.svg)
The Financial Action Task Force (FATF) has urged members to take action to stop the spread of ransomware, and to prevent it from being used for money laundering and terrorist financing purposes.
In a new report on countering ransomware financing, FATF said that criminals are “almost exclusively” using virtual assets to launch ransomware attacks and facilitate ransomware payments.
With “easy access” to virtual asset service providers (VASPs) around the world, these criminals typically route their virtual asset transactions through jurisdictions where anti-money laundering/counter-terrorism financing (AML/CTF) is “weak” or “non-existent”.
To more effectively disrupt ransomware-related money laundering, FATF has made several key recommendations that members should implement to stop this fast-growing financial crime.
First, members are advised to implement the FATF Standards on Virtual Assets and VASPs as soon as possible, including the so-called Travel Rule.
The Travel Rule is a key AML/CTF countermeasure, which mandates that VASPs obtain, hold and exchange information about the originators and beneficiaries of virtual asset transfers.
This enables financial institutions and VASPs to conduct sanctions screening, and to detect suspicious transactions.
According to FATF, introducing Travel Rule legislation would ensure that VASPs comply with the necessary AML/CTF obligations to capture critical financial information and report suspicious transactions.
Second, jurisdictions should ensure that ransomware is criminalised as a predicate money laundering offence in line with FATF Recommendation 3, i.e., as a type of extortion.
Aside from ensuring the right legal framework is in place, FATF recommends members focus on promoting the use of data analytics and data sharing among regulated entities.
Members should support regulated entities to detect ransomware by sharing trends, detection guides and FATF red flag indicators.
Victims of ransomware attacks should also be encouraged to voluntarily report incidents, and members should provide safe reporting channels and resources if these do not already exist.
Finally, members should consider establishing channels of communication between financial institutions and non-traditional actors that may not be subject to AML/CTF requirements, such as cyber insurance and incident response companies, to increase sources of detection.
In terms of investigational powers, FATF has advised members to ensure that law enforcement agencies have the right skills and expertise to detect ransomware indicators, including training on blockchain analytics and monitoring tools.
Partnership between law enforcement agencies and other actors in separate jurisdictions is also recommended, as criminals may operate in one jurisdiction but may not necessarily target victims in that jurisdiction domestically.
According to industry estimates, ransomware incidents have grown significantly in recent years, both in frequency and scale.
Compared with 2019, the number of ransomware attacks in 2020 and 2021 increased at least fourfold.
“While latest industry data suggest a downward trend in 2022 (potentially due to victims' refusal to pay), the value of virtual assets received by ransomware attackers remains significantly higher than prior to 2019,” FATF said.
“The actual total number of attacks and related losses are likely to be significantly higher as ransomware attacks often go unreported.”
Tightening up beneficial ownership rules
Separately, FATF has published new guidance on the implementation of tougher standards for beneficial ownership data, in an effort to ensure that regulators can access the most up-to-date information on company owners.
In its latest revision of the FATF Recommendations, the global AML watchdog has introduced new measures to help tackle anonymous shell companies.
Under FATF Recommendation 24, the watchdog now explicitly requires members to use a “multi-pronged approach” to collect and share beneficial ownership information.
At a minimum, members should use a company approach, a registry and other supplementary sources of information, as necessary, based on the specific risk profile of the jurisdiction.
The new guidance is designed to promote the “three pillars” of beneficial ownership information, namely that such information should be adequate, accurate and as up-to-date as possible.
Members are asked to consider mechanisms that would allow competent authorities involved in collecting beneficial ownership information to exchange that information with each other.
In addition, FATF said members should ensure that competent authorities have adequate powers to compel the production of financial records and obtain evidence in the context of an investigation.
This enables authorities to determine in a timely manner whether a company has or controls accounts with a financial institution within the country.
