3 Core Functions of an FIU
- International Monetary Fund
- Published Date:
- June 2004
Although they vary in many ways, FIUs share a common definition, which refers to their basic function: serving as a national center for the collection, analysis, and dissemination of information regarding money laundering and the financing of terrorism. These three functions are the core functions shared by all FIUs recognized by the Egmont Group. The definition of FIUs based on their core functions was first formalized by the Egmont Group in 1996.39 Similar definitions, also based on the three core functions, have now been incorporated in the revised FATF Recommendations of June 200340 and in two global conventions.41
Given their different status and history, it is not surprising that in some countries the FIU is entrusted with additional functions. For example, some FIUs monitor the compliance of certain entities with AML/CFT rules and standards. Other FIUs have the power to block reported suspicious transactions for a limited time. The FATF recommendations set a standard that countries should establish an FIU with the three core functions and contains other provisions that relate to the exercise of these functions. In contrast, no international norm or standard deals with the noncore functions of FIUs. In this chapter, the core functions will be discussed in some detail, while some of the most significant noncore functions exercised by FIUs will be described in Chapter 4.
Receiving Transaction Reports
In designing an FIU or enhancing the effectiveness of an existing one, it is useful to consider its core functions as generating a continuous flow of information. Reporting entities and other FIUs provide information to the FIU, which, in turn, analyzes this information and passes the results of its analysis along to investigators and prosecutors, as well as other FIUs. In planning the FIU, it is important to ensure that there is an initial balance between the quantity of information to be provided to the FIU, on the one hand, and its capacity to store and analyze it, on the other hand. Similarly, there needs to be a balance between the number of cases to be sent to the police for further investigation or to prosecutors for prosecution, and the capacity of these bodies to deal effectively with those cases. This flow of information is essentially dynamic. As the number of reports increases, the FIU will need to adapt to ensure that it continues to be capable of handling the reports it receives.42
The basic definition of the reporting obligation has two main aspects: which persons and entities are to be obligated to report and what is to be reported. Other aspects needing considerations include the form and contents of reports, rules relating to the reporting organizations, and means of enhancing the flow and quality of reports (including sanctions).
Who Must Report?
Prudentially regulated financial institutions, and banks in particular, have traditionally been at the center of the system of reporting suspicious (and other) transactions. The sheer volume of transactions undertaken through them, compared with other institutions through which money can be transmitted, makes them the prime target for financial misuse. Reports of FIUs on the sources of the reports they receive confirm this point. In countries that have extended the reporting obligation beyond financial institutions, the largest proportion of reports continues to come from financial institutions and, in particular, from banks.
Reports of nonfinancial institutions are increasingly important, however. As financial institutions put in place more sophisticated systems to detect and report suspicious transactions, criminals may be tempted to use other institutions and professionals for laundering purposes. It is therefore important that those institutions and professionals also detect and report suspicious transactions.43
The successive FATF recommendations mark the progressive widening of the range of institutions subject to the reporting obligation, starting with regulated financial institutions and then expanding beyond them. The 1990 Recommendations gave countries the option of having a permissive or mandatory system of reporting suspicious transactions that was directed at financial institutions. In addition, countries were asked to consider a wider system of reporting that would cover financial institutions and other financial intermediaries. The 1996 revisions extended the reach of the recommendations to all financial institutions and other nonregulated financial intermediaries, with particular attention paid to bureaux de change.44
The year 1999 marked the beginning of the international movement to extend the reporting obligation beyond financial institutions and intermediaries. In that year, in Moscow, a ministerial conference of the Group of Eight (G-8) countries on combating transnational organized crime stated that the ministers had “agreed to consider putting certain responsibilities, as appropriate, on those professionals, such as lawyers, accountants, company formation agents, auditors, and other financial intermediaries who can either block or facilitate the entry of organized crime money into the financial system.”45 The 2003 revisions to the Forty Recommendations of the FATF implement the G8’s “Gatekeeper” initiative by extending basic AML/CFT prevention requirements, including the reporting requirements, with some qualifications, to a list of “designated non-financial businesses and professions” that includes casinos; real estate agents; dealers in precious metals and precious stones; lawyers, notaries, and other independent professionals and accountants in certain defined circumstances; and trust and company service providers.46
Banks were the first institutions to be specifically subjected to the reporting obligations under the original 1990 Recommendations. Nonbank financial institutions were also included in principle, but no list of such institutions was provided in the recommendations. A working group of the FATF was established to set out a minimal list of nonbank financial institutions and other professions dealing with cash that could be made subject to the recommendations. In the 1996 Recommendations, “financial institutions” were subjected to the reporting and other recommendations. These included those that were subject to prudential supervisory regime, such as banks, insurers, and stock dealers, and those that were not, particularly bureaux de change. These are now included in the scope of “financial institutions” in the 2003 Recommendations.47
The 2003 Recommendations clarified the scope of the reporting obligation (and other obligations) by, among other things, providing a detailed list of what constitutes “financial institutions.”48 The list includes not only the institutions normally subject to prudential supervision, such as those accepting deposits, making loans, underwriting insurance, or managing portfolios, but also formal and informal money- and value-transfer services.
Bank and insurance and securities companies
At the start of the fight against money laundering, the focus of attention was on credit and financial institutions, such as banks and insurance and securities companies. It was recognized that when these institutions were used to launder proceeds from criminal activities, their soundness and stability could be seriously jeopardized and the public’s confidence in the banking system as a whole could be lost.49 At the same time, it was clear that keeping the financial system from being used for money laundering was a task that could not be carried out without the cooperation of credit and financial institutions and their supervisory authorities.
The Declaration of Principles adopted in December 1988 by the Basel Committee on Banking Supervision constituted a major step toward involving banks in the prevention of the use of the financial system for money-laundering purposes. Since public confidence in banks, and hence their stability, could be undermined by adverse publicity owing to their inadvertent association with criminals, the Declaration of Principles encouraged banks’ managements to put in place effective procedures to ensure that all persons conducting business with their institutions were properly identified, that transactions that did not appear legitimate were discouraged, and that cooperation with law-enforcement agencies was achieved.50
Although, because of its ability to move funds rapidly, the banking system was considered especially vulnerable to money laundering, insurance companies have also been identified as major targets of money laundering, because of the variety of services and investment vehicles offered that can be used to conceal the source of money.51
Life insurance and, in particular, life insurance products with an investment feature are favored by money launderers. Money can also be laundered, however, by the use of other types of insurance. For example, illegally obtained funds may be used to purchase assets that are deliberately destroyed in order to enable the holder to receive “clean” claim money from an insurer. Most countries have established, in accordance with international standards, reporting duties for life insurance companies. Countries can also consider imposing similar AML/CFT requirements on certain other types of insurance contracts. Insurance intermediaries also play an important part in finding customers for insurance companies and undertaking transactions on their behalf. For this reason, in accordance with the FATF Recommendations, the same principles that apply to insurers should generally apply to insurance intermediaries.
As the sophistication of financial institutions has grown, new and creative ways to hide the source of illegally obtained profits have been devised. Among them, investment products sold by securities and investment firms will be particularly interesting for money launderers who wish to hide the origin of illegally gained proceeds or use them to make long-term investments. Different types of securities and investment companies will have different vulnerabilities to money laundering. For example, Internet-based brokerage accounts will be particularly vulnerable to use by money launderers, since they provide little opportunity for face-to-face contact with customers or for verifying the identity of those logging in.
In many countries, financial groups engage in banking, securities, and insurance businesses, and it has become particularly important for countries to have consistent AML/CFT requirements across sectors and to apply these requirements consistently.
