08 July 2026
FATF ¦ New FATF Report Urges Use of Public-Private Partnerships to Combat Illicit Finance
Why Public-Private Partnerships Are Becoming Essential
The FATF’s July 2026 report on information sharing to combat illicit finance makes one point very clear: in a world of instant payments, digital channels, cross-border movement, and increasingly sophisticated criminal networks, slow and fragmented communication is no longer good enough. Authorities and private sector institutions need faster, better connected ways to identify and disrupt money laundering, terrorist financing, proliferation financing, fraud, and related predicate offences.
The report shows that public-private partnerships, or PPPs, are no longer a niche idea. They are now a major part of the AML/CFT toolkit in many jurisdictions. These arrangements are not uniform, and that is part of their strength. Some are strategic forums focused on trends and typologies. Others are operational networks that support case-specific intelligence, urgent alerts, and coordinated action. A few are cross-border and transnational, linking several jurisdictions through shared platforms and agreed procedures.
What ties them together is a simple idea: information works better when it moves securely, lawfully, and with purpose.
Why information sharing matters more now
The report places today’s challenge in the context of digitalisation and speed. Criminals can move funds across borders in seconds, use layered accounts and shell structures, and exploit sectors that do not always sit neatly inside the traditional AML/CFT perimeter. Fraud, in particular, has become faster, broader, and more complex.
That makes timely information sharing critical. A bank may see unusual payment patterns. A FIU may spot a wider network. Law enforcement may understand the criminal context. A supervisor may notice a sector-wide weakness. If these pieces stay isolated, the picture remains incomplete. If they can be combined through a structured mechanism, the result is earlier detection and better disruption.
The FATF report argues that PPPs help move systems from a reactive model to a more proactive one. That is a major shift. Instead of waiting for a suspicious transaction report to land after damage has already occurred, institutions can share indicators early, refine monitoring, and respond before the activity spreads.
PPPs are not one size fits all
One of the report’s strongest themes is diversity. There is no single model that fits every jurisdiction. PPPs differ in legal basis, governance, membership, technology, purpose, and the type of information exchanged.
Some are formally established through laws, memoranda of understanding, protocols, or specific statutory frameworks. Others are more informal, built on regular contact, trust, and secure communication channels. Some are led by FIUs. Others are led by police, prosecutors, supervisors, or jointly by public and private actors. Some are aimed at terrorism financing. Others focus on fraud, corruption, trade-based money laundering, tax evasion, wildlife crime, or cyber-enabled offences.
This flexibility is not a weakness. It is the reason PPPs can work across different legal systems and risk environments. A jurisdiction with a mature legal framework and strong digital infrastructure may move quickly into operational sharing. Another may begin with strategic typology exchange and gradually build trust before expanding scope.
What makes a PPP effective
The report identifies several features that recur in successful PPPs. Mutual benefit is one of them. Private sector participants need to see value in what they share. Public sector bodies need to receive information that can actually be used. A one-way flow of data rarely sustains engagement for long.
Clear legal basis is another key factor. PPPs work best when legislation or formal guidance explains what can be shared, by whom, for what purpose, and under what safeguards. Where the rules are vague, institutions tend to be overly cautious, which limits the usefulness of the arrangement.
The report also stresses the importance of governance, accountability, and metrics. PPPs need defined mandates, secure systems, access controls, and performance measures. They also need reciprocal duties, so participants understand both their rights and their responsibilities.
Trust remains central throughout. The report repeatedly shows that trust is built through regular meetings, useful feedback, and visible outcomes. Where private institutions share information and then hear nothing back, participation weakens. Where they receive alerts, guidance, or intelligence that helps them improve, engagement becomes more durable.
Strategic sharing often comes first
In many jurisdictions, strategic sharing is the entry point. This includes typologies, red flags, risk trends, sectoral assessments, and feedback on suspicious transaction reports. These exchanges are less legally complex because they usually do not involve identifiable customer data. They are also an effective way to build trust.
The report notes that most jurisdictions surveyed share strategic information in some form. That makes sense. Strategic sharing helps create a common language. It also helps the public and private sectors understand where the real risks are, especially when criminal methods evolve quickly.
The FATF gives examples where strategic sharing has led to stronger reporting, better monitoring, and more focused controls. In some cases, it has also laid the groundwork for more advanced operational cooperation later on.
Operational PPPs can make the biggest difference
While strategic sharing matters, the report suggests that operational PPPs can produce the most direct impact. These are the arrangements where case-related information, CDD or KYC data, transaction details, and other sensitive information can be shared under controlled conditions.
