FATF ¦ R.22 DNFBPs: Cus­to­mer Due Dil­i­gence

Recommendation 22: Why DNFBPs Can No Longer Sit on the Sidelines of AML/CFT

Designated non‑financial businesses and professions (DNFBPs) used to be seen as “peripheral” players in anti–money laundering and counter‑terrorist financing (AML/CFT). Recommendation 22 of the FATF Standards makes it very clear: those days are over. Casinos, real estate agents, dealers in precious metals and stones, lawyers, notaries, accountants, and trust and company service providers (TCSPs) now carry obligations that mirror those of traditional financial institutions whenever they perform certain high‑risk activities. This article unpacks what Recommendation 22 requires, where the thresholds sit, and why these obligations matter in practice for financial crime risk management.

The Core Idea of Recommendation 22

Recommendation 22 extends the customer due diligence (CDD) and record‑keeping obligations from the financial sector to DNFBPs in defined situations. Specifically, DNFBPs must apply the standards contained in:

• Recommendation 10 – Customer due diligence
• Recommendation 11 – Record‑keeping
• Recommendation 12 – Politically exposed persons (PEPs)
• Recommendation 15 – New technologies/virtual assets (where relevant)
• Recommendation 17 – Reliance on third parties

These requirements are not blanket obligations for everything a DNFBP does. Instead, they are triggered when DNFBPs engage in specified activities or transactions that pose higher risks of money laundering and terrorist financing.

Casinos: CDD above USD/EUR 3,000

Casinos are classic high‑risk venues for laundering cash. Under Recommendation 22, casinos must apply CDD and record‑keeping when customers engage in financial transactions at or above the applicable designated threshold. The Interpretive Note sets this threshold at:

• USD/EUR 3,000.

Key points for casinos:

• “Financial transactions” is broad: it can include buying chips, cashing out, wire transfers, or other casino‑related financial services.
• Structuring is in scope: multiple operations that “appear to be linked” and together reach the threshold must be treated as a single transaction. In practice, this means casinos need systems capable of aggregating transactions by customer and identifying patterns of splitting cash flows just under the threshold.
• Once the threshold is hit, full CDD kicks in: identification and verification of the customer, beneficial owner identification where applicable, and ongoing monitoring for suspicious activity.

Real Estate Agents: When Buying or Selling Property

Real estate continues to be a preferred vehicle for laundering large illicit proceeds. Recommendation 22 captures real estate agents when they are involved in transactions for their client concerning the buying and selling of real estate.

The obligation is tied to role and activity:

• It is not about the size of the transaction, but the fact that the agent is “involved in transactions for their client” relating to acquisitions or disposals of property.
• CDD is required on the client (and beneficial owner, if the client is a legal person or arrangement) participating in the purchase or sale.
• This includes situations where shell companies or complex structures are used to hold property.

For AML practitioners, this means real estate businesses must treat each sales or purchase mandate as a trigger for CDD and proper documentation, not only at closing but throughout the business relationship, especially in markets where all‑cash purchases are common.

Bastian Schwind-Wagner_Follow

"Recommendation 22 is a pivotal standard that brings DNFBPs firmly into the AML/CFT framework. By tying obligations to specific activities and thresholds, it targets the points where money laundering and terrorist financing risks are most acute. This puts practical responsibility on casinos, real estate professionals, dealers, legal practitioners, and TCSPs to know their customers and document their dealings.

Risk assessments, monitoring tools, and training must explicitly include DNFBPs and their gatekeeper role. Done well, this closes major gaps criminals have traditionally used to move and disguise illicit funds."

Dealers in Precious Metals and Stones: Cash Transactions from USD/EUR 15,000

High‑value goods like gold, diamonds and other precious stones are portable, anonymous, and easily traded. Recommendation 22 applies to:

• Dealers in precious metals; and
• Dealers in precious stones.

These businesses must apply CDD and record‑keeping when they engage in cash transactions with a customer equal to or above the designated threshold. The Interpretive Note sets this threshold at:

• USD/EUR 15,000 for cash transactions.

Important nuances:

• Only “cash” transactions trigger the threshold under Recommendation 22. Non‑cash payments (bank transfers, cards) may still be subject to national AML rules, but are not captured here by the threshold requirement itself.
• As with casinos, several operations that appear linked must be treated as a single transaction for threshold calculations. Pattern recognition for structured payments is essential.
• For high‑risk customers or products (for example, large volumes of easily resold bullion), businesses may decide to apply CDD below the threshold as part of a risk‑based approach, even where not strictly required.

Legal Professionals and Accountants: Gatekeepers to the Financial System

Lawyers, notaries, other independent legal professionals, and accountants are key “gatekeepers” to the financial system. Recommendation 22 requires them to apply CDD and record‑keeping when they prepare for or carry out transactions for their client involving specific activities, including:

• Buying and selling of real estate;
• Managing client money, securities, or other assets;
• Managing bank, savings, or securities accounts;
• Organising contributions for the creation, operation, or management of companies;
• Creating, operating, or managing legal persons or arrangements;
• Buying and selling business entities.

Several practical implications arise from this list:

• The trigger is “when they prepare for or carry out transactions”. This captures both advisory and execution roles linked to the specified activities, not only situations where the professional holds client funds.
• Managing client money, assets, or accounts puts these professionals in a similar functional position to financial institutions, and they must apply equivalent CDD rigor.
• Company formation and structuring work, as well as corporate reorganisations and business acquisitions, are clearly in scope. This directly targets misuse of corporate vehicles and complex structures to hide beneficial ownership.