Nonfinancial businesses and professions
The 2003 FATF recommendations widen the reporting obligation beyond financial institutions to casinos; real estate agents; dealers in precious metals and precious stones; and lawyers, notaries, other independent professionals, and accountants. The inclusion of a wider range of businesses and professions in the scope of the reporting obligation may lead to FIUs receiving reports very different from those supplied by financial institutions. The analysis of such reports may require skills that are not commonly available in many FIUs. Moreover, in many countries, these sectors are not supervised as closely as traditional financial sector institutions (and banks in particular). As a result, greater efforts may be needed to achieve the required level of compliance with the reporting requirements, both in terms of quantity and quality of data supplied.
Casinos offer an attractive venue for laundering illegal proceeds, because gambling involves large volumes of cash and many casinos offer their clients a wide variety of financial services. Casinos are also attractive to organized criminal groups who, if they are successful in gaining control of casinos, can use them to disguise their criminal activities. Strict rules on ownership of casinos and close supervision of their activities help mitigate these risks.
Some methods that are often used to launder money may also be banned (and are banned in some jurisdictions), including the following:
- buying chips or tokens with cash, or conducting minimal or no betting and then requesting repayment of the balance by a check drawn on the casino’s account or by a transfer to a bank account;
- using a chain of casinos in different countries and asking for an amount of credit to be made available in a jurisdiction other than the one in which the funds were originally placed, in the form of a check or through a bank transfer; and
- asking that a winner’s check be made out to a third person or without a nominee.
The FATF’s Consultation Paper mentions the importance of certain forms of noncasino gambling, including horse-race betting, card clubs, and lotteries, but in the end, the 2003 Recommendations did not include these forms of gambling. Internet casinos are included, but other forms of internet gambling are not.
Real estate agents and dealers in precious metals and precious stones
Real estate and high-value items, such as gold pieces and precious metals and stones, offer attractive opportunities for money launderers. The purchase of real estate is a known form of investing illicit proceeds and holding them. Precious metals and stones can be used in the same manner and also as a means of transporting illicit proceeds from one jurisdiction to another.
The 2003 FATF Recommendations list real estate agents, dealers in precious metals, and dealers in precious stones among the nonfinancial professionals subject to the reporting requirement. Dealers in precious metals and stones are only required to report suspicious transactions above the designated threshold of US$/EUR 15,000. The second EU directive on preventing the financial system from being used for money laundering includes a broader list of professions in this category, which it describes as “dealers in high-value goods, such as precious stones or metals, or works of art, auctioneers, wherever the payment is made in cash, and in an amount of EUR 15,000 or more.”53 This wider definition can include dealers in automobiles (including used cars), boats, and antiques—traders that so far had been left largely unregulated. Since these traders are not regulated or supervised, their inclusion in the scope of the reporting requirements raises the question of which agency will be responsible for their compliance with the AML/CFT requirements. (See Chapter 4 for a discussion of this point.) Regardless of the choice of supervising agency, ensuring adequate reporting on such trades may well require a determined outreach effort.
Lawyers, notaries, other independent professionals, and accountants
Together with trust and company service providers, lawyers, notaries, and accountants are seen as gatekeepers, because, owing to the nature of some of their activities, they may be in a position to detect the intended use of legal arrangements, such as trusts and corporate vehicles, to launder funds. Indeed, criminals may seek the services of legal professionals precisely to receive assistance in making illegal transactions more difficult to detect or to use the lawyer’s client account as a means of introducing illegal funds into the banking system.54
The limited degree to which these professionals may be required to report illegal activity however, stems from the deeply ingrained view that legal professionals are bound by rules of confidentiality and of loyalty to clients that are not easily reconciled with an obligation to report suspicious transactions. The scope of the reporting obligation and the rule against “tipping off have both been cited as alien to the basic duties of lawyers. To date, the international effort to include legal professionals in the scope of the reporting obligation has had mixed results.
Before the 2003 FATF Recommendations were issued, the amended EU directive had already required EU member countries to extend the reach of the reporting obligation to certain activities of legal professionals—they had to submit reports when they participated in certain defined transactions by assisting their clients concerning them, or when they acted on behalf of their clients in financial or real estate transactions. In extending the reporting obligation to lawyers and notaries, the FATF also limited the scope of activities that could trigger the reporting obligation. Lawyers, notaries, other independent legal professionals, and accountants are required to provide suspicious-transaction reports only when, on behalf of a client or for a client, they engage in a financial transaction related to the following activities: “buying and selling of real estate, managing of client money or other assets, management of bank, savings or securities accounts, organization of contributions for the creation, operation or management of companies, and creation, operation or management of legal persons or arrangements, and buying and selling of business entities.”55 As is stated in the Consultation Paper, “In essence…, independent legal professionals are brought into the fight against money laundering when they are involved in particularly vulnerable lines of business.”56
A large number of bar associations and of international groups of lawyers have expressed their opposition to the extension of the reporting requirements to their profession; and in some countries, attempts to implement the initiative have proved difficult. In two countries, Monaco57 and Canada,58 attempts to extend the reporting obligation to attorneys were successfully challenged in the courts. Nevertheless, the reporting obligation for the legal profession exists in a number of countries, although the obligation is tailored to meet the special situation of lawyers. In the United Kingdom, the reporting obligation is subject to an exception for privileged information.59 In Slovenia, the obligation is limited to certain acts performed by legal and other professionals on behalf of their clients.60 In Belgium, the obligation is also limited to certain acts performed by lawyers on behalf of their clients (as set out in the revised EU directive), and the circumstances in which reports must be submitted are more limited than they are for the financial professions. Moreover, lawyers furnish their reports to the head of the bar association, who transmits it to the FIU if he finds that the legal conditions requiring the report are met.61 In Australia, the reporting obligation of solicitors is limited to cash transactions above a prescribed minimum amount (AU$10,000) to which they are a party in the course of their practice.62
It should be noted that although the number of suspicious-transaction reports produced by legal professionals may not be large when compared with the number provided by financial institutions, they may be of an entirely different nature and could require considerable expertise to analyze. Financial transactions involving complex legal arrangements, multiple trusts, and corporate vehicles are only some of the structures that would require scrutiny. Thus, extension of the reporting obligation to these professions may well have staffing and cost implications for the FIU.
Trust and company service providers
Trust and company service providers are also brought under the new FATF reporting standard. They include persons not otherwise covered in the FATF Recommendations who provide to third parties services such as acting as a formation agent of legal persons, a director or secretary of a company, a partner of a partnership, or in a similar position in relation to other legal persons; providing a registered office, business address, or accommodation for a company or partnership; acting as a trustee to an express trust; and acting as a nominee shareholder for another person.63
Some countries extended the reporting obligation beyond the international standards. For example, in South Africa, although only designated institutions must report transactions above a specified amount, any person who operates, is in charge of, manages, or is employed by a business must report certain defined suspicious transactions.64 In Colombia, the reporting obligation and other related obligations are extended to entities involved in foreign trade.65
What Is to Be Reported?
The international standard on reporting transactions has evolved over time. In the late 1980s and early 1990s, there was considerable discussion as to whether reporting institutions should report all transactions above a certain amount, only those transactions that appeared to be related to criminal activity, or a combination of both.66 The first FATF Recommendations, issued in 1990, stated that countries should ensure that financial institutions pay special attention to suspicious transactions; investigate their backgrounds; and keep the findings available for supervisors, auditors, and law-enforcement agencies; but there was no standard requiring them to report these transactions to a competent authority. In fact, countries were encouraged to consider the feasibility and utility of a different reporting system, based on the obligation to report transactions above a fixed amount to a central authority.67 With the adoption of the 1996 revisions to the FATF Recommendations, suspicious-transaction reporting was established as the international standard.68
In some countries, including the United States, the obligation of financial institutions is to report “suspicious activities” rather than “suspicious transactions.”69 The meaning of the former expression is somewhat broader than the latter, since it includes suspicious transactions and other circumstances that raise suspicions of criminal activities. The difference between the two expressions, however, may be narrowed in part by specifying that reporting entities must report transactions that were not executed if the circumstances that led to their not being undertaken are suspicious, a requirement that occurs in many countries.70
There are two aspects to the definition of the obligation to report suspicious transactions. The first is the definition of what “suspicious” means. This establishes the “level of conviction” that needs to be present in order for the facts surrounding a particular transaction to amount to a reportable “suspicion.” The second is the definition of the range of criminal activity, a suspicion of which may trigger the reporting obligation. FATF Recommendation 13 refers to funds that “are the proceeds of criminal activity.”71 Some national legislation uses a slightly different standard.
