not to report certain transactions are less important than the pattern they reveal. The decisions not to report should be reviewed along with the analysis that was conducted to determine whether these decisions form part of a pattern of not reporting.

An array of administrative sanctions may be set out in the legislation to deal with non-compliant entities, and the application of the sanction varies according to the gravity of the offense. A typical set of graduated administrative sanctions would include warnings, reprimands, fines of different amounts, and ultimately cancellation of the noncompliant entity’s authorization to operate. Publication of these sanctions (where this is allowed or required) may contribute to making the reporting community aware that the reporting obligations are enforced.

The procedure to apply administrative sanctions varies from country to country. The FIU or other supervisory authority usually has the power to issue the first level of sanction, such as warnings. In some countries, the FIU is also empowered to levy other administrative sanctions. For example, in the Czech Republic, the FIU is in the ministry of finance, and the minister of finance has the authority to levy certain fines for noncompliance under the AML Act, but if the failures are such as to warrant repeal of a license, the minister must refer the matter to the authority empowered to decide on the repeal of a license.¹¹⁸ In other countries, the FIU can only initiate the sanction process by referring cases to a supervisory authority or an administrative court. This is the case in Belgium, where the FIU lacks sanctioning power and must refer cases to the competent supervisory, regulatory, or disciplinary authorities for sanction. (The minister of finance is the designated authority with respect to entities not falling under the supervision or control of an agency.)¹¹⁹

Criminal sanctions

In some countries, breaches of their reporting obligations under the AML law on the part of individuals and corporations constitute violations of the criminal law. Although in both administrative and criminal proceedings, fines can be the penalty imposed upon conviction, there is a very significant difference between administrative and criminal proceedings. First, in the case of criminal sanctions, if the criminal law so provides, failure to report may lead to imprisonment in addition to fines or as an alternative to fines. In any case, criminal convictions leave a permanent mark on the record of an individual, and, under the “fit-and-proper” test in force in many countries, may result in the person being barred from managing a financial institution or becoming a member of the board of directors of such an entity. In addition, criminal proceedings often bring with them considerable negative publicity for the firm and the individual, which may have negative commercial consequences. It may also be noted that criminal convictions may be more difficult to obtain under the same set of facts, since the criteria for conviction (i.e., proof beyond a reasonable doubt) is higher than the one usually applied in administrative proceedings (i.e., preponderance of evidence).

For all these reasons, making breaches of reporting obligations and of similar obligations subject to criminal sanctions should be considered with care. Some countries have criminalized many types of conduct in breach of the reporting entities’ AML/CFT obligations. This is the case, for example, in South Africa.¹²⁰ In other countries, attempts have been made to limit the conduct subject to criminal sanctions to cases where circ*mstances are such that the breach can be seen as the result of gross negligence. For example, in Monaco, a person who “in clear disregard of his professional duty of care as set out in the [AML law] and its implementing regulations” contravenes the provisions on reporting suspicious transactions (including transactions not carried out on grounds of AML/CFT suspicions) is liable to criminal prosecution leading to the imposition of fines.¹²¹

The FIU’s own data

The analyst will check the data in the report against information in the FIU’s internal sources, such as data from earlier suspicious-transaction reports, cash-transaction reports, and cross-border-transfer reports (if applicable). For this purpose, the newly received data are broken down into components that are checked against the sources previously mentioned. When a component is matched with existing data, this information is added to the compiled data on the case. After additional data are collected, one may start using the term “case,” which may relate to many individual transactions.

Publicly available sources

The information will be checked against data in publicly available sources, such as company registers and company status or business reports and credit reports issued by private companies, audit companies, and accounting bodies. Even telephone registries are sometimes good sources of information.

Government-held databases

Checks will also be performed on data held in governmental databases. Such data would usually include tax records, company-formation records, police records, immigration and customs records, vehicle registries, and supervisory findings. It is vital that these data be available as quickly as possible, and on a real-time basis as much as possible. Ideally, an FIU would be able to access these databases directly through electronic means, based on a law, a regulation, or an agreement between the agencies concerned. Some of the data might, in fact, be part of an FIU’s internal database.

