FATF Publications: Horizon Scan on AI and Deepfakes, Report on Stablecoins and Unhosted Wallets

Dear Regulated Dealer,

The Financial Action Task Force (“FATF”) has published reports on the money laundering, terrorism financing and proliferation financing (“ML/TF/PF”) risks posed by new and emerging technologies and rising trends in such technologies, in particular, a Horizon Scan on Artificial Intelligence (“AI”) and Deepfakes, and a Targeted Report on Stablecoins and Unhosted Wallets.

The FATF reports highlight how these technologies may be exploited by illicit actors and underscore the need for regulated entities to remain vigilant to the risks that these technologies pose.

What are the rising trends in these technologies?

There is a rising trend where AI enabled deepfakes (e.g., videos, images or audio created using AI techniques) are now more widely used, including to mimic real people’s appearance, voice or actions to impersonate individuals and/or facilitate fraud and other illicit activities.

Stablecoins, including through unhosted wallets (i.e., wallets that do not involve a virtual asset service provider (“VASP”) or financial institution (“FI”) subject to anti-money laundering, countering financing of terrorism and countering proliferation financing (“AML/CFT/CPF”) obligations), have increasingly become a common component of ML, TF and PF schemes that use virtual assets (“VAs”). Stablecoins generally refer to a type of VA, and can be used as a means of payment and/or store of value. Stablecoins have a mechanism (e.g., linkage to reference assets such as fiat currencies or other VAs) with which they purport to maintain price stability.

Why are these rising trends a concern?

Once rare, deepfakes have become increasingly prevalent and can be used to circumvent AML/CFT/CPF controls, particularly customer due diligence (“CDD”) systems and measures. Deepfakes can be used to impersonate individuals and manipulate biometric authentication, a concern given a growing reliance on biometric verification. They can be used to commit ML/TF/PF, and such technologies are also being used in consumer fraud schemes and phishing attacks. Generative AI can also be used to create fake documents that can facilitate fraud and deception, including by creating false documentation so that transactions or economic activities appear real.

While stablecoins have the same vulnerabilities as other VAs, stablecoins are more likely to be used in peer-to-peer (“P2P”) transactions due to their price stability and ample liquidity. Conducted without the involvement of AML/CFT/CPF-obliged intermediaries, P2P transactions via unhosted wallets are exposed to heightened ML/TF/PF risk. Reports indicate that stablecoins are the most popular VA used in illicit transactions, and the FATF has observed that the use of stablecoins by illicit actors has continued to increase over time. Stablecoins have become increasingly attractive to illicit actors due to their liquidity, interoperability and ease of cross-border transfer. Illicit actors may collect illicit proceeds in the form of stablecoins or convert laundered funds into stablecoins, before exchanging them into fiat currency.

What can you do?

Regulated dealers should:

• Keep abreast of evolving cyber risks and threats, relevant advisories, and ensure your risk mitigation measures, internal controls, staff training, and technological and system defences are reviewed and enhanced where necessary. You are encouraged to review how cyber-enabled threats may impact how you fulfil your AML/CFT/CPF obligations, such as CDD/ enhanced CDD (“ECDD”) measures.

• Regularly review your risk assessment and internal policies, procedures and controls to align with AML/CFT/CPF requirements and ensure they remain updated and relevant, addressing risks posed by evolving technology – including but not limited to GenAI and deepfake technologies.

Regulated dealers may also refer to earlier papers published by the Monetary Authority of Singapore (“MAS”) concerning cyber risks associated with generative artificial intelligence (“GenAI”) and deepfakes.

Regulated dealers are also reminded of:

• The obligation under section 16 of the Precious Stones and Precious Metals (Prevention of Money Laundering, Terrorism Financing and Proliferation Financing) Act 2019 (“PSPM Act”) to conduct CDD before entering into a designated transaction, when there is reason to suspect ML/TF/PF, when there is reason to doubt the veracity or adequacy of information obtained from earlier CDD measures, or under prescribed circumstances.

These prescribed circumstances include the obligation under regulation 4A of the Precious Stones and Precious Metals (Prevention of Money Laundering, Terrorism Financing and Proliferation Financing) Regulations 2019 (“PSPM PMLTFPF Regulations”) to conduct CDD for payments in digital payment tokens (including stablecoins) exceeding S$20,000.

• Under regulation 7 of the PSPM PMLTFPF Regulations, regulated dealers are also required to conduct ECDD when they have reason to believe that a customer, person on whose behalf the customer is acting or a beneficial owner of the customer, or a transaction may present a high risk of ML/TF/PF. Regulated dealers should carefully assess the risks of transactions involving payment in stablecoins or other digital payment tokens, conduct CDD and ECDD where required, and file a suspicious transaction report (“STR”) in a timely manner if circumstances exist that require the regulated dealer to do so.

Click here and hereto access the FATF Reports. These publications are also uploaded at the ACD website https://go.gov.sg/minlawacd in the “Compliance” section, under “AML/CFT/CPF Resources”.

Anti-Money Laundering/Countering the Financing of Terrorism Division (“ACD”)
Ministry of Law