In defining the obligation to report suspicious transactions, the benchmark should be set in such a way that the smallest possible number of suspicious transactions go unreported, while the number of reports that turn out to not be suspicious is limited. At the same time, it is important to recognize that it is not the function of the reporting entities to investigate suspicious transactions beyond assembling the basic facts necessary to establish that a transaction is, indeed, suspicious. It is thus expected that a large proportion of reports will be found, upon analysis by the FIU, not to be linked to criminal activity.
What is a suspicion?
A suspicion is a conclusion to which a reporting institution arrives after consideration of all relevant factors. The definition of the suspicion needs to be expressed in the clearest terms possible. The requirement of clarity in the definition of a suspicious transaction is particularly important in countries where criminal sanctions are attached to failures to comply with the reporting requirement. It is also important in other jurisdictions, since complex and expensive systems have to be put in place to implement the reporting obligation.
In many countries, the law requires that “suspicious” transactions be reported but does not define “suspicious.” The terms “suspicious” and “suspicion” have a fairly wide range of meanings and may include situations where a very low “evidentiary threshold” is involved. For example, in the context of the laws of the United Kingdom and of Scotland, it has been noted that the ordinary meaning of the word would include the idea of “imagining something without evidence or on slender evidence.”72 Similarly, in the United States, the term “suspicion” has been defined as “the imagination or apprehension of the existence of something wrong based only on slight or no evidence, without definitive proof.”73 In French, the equivalent term “soupçon” also has a number of meanings, some of which also imply very little evidence such as, for example “a simple conjecture, opinion, advice or hypothesis or intuition…”74 Although these definitions do not have the force of law, they clearly show that the term “suspicious” and “suspicion” can have a variety of meanings.
The use of such a broad standard gives considerable discretion to the reporting entity in its decisions to report or not to report transactions. This discretion is consistent with the view that decisions on what transactions are suspicious should be made by staff of the financial institutions on the basis of their skills, experience, and knowledge of the customer, rather than on the basis of a rigid set of rules. Such a standard places a significant burden on the reporting entities, however, and also tends to increase the number of suspicious-transaction reports received by the FIU. This places an additional burden on the FIU, which needs more staff and other resources (including access to information) to analyze the reports. Some countries, in view in particular of the penalties attached to failures to report, have acted to limit the discretion of reporting entities. Some have done so by adding specificity to the required “suspicion,” while others have avoided the use of the “suspicious” criteria altogether.
Certain countries have tried to make the meaning of the word “suspicion” clearer by requiring, in the law itself, that the suspicion be grounded in some factual observation. For example, the Swiss money-laundering law refers to a “soupçon fondé” (“a founded suspicion” in the unofficial translation issued by the Swiss authorities)75—that is, a suspicion grounded in some factual basis, however slim. The Australian law also uses a more objective criterion and requires cash dealers to report transactions when they have “reasonable grounds to suspect that information” they have may be relevant to the investigation or prosecution of an offense.76 These laws may have made the standard more objective, but it has been observed that they may also have made the “evidentiary threshold” higher.77
Another way of limiting, to some extent, the range of possible interpretations of the term “suspicion” consists in establishing a mechanism under which a body is charged with providing more specificity to the term. This has been done in Luxembourg, where the Commission de Surveillance du Secteur Financier (CSSF) has issued a circular that contains a set of indicators that is intended to specify the reporting obligation.78 The indicators are similar to the 39 indicators of money laundering issued earlier by the Swiss Federal Banking Commission under a provision of the Anti-Money Laundering Law dealing with the detection of high-risk transactions.79 In Lithuania, decisions of the government set out criteria clarifying what “suspect” transactions are.80 In other countries, for example Canada,81 the FIU has issued guidelines, which are not part of the law or regulations, and are not binding, to assist reporting entities in detecting suspicious transactions.
Other jurisdictions have avoided using the term “suspicion” and its variants in the law, and have attempted to base the reporting obligation on a more objective criterion. It may be noted in this respect that the EU directive on the prevention of money laundering requires countries to obligate concerned entities and persons to inform the competent authorities “of any fact which might be an indication of money laundering.”82 The Spanish law requires the reporting of “any fact or transaction with regard to which there is an indication or there is certainty that it is related to laundering….”83
Another approach that avoids the use of the term “suspicion” as the basis for the reporting obligation is found in the Netherlands, where the reporting obligation is based on the “unusual” nature of transactions. The Dutch law requires persons subject to the reporting obligation to report “unusual” transactions.84 Under this approach, there is no requirement to link a transaction with a suspected criminal offense; it suffices that the transaction be “unusual.” The ministers of justice and finance have joint responsibility for issuing “indicators,” if necessary, for each category of transaction, for a period not exceeding six months, after consultation with the FIU. Once approved by the government, the indicators become permanent.85 The current list of indicators contains generally applicable indicators, as well as indicators related to certain types of transactions, such as life insurance contracts, credit card transactions, and casino transactions.86
In an “intermediate” approach, both the “unusual” and “suspicious” criteria are used in different steps in the identification of transactions to report. In Colombia, for example, any transaction that is inconsistent with the customer’s profile or that falls within a category of objective alerts predetermined by the reporting institution is to be considered “unusual.” The transaction is checked further by the reporting institution in order to determine whether it has an economic and legal explanation. If it does not, it is considered “suspicious” and is reported to the FIU.87
The 2003 FATF Recommendations leave it to each country to decide on the exact nature of the suspicion necessary to trigger the reporting obligation. Recommendation 13 refers to a financial institution that “suspects or has reasonable grounds to suspect” that funds are related to criminal activity.88 While the manner in which the obligation is defined varies from country to country, the fact remains that financial institutions, and other reporting entities subject to the know-your-customer standard are in the best position to detect suspicious or unusual transactions.
What is criminal activity for purposes of the reporting obligation?