Additional information from original reporting entities and other entities

If necessary, the analyst may go back to the primary information source—that is, the financial and nonfinancial institutions that provided the initial reports, if this is permitted, to request additional information from them (if necessary). It is also very useful if the FIU is authorized to seek information from other institutions subject to the AML/CFT reporting obligations that may have been involved in related transactions or business of the suspicious customer, even if they have not provided reports on them.

Other FIUs

After completing the initial checking of the new data against these national sources, and establishing grounds of suspicion for money laundering or related offenses, the FIU may, when international elements are involved, request additional information from foreign FIUs or other counterparts.

Box 9.

Sharing Information With Other Domestic Agencies

FIUs provide information to domestic agencies, and receive information from them, as follows:

• Banks, money remitters, and other financial institutions provide suspicious-transaction reports; they may provide other reports, and receive feedback from, the FIU.

• Financial regulators may report to the FIU financial information, including suspicious transactions found in the course of their supervision of financial institutions, and may receive financial intelligence and information on breaches of anti-money-laundering laws on the part of entities subject to their jurisdiction from the FIU.

• Police and prosecutors provide law-enforcement information to the FIU and receive financial intelligence (in police FIUs, the FIU function and the law-enforcement function are integrated in a single agency) from the FIU.

• Other government agencies (e.g., company registrars and motor-vehicle-registration offices) provide raw data to the FIU.

• Tax authorities, anti-corruption agencies, customs and excise agencies, and intelligence agencies may, if legislation allows, receive financial intelligence from the FIU and provide information to the FIU.

Box 10.

Requesting information from an FIU

Requesting financial information from an FIU involves the following steps:

• Step 1. A domestic agency (i.e., a financial supervisor or law-enforcement agency) or a foreign FIU makes a request for financial information to support a case involving money laundering, terrorist financing, or related crimes.

• Step 2. The requested FIU determines whether the request satisfies legal, policy, and operational requirements. If so, the FIU searches its databases and files for information responsive to the request.

• Step 3. If necessary and appropriate, the FIU seeks information from other government agencies and financial institutions to respond to the request.

• Step 4. The FIU analyzes the information and prepares a report to share with the requesting agency or FIU and determines the conditions under which the requesting agency or FIU may use and disseminate the information contained in the report.

Legal basis for exchanges of information between FIUs

An FIU’s ability to share information with its counterparts and other agencies in foreign governments is determined by law or statute. Many countries authorize their FIU to exchange information with other FIUs to combat money laundering and related crimes. Following the terrorist attacks of September 11, 2001, more and more countries have authorized their FIUs to share information related to not only money laundering but also terrorist financing. For member countries of the European Union, the Decision of October 17, 2000 sets out detailed rules concerning the exchange of information between members’ FIUs.¹⁴²

Most countries provide their FIU with authority to exchange information with other FIUs of any type. Given the importance of information sharing among FIUs, and the work of the Egmont Group in this respect, the trend is toward enhancing FIUs’ ability to cooperate with their counterparts that abide by international FIU information-exchange principles. Indeed, a large number of FIUs members of the Egmont Group have undertaken to exchange information with other FIUs in accordance with the Egmont Group’s model memorandum of understanding—that is, free exchange of information for purposes of analysis at the FIU level and no dissemination or further use of the information for any purpose without the previous consent of the supplying FIU and protection of the confidentiality of the information.

Some FIUs are authorized by law to exchange information with other FIUs without the need for an agreement between them. In other countries, as a matter of law or policy, the FIU exchanges information with other FIUs with which it has entered into a Memorandum of Understanding (MOU). MOUs set out the terms and conditions under which they share financial intelligence and other financial information with other FIUs. A typical MOU identifies the parties, the type of information eligible for information sharing, the limits on the use of any shared information, and restrictions on redissemination of shared information. The Egmont Group developed a model MOU for FIU-to-FIU information sharing.¹⁴³

MOUs are designed to support information exchange. While an MOU is unenforceable in a court of law, it carries with it a moral obligation to live up to the terms of the arrangement. If a party disagrees on the interpretation or application of the MOU by the other party, the parties typically will attempt to resolve the problem among themselves. If, after discussion, they are unsuccessful, they may choose to mediate the issue with the help of a third party,¹⁴⁴ amend the terms of the MOU, or terminate the MOU. Since an FIU’s reputation is paramount to its ability to participate effectively in the FIU network, an FIU that is known to breach the terms of information sharing will have difficulty finding FIUs willing to share their sensitive financial information with it.

