The latest edition of the Basel AML Index offers – among other things – a nuanced perspective on the hotly debated topic of virtual assets. New technologies have huge potential to transform finance and investment, and IFCs are well placed to play a part in that transformation. But to ensure the development of a safe and sustainable virtual assets industry, it is vital for all jurisdictions to get a grip right now on regulation, supervision and enforcement.
The Basel AML Index (index.baselgovernance.org) is a data-based ranking and risk assessment tool for money laundering and terrorist financing (ML/TF) risks around the world. The Basel Institute on Governance, a non-profit organisation that works internationally to fight corruption and improve standards of governance, released the 12th annual Public Edition and Report on 13 November 2023.
The Global Picture: Compliance Is Plummeting
It seems many jurisdictions have not yet got a grip on the virtual assets industry. Compliance with the relevant international standard on new technologies and AML/TF has plunged more than 20 percentage points in the last two years.
The main source of data on jurisdictions’ performance in regulating the crypto industry for AML/CFT purposes comes from the Financial Action Task Force (FATF). Updated in 2018, the FATF’s Recommendation 15 on new technologies now specifically includes virtual assets and virtual asset service providers (VASPs).
What does the FATF’s Recommendation 15 require?
“Countries and financial institutions should identify and assess the money laundering or terrorist financing risks that may arise in relation to:
a) The development of new products and new business practices, including new delivery mechanism.
b) The use of new or developing technologies for both new and pre-existing products.
In the case of financial institutions, such a risk assessment should take place prior to the launch of the new products, business practices or the use of new or developing technologies. They should take appropriate measures to manage and mitigate those risks.
To manage and mitigate the risks emerging from virtual assets, countries should ensure that virtual asset service providers are regulated for AML/CFT purposes, and licenced or registered and subject to effective systems for monitoring and ensuring compliance with the relevant measures called for in the FATF Recommendations.”
– FATF. 2013–2023. International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation.
As of September 2023, average global performance in technical compliance with Recommendation 15 is just 43 per cent. This is the second worst performance out of all 40 Recommendations. Levels of technical compliance have worsened significantly compared to our analysis in 2021, when the global average was at 63 per cent. Behind the headline average are quite large regional variations (Figure 1).
Figure 1: Technical compliance with FATF Recommendation 15 on new technologies: a regional picture
Some of this dramatic fall was caused by the assessment of around 50 new jurisdictions using the updated standard in the last two years. Another reason was that 30 per cent of jurisdictions already included in the 2021 assessment were downgraded as a result of FATF follow-up reports.
And it is not just a few bad apples dragging down the average. Only 12.5 per cent of jurisdictions are evaluated as ‘compliant’ on the four-tier scale of non-compliant, partially compliant, largely compliant and compliant (Figure 2).
Figure 2: Technical compliance with FATF Recommendation 15 across 161 assessed jurisdictions
Offshore Financial Centres Are Doing Better on Average
According to the available FATF data, offshore financial centres are mostly doing better than the global average.
For the IFC Economic Report, we looked at 27 jurisdictions with available data that are identified as offshore IFCs according to the Bank for International Settlements and Eurostat. [1]
The average level of technical compliance with Recommendation 15 across all 27 IFCs is 52 per cent. That is significantly better than the global average of 43 per cent.
• 22 per cent of IFCs are assessed as compliant (Antigua and Barbuda, Bahamas, Bermuda, Macao (China), Panama and Singapore).
• 26 per cent are largely compliant (Bahrain, Cayman Islands, Gibraltar, Isle of Man, Mauritius, Paraguay, and Vanuatu).
• 37 per cent are partially compliant (Andorra, Aruba, Barbados, Dominica, Hong King, Liechtenstein, Philippines, Saint Kitts and Nevis, Saint Lucia, and Samoa).
• 14.8 per cent are not compliant (Grenada, Liberia, Seychelles, Turks and Caicos).
Figure 3: Average Level of technical compliance with Recommendations 15 across 27 IFCs
Similar to the global picture, the highest number of IFCs are assessed as ‘partially compliant’ – 37 per cent. However, more IFCs are evaluated as compliant with the standard (22 per cent versus 13 per cent) and fewer are assessed as non-compliant (15 per cent versus 21 per cent). That is (cautiously) good news for IFCs seeking to become leaders in the virtual assets space.