The basic intent of the reporting obligation, as stated in the 1996 FATF Recommendations, is to provide the FIU with information on transactions involving funds that could stem from criminal activity.89 The expression “criminal activity” is repeated in the 2003 Recommendations. In practice, however, the range of criminal offenses that constitute “criminal activity”—and thus give rise to an obligation to report a transaction to which they are related—varies from country to country. Although many countries define the obligation by reference to money laundering, others take a different approach. For example, in Belgium, where the predicate offenses are defined very broadly by reference to all crimes,90 the reporting obligation is limited to cases where the funds are suspected of originating in one of a limited number of crimes.91
The 2003 Recommendations have attempted to provide further guidance in this respect. The new Recommendation 13 and its Interpretative Note define the standard for the reporting obligation by reference to the standard for the definition of predicate offenses in the criminalization of money laundering, which is set out in Recommendation 1. The standard for criminalization, in turn, refers to the 1988 Vienna Convention and the Palermo Convention. The Vienna Convention referred only to drug-related offenses as predicate offenses, but the more recent Palermo Convention sets out the general principle that predicate offenses should include “the widest range of predicate offenses” and “all serious crimes,” which the convention defines as conduct constituting an offense punishable by imprisonment for a period of at least four years.92
Building on the Palermo Convention, FATF Recommendation 1 (2003) states that “countries should apply the crime of money laundering to all serious offenses, with a view to including the widest range of predicate offenses.” It also specifies that, at a minimum, the law should include a range of offenses within each of the designated categories of offenses set out in the glossary. The reporting obligation is then defined in Recommendation 13 by reference to a suspicion that funds are “proceeds of criminal activity,” which is defined in the Interpretative Notes as “a) all criminal acts that would constitute a predicate offense for money laundering in the jurisdiction; or b) at a minimum to those offenses that would constitute a predicate offense as required by Recommendation 1.” The Interpretative Note adds that countries “are strongly encouraged to adopt alternative a. A similar obligation is contained in the International Convention for the Suppression of the Financing of Terrorism, which sets as a standard the reporting of “transactions suspected of stemming from a criminal activity.”93
Reports of Transactions Related to Terrorism Financing
In addition to the reporting of transactions suspected of money laundering, countries must also ensure that concerned entities report transactions suspected of being related to terrorism. This new standard was established by the adoption of the FATF Special Recommendations on Terrorist Financing in October 2001.94
Most countries have implemented this standard by amending the law in which the reporting obligation is contained. In some countries, such an amendment may not be necessary. This would be the case when the reporting obligation was worded in broad enough terms—for example, in cases where it refers to transactions suspected of being related to any criminal activity and the financing of terrorism is a crime in that jurisdiction. By contrast to money-laundering transactions, terrorism financing transactions are illegal not because of the criminal origin of the funds, but in view of the criminal intent with which they are carried out. Training may be necessary to ensure that reporting entities detect such transactions, which often appear “normal,” except for their illicit objective.
Reports of Transactions Above a Specified Amount
Before suspicious-transaction reports became the international standard, countries with money-laundering-prevention systems relied on the analysis of large transactions to detect criminal activity. Large-transaction reports are still valued in some jurisdictions as an additional source of data that can yield intelligence and also as a means of reconstructing the “money trail” once suspicious activity is detected and criminal investigations are undertaken.95
A number of countries have implemented such a system. In the United States, financial institutions must report all cash transactions above $10,000 to a central location supervised by FinCEN (unless exempted).96 Starting in January 2003, Canada implemented a system under which cash transactions above a specified amount (CAN$10,000) are to be reported.97 Reports are made to the Canadian FIU. International wire transfers above the same amount must also be reported.98 A similar obligation exists in Australia, where cash dealers must report cash transactions to which they are a party involving currency (coin or paper money) of the equivalent of AU$10,000 or more and all international wire transfers.99 A transaction may be reportable as being both suspicious and above the threshold amount.
Such systems produce vast numbers of reports and require sophisticated computer equipment, in the reporting entities as well as in the FIU, if they are to be administered effectively. In the United States, the currency-transaction-reporting system generated more than 12 million reports in U.S. fiscal year 2002.100 The laws provide for exemptions to be granted for designated financial institutions, government agencies, and established businesses that handle large amounts of cash in the normal course of their work.
Reports of Cross-Border Transportation of Currency and Bearer Negotiable Instruments
A growing number of international instruments encourage countries to implement a system of reporting cross-border movements of currency. FATF Recommendation 19 states that “[c]ountries should consider implementing feasible measures to detect or monitor the physical cross-border transportation of currency and bearer negotiable instruments, subject to strict safeguards to ensure proper use of information and without impeding in any way the freedom of capital movements.” The Palermo Convention contains a similar requirement for consideration.101 The United Nations Convention Against Corruption also contains a similar provision, to which it adds that “such measures may include a requirement that individuals and businesses report the cross-border transfer of substantial quantities of cash and appropriate negotiable instruments.”102 In the Czech Republic, for example, the customs authorities are required to report to the FIU when they ascertain, in the performance of their duties, that valid banknotes, coins, checks, or traveler’s checks in an amount exceeding CZK 350,000 (about US$13,000) have been transported.103
Data from Other FIUs
One of the most important functions of an FIU is the unfettered exchange of financial data and intelligence with other FIUs. The principles governing the exchange of information between FIUs are set out in the Egmont Group’s Principles for Information Exchange Between Financial Intelligence Units for Money Laundering Cases and are discussed later in this chapter.104 Legislation governing the exchange of information between FIUs should allow such exchanges to take place without impediments.
An FIU may receive financial information from a foreign FIUs upon its request, or spontaneously, in the event that a foreign FIU receives financial information, or develops intelligence that it believes may be of interest to the FIU. In the latter case, the receiving FIU will need to analyze the information in the same manner as it analyzes similar information and determine whether the information leads to intelligence concerning illicit activity.
Rules Related to Reporting Entities
Confidentiality of customer information
The officers and staffs of financial institutions are generally subject to a duty not to disclose client-related information that they acquire as a result of their business. Such a duty is usually viewed as an implied condition of the contract between the financial institution and its customer. In some countries, in addition to this duty of discretion, laws establish an obligation of secrecy, the breach of which may lead to the imposition of criminal penalties.105
Other laws may reinforce the protection of customer information. This is the case for laws adopted in many countries with the objective of protecting the confidentiality of personal information contained in electronic databases. These laws often restrict the use financial institutions may make of their client information and the circumstances in which they may provide such information to third parties.106 These various restrictions on the power of financial institutions to disclose customer information must be overcome in order to allow the anti-money-laundering reporting system to function. This is usually done through specific provisions in the laws establishing the reporting obligation. The duty to provide information should cover not only the provision of suspicious-transaction reports and other reports but also the institution’s duty to respond to further requests for information from the FIU, including requests for relevant documents.
The 2003 FATF Recommendations contain a general provision to the effect that “[c]ountries should ensure that financial institutions’ secrecy laws do not inhibit the implementation of the FATF Recommendations.”107 The extension of the reporting obligation to certain nonfinancial professions as part of the implementation of the G-8’s Gatekeeper initiative has raised difficult issues with regard to the duty of confidentiality that is attached to the exercise of these professions. This is particularly the case for the legal professions, where, traditionally, the requirement of confidentiality has been very strong.
Rules against “tipping off”
To avoid suspect funds being transferred out of the reporting institution and to avoid prejudicing investigations by making suspects aware of them, it is important that reporting institutions not inform account holders and customers of the suspicious-transaction reports they provide to the FIU.108 Such a provision is found in many AML laws and is set out in FATF Recommendation 14.
Immunity of reporting entity and its staff for reports made in good faith
A corollary of the obligation to report suspicious transactions is that a person who makes such a report in good faith should be immune from liability for the legal consequences of having made the disclosure. The FATF Recommendations have made this a standard since 1990.
There are two aspects to this immunity. First, the law requiring the suspicious-transaction reports should make it clear that those making the reports are exempt from legal requirements of professional secrecy and confidentiality. Second, persons making the required reports in good faith should also be protected against potential liability to the persons named in the reports, who, if they were to learn of the disclosure, might attempt to recover damages from the persons who made the reports.