Historically, a few countries have required that there be a formal agreement with another country before the respective FIUs could share financial intelligence. Countries that require a formal agreement to be authorized by the ministry of foreign affairs or other senior government official before their FIU can exchange information with other FIUs place their FIU at a distinct disadvantage in terms of its effectiveness as a partner in the international fight against money laundering and terrorist financing, because most FIUs do not require formal agreements to share information. Countries with such a requirement may not be in a position to offer other countries “the widest possible range of international cooperation to their foreign counterparts,” as called for by FATF Recommendation 40.

Exchange of information

Most requests for financial intelligence via the FIU network are made in writing. The requesting FIU sends a request to another FIU, either by letter or by filling out a request form. Requests are transmitted either on paper or electronically. Some FIUs send requests to each other via secure networks shared by them, such as the Egmont Secure Web or, for European Union FIUs, FIU-NET (see Box 11). In urgent cases, FIUs will request information orally. If the receiving FIU accepts such a request, it will normally ask the requesting FIU to follow up with a request in writing.

FIUs have developed request forms to meet a specific need to standardize international requests. Sometimes a requesting FIU fails to supply sufficient information about the underlying case, the type of information sought, the intended use of the information, or the potential users of the information. When this happens, the receiving FIU needs to ask the requesting FIU to supply the missing information. This can result in delays in processing the request. To avoid these delays, the Egmont Group developed a Request for Research form for FIU-to-FIU requests for information on money-laundering cases. Egmont encourages its members to use the form to standardize FIU-to-FIU exchange of information requests.

Special arrangements for terrorist financing cases

In recent years, terrorist attacks have had an important impact on the ways in which FIUs exchange information. In the immediate aftermath of the September 11, 2001 terrorist attacks, the Egmont Group FIUs acknowledged that it was important to agree upon a framework for rapidly and effectively exchanging information related to terrorist financing. Although the Egmont Group FIUs were keen to support the investigation of the terrorists of September 11, 2001, some FIUs had experienced multiple requests with insufficient details supplied from different agencies within the same government. To minimize the burden on all FIUs, the Egmont Group agreed that any domestic requestor seeking information from the FIU network should seek the assistance of their domestic FIU rather than deal directly with a foreign FIU. In that way, the FIUs would serve as a gateway for requests going to other FIUs, and, given their knowledge of the requirements for information exchange, could accelerate the process.

Egmont Group principles of information exchange in money-laundering cases

The Egmont Group has made the improvement of information exchange between FIUs its priority. In June 2001, it adopted the set of Principles for Information Exchange Between Financial Intelligence Units for Money Laundering Cases, and, to underline the importance it attached to them, it appended these principles to its Statement of Purpose as an annex.¹⁴⁵

The Principles of Information Exchange serve as the international standard for information exchange between FIUs. In addition, to address the practical issues that impede the efficiency of mutual assistance among FIUs, the Egmont Group issued a paper on Best Practices for the Implementation of Exchange of Information between Financial Intelligence Units.¹⁴⁶

The principles encourage international cooperation between FIUs in money-laundering cases on the basis of trust and flexibility. They stress that FIUs should be able to provide information to one another at an FIU’s request or spontaneously. Information exchanged by FIUs may be used only for the specific purpose for which the information was requested or provided, and may not be transferred to another authority (including for use as evidence in a court case) without the prior consent of the disclosing FIU. In addition, the confidentiality of the information provided should be protected by strict controls and safeguards, and should be considered, at a minimum, as being protected by the same confidentiality provisions as apply to similar information obtained by the receiving FIU from domestic sources.