What The Best-Performing Jurisdictions Are Doing Well
Analysis of the FATF’s mutual evaluation reports and follow-up reports for IFCs that are compliant with Recommendation 15 shows common characteristics:
• They identify and assess their specific ML/TF risks related to new technologies, including virtual assets, through national and sectoral risk assessments. They also conduct targeted sectoral risk assessments for virtual assets and VASPs.
• They have a sufficient legislative framework that, among other things, ensures that transfers of virtual assets contain information about the sender and receiver of the funds. This legislative requirement implements the so-called ‘travel rule’ of the FATF Recommendation 15, a key weak spot globally according to the FATF’s latest review on the matter.
• They have specific, binding and enforceable obligations for reporting entities in relation to virtual assets, and there is a penalty framework for those who fail to comply.
• Supervisory authorities apply a risk-based approach to supervising new technologies and proactively seek to identify and assess ML/TF risks in relation to new business practices. Supervisory authorities also provide comprehensive guidelines for reporting entities on the topic.
• Financial institutions are required to undertake risk assessments prior to the launch or use of any products, practices and technologies related to virtual assets. Financial institutions are also required to establish risk mitigation measures to reduce ML/TF risks identified in new business practices and products.
• Supervisors provide regular trainings to help increase understanding of the evolving risks related to virtual assets.
• They also provide for the exchange of experiences and knowledge between private- and public-sector stakeholders in the field of virtual assets. Often they are also members of global networks, which facilitates the cross-border exchange of information in ML/TF cases including those involving virtual assets.
Why Does Compliance With AML/CFT Standards On Virtual Assets Matter?
With their clustering of financial expertise and infrastructure, IFCs are well placed to play a central role in FinTech innovation and to position themselves as hubs for virtual asset service providers.
But the virtual assets industry will only develop into a safe, sustainable and profitable sector for IFCs if they demonstrate that they are not open to business for VASPs seeking to profit from those who commit financial crimes.
Getting regulation right is tricky, as we can see in the case of Estonia (covered briefly in the Basel AML Index report).
• In 2017, Estonia became one of the first EU member states to enact legislation on virtual assets. It introduced a simple licencing process and provided favourable tax regimes for VASPs.
• The market boomed: By mid-2021, there were 650 active authorisations of VASPs in the country.
• However, the authorities subsequently found that the simplified regulations had often been misused by VASPs providing false corporate information.
• To correct this and ensure only legitimate businesses were operating as VASPs, Estonia quickly introduced new legislation strengthening AML requirements for VASPs.
• Since the new legislation came into force on 15 March 2023, authorisations for 189 companies were revoked for non-compliance. Almost 200 VASPs voluntarily closed down. By 1 May 2023, only 100 active VASPs remained registered and operating.
The case shows the challenges of getting regulation right. Ultimately Estonia – like any jurisdiction wishing to become a FinTech hub – only wants to encourage legitimate companies that will protect customer and investor funds and not increase its risks of money laundering and terrorist financing.
Grounds For Optimism
In this regard, the Basel AML Index report indicates two main areas that offer grounds for cautious optimism in relation to virtual assets and money laundering.
First, regulation is becoming stronger and more harmonised. Although landmark legislation like the EU’s Markets in Crypto-Assets (MiCA) regulation will not apply directly to most IFCs, many are introducing their own regulations that adhere to similar standards and will ensure better compliance with the FATF’s Recommendation. This will gradually reduce the risks of regulatory arbitrage or ‘regulator shopping’ by VASPs.
Moreover, recent high-profile crackdowns on two VASPs and their CEOs for facilitating financial crimes – Binance and FTX – show that if VASPs wish to operate a profitable business, they need to adhere to AML/CFT requirements in the world’s largest financial markets.
Second, the days of virtual assets being the ‘Wild West’ for criminals – including both cyber criminals and those seeking to launder proceeds from traditional organised crime – are rapidly coming to an end. As the Basel Institute and Governance and Europol have stressed, the blockchain-based technology underlying virtual assets offers huge potential for law enforcement to catch organised criminals and recover illicit funds.
Learn More
Learn more about the Basel AML Index on the website (index.baselgovernance.org).
Kateryna Boguslavska
Kateryna Boguslavska is Project Manager of the Basel AML Index at the Basel Institute on Governance. She is a certified anti-money laundering specialist focused on identifying and analysing geographic AML/CFT risks. Kateryna holds a PhD in Political Science from the National Academy of Science in Ukraine and a Master in Comparative and International Studies from ETH Zurich.
https://baselgovernance.org/about-us/people/kateryna-boguslavska