Laws on the immunity of reporting entities vary in their scope. The Belgian law is particularly comprehensive in this regard. It states that “No civil, criminal, or disciplinary proceedings may be initiated and no professional sanction imposed upon the institutions or individuals referred to in [the AML law], their employees and representatives who in good faith have provided information pursuant to [the relevant provisions of the AML].”109 In Liechtenstein, the law addresses the two aspects of the recommendation specifically, as follows: “Anyone who reports to the FIU […] in accordance with [the law] - and if it is found that such reporting was unjustified - is exempt from any liability, provided that he/she has acted neither intentionally nor with gross negligence. This action of reporting is not illegal within the meaning of the criminal law, provided that the person had no intention of communicating false information.”110 In South Africa, the law also covers the two aspects: “No action, whether criminal or civil, lies against [a reporting person or institution] complying in good faith with a provision of this Act [….]”111 In the Netherlands, the immunity against liability for damages to third parties is qualified by the terms “unless, considering all circumstances, it is plausible that no disclosure should have been made.”112
Form and Contents of Reports to FIU
In some countries, the power to decide on the form and contents of reports is delegated to the FIU. This is the case, for example, in the Netherlands.113 In Australia, schedules to the law contain the elements that must be reported for each type of reporting entity. Items may be deleted from the schedules or added to them by regulations issued by the government.114
In many countries, the reports must be in writing, but provision is also made for making oral reports (for example, by telephone) in the event of an emergency. A written confirmation is usually required after an oral report has been sent.115 The FIU usually provides a uniform format for reports covering each particular type of institution.
In some countries, reports may be filed electronically. Electronic filing includes not only the automated production of batches of reports sent by electronic means, as many large financial institutions do for reports on high-value currency transactions, but also the ability of reporting persons and entities to file reports by filling out an on-screen form provided by the FIU. In a number of economically advanced countries, the vast majority of reports are filed electronically.
In many of the economically less advanced countries, however, the infrastructure necessary to support the wide use of information technology may not be available. In these countries, reports are routinely filed on paper forms; and, if the FIU has the capability, the reports can then be indexed electronically or entered into a local secure database.
In most cases, the information required for suspicious-transaction reports includes not only the particulars of the transaction or of the customer but also a statement of the reason or reasons why the transaction is considered suspicious or of the facts that made it suspicious.
Improving Flow and Quality of Reports
To obtain compliance with the AML/CFT reporting obligations, there needs to be in place a set of measures intended to foster improvements in the flow and quality of reports without resort to sanctions, such as awareness raising and training. These awareness-raising and training actions of the FIU or other supervisory agency will be particularly useful when the FIU is being established, when the building of trust between the staff of the reporting entities and the FIU is important. Similarly, these actions can be taken when new sectors become subject to the reporting requirements.
Remedies also have to be in place, however, to ensure that all concerned institutions understand the mandatory nature of the reporting obligation and to be exercised against deficient institutions once other actions have been tried without producing the desired results. The use of sanctions in appropriate cases also serves to make clear to the whole reporting community the determination of the FIU (or other supervising agency) to arrive at satisfactory reporting levels.
Before sanctions are levied on delinquent entities, a number of other actions may be taken to enhance the quality and flow of reports. One possible approach is to assess the reporting practices of sectors so as to be able to direct training and other outreach activities to the sectors most in need of them. For this purpose, the FIU may analyze basic data on each reporting entity in a sector, the volume of transactions, the market share, the nature of the business, and other factors to arrive at a general estimate of the number of reports each entity could be expected to generate. Then the reporting practice of each sector is monitored; and if the numbers of reports “expected” and received do not match, different actions may be envisaged.
Training programs may be directed at the institutions in the sectors which show the greatest need for improvement. Training may also be directed at sectors that are being added to the list of reporting institutions. The immediate objective of the participation of the FIU staff in training of the targeted sectors would be to foster improved reporting, but it could also be seen as the start of the bilateral relationship between the FIU and the entities in the sector. The quality of reports received from each sector may also be analyzed.116 Findings may be reported back to the reporting entities in each sector on either an aggregated basis in sector-wide meetings or individually.
Another tool, used by some FIUs, is to request from reporting entities (based upon a legal requirement) that they report periodically to the FIU on their work on AML/CFT, including statistical data on reports sent to the FIU. The FIU can then check whether the data reported and the reports actually received match. If they do not, the FIU or the supervisory body should go back to the reporting entity and request an explanation for any discrepancy. This system promotes the use of efficient systems by reporting entities to monitor their reporting activities.
After an outreach program has been in place for a certain length of time, the FIU117 needs to consider the case of entities that fall below the level of reporting of the sector as a whole. In this regard, the difference between failures to report “cash” or other transactions above a set amount and failures to report suspicious transactions should be noted. For the former (or any other reporting obligation based on an objective criterion), there is a factual test to determine whether a transaction should have been reported; for suspicious transactions, a subjective judgment, based on all facts of the case, is involved. Hence the usefulness of internal guidelines on the detection of suspicious transactions.
Where there is a low level of suspicious-transaction reports, the examination of a sampling of transactions may reveal to what extent transactions that should have been reported were not. Assuming a high level of unreported transactions is found, the FIU may try to determine whether the reporting entities have followed the applicable guidelines on the detection of suspicious transactions. In this context, individual decisions not to report certain transactions are less important than the pattern they reveal. The decisions not to report should be reviewed along with the analysis that was conducted to determine whether these decisions form part of a pattern of not reporting.
An array of administrative sanctions may be set out in the legislation to deal with non-compliant entities, and the application of the sanction varies according to the gravity of the offense. A typical set of graduated administrative sanctions would include warnings, reprimands, fines of different amounts, and ultimately cancellation of the noncompliant entity’s authorization to operate. Publication of these sanctions (where this is allowed or required) may contribute to making the reporting community aware that the reporting obligations are enforced.
The procedure to apply administrative sanctions varies from country to country. The FIU or other supervisory authority usually has the power to issue the first level of sanction, such as warnings. In some countries, the FIU is also empowered to levy other administrative sanctions. For example, in the Czech Republic, the FIU is in the ministry of finance, and the minister of finance has the authority to levy certain fines for noncompliance under the AML Act, but if the failures are such as to warrant repeal of a license, the minister must refer the matter to the authority empowered to decide on the repeal of a license.118 In other countries, the FIU can only initiate the sanction process by referring cases to a supervisory authority or an administrative court. This is the case in Belgium, where the FIU lacks sanctioning power and must refer cases to the competent supervisory, regulatory, or disciplinary authorities for sanction. (The minister of finance is the designated authority with respect to entities not falling under the supervision or control of an agency.)119
In some countries, breaches of their reporting obligations under the AML law on the part of individuals and corporations constitute violations of the criminal law. Although in both administrative and criminal proceedings, fines can be the penalty imposed upon conviction, there is a very significant difference between administrative and criminal proceedings. First, in the case of criminal sanctions, if the criminal law so provides, failure to report may lead to imprisonment in addition to fines or as an alternative to fines. In any case, criminal convictions leave a permanent mark on the record of an individual, and, under the “fit-and-proper” test in force in many countries, may result in the person being barred from managing a financial institution or becoming a member of the board of directors of such an entity. In addition, criminal proceedings often bring with them considerable negative publicity for the firm and the individual, which may have negative commercial consequences. It may also be noted that criminal convictions may be more difficult to obtain under the same set of facts, since the criteria for conviction (i.e., proof beyond a reasonable doubt) is higher than the one usually applied in administrative proceedings (i.e., preponderance of evidence).
For all these reasons, making breaches of reporting obligations and of similar obligations subject to criminal sanctions should be considered with care. Some countries have criminalized many types of conduct in breach of the reporting entities’ AML/CFT obligations. This is the case, for example, in South Africa.120 In other countries, attempts have been made to limit the conduct subject to criminal sanctions to cases where circumstances are such that the breach can be seen as the result of gross negligence. For example, in Monaco, a person who “in clear disregard of his professional duty of care as set out in the [AML law] and its implementing regulations” contravenes the provisions on reporting suspicious transactions (including transactions not carried out on grounds of AML/CFT suspicions) is liable to criminal prosecution leading to the imposition of fines.121
The second element of the core functions of an FIU, as defined by the Egmont Group, is the analysis of reports received from reporting entities. The purpose of the analysis is to establish whether the data contained in the reports, substantiated as necessary by the FIU, provide a sufficient basis to warrant transmitting the file for further investigation or for prosecution (as the case may be). It should be noted, however, that in practice, the line that separates the analysis performed by the FIU from the investigations performed by the law-enforcement authorities may not be drawn in the same way in all countries and may also vary, depending on the type of FIU involved
The number of reports FIUs receive varies considerably from country to country. In some cases, the volume of reports may be too large for the FIU to be able to analyze all of them in a timely fashion. In such cases, the FIU may use internal criteria to prioritize reports and deal only with the most important ones. In most circumstances, suspicious-transaction reports and communications from other FIUs receive higher priority than reports based on the amount of the transaction. Reports that are not immediately analyzed, however, may prove valuable later in the analysis of priority reports and provide useful data in performing operational or strategic analysis. Many FIUs store this “sleeping data” for later use and report using it after some months or years, when new reports are received and matched with this stored data.
