DNFBPs or the Next Wave of Gate Keepers Professionals

1st  January 2018, Bachir El Nakib (CAMS) Senior Consultant

 The FATF Recommendations set out a comprehensive and consistent framework of measures which countries should implement in order to combat money laundering and terrorist financing, as well as the financing of proliferation of weapons of mass destruction. Countries have diverse legal, administrative and operational frameworks and different financial systems, and so cannot all take identical measures to counter these threats.

Information on updates made to the FATF Recommendations 

Date / FATF Plenary   Type of amendments   Sections subject to amendments
February 2013    Alignment of the Standards between R.37 and R.40  

Insertion of the reference that DNFBP secrecy or confidentiality laws should not affect the provision of mutual legal assistance, except where the relevant information that is sought is held in circumstances where legal professional privilege or legal professional secrecy applies.

October 2015   Revision of the Interpretive Note to R. 5 to address the foreign terrorist fighters threat   Insertion of B.3 to incorporate the relevant element of United Nations Security Council Resolution 2178 which addresses the threat posed by foreign terrorist fighters. This clarifies that Recommendation 5 requires countries to criminalise financing the travel of individuals who travel to a State other than their States of residence or nationality for the purpose of the perpetration, planning, or preparation of, or participation in, terrorist acts or the providing or receiving of terrorist training.
Existing B.3-11 became B.4-12.

June 2016   Revision of R. 8 and the Interpretive Note to R. 8   Revision of the standard on non-profit organisation (NPO) to clarify the subset of NPOs which should be made subject to supervision and monitoring. This brings INR.8 into line with the FATF Typologies Report on Risk of Terrorist Abuse of NPOs (June 2014) and the FATF Best Practices on Combatting the Abuse of NPOs (June 2015) which clarify that not all NPOs are high risk and intended to be addressed by R.8, and better align the implementation of R.8/INR.8 with the risk-based approach.

October 2016   Revision of the Interpretive Note to R. 5 and the Glossary definition of 'Funds or other assets'   Revision of the INR.5 to replace “funds” with “funds or other assets” throughout INR.5, in order to have the same scope as R.6. Revision of the Glossary definition of  “funds or other assets” by adding references to oil and other natural resources, and to other assets which may potentially be used to obtain funds.

June 2017   Revision of the Interpretive Note to R.7 and the Glossary definitions of “Designated person or entity”, “Designation” and “Without delay”  

Revision of the INR.7 and consequential revisions of the Glossary definitions of “Designated person or entity”“Designation” and “Without delay” to bring the text in line with the requirements of recent United Nations Security Council Resolutions and to clarify the implementation of targeted financial sanctions relating to proliferation financing.


November 2017   Revision of the Interpretive Note to Recommendation 18  

Revision of INR.18 to clarify the requirements on sharing of information related to unusual or suspicious transactions within financial groups. It also includes providing this information to branches and subsidiaries when necessary for AML/CFT risk management.

November 2017   Revision of Recommendation 21   Revision of R. 21 to clarify the interaction of these requirements with tipping-off provisions.


Designated non-financial businesses and professions (DNFBPs) have, wittingly and unwittingly, long been conduits for money laundering, terrorist financing and other criminal activity. 

The use of DNFBPs to facilitate activities such as bribery and corruption and tax crimes has recently become a higher priority on international and domestic political agendas. The role of some types of DNFBP in tax avoidance and evasion schemes has also been highlighted recently, not least by the Panama Papers.

It can also be argued that the non-inclusion of DNFBPs in anti-money laundering/counter-terrorism financing (AML/CFT) regimes has long placed a disproportionate burden on those businesses that have been subject to AML/CFT regimes. The non-inclusion of DNFBPs also hampers a country's ability to put in place a comprehensive, proportionate and effective AML/CFT regime based on all money laundering and terrorist financing risks.

