In Greek mythology, there is a tale of two immortal monsters that terrorized mariners traversing the Strait of Messina, a passage of water separating Italy in the east from Sicily and the rest of the world in the west. On the Sicilian side lay Charybdis, the daughter of the god Poseidon and Gaea (the Earth). Charybdis was a leviathan that created large whirlpools, pulling ships and their sailors beneath the waves. Avoiding Charybdis by sailing closer to the European continent was however not without its own peril, as it placed mariners within the reach of Scylla, a multi-headed beast that devoured anything within its grasp.
The Financial Action Task Force (FATF) has long had its own Charybdis: the FATF International Cooperation Review Group (ICRG) process. Created by the FATF gods (with the wider FATF global community having little say in the matter), the ICRG process identifies countries which potentially pose a risk to the global financial system through deficiencies in their anti-money laundering and combatting the financing of terrorism and proliferation (AML/CFT/CFP) frameworks. The most egregious cases find themselves on FATF’s list of “High-Risk jurisdictions subject to a Call for Action” (the FATF blacklist). The FATF calls upon jurisdictions to, at a minimum, apply enhanced due diligence to states on the blacklist and in the most serious cases, calls for countries to apply countermeasures.
A second list, labelled “Jurisdictions under Increased Monitoring” (the FATF grey list) includes countries working closely with the FATF to address deficiencies in their AML/CFT/CFP regimes. Being placed on the grey list is intended to reflect a collaborative process and does not entail a call by FATF for any countermeasures against the country. In practice however, this principle has not been universally adhered to, with some jurisdictions and supra-national bodies requiring their regulated sectors to apply enhanced due-diligence (EDD) to transactions involving natural and legal persons from listed countries . This feeds into the larger issues of de-risking and de-banking which ultimately push people towards the informal financial sector , running counter to the objectives of establishing AML/CFT/CFP regimes. While the FATF has been trying to catch this run away horse throughout the 4th Round , some commentators have recommended a fundamental rethinking of the FATF Methodology to take a more holistic view of risk assessment .
To qualify for being placed on the grey list, countries must generally satisfy two criteria: (1) specific deficiencies in technical compliance and effectiveness as set out in the Mutual Evaluation Report (MER); and (2) over US$ 5 billion in financial sector assets . For countries satisfying both criteria, the course is clear. The FATF ICRG procedure clearly articulates how a country can avoid being placed on the grey list and if the country is ultimately listed, how to be removed. The process entails an observation period of one year from the date of final approval of the MER by FATF, whether the mutual evaluation was undertaken through FATF itself or one of the nine FATF-styled regional bodies (FSRBs) covering the rest of the world. Within this short 12-month period, the country can avoid going deeper into the ICRG process by addressing the technical compliance and effectiveness deficiencies that qualified it for ICRG in the first place.
Where the country has not made sufficient progress within the observation period, its Government is called upon by the FATF to agree on an action plan for addressing the remaining deficiencies by specified dates. The country is thus added to the grey list and is required to report its progress prior to each of the three FATF plenaries held each year. Unsatisfactory progress can result in the adoption of countermeasures against the country. Where however the country reports sufficient improvement in all of the action items in the plan, the FATF will schedule an on-site visit to the country. If the on-site team confirms that all deficiencies have been addressed or only minor shortcomings remain, progress on which can be monitored by the relevant FSRB, the country is removed from the grey list.
Treading water in the ICRG pool
The waters are far murkier for countries with poor results but which fall below the US$ 5 billion threshold. These countries enter the “ICRG pool” but are not automatically prioritized for ICRG evaluation. While these countries are also subject to the one-year observation period, failure to adequately address strategic deficiencies within that year does not automatically result in being added to the grey list. FATF’s justification for the difference in treatment is that countries crossing the US$ 5 billion threshold pose a greater risk to the global financial system. The anomalistic result, however, is that some countries with the weakest MER results are not publicly identified. Bhutan for example qualified for the ICRG pool under all four entry criteria. This included having deficiencies in four of the ICRG “Big 6” Recommendations with a total of 26 deficient Recommendations, together with deficiencies in effectiveness in all 11 immediate outcomes (IOs) including nine rated low. In comparison, Barbados, which was greylisted, only met two of the entry criteria both of which relate to effectiveness. Barbados had far superior results at the end of its mutual evaluation, with deficiencies in only 15 Recommendations.