The analytical process starts with the receipt of a report, continues with the collection of additional related information, goes through different forms of analysis, and ends with either a detailed file concerning a money-laundering (or financing of terrorism) case that is forwarded to the law-enforcement authorities or prosecutors or the reaching of a conclusion that no suspicious activity was found. After the analysis is performed, the primary report that triggered it may represent a small part of the file.
As soon as the data received exceed a certain volume, electronic means of storing it and analyzing it are required. Otherwise, retrieving the data and analyzing it become too time-consuming and the analysis may not be as thorough. The ability to quickly analyze data is vital for a system of countering the laundering of the proceeds of crime, and computerized databases and analytical tools are an important element in achieving this goal. Nevertheless, it is important to keep in mind that electronic databases and software can only facilitate the work of analysts, not replace it.
For purposes of presentation, it is useful to distinguish between different levels of intelligence produced in an FIU. Three levels are generally identified: tactical, operational and strategic.122 Each has its uses, and none is intrinsically more valuable than the others. The three levels of analysis are complementary, and it is beneficial for an FIU to undertake all three.
Tactical analysis is the process of collecting the data needed to build up a case establishing wrongdoing and the accompanying facts that clarify the reasons behind the commission of a criminal offense. Tactical analysis produces tactical information. Although tactical analysis may be performed on all incoming reports, it is likely that suspicious-transaction reports will provide the most directly useful leads, and the description that follows is based on the analysis of such reports.
Tactical analysis includes the matching of data received from reporting institutions with data held by the FIU or accessible to it, including lists of names, addresses, phone numbers, and data in the other reports forwarded by the reporting institutions. Some reporting institutions may produce the simplest form of tactical information themselves, by adding to their reports related information on the reported client or transaction that they have in their databases.
Upon receipt of a suspicious-transaction report, the analyst will look for additional information on the subject, the company, the transactions, or other elements involved in a particular case to provide the basis for further analysis. The main sources of such additional information are briefly described below.
The FIU’s own data
The analyst will check the data in the report against information in the FIU’s internal sources, such as data from earlier suspicious-transaction reports, cash-transaction reports, and cross-border-transfer reports (if applicable). For this purpose, the newly received data are broken down into components that are checked against the sources previously mentioned. When a component is matched with existing data, this information is added to the compiled data on the case. After additional data are collected, one may start using the term “case,” which may relate to many individual transactions.
Publicly available sources
The information will be checked against data in publicly available sources, such as company registers and company status or business reports and credit reports issued by private companies, audit companies, and accounting bodies. Even telephone registries are sometimes good sources of information.
Checks will also be performed on data held in governmental databases. Such data would usually include tax records, company-formation records, police records, immigration and customs records, vehicle registries, and supervisory findings. It is vital that these data be available as quickly as possible, and on a real-time basis as much as possible. Ideally, an FIU would be able to access these databases directly through electronic means, based on a law, a regulation, or an agreement between the agencies concerned. Some of the data might, in fact, be part of an FIU’s internal database.
Additional information from original reporting entities and other entities
If necessary, the analyst may go back to the primary information source—that is, the financial and nonfinancial institutions that provided the initial reports, if this is permitted, to request additional information from them (if necessary). It is also very useful if the FIU is authorized to seek information from other institutions subject to the AML/CFT reporting obligations that may have been involved in related transactions or business of the suspicious customer, even if they have not provided reports on them.
After completing the initial checking of the new data against these national sources, and establishing grounds of suspicion for money laundering or related offenses, the FIU may, when international elements are involved, request additional information from foreign FIUs or other counterparts.
Operational analysis consists of using tactical information to formulate different hypotheses on the possible activities of the suspect to produce operational intelligence. Operational analysis supports the investigative process. It uses all sources of information available to the FIU to produce activity patterns, new targets, relationships among the subject and his or her accomplices, investigative leads, criminal profiles, and—where possible—indications of possible future behavior. One of the techniques of operational analysis used in some FIUs is financial profiling. This provides the analyst with methods for developing indicators of concealed income of an individual, a group of individuals, or an organization. It is an effective indirect method of gathering, organizing, and presenting evidence related to the financial status of subjects. The relevance of the profile is to show that the target cannot demonstrate a legitimate source for the difference between his or her outflow of cash and his income. The tracing of a person’s assets may also provide leads linking the subject with predicate offenses.
Through operational analysis, the information received by the FIU is developed into operational intelligence, which can be transmitted to law-enforcement agencies or prosecutors for further action. In order to ensure that its tactical and operational analyses are relevant, the FIU should monitor the extent to which its work contributes to successful prosecutions.
Strategic analysis is the process of developing knowledge (“strategic intelligence”) to be used in shaping the work of the FIU in the future. The main characteristic of strategic intelligence is that it is not related to individual cases, but rather to new issues and trends. The scope of any strategic analysis may be narrow or wide, as required. It may consist of the identification of evolving criminal patterns in a particular group or the provision of broad insights into emerging patterns of criminality at the national level to support the development of a strategic plan for the FIU.
Strategic intelligence is that which is developed after all available information has been collected and analyzed. It requires a wider range of data than operational analysis, as well as experienced analysts. The data come from reports provided by the reporting entities, the FIU’s own operational intelligence and tactical information, public sources, and law-enforcement and other government agencies. The analyst may conclude from the data that, for example, an unusual pattern or volume of transactions is emerging in a certain financial sector or in a certain region. Such findings may form the basis for further actions of the FIU or the law-enforcement agencies. At a broader level, strategic intelligence may suggest the need to impose reporting and other AML/CFT obligations on new entities. Depending on the circumstances, strategic intelligence may be shared with other law-enforcement agencies, as well as with the government agencies charged with the development or coordination of anti-money-laundering policy.
The third core function of an FIU is the dissemination of the information it has received and the sharing of the results of its analysis. The ability of an FIU to quickly share reliable financial intelligence and related information with domestic and foreign authorities is critical to the success of its mission. Since funds move quickly in and out of financial institutions and across national boundaries, FIUs must be able to provide, as rapidly as possible, financial information to competent authorities for purposes of criminal law-enforcement work. The ability of FIUs to share valid information quickly affects not only the effectiveness of a country’s internal AML/CFT regime but also its ability to cooperate internationally.
There are three aspects to the dissemination function of FIUs. The first two are related to exchanges of information inside a country, and the third is related to international exchanges. The first concerns the duty of the FIU to transmit information to the competent authorities for further investigation or prosecution whenever its analysis reveals money laundering or other criminal activity. The second concerns the exchange of information between the FIU and domestic agencies other than the ones to which files are transmitted for further investigation or prosecution. The third is the international exchange of information, mainly, but not exclusively, from FIU to FIU.
