Crypto Regulatory Moves: FATF Recommendation on Ransomware and Beneficial Ownership

After the FATF Plenary in February 2023 two new guidances were issued by the authority:

  1. Countering Ransomware Financing

Countering Ransomware Financing

The report on ransomware highlights an increase in these attacks between 2020 and 2021 compared to data from 2019. However, despite this increase, ransomware attacks seem to have one of the lowest reporting rates out of all financial crimes. 

To assist authorities throughout jurisdictions, the report:

  • disseminates methods used by criminals to carry out the attacks and money laundering schemes – for example, ransomware as a service (RaaS) and attacks on high-value entities seemed to have had the highest success rate;
  • provides a list of red flags which indicate ML where the predicate crime is ransomware. The flags are categorized as follows:
    • Banks/Other financial and payment institutions identifying ransomware victim payment;
    • VASPs identifying ransomware victim payment;
    • VASPs identifying ransomware payment receipt/ransomware criminal account;
    • Jurisdictions with higher money laundering risks;
  • suggests jurisdictions to increase international communication, acquire skills and develop or make use of tools that allow them to collect relevant information to trace transactions and recover crypto assets;
  • requests a call for action on VASPs’ side to increase the reporting of these attacks;
  • urges jurisdictions which have not yet implemented FATF’s Recommendation 15 into national law to do so urgently.

It is noted that payments are almost exclusively requested in virtual assets due to the instantaneous cross-border nature of transactions, VASPs with lax or non-existent AML processes and procedures and the availability of privacy coins and mixers which help in the laundering process of the proceeds. 

FATF’s Recommendation 24 requires „countries to ensure that competent authorities have access to adequate, accurate and up-to-date information on the true owners of companies”. 

The Standard was subject to revisions aiming at:

  • identifying and preventing criminals and sanction evaders from using businesses such as shell companies to hide their illicit activities and illegal proceeds. 
  • help jurisdiction assess and mitigate risks related to ML and TF stemming from foreign companies to which they are exposed. 
  • helping jurisdictions „identify, design and implement appropriate measures in line with the revised Recommendation 24 to ensure that beneficial ownership information is held by a public authority or body functioning as a beneficial ownership registry, or an alternative mechanism that enables efficient access to the information.”
  • providing guidance on types and sources of relevant information, and mechanism and sources to obtain such information.