The Wolfsberg Group’s Comments on FATF’s Proposal on NPOs

The Wolfsberg Group issued a comment letter in the public consultation of FATF’s draft amendments to Recommendation 8 and its Interpretive Note and updates to its Best Practice Paper to Combat the Abuse of NPOs. John and Elliot discuss the comments and the next steps for proposals. They also talk about several other things of interest to the financial crime community.

The Wolfsberg Group’s Comments on FATF’s Proposal on NPOs - TRANSCRIPT

Elliot Berman: Hi John, how are you today?

John Byrne: Good, Elliot, how are you doing?

Elliot Berman: I'm good as well.

John Byrne: So dog days of August, as we've said before, but outside of indictments and people coming into Fulton County to be arraigned, there actually is some other things going on both domestically and globally. So I thought we'd highlight a couple of those.

The first thing I wanted to mention is something that I found fascinating on both a political level and a legal level. And that is late last week, the current chairman of the House Judiciary, Jim Jordan subpoenaed Citibank for documents and communications related to their, the Committee and the so called Weaponization Select Subcommittee, investigating banks for sharing information with the FBI about January 6th.

As everybody remembers, we had an attempted coup on January 6th, and as something else that we note, financial institutions are always encouraged to be proactive regarding suspicious activities, suspicious transactions. They don't always have, don't always know the type of crime, but get that information quickly in the hands of law enforcement. And what was previously known anecdotally was that a number of banks as soon as this occurred, took a look at their transactional activity to see if there were individuals that were spending money on rental cars, hotels, in and around the D. C. area.

And some institutions took it a step further and determined that some of those same individuals were coming back for the inauguration. And it doesn't take a rocket scientist to think, could be some issues there. So they shared. that information with the FBI and other law enforcement.

Now, the fact that this current Judiciary Committee finds that problematic to me is more than a concern. But if you look at the press release on the Judiciary Committee's website, it says that it raises concerns regarding the extent which institutions, including Citibank, they also mentioned Bank of America, may have shared customer information with federal law enforcement despite the lack of individualized nexus to criminal conduct, I totally disagree with that phrase, these documents indicate that a Citibank rep was included on emails and Zoom discussions organized by the FBI and FinCEN focusing on trying to do information sharing.

Bottom line is, it is actually sad that we have elected officials that are focusing on that aspect of disseminating and providing information and I think that bears very close watching. Wanted to highlight that because we're always talking about our clients being even more proactive, getting information in the hands of law enforcement. And this is what they get in response. So I wanted just to make sure people knew this was out there, because it didn't get a lot of play in the regular press. I think I saw it in Moneylaundering.com. I didn't see it anywhere else.

Elliot Berman: I've got two quick ones, too, before we get to the main one we want to talk about.

First is just a reminder to everybody that at the beginning of August, the FFIEC issued some updates to the Bank Secrecy Act Examination Manual. They mostly deal with correspondent banking and foreign banking issues. But you should take a look at them and again, the FFIEC in the release announcing the changes reminds everybody that these are not new requirements. This is an effort to continue to add transparency to the examination process. Just a reminder for people, another thing that didn't get a ton of press.

And then for our listeners, particularly in the UK. The Financial Conduct Authority which is the primary banking regulator in the UK, put out a release recently to remind everybody that as of the 1st of September, the FATF travel rule will be applied to cryptocurrency transactions.

This is implementation of some action that was taken last summer and is aligning with activity that's happening in the EU along the same lines. The FATF travel rule is similar to the travel rule that has been in place for a long time related to wire transfers, but now being applied to cryptocurrency transactions. It's a technical issue, but people should be aware of it. It'll be interesting to see at what point the US also mandates such a thing. Maybe one of the many bills that's floating around related to a regulatory scheme that would be applied to virtual assets and virtual currencies.

John Byrne: Hey one other quick thing, I want to give credit to Moneylaundering.com yet again. In their daily newsletter, they also mention that FinCEN made clear in a filing that they want to extend the deadline for the registration of beneficial ownership under CTA beyond January 1st of next year, but no date has been given.

So more to come on that, but obviously, in certainly in response to Congressional hearings and complaints from both the financial sector and other eventual filers that's there too. So we will follow up on that, but again, also want to give credit folks to who went into a document that sometimes gives you some indicators and that clearly is one. So I wanted to mention that as well.

Elliot Berman: Yes. The big item that we wanted to talk about was that the Wolfsberg Group sent a comment letter to FATF related to the public consultation that we have talked about a number of times on Recommendation 8 and on the Best Practices Paper that relates to anti-money laundering and access to banking services by non-profit organizations.

John, I'm assuming you saw that?

John Byrne: So the focus is on money laundering, but also terrorist financing. A couple things, we had mentioned that this was out there for public consultation, both on the draft changes to Recommendation 8, but also the Best Practices Paper on the abuse of NPOs. A couple things in the letter that we want to highlight.

One is, we applaud the Wolfsberg Group for supporting the statement that the NPO sector is not homogeneous in its risk profile with regards to tariff financing, it should not be considered as such by countries and FIs. So they state that pretty far up in the introduction, which I think is important because as our friends in the NPO industry world community know, we are trying to do our best to ensure financial inclusion, but obviously it's a complicated area. So they did that, but they also focused on the NPOs having additional requirements. What did you take from that?