Low level of compliance with FATF Recommendations

The Financial Action Task Force (FATF) has recognised for some time that DNFBPs should be brought into AML/CFT regimes. In 2003, the FATF established customer due diligence and recordkeeping requirements for DNFBPs. As it became clear that even though DNFBPs had a clear responsibility to act as "gatekeepers", there was increasing evidence to suggest that some were facilitating money laundering, terrorist financing and other criminal offences, FATF introduced requirements for DNFBPs to report suspicious matters and cash transactions above a material threshold.

The 2012 FATF Recommendations set out requirements for DNFBPs. Specifically, Recommendation 22 (DNFBP Customer Due Diligence); Recommendation 23 (DNFBP Other Measures); and Recommendation 28 (The Regulation and Supervision of DNFBPs).

To date, however, FATF member countries have been slow to the requirements for DNFBPs. Indeed, the FATF fourth round mutual evaluations of Australia, Canada, Singapore, Switzerland and the United States identified deficiencies in bringing DNFBPs into AML/CFT regimes and in the supervision of DNFBPs in those countries.

Research from Initialism, an AML consultancy, on the most recent mutual evaluations for each of the 34 full members of the FATF showed:

  • 14 full FATF member countries were identified as being completely non-compliant with the FATF's recommendations regarding DNFBPs.


  • Of the FATF full member countries, 31 out of 34 had yet to extend their AML/CFT regime fully to DNFBPs.


  • Twenty-five of the 34 full FATF member countries did not have in place the required supervisory arrangement for DNFBPs.

While this research focused on the 34 full member countries, an analysis of the recent mutual evaluations completed on regional bodies indicated that this low level of implementation could be representative of all countries.

Research into the size of the DNFBP populations in several FATF full member countries can perhaps help quantify the scale of the issue: 

DNFBP populations in some FATF full member countries


Estimated number of DNFBPs









New Zealand




South Africa


United States


Source: Initialism 2017

Against this background several countries, including New Zealand and Australia, have begun to make changes to their AML/CFT regimes to include DNFBPs.

New Zealand has issued draft legislation which should be passed by mid-2017. Australia, in response to the Statutory Review of the Anti-Money Laundering and Counter-Terrorism Financing Act of 2006, and to criticism from FATF, has begun a consultation on regulating DNFBPs, with a timetable to include them in the AML/CFT regime by 2019 (ahead of the FATF follow-up visit).

The recent FATF fourth round mutual evaluations for Canada, Singapore, and the United States also highlighted DNFBPs as an issue that should be addressed. 

Particular considerations for DNFBPs

DNFBPs are, however, different businesses from the financial service businesses covered by AML/CFT requirements, and there are considerations that should be borne in mind when bringing them into an AML/CFT regime. Fortunately, the risk-based approach allows the controls required by AML/CFT law and regulation to be proportionate to the business profile of the organisation, as well as to their money laundering and terrorist financing risks and vulnerabilities.

Size of DNFBPs

One major difference can be in the size of DNBFPs; most have fewer than 50 employees.

report produced in September 2016 by Deloitte for the Ministry of Justice identified that 96 percent of DNFBPs in New Zealand had fewer than 50 employees and more than 75 percent of DNFBPs had fewer than 20 employees. Initialism's research suggested this might be true of DNFBPs in all countries. This means that, unlike most financial services businesses, many DNFBPs would not have the dedicated (full or part-time) in-house compliance resources to deal with the myriad compliance obligations.

Types of relationships with customers 

The types of relationships DNFBPs have with their customers can also differ from those of other financial services businesses. While it can be argued that lawyers and accountants have continuing client relationships, they also have many customers who engage them for single or one-off transactions. Other types of DNFBPs will not have continuing relationships with customers. This would make continuing customer due diligence irrelevant for some DNFBPs, and transaction monitoring should be focused on a single transaction.

