.svg)
The Financial Action Task Force (FATF) has urged members to take action to stop the spread of ransomware, and to prevent it from being used for money laundering and terrorist financing purposes.
In a on countering ransomware financing, FATF said that criminals are 鈥渁lmost exclusively鈥 using virtual assets to launch ransomware attacks and facilitate ransomware payments.
With 鈥渆asy access鈥 to virtual asset service providers (VASPs) around the world, these criminals typically route their virtual asset transactions through jurisdictions where anti-money laundering/counter-terrorism financing (AML/CTF) is 鈥渨eak鈥 or 鈥渘on-existent鈥.
To more effectively disrupt ransomware-related money laundering, FATF has made several key recommendations that members should implement to stop this fast-growing financial crime.
First, members are advised to implement the as soon as possible, including the so-called Travel Rule.
The Travel Rule is a key AML/CTF countermeasure, which mandates that VASPs obtain, hold and exchange information about the originators and beneficiaries of virtual asset transfers.
This enables financial institutions and VASPs to conduct sanctions screening, and to detect suspicious transactions.
According to FATF, introducing Travel Rule legislation would ensure that VASPs comply with the necessary AML/CTF obligations to capture critical financial information and report suspicious transactions.
Second, jurisdictions should ensure that ransomware is criminalised as a predicate money laundering offence in line with , i.e., as a type of extortion.
Aside from ensuring the right legal framework is in place, FATF recommends members focus on promoting the use of data analytics and data sharing among regulated entities.
Members should support regulated entities to detect ransomware by sharing trends, detection guides and .
Victims of ransomware attacks should also be encouraged to voluntarily report incidents, and members should provide safe reporting channels and resources if these do not already exist.
Finally, members should consider establishing channels of communication between financial institutions and non-traditional actors that may not be subject to AML/CTF requirements, such as cyber insurance and incident response companies, to increase sources of detection.
In terms of investigational powers, FATF has advised members to ensure that law enforcement agencies have the right skills and expertise to detect ransomware indicators, including training on blockchain analytics and monitoring tools.
Partnership between law enforcement agencies and other actors in separate jurisdictions is also recommended, as criminals may operate in one jurisdiction but may not necessarily target victims in that jurisdiction domestically.
According to , ransomware incidents have grown significantly in recent years, both in frequency and scale.
Compared with 2019, the number of ransomware attacks in 2020 and 2021 increased at least fourfold.
鈥淲hile latest industry data suggest a in 2022 (potentially due to victims' ), the value of virtual assets received by ransomware attackers remains significantly higher than prior to 2019,鈥 FATF said.
鈥淭he actual total number of attacks and related losses are likely to be significantly higher as ransomware attacks often go unreported.鈥
Tightening up beneficial ownership rules
Separately, FATF has published on the implementation of tougher standards for beneficial ownership data, in an effort to ensure that regulators can access the most up-to-date information on company owners.
In its latest revision of the , the global AML watchdog has introduced new measures to help tackle anonymous shell companies.
Under FATF Recommendation 24, the watchdog now explicitly requires members to use a 鈥渕ulti-pronged approach鈥 to collect and share beneficial ownership information.
At a minimum, members should use a company approach, a registry and other supplementary sources of information, as necessary, based on the specific risk profile of the jurisdiction.
The new guidance is designed to promote the 鈥渢hree pillars鈥 of beneficial ownership information, namely that such information should be adequate, accurate and as up-to-date as possible.
Members are asked to consider mechanisms that would allow competent authorities involved in collecting beneficial ownership information to exchange that information with each other.
In addition, FATF said members should ensure that competent authorities have adequate powers to compel the production of financial records and obtain evidence in the context of an investigation.
This enables authorities to determine in a timely manner whether a company has or controls accounts with a financial institution within the country.
