FATF ¦ R.23 DNFBPs: Oth­er Mea­sures

Recommendation 23: Expanding the Net - How It Shapes AML/CFT Duties for DNFBPs

Designated non-financial businesses and professions (DNFBPs) have moved from the periphery to the center of global efforts against money laundering and terrorist financing. While banks and other financial institutions have long been the focus of regulation, the Financial Action Task Force (FATF) has made it clear that lawyers, accountants, dealers in precious metals and stones, and trust and company service providers (TCSPs) all play critical roles in detecting and disrupting illicit financial flows. Recommendations 22 and 23, supported by a detailed Interpretive Note, extend core anti-money laundering and counter-terrorist financing (AML/CFT) requirements to these sectors. Understanding these obligations is essential, both for compliance and for managing legal and reputational risk.

Core AML/CFT Requirements Apply to DNFBPs

FATF Recommendations 18 to 21 set out key AML/CFT measures, including:

• Internal controls and group-wide programmes (Recommendation 18);
• AML/CFT requirements for foreign branches and subsidiaries (Recommendation 18);
• Handling higher-risk countries (Recommendation 19);
• Reporting of suspicious transactions (Recommendation 20);
• Protection for reporting entities and tipping-off prohibitions (Recommendation 21).

The FATF text makes clear that these requirements apply not only to financial institutions but also to DNFBPs, subject to certain qualifications due to the nature of their professional activities and confidentiality obligations. In practice, this means DNFBPs must:

• Identify and report suspicious transactions;
• Implement internal controls, policies, and procedures;
• Train staff and maintain appropriate records;
• Manage group-wide risk where they are part of a wider structure.

However, the scope and triggers for these obligations vary depending on the type of DNFBP.

Lawyers, Notaries, Independent Legal Professionals and Accountants

Legal and accounting professionals are often gatekeepers to the financial system, particularly when they help structure transactions, manage client funds, or create entities and arrangements. Under the FATF framework, these professionals must report suspicious transactions when they carry out certain financial activities for or on behalf of a client.

The key trigger is when they engage in a financial transaction related to the activities listed in paragraph (d) of Recommendation 22 — for example, activities such as:

• Buying and selling of real estate;
• Managing client money, securities, or other assets;
• Managing bank, savings, or securities accounts;
• Organising contributions for the creation, operation, or management of companies;
• Creating, operating, or managing legal persons or arrangements.

When a lawyer, notary, other independent legal professional, or accountant is involved in such financial transactions, and they have reason to suspect money laundering or terrorist financing, they are required to report those suspicions to the relevant financial intelligence unit (FIU), subject to domestic rules on legal privilege and professional secrecy.

The text emphasizes that countries are strongly encouraged to go further in relation to accountants. Authorities are urged to extend the suspicious transaction reporting (STR) requirement to the broader professional activities of accountants, including audit work. This reflects the central role auditors can play in identifying unusual patterns, inconsistencies, or red flags that may signal misuse of corporate structures or falsified financial statements for illicit purposes.

Dealers in Precious Metals and Precious Stones

Dealers in precious metals and precious stones, such as gold traders, diamond dealers, and jewelry businesses, are considered high-risk sectors due to the portability, high value, and global nature of these assets. The FATF standards require these dealers to report suspicious transactions when they carry out large cash transactions with customers.

The Interpretive Note sets out a clear threshold:

• For dealers in precious metals and dealers in precious stones engaged in any cash transaction: USD/EUR 15,000 or more.

If a dealer receives or pays cash at or above this threshold in a single operation, or in several operations that appear to be linked, the transaction falls within the scope of the requirements. At that point, dealers must:

• Apply customer due diligence (CDD) under Recommendation 22;
• Monitor the transaction and related activity;
• Report suspicious activity under Recommendation 23.

The phrase “appear to be linked” is crucial. Structuring (or “smurfing”) is a common method used by criminals to break up large cash transactions into smaller amounts to avoid reporting obligations. Dealers must therefore look beyond individual transactions and consider whether multiple smaller cash payments are connected in a way that indicates an attempt to evade thresholds.

Bastian Schwind-Wagner_Follow

"Bringing DNFBPs under the FATF framework closes long‑standing gaps that criminals have exploited to move and hide illicit funds. When lawyers, accountants, TCSPs, casinos, and dealers apply robust AML/CFT controls, the options for laundering money shrink dramatically.

For compliance and financial crime teams, this shift means paying closer attention to professional service providers and high‑value goods dealers. Strong suspicious transaction reporting, combined with a risk-based approach and sensible thresholds, is key to turning these sectors into effective gatekeepers rather than weak links."

Trust and Company Service Providers

Trust and company service providers (TCSPs) facilitate the creation and administration of legal entities and arrangements, which can be misused to hide beneficial ownership. The FATF standards require TCSPs to report suspicious transactions when they engage, for or on behalf of a client, in activities referenced in paragraph (e) of Recommendation 22. These typically include:

• Acting as a formation agent of legal persons;
• Acting as, or arranging for another person to act as, a director or secretary of a company, a partner of a partnership, or a similar position in relation to other legal persons;
• Providing a registered office, business address, or correspondence address for a company, partnership, or any other legal person or arrangement;
• Acting as, or arranging for another person to act as, a trustee of an express trust or similar legal arrangement;
• Acting as, or arranging for another person to act as, a nominee shareholder for a person.

Whenever TCSPs perform these services and detect suspicious behavior indicating possible money laundering or terrorist financing, they must file an STR. This is particularly important where the TCSP is involved in complex cross-border structures, layering of entities, or use of nominee arrangements that obscure the true beneficial owners.