Products and services

Most products and services offered by DNFBPs will also involve another reporting entity as part of the transaction. While some DNFBPs' products and services are vulnerable to cash, most transactions will involve the flow of funds from a regulated financial institution to pay for a product or service. The fact that a DNFBP's products and services are usually connected to other regulated activities may mean that DNFBPs can place greater reliance on the compliance work undertaken by those entities.

Cost of compliance

While AML/CFT compliance is arguably a cost of doing business, the Deloitte Report for the New Zealand Ministry of Justice also identified that if smaller entities were required to put in place the same regime as larger financial institutions, care was needed to avoid disproportionate costs and burdens.

Initial compliance costs

The same Deloitte Report concluded that in New Zealand the cost of initial compliance for its 9,000 DNFBPs could be as high as NZ$313 million ($220 million). To put that into perspective, the Deloitte Report further established that the cost per client or transaction for each type of DNFBP would be:

  • Lawyers: NZ$37.76 (per client).


  • Accountants: NZ$64.40 (per client).


  • Real estate: NZ$355.88 (per transaction).


  • Motor dealers: NZ$77.65 (per transaction).


  • Jewellers: NZ$3.37 (per client).

Given the value of the product or service provided by DNFBPs, these per transaction and client costs do not seem prohibitive.

The report said the initial compliance costs resulted from the development and implementation of ML/FT risk assessments and AML/CFT compliance programs.

Continuing compliance costs

Continuing compliance costs were estimated at NZ$223 million per annum ($155 million). These continuing costs were split as follows:

  • Customer due diligence: NZ$13.6 million.


  • Account and transaction monitoring: NZ$22 million.


  • Recordkeeping: NZ$5.4 million.


  • Risk assessment and program maintenance: NZ$182.2 million.


  • Suspicious activity reporting: NZ$200,000.

It can be seen that the greatest compliance costs are related to the development, implementation and maintenance of ML/FT risk assessments and AML/CFT programs.

Likely costs in other countries

Based on the New Zealand cost estimates (and converting into local currencies) Initialism has extrapolated the compliance cost for several full FATF member countries. The cost of compliance for DNFBPs could be high, as the following chart shows:

The cost of compliance for DNFBPs


Initial cost

Annual continuing cost


A$3.32 billion

A$ 2.37 billion


C$ 1.61 billion

C$ 1.15 billion


INR 246.56 billion

INR 176 billion


464.52 million euros

332.5 million euros


S$ 208.6 million

S$ 148.6 million

South Africa

ZAR 23.77 billion

ZAR 16.96 billion

United States

$ 5.33 billion

$ 3.81 billion

Source: Initialism 2017

Non-inclusion or no requirements for DNFBPs is not an option. Policymakers should, however, consider how DNFBPs will be able to address AML/CFT requirements, and what the cost/benefit equation will be.

Indeed, in its draft bill published on December 13, the New Zealand government acknowledged the need to limit compliance costs for DNFBPs.

It estimated, however, that the compliance costs would be around NZ$1.6 billion across all reporting entities over 10 years. Given the extent of the additional changes beyond DNFBPs, however, DNFBPs are likely to shoulder most of these costs.

That said, it has also been estimated that the changes introduced by the bill will benefit New Zealand by disrupting crime and minimising the knock-on effects such as social harm by NZ$7.5 billion over 10 years. 

Positive change

Most of the entities and sectors currently regulated are likely to view the extension of the AML/CFT regime to DNFBPs as a positive development; as noted above, it will go some way to address what many have seen as a disproportionate focus on one set of gatekeepers by international and domestic policymakers and regulators.

That said, when certain other industry sectors were brought into the AML/CFT framework, some existing regulated entities responded by de-risking, in an attempt to offset their own ML/CF risks. This was perhaps most notable in the money remittance sector, which was systematically de-risked not only in Australia and New Zealand but also internationally.

This is usually done by ensuring an equivalent level of AML/CFT compliance before establishing a relationship and, throughout the life of the relationship, by undertaking a review of the other party's AML/CFT arrangements. This creates a significant burden for both the financial institution and the other regulated entity.