The report cites several examples showing how operational sharing can lead to asset freezing, stronger investigation lines, better alerts, and more precise reporting. These arrangements are especially valuable where criminals use multiple institutions or exploit gaps between them. No single firm sees the whole network. But through a PPP, the pieces can be connected.
The report also makes clear that operational PPPs are not a replacement for formal investigative or judicial channels. They are a complement. They can speed up intelligence generation and improve prioritisation, but where evidence needs to be used in court, proper legal processes still apply.
Technology is now part of the story
A major point in the FATF report is that technology is central to whether a PPP can work at all.
Secure portals, encrypted channels, auditable access, and case management tools are common features of stronger PPPs. Some jurisdictions use dedicated platforms built by FIUs. Others rely on supervisory systems or sector-specific portals. More advanced models use privacy-enhancing technologies, pseudonymisation, federated learning, secure multiparty computation, or homomorphic encryption to allow analysis without exposing raw personal data.
These tools are still not widely deployed everywhere. Cost, capacity, vendor availability, and legal uncertainty continue to limit adoption. But the report shows that where they are used well, they can help reconcile operational needs with privacy and data protection requirements.
Data protection is not a blocker, but it is a design issue
The report does not treat data protection as an obstacle that should simply be ignored. Instead, it treats it as a design issue that must be addressed from the start.
That means a PPP should have a clear legal basis, a defined purpose, proportional data collection, retention limits, deletion rules, and strong access controls. In jurisdictions covered by broader privacy regimes, the report also points to the role of data protection impact assessments (DPIAs) and consultation with data protection authorities.
This part of the report is especially important because it reflects a practical reality. Many institutions hesitate not because they oppose cooperation, but because they are unsure how far they can go under privacy, secrecy, or confidentiality laws. Clear guidance reduces that uncertainty.
At the same time, the report warns against an overly cautious interpretation of privacy rules. If rules are read too narrowly, useful information may never move. That can weaken the whole AML/CFT response.
Cross-border sharing remains harder
Domestic PPPs are growing, but cross-border collaboration is still much harder. The report explains that legal gateways, retention rules, admissibility concerns, platform differences, and varying privacy regimes all create friction.
Even so, cross-border examples are emerging. The report highlights transnational initiatives like EFIPPP and other regional or multi-jurisdictional cooperation models. These show that with trusted contact points, standardised procedures, and secure technology, cross-border intelligence sharing can become more practical.
This is especially relevant for transnational crime. Money laundering, terror financing, and scams rarely stop at a border. If intelligence stops there too, enforcement will always be one step behind.
The risk of unintended consequences
The FATF report also takes a careful look at the downsides. One of the main concerns is de-risking. If an institution receives intelligence about a client or sector and responds by terminating the relationship rather than managing the risk, the problem may simply move elsewhere.
That can push activity into less supervised channels and reduce visibility for authorities. It can also create financial exclusion, especially for legitimate but higher-risk customers, charities, or cross-border users.
The report makes clear that PPPs need to avoid this. Good information sharing should support proportionate risk management, not blanket exits.
There are also human rights concerns. The report stresses the importance of fair trial rights, the presumption of innocence, privacy, and non-discrimination. That means PPPs must be built carefully so they do not produce bias, profiling, or misuse of data.
The practical value is already visible
Across the many examples in the report, the message is the same: where PPPs are well designed, they can improve STR quality, strengthen detection, support asset recovery, and disrupt criminal networks earlier.
They also help institutions improve their own compliance programmes. Better typologies, better risk indicators, and better feedback lead to more accurate monitoring and more targeted controls. Over time, that can improve the whole system rather than just individual cases.
The most mature PPPs tend to share a few traits: secure technology, clear governance, dedicated resources, active feedback, and a culture of trust. They also adapt over time, moving from strategic discussion to operational action as legal and institutional comfort grows.
A clear direction of travel
The FATF’s conclusion is that PPPs are becoming a permanent feature of effective AML/CFT systems. They are not a cure-all, and they do not erase legal or technical constraints. But when they are properly built, they can close intelligence gaps, improve speed and quality, and create a shared sense of responsibility between public authorities and the private sector.
Jurisdictions are likely to keep expanding these models, adding sectors, improving safeguards, and using better technology. The report also suggests that the next phase should include closer cooperation between AML/CFT authorities and data protection bodies, so that privacy and security concerns are addressed as part of the design rather than as an afterthought.
Information sharing is becoming one of the main ways to detect, deter, and disrupt illicit finance at scale.
Dive deeper
- FATF ¦ New FATF report urges use of Public-Private Partnerships to combat illicit finance ¦ Link