Designated Thresholds and Linked Transactions

The Interpretive Note provides designated monetary thresholds that determine when certain DNFBP activities trigger AML/CFT obligations:

• Casinos: For transactions under Recommendation 22, the threshold is USD/EUR 3,000.
• Dealers in precious metals and stones: For any cash transaction, the threshold is USD/EUR 15,000.

The concept of “financial transactions above a designated threshold” includes:

• A single operation meeting or exceeding the threshold;
• Several operations that are seemingly linked and together reach or exceed the threshold.

For compliance teams, this means systems and controls must be able to:

• Aggregate transactions over time;
• Detect patterns that suggest structuring;
• Flag linked activities that, taken together, cross the threshold.

Failure to consider linked transactions can result in missed suspicious activity and regulatory breaches.

Applying Financial Institution Interpretive Notes to DNFBPs

The FATF makes clear that the Interpretive Notes developed for financial institutions also apply to DNFBPs, where relevant. This significantly raises expectations for DNFBPs, especially larger groups or cross-border networks.

For Recommendation 23, requirements that refer to “financial groups” in Recommendation 18 are extended to DNFBP groups operating under similar structures. This means DNFBP groups should, where appropriate:

• Implement group-wide AML/CFT programmes;
• Apply consistent risk-based policies across entities within the group;
• Share relevant information for AML/CFT purposes within the group, subject to confidentiality and data protection laws.

Moreover, countries are encouraged to consider extending the group-wide programme requirements to other DNFBP structures that share:

• Common ownership;
• Common management;
• Common compliance control.

The key test is whether applying group-wide programmes in that structure would better mitigate money laundering and terrorist financing risks. If the answer is yes, regulators should push DNFBPs in that structure to implement similar standards.

Risk-Based and Proportionate Measures

The FATF acknowledges that DNFBPs vary widely in size, complexity, and risk exposure. Therefore, the type and extent of measures taken should be appropriate to:

• The nature of the business conducted;
• The level of money laundering and terrorist financing risk;
• The size of the business.

This risk-based approach allows smaller firms and solo practitioners to adopt simpler systems, as long as they are effective for their risk level, while larger groups are expected to implement more sophisticated controls.

As an illustration, the Interpretive Note refers back to Recommendation 18: countries may determine how far information sharing within a group should go. Factors include:

• Sensitivity of the information;
• Relevance of the information to AML/CFT risk management;
• Legal and data protection constraints.

For DNFBPs, this could translate into carefully designed internal reporting channels, limited access for staff to sensitive data based on roles, and secure platforms to share risk information across offices or jurisdictions, where allowed by law.

No Need for DNFBP-Specific Laws, If Covered Elsewhere

The FATF text provides an important flexibility: countries do not need to issue laws or enforceable regulations that are exclusively focused on lawyers, notaries, accountants, or other DNFBPs. The key requirement is that these professions are effectively covered by laws or enforceable means that apply to the underlying activities.

In practice, this can work in several ways:

• General AML/CFT laws that explicitly include DNFBPs in their scope;
• Sectoral regulations covering activities like company formation or real estate transactions, which also apply to relevant professionals;
• Professional rules and codes of conduct that are enforceable and aligned with national AML/CFT laws.

What matters for FATF compliance is that the standards are implemented and enforced, not the exact legislative vehicle used. For DNFBPs, however, this can make the regulatory landscape more complex, since obligations may be spread across multiple laws, professional rules, and supervisory guidance.

Practical Implications for DNFBPs and Compliance Officers

For professionals and firms in DNFBP sectors, the implications are clear:

• Suspicious transaction reporting is not just a financial sector requirement; it applies broadly to legal, accounting, TCSP, casino, and dealer activities once specific triggers or thresholds are met.
• Cash-intensive businesses, especially dealers in precious metals and stones, must pay close attention to transaction thresholds and linked operations.
• Group structures, even outside traditional “financial groups”, may be expected to implement group-wide compliance programmes if they share ownership, management, or compliance functions.
• Regulators will assess whether measures are tailored to the risk profile and size of the business, but they will expect clear evidence of a functioning risk-based AML/CFT framework.

For financial crime professionals, these rules also create a wider set of counterparties whose controls and reporting practices matter. When investigating cases, understanding how a law firm, accounting practice, or TCSP should have applied Recommendations 22 and 23 can help identify missed red flags, gaps in supervision, and potential avenues for policy improvement.

Conclusion: DNFBPs as Essential Gatekeepers

The FATF standards on DNFBPs send a strong signal: fighting money laundering and terrorist financing is not solely the responsibility of banks and traditional financial institutions. Lawyers, accountants, dealers, casinos, and trust and company service providers are all gatekeepers whose actions, or inaction, can dramatically influence the success of financial crime schemes.

Recommendations 22 and 23, along with the Interpretive Note, seek to ensure that these sectors:

• Apply risk-based controls;
• Report suspicious activity;
• Operate under consistent group-wide standards where appropriate.

For regulators, the challenge is to implement these requirements in a way that respects professional secrecy where required, avoids unnecessary burdens on low-risk entities, and still closes the gaps that criminals attempt to exploit. For DNFBPs, understanding and applying these rules is now a core part of professional responsibility — and a critical line of defense in the global fight against financial crime.

Dive deeper

• FATF ¦ The FATF Recommendations ¦ Link
• FATF ¦ Luxembourg’s measures to combat money laundering and terrorist financing ¦ Link