Transmitting Reports for Investigation or Prosecution
When an FIU concludes its analysis of a suspicious transaction or series of transactions with a finding that they reveal criminal activity (as defined in the FIU law), it is the duty of the FIU to transmit the results of its analysis to the competent authorities for further investigation or prosecution.123 The decision as to which authority will receive the information depends on the legal system of the country involved. In some systems, the information is transmitted to the police, so they may carry out the investigations that will result in a file ready to be transmitted to the prosecuting authorities for prosecution. In other systems, the file is transmitted directly to the prosecuting authorities, which will order further investigations, if necessary, and, if the evidence is sufficient, will initiate the prosecution.
The law governing the FIU normally specifies the scope of the obligation to send a file for investigation or prosecution, which varies from country to country. In most systems, the scope is fairly narrow, in accordance with the “specialty principle,”124 under which the information furnished to the FIU by financial and other institutions can be used only for a specifically defined purpose, such as combating money laundering.125 In Slovenia, for example, the law adopted in 2001 limited the duty to transmit documentation to the competent authorities to cases where the FIU considered, “on the basis of data, information and documentation obtained under the Law” that there existed reasons for suspicion of money laundering.126 An amendment to the law widened the duty to report to the competent authorities to include cases of corruption and criminal association, as well as all serious crimes subject to a prison sentence of five years or more.127 In Belgium, the scope of the obligation is narrower: the suspicion has to come from the examination of a suspicious-transaction report, and the crimes on which reports may be made to prosecutors are limited to money laundering and terrorism financing.128 In law-enforcement-type FIUs, the specialty principle may not operate in the same way. For example, in South Africa, an autonomous police-type FIU, the FIU provides the information to an investigating authority, the tax authorities and the intelligence service at the request of such authority, or at the initiative of the FIU if the FIU “reasonably believes such information is required to investigate suspected unlawful activity.”129
Once the competent law-enforcement authority has received the information from the FIU, the use it may make of it is determined by the law governing the actions of that agency or by general laws of criminal procedure. Often when the prosecutor’s office receives information that can lead to criminal charges against an individual or corporate entity, the prosecutor’s office is free to use the information as it sees fit and to determine, on the basis of all relevant factors, what criminal charges will be made.130
Sharing Information with Other Domestic Agencies
In addition to transmitting files for investigation or prosecution, FIUs may also be in a position to assist other agencies in the country to accomplish their mission by providing them with useful financial information. Among the main potential recipients of FIU intelligence are financial sector regulators and supervisors. The ability of the FIU to provide this assistance depends on the laws that govern the use the FIU can make of the information it obtains. Box 9 sets out the agencies with which an FIU may share information.
Box 9.Sharing Information With Other Domestic Agencies
FIUs provide information to domestic agencies, and receive information from them, as follows:
- Banks, money remitters, and other financial institutions provide suspicious-transaction reports; they may provide other reports, and receive feedback from, the FIU.
- Financial regulators may report to the FIU financial information, including suspicious transactions found in the course of their supervision of financial institutions, and may receive financial intelligence and information on breaches of anti-money-laundering laws on the part of entities subject to their jurisdiction from the FIU.
- Police and prosecutors provide law-enforcement information to the FIU and receive financial intelligence (in police FIUs, the FIU function and the law-enforcement function are integrated in a single agency) from the FIU.
- Other government agencies (e.g., company registrars and motor-vehicle-registration offices) provide raw data to the FIU.
- Tax authorities, anti-corruption agencies, customs and excise agencies, and intelligence agencies may, if legislation allows, receive financial intelligence from the FIU and provide information to the FIU.
In most systems, the law determines the agencies with which the FIU may share information and the uses the receiving agency or agencies may make of the information. The law governing the FIU may state that the FIU will provide financial information, for the purpose of prosecution, to the prosecutor’s office and, in addition, will exchange information with specified financial regulators and supervisors. For example, in South Africa, the law lists the country’s law-enforcement, tax, and intelligence agencies, as well as the financial supervisory bodies, as recipients of FIU information.131 Once another agency has received information from the FIU, the law governing the agency will normally specify what uses the agency may make of the information. In particular, these laws (for example, the laws governing the conduct of financial regulators) will normally contain strict confidentiality requirements similar to those applying to the FIU and its staff. As a result, the receiving agency will be able to share the received information only to the extent permitted by law.
In contrast to transmittal of files to prosecutors or investigative agencies, which concern criminal matters, transmittals to financial supervisors or regulators and other government agencies may involve statistics, administrative matters, or civil cases. For example, a financial regulator or supervisor investigating a subject for misconduct that does not constitute a crime but for which an administrative sanction or civil penalty may apply, may need financial intelligence held by the FIU to support its case.
In determining the agencies that will be authorized to receive financial information from the FIU, legislators must weigh the privacy rights of individuals against the needs of domestic agencies for timely financial information.132 Legislators must ensure that their national FIU is authorized to share information with the relevant institutions or agencies engaged in the fight against money laundering and terrorist financing. At the same time, they will impose safeguards to protect the sensitive financial information that an FIU acquires from being disclosed to unauthorized persons.133
As, over time, financial institutions report more and more financial disclosures to FIUs, and the consumers of financial intelligence expand their requests for information from FIUs, FIUs have to equip themselves to meet the increased demand for their services. Since the resources of the FIU may not increase at the same rate as the demand for its services, FIUs may need to find effective ways to share information with appropriate domestic authorities.
In many countries, the FIU exchanges information with other local agencies on the basis of the legislation and regulations authorizing such exchanges. In some countries, FIUs have used memoranda of understanding or similar documents to make more detailed arrangements for exchanging information authorized by law with other agencies with which they exchange information on a regular basis. These memoranda of understanding set out the terms under which the FIU will entertain requests, the conditions for using FIU information, and any other conditions upon which the parties agree. These written arrangements are an excellent way to ensure that the parties understand the rules for exchanging and using financial intelligence, even though they are unenforceable at law. Box 10 outlines the steps involved in requesting financial information from a FIU.
Box 10.Requesting information from an FIU
Requesting financial information from an FIU involves the following steps:
- Step 1. A domestic agency (i.e., a financial supervisor or law-enforcement agency) or a foreign FIU makes a request for financial information to support a case involving money laundering, terrorist financing, or related crimes.
- Step 2. The requested FIU determines whether the request satisfies legal, policy, and operational requirements. If so, the FIU searches its databases and files for information responsive to the request.
- Step 3. If necessary and appropriate, the FIU seeks information from other government agencies and financial institutions to respond to the request.
- Step 4. The FIU analyzes the information and prepares a report to share with the requesting agency or FIU and determines the conditions under which the requesting agency or FIU may use and disseminate the information contained in the report.
International Information Sharing134
Comprehensive and effective AML/CFT regimes must allow for FIU-to-FIU information exchange that support international cooperation.135 At the international level, FIUs share financial intelligence with other FIUs to support the analysis of STRs and intelligence gathering. With FIU-to-FIU information sharing, FIUs, domestic law-enforcement agencies and other domestic “consumers” of financial intelligence are able to seek and obtain information promptly from foreign governments to deter, detect, and prosecute money laundering, terrorist financing, and related crimes. The international FIU-to-FIU network facilitates the rapid exchange of financial intelligence across borders—a process that usually occurs faster through FIUs than through other government information-sharing channels.136 It should be noted that although information exchanged between FIUs facilitates the development of financial intelligence, it cannot be used as evidence in criminal proceeding without the express consent of the providing FIU. Countries usually provide evidence to be used in criminal cases through mutual-judicial-assistance procedures, which tend to be time consuming. However, FIU-to-FIU exchanges of information should not be used as a substitute for them.
The Egmont Group has stressed the importance of the unfettered sharing of information between FIUs. Its Principles for Information Exchange Between Financial Intelligence Units for Money Laundering Cases are discussed later on, at the end of the subsection on “International Information Sharing.”137 Legislation governing the exchange of information between FIUs should allow such exchanges to take place without impediments.
