ISLAMABAD: The Mutual Evaluation Report (MER) of FATF’s Asia Pacific Group (APG) has found Pakistan non-compliant (NC) on four recommendations, largely compliant (LC) on eight and partially compliant (PC) on 28 out of total 40 recommendations.
The mutual evaluation report (MER) of Pakistan was published in October 2019. This Follow-Up Report (FUR) released by APG recently analyses the progress of Pakistan in addressing the technical compliance deficiencies identified in its MER.
Technical compliance re-ratings are given where sufficient progress has been demonstrated. This report also analyses progress made in implementing new requirements relating to FATF recommendations which have changed since the MER was adopted.
This report does not analyse any progress Pakistan has made to improve its effectiveness. Progress on improving effectiveness will be analysed as part of a later follow-up assessment and, if found to be sufficient, may result in re-ratings of immediate outcomes at that time.
The assessment of Pakistan’s request for technical compliance re-ratings and the preparation of this report was undertaken by the following experts including Abdulla Ashraf, Maldives Monetary Authority, Alexander Meyer, Australian Department of Home Affairs, and Nicola Critchley, Australian Department of Home Affairs.
Pakistan was rated partially compliant (PC) in the MER for R1. Whilst Pakistan published a National Risk Assessment on Money Laundering and Terrorism Financing in 2017 (2017 NRA), the MER identified gaps in the process of developing and identifying threats, vulnerabilities and risks. The assessment of TF risk was identified as ‘perfunctory only’.
The MER also found that the 2017 NRA had not yet been widely circulated to private sector stakeholders and that sectors assessed as higher risk or higher vulnerability in Pakistan were not yet subject to comprehensive AML/CFT measures. 11. Since the 2019 MER, Pakistan has taken a number of steps to more comprehensively identify and assess the ML and, in particular, the TF risks for the country. This has included conducting a Terrorist Financing Risk Assessment (TFRA) and a sectoral risk assessment on cash smuggling, which have both been supplemented by addenda.
In September 2019, Pakistan also issued a new National Risk Assessment on ML and TF (2019 NRA), which will be updated every two years. Finally, in November 2019, Pakistan issued a confidential paper on ‘Transnational TF Threat Profiles of Key Terrorist Organisations’, which supplements the TFRA and 2019 NRA.
The 2019 NRA is a more comprehensive assessment of Pakistan’s ML/TF risks, which is focused on inherent risk and addresses many of the deficiencies identified in the MER, including: clear articulation of sources of information relied upon; assessment of the ML threats associated with all FATF designated categories of offence and identification of a range of high threat predicates (drug trafficking, corruption and bribery, smuggling, tax crimes, illegal MVTS, and terrorism including TF); assessment of the inherent ML/TF vulnerabilities of all sectors and identification of a range of sectors as having high ML/TF vulnerability (banks, MFBs, exchange companies, real estate dealers, hawala/hundi, MVTS, Central Directorate of National Savings (CDNS) and Pakistan Post); assessment of the ML/TF risks associated with DNFBPs, legal persons, legal arrangements and NPOs. 13. However, the assessments of risks associated with DNFBPs and legal persons and legal arrangements are very general in nature and appear to be based on limited data. 14. With respect to TF, Pakistan’s assessment and identification of risk has evolved significantly since the MER, reflecting Pakistan’s FATF ICRG action plan, which required them to demonstrate a more comprehensive understanding of transnational TF risk.
The TFRA analysed Pakistan’s TF risks in more detail, examining the sources and sectoral channels of TF. The 2019 addendum to the TFRA provided additional analysis of the specific TF risks, including sources, channels and transnational movement of funds, associated with the eight Entities of Concern (EOCs) identified in Pakistan’s 2018 FATF ICRG nomination paper. The 2019 NRA also includes a chapter on TF threats, which builds on the TFRA and considers additional data to reassess the TF threat of 41 terrorist organisations and expand the TFRA addendum assessment of the EOCs.
The 2019 NRA includes a sectoral analysis of TF threats, however, the analysis of the DNFBP sectors is minimal and does not consider in any detail known instances of terrorist organisations acquiring real estate and using it to raise funds. Overall, based on these assessments, Pakistan’s rating of the TF threat faced by the country has been revised to ‘High’ (previously ‘Medium’ in the 2017 NRA and 2018 TFRA, and then changed to ‘medium-high’ in the TFRA addendum). 15. While the TFRA and 2019 NRA did consider transnational TF risk, these assessments were focused on inflows of funding to support terrorist activities in Pakistan. The separate assessment of ‘Transnational TF Threat Profiles of Key Terrorist Organisations’ examines the transnational TF threat profiles of 12 terrorist organisations (including the eight EOCs). This paper considers both inflows and outflows of funding to support terrorist activities. 16. With respect to NPOs, Pakistan has assessed the TF risk associated with NPOs in both the TFRA and the 2019 NRA and has identified the subset of NPOs that fall within the FATF definition. The 2019 NRA confirmed that abuse of NPOs for TF purposes continues to pose a significant threat, both domestically and externally; that charities and fund raising is a source of funds for almost all EOCs; and that terrorist organisations are known to use frontal NPOs, including registered charities (e.g. FIF, which was a registered NPO established by associates of LeT). Since the MER, Pakistan has continuously conducted outreach and awareness raising for competent authorities, FIs, DNFBPs and NPOs on the results of all of its risk assessments. The TFRA and 2019 NRA have been disseminated to all competent authorities and FIs and the results have been shared with DNFBPs through outreach by supervisors and self-regulatory bodies. 18. Pakistan has also made notable progress in applying a risk-based approach to allocating resources and implementing measures to combat key high-risk areas of TF and cash smuggling. However, the allocation of resources and implementation of measures in a risk-based manner to prevent or mitigate ML risks (other than cash smuggling) is less advanced. 19. In 2019, Pakistan issued AML/CFT Regulations for DNFBPs and AML/CFT Rules for CDNS and Pakistan Post to impose AML/CFT obligations on these sectors, including the obligations for FIs and DNFBPs specified in R.1. However, as no penalties for non-compliance with these instruments have yet been specified, they cannot be considered ‘enforceable means’ within the FATF definition. As such, the deficiencies with respect to these sectors have not been addressed, which is significant given CDNS, Pakistan Post and real estate dealers were identified as highly vulnerable sectors to ML/TF in 4 the 2019 NRA. In addition, the application of simplified due diligence for branchless banking is not consistent with Pakistan’s assessment of TF risk. However, this deficiency is considered minor due to the controls put in place by Pakistan, including electronic identity verification and transaction limits. 20. Overall, while substantial progress has been made by Pakistan to identify, assess and promote an understanding of ML/TF risks and align resources and implementation accordingly, moderate deficiencies remain in relation to obligations for DNFBPs, Pakistan Post and CDNS and there are minor deficiencies.