There may well be similar reactions from financial institutions offering products and services to DNFBPs, and regulators will need to remain vigilant. Financial institutions should consider carefully whether it is necessary to extend this practice to all DNFBPs

Enhanced reporting levels 

The inclusion of DNFBPs within an AML/CFT regime will clearly increase the required level of reporting to the country's financial intelligence unit, and a reporting regime will therefore need to be extended to cover DNFBPs. 

This will almost inevitably lead to greater expenditure on reporting, although New Zealand has estimated that the cost of complying with monitoring and reporting would amount to less than 1 percent of all continuing compliance costs. Regulators should try to ensure that the value of the information and intelligence submitted is not unnecessarily limited by reporting entities' attempts to minimise compliance costs in this area.

Inclusion of DNFBPs long overdue

The inclusion of DNFBPs is an important part of the AML/CFT jigsaw and is long overdue. A careful balance between compliance costs and benefits will need to be struck, and this may be why so many FATF full member countries have yet to fully implement FATF Recommendations. Despite these challenges, failing to act should not be an option either for governments, regulators or those businesses in the various DNFBP sectors.

In an era of deregulation, compliance costs might cause some to pause. But in the brave new digital world, solutions are emerging which will make compliance easier and reduce the risk of regulatory non-compliance for both regulators and the regulated and, at the same time, reduce compliance costs.


In comparison, under the QFC Regulatory Authority, a designated non-financial business or profession (or DNFBP) is any of the following:


(a) a real estate agent, if the agent acts for clients in relation to the buying or selling of real estate (or both);

(b) a dealer in precious metals or stones, if the dealer engages in cash transactions with customers with a value (or, for transactions that are or appear to be linked, with a total value) of at least 55,000 Riyals (or its equivalent in any other currency at the relevant time);

(c) a lawyer, notary, other independent legal professional, or accountant, whether a sole practitioner, partner or employed professional in a professional firm, if the person prepares, executes or conducts transactions for clients in relation to all or any of the following activities:

(i) buying or selling real estate;

(ii) managing client money, securities or other assets;

(iii) managing bank, savings or securities accounts;

(iv) organising contributions for the creation, operation or management of companies or other entities;

(v) creating, operating or managing legal persons or legal arrangements;

(vi) buying or selling business entities;

(d) a trust and company service provider, if the provider prepares or conducts transactions for clients on a commercial basis in relation to all or any of the following activities:

(i) acting as a formation agent of legal persons;

(ii) acting, or arranging for another person to act, as a director or secretary of a company or a partner of a partnership, or having a similar position in relation to other legal persons;

(iii) providing a registered office, business address or accommodation, or providing a correspondence or administration address, for a company, a partnership or any other legal person or legal arrangement;

(iv) acting as, or arranging for another person to act as, a trustee of an express trust;

(v) acting as, or arranging for another person to act as, a nominee shareholder for another entity;

(e) any other business or professional entity prescribed under the AML/CFT Law, article 1, definition of Designated Non-Financial Businesses and Professions (DNFBPs).

but does not include a financial institution.

Note Various terms used in this definition are defined in the glossary (see eg assetaccountlegal person and legal arrangement).


(2) A designated non-financial business or profession (or DNFBP) is also any auditor, tax consultant or insolvency practitioner, whether a sole practitioner, partner or employed professional in a professional firm, if the person prepares or conducts transactions for clients in relation to all or any of the activities mentioned in subrule (1) (c) (i) to (vi), but does not include a financial institution.

(3) Subrules (1) (c) and (2) do not apply to—

(a) a professional employed by a business that is not a legal professional, accounting, auditing, tax consultancy or insolvency business; or

(b) a professional employed by a government agency.


(4) If a QFC licensed firm (other than a financial institution) proposes to conduct any activity mentioned in subrule (1) in or from this jurisdiction, the firm is taken to be a designated non-financial business or profession (or DNFBP).

Download File