Most international exchanges of financial intelligence are organized in a “symmetrical” way: each agency communicates with its counterparts of the same type abroad. In addition, some FIUs, including the ones in Austria, the Cayman Islands, Denmark, Slovenia, and Venezuela, have the authority to exchange financial intelligence with foreign law-enforcement agencies. Some FIUs, such as Slovenia’s,138 are authorized to share financial intelligence with international organizations, which would include Interpol,139 Europol,140 or the European Union’s Anti-Fraud Office (OLAF).141
Legal basis for exchanges of information between FIUs
An FIU’s ability to share information with its counterparts and other agencies in foreign governments is determined by law or statute. Many countries authorize their FIU to exchange information with other FIUs to combat money laundering and related crimes. Following the terrorist attacks of September 11, 2001, more and more countries have authorized their FIUs to share information related to not only money laundering but also terrorist financing. For member countries of the European Union, the Decision of October 17, 2000 sets out detailed rules concerning the exchange of information between members’ FIUs.142
Most countries provide their FIU with authority to exchange information with other FIUs of any type. Given the importance of information sharing among FIUs, and the work of the Egmont Group in this respect, the trend is toward enhancing FIUs’ ability to cooperate with their counterparts that abide by international FIU information-exchange principles. Indeed, a large number of FIUs members of the Egmont Group have undertaken to exchange information with other FIUs in accordance with the Egmont Group’s model memorandum of understanding—that is, free exchange of information for purposes of analysis at the FIU level and no dissemination or further use of the information for any purpose without the previous consent of the supplying FIU and protection of the confidentiality of the information.
Some FIUs are authorized by law to exchange information with other FIUs without the need for an agreement between them. In other countries, as a matter of law or policy, the FIU exchanges information with other FIUs with which it has entered into a Memorandum of Understanding (MOU). MOUs set out the terms and conditions under which they share financial intelligence and other financial information with other FIUs. A typical MOU identifies the parties, the type of information eligible for information sharing, the limits on the use of any shared information, and restrictions on redissemination of shared information. The Egmont Group developed a model MOU for FIU-to-FIU information sharing.143
MOUs are designed to support information exchange. While an MOU is unenforceable in a court of law, it carries with it a moral obligation to live up to the terms of the arrangement. If a party disagrees on the interpretation or application of the MOU by the other party, the parties typically will attempt to resolve the problem among themselves. If, after discussion, they are unsuccessful, they may choose to mediate the issue with the help of a third party,144 amend the terms of the MOU, or terminate the MOU. Since an FIU’s reputation is paramount to its ability to participate effectively in the FIU network, an FIU that is known to breach the terms of information sharing will have difficulty finding FIUs willing to share their sensitive financial information with it.
Historically, a few countries have required that there be a formal agreement with another country before the respective FIUs could share financial intelligence. Countries that require a formal agreement to be authorized by the ministry of foreign affairs or other senior government official before their FIU can exchange information with other FIUs place their FIU at a distinct disadvantage in terms of its effectiveness as a partner in the international fight against money laundering and terrorist financing, because most FIUs do not require formal agreements to share information. Countries with such a requirement may not be in a position to offer other countries “the widest possible range of international cooperation to their foreign counterparts,” as called for by FATF Recommendation 40.
Exchange of information
Most requests for financial intelligence via the FIU network are made in writing. The requesting FIU sends a request to another FIU, either by letter or by filling out a request form. Requests are transmitted either on paper or electronically. Some FIUs send requests to each other via secure networks shared by them, such as the Egmont Secure Web or, for European Union FIUs, FIU-NET (see Box 11). In urgent cases, FIUs will request information orally. If the receiving FIU accepts such a request, it will normally ask the requesting FIU to follow up with a request in writing.
FIUs have developed request forms to meet a specific need to standardize international requests. Sometimes a requesting FIU fails to supply sufficient information about the underlying case, the type of information sought, the intended use of the information, or the potential users of the information. When this happens, the receiving FIU needs to ask the requesting FIU to supply the missing information. This can result in delays in processing the request. To avoid these delays, the Egmont Group developed a Request for Research form for FIU-to-FIU requests for information on money-laundering cases. Egmont encourages its members to use the form to standardize FIU-to-FIU exchange of information requests.
The FIU.NET is a computer network through which participating financial intelligence units exchange information in a quick and safe manner. As of May 2004, 16 FIUs from member states of the European Union share financial intelligence via FIU.NET.
The origin of FIU.NET can be found in the invitation issued in October 2001 by the Joint ECOFIN/JHA Council (i.e., the European ministers of finance, justice, and home affairs) to the member states to set up a system for the exchange of financial intelligence information by automated means. Subsequent to this invitation, the European Commission awarded a grant to the ministry of justice of the Netherlands to advance FIU.NET and undertake the development of the required, highly sophisticated electronic connections among the participating FIUs.
In the current implementation of the FIU.NET, there are two basic kinds of information flows, which occur when
- an FIU asks for information by means of a request; or
- an FIU provides an answer to an earlier request.
Guided by the display (screen), the financial analyst of the requesting FIU fills out the frames of the information-exchange scenarios to ask another FIU (the providing FIU) whether a certain subject is known. The requesting FIU sends the request via the network. If the providing FIU knows the subject, and is willing to share the information, it can transmit information in any electronic format to the FIU.NET database of the requesting FIU. Exchanging information thus becomes a quick and relatively simple process.
FIU.NET runs over a private network and is highly secure, protected by firewalls as well as sophisticated encryption and authentication technologies. At each FIU, the hardware comprises servers, firewalls, a Virtual Private Network facility, and one or more client Windows PCs.
The participating FIUs are those of Belgium, the Czech Republic, Estonia, France, Germany, Hungary, Italy, Latvia, Lithuania, Luxembourg, Poland, Slovakia, Slovenia, Spain, the Netherlands, and the United Kingdom.
Special arrangements for terrorist financing cases
In recent years, terrorist attacks have had an important impact on the ways in which FIUs exchange information. In the immediate aftermath of the September 11, 2001 terrorist attacks, the Egmont Group FIUs acknowledged that it was important to agree upon a framework for rapidly and effectively exchanging information related to terrorist financing. Although the Egmont Group FIUs were keen to support the investigation of the terrorists of September 11, 2001, some FIUs had experienced multiple requests with insufficient details supplied from different agencies within the same government. To minimize the burden on all FIUs, the Egmont Group agreed that any domestic requestor seeking information from the FIU network should seek the assistance of their domestic FIU rather than deal directly with a foreign FIU. In that way, the FIUs would serve as a gateway for requests going to other FIUs, and, given their knowledge of the requirements for information exchange, could accelerate the process.
Egmont Group principles of information exchange in money-laundering cases
The Egmont Group has made the improvement of information exchange between FIUs its priority. In June 2001, it adopted the set of Principles for Information Exchange Between Financial Intelligence Units for Money Laundering Cases, and, to underline the importance it attached to them, it appended these principles to its Statement of Purpose as an annex.145
The Principles of Information Exchange serve as the international standard for information exchange between FIUs. In addition, to address the practical issues that impede the efficiency of mutual assistance among FIUs, the Egmont Group issued a paper on Best Practices for the Implementation of Exchange of Information between Financial Intelligence Units.146
The principles encourage international cooperation between FIUs in money-laundering cases on the basis of trust and flexibility. They stress that FIUs should be able to provide information to one another at an FIU’s request or spontaneously. Information exchanged by FIUs may be used only for the specific purpose for which the information was requested or provided, and may not be transferred to another authority (including for use as evidence in a court case) without the prior consent of the disclosing FIU. In addition, the confidentiality of the information provided should be protected by strict controls and safeguards, and should be considered, at a minimum, as being protected by the same confidentiality provisions as apply to similar information obtained by the receiving FIU from domestic sources.