While some jurisdictions limit obligations where legal professional privilege applies, Recommendation 22 expects that such protections be balanced with effective AML/CFT controls in non‑contentious and transactional work.

Trust and Company Service Providers: Focus on Structures and Control

Trust and company service providers (TCSPs) are central to the creation and management of legal persons and arrangements. Recommendation 22 requires TCSPs to apply CDD and record‑keeping when they prepare for or carry out transactions for a client involving any of the following:

• Acting as a formation agent of legal persons;
• Acting as (or arranging another to act as) a director or secretary of a company, partner in a partnership, or similar position in other legal persons;
• Providing a registered office, business address, or accommodation/correspondence/administrative address for companies, partnerships or other legal persons or arrangements;
• Acting as (or arranging another to act as) a trustee of an express trust, or performing an equivalent function for another legal arrangement;
• Acting as (or arranging another to act as) a nominee shareholder for another person.

These roles are high risk because they directly affect who controls legal vehicles and how they are presented to the outside world. In practice, TCSPs must:

• Identify and verify the client and the ultimate beneficial owners of the structure.
• Understand the purpose and intended nature of the structure or arrangement.
• Monitor the relationship on an ongoing basis for unusual changes in ownership, control, or activity.

Designated Thresholds and Linked Transactions

The Interpretive Note to Recommendations 22 and 23 clarifies the key thresholds:

• Casinos: USD/EUR 3,000 (financial transactions);
• Dealers in precious metals and precious stones: USD/EUR 15,000 (cash transactions).

Crucially, financial transactions above these thresholds include:

• Single operations; and
• Multiple operations that “appear to be linked.”

This linked‑transaction concept is familiar from structuring and smurfing typologies. DNFBPs must therefore have:

• Monitoring capabilities to aggregate and analyze customer activity across time.
• Red flag indicators that detect patterns such as repeated transactions just below thresholds, multiple customers apparently coordinated, or unusual timing or routing of payments.

Aligning DNFBP Obligations with Financial Institutions

The Interpretive Note stresses that many interpretive notes for financial institutions also apply to DNFBPs where relevant. In particular:

• Requirements referring to “financial groups” in Recommendation 18 extend,
• for Recommendation 23 purposes, to DNFBP groups operating under similar group structures.
• Countries are encouraged to apply group‑wide programme requirements to DNFBPs that share common ownership, management, or compliance control, even if they are not formally “financial” groups.

This means DNFBPs should consider:

• Group‑wide AML/CFT policies and procedures.
• Centralized risk assessment and risk appetite frameworks.
• Group‑wide information sharing for AML/CFT purposes, subject to data protection and confidentiality rules.

The measures adopted should be proportionate to:

• The nature of the business conducted.
• The level of money laundering and terrorist financing risk.
• The size and complexity of the business or group.

In other words, a small local law firm will not be expected to have the same infrastructure as a multinational casino group, but both must have controls that are effective for their risk profiles.

No Need for Separate Laws Exclusively for DNFBPs

Another important clarification in the Interpretive Note is that countries do not need to enact laws directed only at DNFBPs such as lawyers, notaries, accountants, or other designated non‑financial businesses and professions. It is sufficient if these professions are captured by broader laws or enforceable regulations covering the underlying activities.

Practically, this allows legislators and regulators to:

• Integrate AML/CFT requirements into existing legal frameworks for professional regulation and company law.
• Avoid creating parallel, fragmented regimes, as long as the obligations are clear, enforceable, and aligned with Recommendations 22 and 23.

For compliance teams inside DNFBPs, the key is not the label on the law but the substance: whenever the firm performs in‑scope activities or transactions, the full set of CDD and record‑keeping duties apply.

What Recommendation 22 Means for Financial Crime Professionals

For practitioners working in AML/CFT, Recommendation 22 has several concrete consequences:

• Risk assessments must cover DNFBPs: National and sectoral risk assessments should integrate DNFBPs as core components, not peripheral appendices.
• Financial institutions must understand DNFBP counterparties: Banks that serve casinos, real estate firms, law firms, TCSPs or dealers in precious metals and stones must factor these obligations into their own due diligence of these customers, including questions about how they implement Recommendation 22 in practice.
• Cross‑sector cooperation is essential: Supervisors and FIUs need to build outreach and training programmes tailored to DNFBPs, whose AML maturity may lag behind that of banks.

Conclusion

Recommendation 22 is a cornerstone in closing the gaps that criminals exploit outside traditional banking channels. By extending customer due diligence and record‑keeping obligations to casinos, real estate agents, dealers in precious metals and stones, legal professionals, accountants, and trust and company service providers in clearly defined scenarios, the FATF framework pushes the entire gatekeeper ecosystem toward a consistent standard of vigilance.

For anyone involved in financial crime compliance, understanding where these obligations start and how they interact with the business models of DNFBPs is essential to designing controls that genuinely reduce the risk of money laundering and terrorist financing.

Dive deeper

• FATF ¦ The FATF Recommendations ¦ Link
• FATF ¦ Luxembourg’s measures to combat money laundering and terrorist financing ¦ Link