Charybdis, however, continues to lurk and countries in the ICRG pool run the risk of being sucked into the grey list at any time. The problems faced by these countries is further compounded by the fact that, unlike in the 3rd Round of Mutual Evaluations, the FATF has not publicly clarified how countries which have not been prioritized can exit the pool. In the 3rd Round, essentially when a country qualified to exit Enhanced Follow-up, they were also taken to qualify to exit the ICRG pool. In the 4th Round, however, the entry criteria for Enhanced Follow-up is different from the ICRG pool. For example, while Recommendation 6 is one of the ICRG “Big 6”, it is not prioritized under the Enhanced Follow-up system. Until FATF resolves this issue, countries in the pool may find themselves treading water indefinitely.
Being prioritized to the grey list is not the only danger that threatens countries in the ICRG pool or those navigating the larger AML/CFT/CFP ocean. The European Union (EU) has unleashed its own Scylla, the list of High-risk Third Countries under the 4th AML Directive, (EU) 2015/849 (the EU list). While being placed on the FATF grey list inevitably leads to being added to the EU list, not having been prioritized by FATF is not an absolute defence to listing by the EU. Countries in the pool may therefore simultaneously run the risk of being added to the EU list, which automatically entails countermeasures by the EU. While the baseline is requiring EU Financial Institutions (FIs) to apply enhanced due diligence to transactions involving designated countries, countermeasures can range to prohibitions against EU FIs establishing branches in those countries and vice versa. The EU’s recently adopted revised methodology (EU Methodology) in fact provides that, save for members of the EU and the European Economic Area (EAA), the EU Methodology may be applied to any country that is particularly relevant to the financial system of the EU
Exemptions are however granted to least developed countries (LDC) as identified by the United Nations (UN), though even this is subject to exception. An LDC can be scoped if it is identified as presenting a threat to the EU financial system or is designated as an offshore financial centre. Thus, while Afghanistan is classified by the UN as an LDC, it was identified by the EU as a priority 1 country for assessment and is currently on the EU list (even though it has not yet undergone its 4th Round Mutual Evaluation). It is also noteworthy that the list of priority 1 countries also includes FATF members falling outside of the EU and EAA, such as China and the United States. Overseas dependencies of EU Member States which have their own legal system and jurisprudence also qualify as third-countries under the EU Methodology.
A multi-headed beast
Like the Scylla of old, the EU list is a multi-headed beast simultaneously confronting countries in many ways. First, in essence, regardless of whether the country:
• enters the ICRG pool and has or has not been prioritized;
• is still in its ICRG observation period ;
• satisfies the FATF’s requirements and is not added to the grey list after the observation period ends ;
• was previously on but now has exited the grey list; or
• never entered the pool,
the third-country may still be subject to an autonomous assessment by the EU once it has been identified as falling within its Scope.
Second, the FATF’s systems, including the mutual evaluation and ICRG processes, are fairly objective with the country being given some opportunity to be heard at every stage. In contrast, the EU process is far less transparent and includes highly subjective elements. For example, in determining whether the third-country poses a threat to the EU’s financial system, reliance may be placed on information provided by, inter alia, the Financial Intelligence Units and intelligence services of Member countries , as well as the European Union Agency for Law Enforcement Cooperation (Europol) and the European External Action Service (EEAS). Europol has a longstanding security intelligence mandate while the EEAS includes the Intelligence Directorate as a subset of the EU Military Staff . The process may thus rely on classified information access to which is restricted even within the EU. Third-countries may therefore not reasonably expect to be presented with these bases for the EU’s decisions.
These EU and Member agencies may also potentially rely on a range of open-source information and other anecdotal evidence in arriving at their opinions. The European Commission will also rely directly on open source information such as Transparency International’s Corruption Perception Index, which is itself based on how corrupt a country’s public sector is “perceived to be” by experts and business executives.