Elliot Berman: It was interesting. It is part of the thread that, again, we've talked about many times, which is that NPOs need to have an understanding of the risks that are involved in what they're doing, where their funding is coming from, and things like that. And be able to explain that to FIs so that everybody has a clear understanding of the what and the why of what's going on in the NPO.

The Wolfsberg comment goes further and talks about imposing a requirement, I guess through FATF, or at least a recommended requirement that NPOs do a risk assessment to understand how, what they do on the ground, what the risks are of it supporting terrorism, unintentionally, of course, and also their source of funds.

That caught my eye, not because I think it's a bad idea, but I was thinking about how NPOs are created and governed here in the United States, and they are creatures of state law in terms of their corporateness, if you will, and their non-profit status from a tax perspective, comes from the Internal Revenue Service and in some cases some state taxing authorities.

But there's nobody that examines them in the way that FIs are examined. So I wasn't quite sure how such a regime was actually going to work.

John Byrne: That's a good point. The other thing too they push back on the statement FATF have made that NPOs don't have customers. Because they say, that's true, but they have characteristics that repeat donors may share with what they call traditional customer relationships. So they recommend that the role that an NPO plays in sourcing funds with donors and dispersing them to beneficiaries warrants a requirement that the NPO develop a risk based awareness the source and use of funds. And they liken it to the same controls that correspondent banks are required to have. I'm not making a judgment, yay or nay on that, but obviously that's something we had not seen from our friends in the financial industry, but obviously these large institutions, again, up front, they say, we recognize that NPOs are not all the same and all that, which is one of the big challenging parts of why financial access becomes challenging.

But, to your point it's one thing to say there should be additional requirements. How are you going to do that? And how are you going to manage that? And who's going to assess that? They did talk about having audit requirements and that sort of thing. There's a lot of cost involved in that.

I'd like to see a reaction from the NPO community and perhaps I could get them to weigh in on this, but also I'm curious what FATF says when they look at all the comments that they receive, which hopefully they've received more than a few.

Elliot Berman: Yes, and I was thinking about that piece that you just talked about and how a lot of the NPO activity, particularly in conflict zones, are pretty small. And I was thinking about a parallel, not so much the correspondent banking parallel, but the obligation in the US for MSBs, some of which are really tiny to have an AML compliance program. And how well has that really worked? So I understand the why of this, and I don't disagree with it philosophically, but when I start to think about how do you make this work on the ground, particularly for the smaller operators, I just think, between no real regulator and very limited resources and those resources not being focused on risk in the way these comments talk about risk, they're worried about their people on the ground in a conflict zone, or how do you get the food convoy from point A to point B where the people who need the food are?

This struck me as a little confounding in the implementation.

John Byrne: Yeah, I give them credit because, this isn't, Hey, we all need to work together and figure things out. This is... It's obligations, but there's also misunderstandings, and if you misdiagnose NPO risks, they also talk about if it's, if they're rule based requirements and they're disproportionate to the risk, that obviously increases the cost of compliance and increases the risk of supervisory actions based on some of the specifics in the recommendations.

Hopefully the outcome of all of this will be a continued dialogue, because as we've talked about many years of doing this program, we certainly are empathetic with our friends in the humanitarian world, but we also recognize that the solution is, on all of us. It's on supervisors, it's on financial institutions, and it's on NPOs. As you say, many are large and they do have strong due diligence. Others, maybe not so much, and some are actually fronts for criminal activity.

So it's a very complicated area.

Elliot Berman: Yes. And as we've talked about before, we're likely to see the output from FATF come to their October plenary where they will have collected all the comments and bring out a report that talks about what the proposed final version of the updates to Recon novation 8 and the Best Practices Paper are as a result of their synthesizing the comments they've received.

John Byrne: I agree. So people should take a look at that. And certainly anything else is FATF publishes based on the input they received from the public that was they were all due on August the 18th.

Elliot Berman: Anything else John before we ring off?

John Byrne: I just wanted to mention that we've been working with our steering committee for the AML Partnership Forum, which is everybody knows now is a independent 501(c)(3) organization and we've made a decision that in the third annual in 2024 will be March 18th to the 20th at the Mayflower.

Much more to come but that was step one. Finding both the venue, the same venue that did us so well the past two years and we're moving it from May to March given some other potential conflicts with some other events. So definitely more to come on that. And a quick aside, we have a couple of potential podcasts in the works. I do want to give a shout out to Dave Stewart from SAS. We were at SAS last week and Dave was kind enough to tell the audience that they should subscribe and listen to Elliot and myself and This Week in AML.

And Dave said he does it every Friday when he's walking his dog. So if you're walking your dog today on Friday, Dave, thanks for the plug. We appreciate it.

Elliot Berman: And the last thing our September webinar is the 28th and it's on running an effective fraud program. Our colleague Chuck Taylor is going to moderate with a couple of great panellists.

By the time you hear this, you'll be able to register for that at our website, amlrightsource.com. John, you have a great weekend and I will talk to you next week.

John Byrne: Take care, Elliot. Stay safe.

Elliot Berman: You too. Bye bye.