Pakistan was rated partially compliant (PC) in the MER for R29. The 2019 MER found that Pakistan’s FIU, the Financial Monitoring Unit (FMU), was not able to access detailed tax records. It also found that FMU could not spontaneously or upon request disseminate information and the results of its analysis to provincial police counter terrorism departments (CTDs), which are the designated TF investigation authorities. CTDs could access FMU information and financial intelligence during a TF investigation but only with permission of the court. Given the high risk of TF in Pakistan, significant weight was given to this deficiency. 23. Since the 2019 MER, Pakistan has amended the Income Tax Ordinance, 2013, which now allows FMU to have access to tax records and information maintained by FBR. In addition, provincial CTDs have been designated as investigation and prosecution agencies under the Anti-Money Laundering Act, 2010, which means FMU can now disseminate information to them without a court order.
In October 2018, Recommendation 15 was amended to include requirements relating to virtual asset service providers (VASPs). In its 2019 MER, Pakistan was rated PC with R.15.
The MER found that Pakistan had not identified and assessed the ML/TF risks that may arise in relation to the development of new products and business practices. The MER also found that not all financial institutions were required to comply with the requirements to assess the ML/TF risks of new products, business practices and technologies prior to their launch or use or take appropriate measures to mitigate the risks. 33. Since the 2019 MER, Pakistan has taken further steps to deepen its understanding and analysis of ML/TF risks posed by new products and business practices through the 2019 NRA and has also deepened the analysis of TF risks associated with new products, including crypto-currencies and branchless/mobile banks, through the 2018 TFRA.
Pakistan has also revised its Exchange Companies Manual to require exchange companies to conduct ML/TF risk assessments of new products, business practices and technologies prior to their launch or use and take appropriate measure to manage and mitigate the risk. Similar obligations have been imposed on CDNS and Pakistan Post under the new AML/CFT Rules that apply to these sectors. However, these instruments are not considered ‘enforceable means’, as no penalties for non-compliance have yet been specified. 34. With respect to virtual assets, Pakistan completed the 2019 NRA, which assessed cybercrimes, including the use ‘virtual currencies’, as a medium high ML threat. The NRA also notes that the nature of virtual currencies poses a significant risk of being misused for transnational TF.
The 2018 TFRA also analyses the TF risks associated with ‘crypto-currency’, which is assessed as a high risk. The analysis in the NRA is very light on detail and general in nature. There is limited explanation of how Pakistan reached its conclusions on risk and limited analysis of the specific ML risks that may arise from virtual asset activities and the activities and operations of VASPs, as is required by the revised R15. The 2018 TFRA provides a much more thorough analysis of the TF risks associated with crypto-currencies, highlighting key threats and vulnerabilities, the supervisory response and challenges for LEAs. However, it is not clear whether either of these assessments covered the full scope of ‘virtual assets’ as defined by the FATF. 35. Based on its assessment of risk, Pakistan has decided to prohibit VASPs and certain virtual asset activities. This prohibition has been given effect through SBP Circulars that prohibit all banks, deposit taking financial institutions (DFIs), micro-finance institutions (MFBs), payment system operators/providers and exchange companies from processing, using, trading, holding, transferring value, promoting and investing in virtual currencies/coins/tokens. Further, these entities are not permitted to facilitate their customers/account holders to transact in virtual currencies/coins/tokens and any transaction must immediately be reported as an STR to the FMU. In addition, the Companies Act, 2017, prohibits companies from engaging in a business that is restricted by any law, rules or regulations. The interaction of this law and the SBP Circulars means SECP regulated entities and other companies are also prohibited from dealing in virtual assets.
Further, section 4 of the Foreign Exchange Regulations Act, 1947 (FERA) prohibits any person, unless authorised, to deal with foreign exchange. While not explicit, the interaction of section 4 of the FERA with the definition of foreign exchange and foreign currency is sufficient to prohibit unauthorised dealing in virtual assets, and the FIA is taking action against illegal virtual asset activity pursuant to the FERA. Given Pakistan’s risk and context, the prohibition on VASPs is considered an effective risk-based mitigation measure and Pakistan appears to have achieved this prohibition through the interaction of these legislative instruments. 37. Pakistan is beginning to take action to identify legal and natural persons undertaking illegal VASP activity but at this early stage it is not clear that the results are commensurate with Pakistan’s risk or context. Criminal sanctions are available under the FERA, Prevention of Electronic Crimes Act, 2016 and Penal Code but as no proceedings have been finalised, no sanctions have yet been applied. The FMU is authorised to provide a broad range of international cooperation in relation to ML, predicate offences and TF related to virtual assets