Third, one of the criteria the EU used in identifying countries falling within the scope of its assessment is whether the jurisdiction has been reviewed by the International Monetary Fund (IMF) as an international offshore financial centre (OFC) . In 2008 however, the IMF discontinued publication of its list of OFCs after having integrated the OFC Assessment Programme with the Financial Sector Assessment Programme. The IMF’s aims included to “eliminate the need to maintain a potentially discriminatory list of OFC jurisdictions .”
Fourth, the EU considers countries in Annex I of the EU list of non-cooperative jurisdictions for tax purposes (the EU tax list) as high priority for assessment . With this limb, the EU is arguably straying far outside the scope of an AML/CFT/CFP assessment. In contrast, the FATF Methodology points out the differences in the methodologies, objectives and scope of the standards of the FATF and the OECD Global Forum on Transparency and Exchange of Information for Tax Purposes respectively . The EU rationalizes its approach based on the contention that jurisdictions added to the EU tax list are potentially attractive for tax crimes and potentially exposed to a higher threat of money laundering linked to tax crime as a predicate offence . This however ignores the fact that in criminalizing money laundering and underlying predicate offences, including tax crimes, AML systems are themselves geared towards dissuading criminal conduct while permitting legitimate activity.
Such an approach by the EU undermines the credibility of the AML/CFT/CFP process and is arguably wholly unnecessary as the EU’s framework for treating with non-cooperative jurisdictions for tax purposes is already coercive. The EU has published guidance requiring its Members to apply at least one of four “defensive measures” against countries on the EU tax list commencing January 1, 2021 . This is also without prejudice to the competence of States to adopt additional defensive measures . The result of this conflation of issues is that jurisdictions which may have made meaningful progress on addressing AML/CFT/CFP deficiencies, may be held to ransom until they qualify for removal from the EU tax list.
Fifth, while there is some overlap between FATF ICRG listing criteria and the benchmarks for additions to the EU list, there is also material divergence. The EU Methodology assesses the AML/CFT/CFP regime of the third-country against eight building blocks. While much of the language of these building blocks is consistent with corresponding criteria listed in the FATF Methodology, they reflect focus on a few FATF Recommendations which are not prioritized by the FATF ICRG process. Building block 3 for example, covers measures relating to customer due diligence (CDD), record keeping and reporting of suspicious transactions by Designated Non-Financial Businesses and Persons (DNFBPs). This building block can be tied to FATF Recommendations 22 and 23 which are not included in the ICRG “Big 6”.
Other FATF Recommendations linked to EU building blocks but not included in the FATF “Big 6” include:
• Building block 4 (Powers and procedures of the third country’s competent authorities for the purpose of combatting ML and TF) – Recommendations 26 – 31;
• Building block 5 (Existence of dissuasive, proportionate and effective sanctions) – Recommendation 35;
• Building block 6 (Third country’s practice in cooperation and exchange of information with Member States’ competent authorities) – Recommendation 37; and
• Building block 7 (Availability of accurate and timely information of the beneficial ownership of legal persons and arrangements to competent authorities) – Recommendations 24 and 25.
Building block 7 is of particular note as the EU Methodology specifies that,
‘…the weight and the focus that the EU assessment will give to “the availability of accurate and timely information of the beneficial ownership of legal persons and arrangements to competent authorities” will be more prominent when determining whether there are concerns in the AML/CFT regime of a third country, as compared to the focus which is given to such measures by international organisations active in the field of AML/CFT .’ While building block 8 (implementation of targeted financial sanctions related to terrorism and terrorist financing) overlaps with the ICRG process, it is noteworthy that the EU Methodology places particular emphasis on the terrorist financing risk relating to the third country.
Thus, in preparing for Mutual Evaluations, countries must now not only focus on the Recommendations needed to avoid FATF ICRG, but also on those prioritized by the EU, as deficiencies in any of the building blocks may ultimately lead to listing. Under the EU Methodology, the assessment of each building block considers both conformity of legislation with international standards and the effectiveness of its implementation. This will result in the EU focusing on specific FATF IOs corresponding to the building blocks, unlike the ICRG process which does not prioritize any of the eleven IOs in particular.
