What is a DNFBP? Designated Non Financial Business and Professions, the weakest link in the FATF AML CFT chain.
4 mins read time

The FATF Recommendations list DNFBPs or Designated Non-Financial Businesses and Professions (DNFBPs) as casinos, real estate agents, precious metal/precious stone dealers, lawyers, notaries, other independent professionals, accountants and trust company service providers. These entities and channels are at a high risk of being abused by criminals and terrorists for the purposes of money laundering (ML) and terrorist financing (TF). They are likely to be the weakest link in the chain to crack when it comes to introducing cash proceeds from tainted and dubious sources into the financial system.  While banks and financial institutions are strictly regulated and monitored in most markets similar standards do not exist for DNFBP members.

FATF Recommendations 22 (DNFBPs: Customer due diligence), 23 (DNFBPs: Other measures) and 28 (Regulation and supervision of DNFBPs) specifically relate to DNFBPs while Recommendations 1 (Assessing Risks and Applying a Risk-Based Approach), 24 (Transparency and beneficial ownership of legal persons), 25 (Transparency and beneficial ownership of legal persons), 31 (Powers of law enforcement and investigative authorities), 35 (Sanctions) and 37 (Mutual legal assistance) mention them. In addition, a number of other recommendations, including interpretive notes, apply to DNFBPs just as they would apply to financial institutions.

As is required for financial institutions, countries should ensure, either by law or enforceable means that Designated Non-Financial Businesses & Professions (DNFPBs) are required to:

  • Identify, assess, monitor, manage and take effective action to mitigate ML/TF risks using a risk based approach that requires enhanced measures when risks are higher.
  • Carry out Customer Due Diligence (CDD) with respect to the customer, beneficial ownership and business relationship either themselves and/or with reliance on third parties that fulfill specific criteria.
  • Take additional measures and precautions for politically exposed persons (PEPs).
  • Maintain records on CDD information and transactions.
  • Identify, assess, manage and mitigate ML/ TF risks that arise when developing new products, business practices or delivery channels or when using or developing new technologies.
  • Implement policies, procedures and internal controls against ML/TF risks.
  • Implement targeted financial sanctions (TFS) & freeze assets or take action against persons and entities designated by UNSCR 1267 or 1373 or on other designated watch lists and communicate the same to competent authorities.
  • Apply enhanced due diligence (EDD) when dealing with customers or entities from high risk and sanctioned countries.
  • Report, in good faith, suspicious activities & transactions to the financial intelligence unit (FIU). DNFBPs should be protected by law from criminal and civil liability for the breach of any confidentiality clause made in this regard. Note that lawyers, notaries, other independent professionals & accountants are not required to report suspicious activities if the information was obtained in circumstances where they are subject to professional secrecy or legal professional privilege.
  • Not tip off clients when an STR is filed with the FIU. Tipping off should be prohibited by law.
  • Have access to and share information on beneficial ownership and control of legal persons & arrangements.
  • Provide records and information to competent authorities to aid in ML/TF investigations carried out by them, or as a consequence of mutual legal assistance (MLA) requests.

DNFBPs are required to apply CDD and record keeping requirements either for financial/ cash transactions on or over a designated threshold or when preparing or carrying out certain transactions and activities on behalf of their clients.

The designated threshold is as follows:

  • Casinos: Financial transactions on or above USD/ EUR 3,000
  • Dealers in precious metals/ stones: Cash transactions on or above USD/ EUR 15000

Transactions and activities carried out for their clients that warrant CDD & record keeping requirements:

  • Real estate agents: Buy or selling of real estate
  • Lawyers, notaries, other independent professionals & accountants:
    • Buy or selling of real estate
    • Managing accounts or moneys/ securities/ assets
    • Organizing contributions for creating, operating and managing companies
    • Creating, operating and managing legal persons or arrangements
    • Buy and selling business entities
  • Trust & company service providers:
    • Acting as a formation agent for legal persons
    • Acting or arranging someone to act as a director, secretary, partner, trustee, nominee shareholder, etc.
    • Providing a registered office, business address or accommodation, correspondence or administrative address

Suspicious transaction reports (STRs) are required to be made to the FIU for the listed transactions and activities.

Countries should have in place risk based Anti-Money Laundering (AML) & Countering the Financing of Terrorism (CFT) regulatory and supervisory regimes for the DNFBPs operating in their jurisdiction. These include:

  • Licensing requirements for its entities,
  • Fulfillment of fit and proper tests by its members, owners, directors, management and operators,
  • AML/ CFT requirements compliance supervision by competent authorities or self-regulatory bodies, and
  •  Effective, proportionate and dissuasive sanctions to deal with non-compliance

The frequency and thoroughness of supervisory and monitoring actions taken in assessing each DNFBP’s internal controls, policies and procedures against relevant laws, regulations, rules, guidelines, etc. should be commensurate with the ML/TF risks that these entities are exposed to, the special nature and characteristics of the DNFBP with respect to the customers they deal with and the products and services they offer.

According to the 4th Round Ratings published by FATF, and using the most recent assessment in their MERs & follow up reports, the status of technical compliance on Recommendations 22, 23 & 28 across 88 jurisdictions are given below:

Designated Non-Financial Businesses & Professions - % Jurisdictions by Compliance ratings
Figure 1: Technical compliance ratings on DNFBP related FATF Recommendations across jurisdictions as of October 2019
  • 68% of the 88 jurisdictions included in the above analysis were either partially compliant or non-compliant with respect to Recommendation 28 regarding the regulation and supervision of DNFBPs.
  • 48% and 60% respectively were compliant or largely compliant with respect to Recommendation 22 & 23.

The graph below shows how the implementation of regulation and supervision for DNFBPs by countries compares to that for financial institutions. The regulation and supervision function for DNFBPs clearly lags behind those in place for financial institutions.

  • 45 countries out of 88 are partially compliant
  • Another 15 are non-compliant with respect to R28 as of October 2019 published ratings.

By comparison, 36 countries were partially compliant while 2 were non-compliant with respect to R26.  This makes DNFBPs susceptible & vulnerable to ML/TL risks and subsequent abuse.

Designated Non-Financial Businesses & Professions - Financial institutions vs DNFBPs compliance
Figure 2: Comparison of technical compliance ratings on regulation & supervision of  financial institutions and DNFBPs as of October 2019

The same trend is true for the implementation of customer due diligence by financial institutions and Designated Non-Financial Businesses & Professions (DNFPBs), though to a lesser degree. 45 countries are either partially compliant or non-compliant on R22 whereas only 21 jurisdictions are partially compliant or non-compliant on R10.

Designated Non-Financial Businesses & Professions - Financial institutions vs DNFBPs Customer Due Diligence
Figure 3: Comparison of technical compliance ratings on customer due diligence by financial institutions and DNFBPs as of October 2019