Sixth, while the delisting criteria set out in the EU Methodology prioritizes building blocks 1, 3 and 7, the country must ultimately demonstrate it has addressed all eight building blocks before it can exit the EU list .
Seventh, the timeline for the autonomous assessment by the EU of a country whose MER results qualify it for the FATF ICRG pool, can essentially run simultaneously with the ICRG observation period. Lower-capacity jurisdictions in particular must thus divide their attention and limited resources between two robust processes. The EU process may in fact include on-site visits , which themselves consume finite time and resources which could otherwise be directed towards addressing strategic AML/CFT/CFP deficiencies (as is expected during the FATF ICRG observation period). The EU process is also unforgiving, as failure of the third-country to implement any of the benchmarks (set by the EU) by the end of the EU’s 12-month observation period can result in listing . If however, in prioritizing the EU building blocks the third-country falls short of other strategic deficiencies, resulting in it being placed on the ICRG grey list, it will still also be listed by the EU .
Titans vs. Minnows
An underlying theme of the EU Methodology is that the third-country is presumed guilty until it proves itself innocent. The onus is placed on the country to report its progress failing which it is presumed to be non-compliant. Only time will tell whether there is true equity in the application of the EU Methodology or whether listing by the EU will be used solely as leverage against nations suffering from a great disparity of power. Of the 132 jurisdictions identified for further analysis by the EU to determine if they present strategic deficiencies, 47 were assigned a high priority for assessment. These include FATF members China, Mexico, the United States and the Russian Federation.
China’s MER was published in 2019 with re-ratings only being recently published in September 2020 in its First Enhanced Follow-up Report (EFUR). Significant deficiencies remain in that country’s compliance with FATF Recommendations 24 and 25 on beneficial ownership, as well as Recommendations 28, 29 and 35 together with “Big 6” Recommendations 3 and 6. These all tie back to EU building blocks. Mexico’s MER was published in January 2018 and with no subsequent EFUR to date, its low ratings in FATF Recommendations 24, 28, 37 and 38, as well as “Big 6” Recommendations 10 and 20 stands. The United States was among the first of these countries to be evaluated, with its MER published in December 2016. However even after re-ratings in March 2020, that country remains with deficiencies in Recommendations 24, 25 and 28 as well as Recommendation 20, another one of the ICRG “Big 6.” The FATF’s MER of the Russian Federation was published in December 2019 and while it reveals much stronger results than the others, still notes deficiencies in Recommendations 25 and 6.
While these four countries were able to skillfully avoid being added to the ICRG grey list, they all technically fail at one or more of the EU’s building blocks, particularly beneficial ownership which is high on the EU’s agenda. The scale of their economies and financial sectors and by extension their potential impact on the EU financial system, also dwarfs those of several countries currently on the EU list, including Barbados, Jamaica and Vanuatu. It will remain to be seen how the EU will treat with these more powerful jurisdictions in applying its recently amended Methodology, which provides that Priority 1 third-countries will be subject to ongoing monitoring as opposed to a one-off assessment. This continuous scrutiny also means that priority 1 countries which have achieved outstanding MER results cannot rest on their laurels. The EU will take into account deterioration in the third-country’s AML/CFT/CFP regime and will also possibly assess whether these countries are in compliance with any relevant revised FATF Recommendations adopted after the mutual evaluation.
Charting the course
The EU’s stated aim is to review all 47 priority 1 countries by the end of 2020, with the remaining 85 priority 2 countries targeted for review as soon as possible, bearing in mind that FATF aims to complete all Mutual Evaluations by 2025. While the COVID-19 pandemic may have somewhat delayed this timeline, priority 1 countries, in particular, cannot simply go with the tide. In preparing for mutual evaluation, the focus must now also be placed on addressing the EU’s 8 building blocks with a view to avoiding both the grey list and the EU list. As Circe advised Odysseus, ultimately the best course is to navigate to avoid both Scylla and Charybdis.
Share this on:
Follow us on: