FATF Publications: Horizon Scan on AI and Deepfakes, Report on Stablecoins and Unhosted Wallets

Dear licensed / exempt moneylender,

The Financial Action Task Force (“FATF”) has published reports on the money laundering, terrorism financing and proliferation financing (“ML/TF/PF”) risks posed by new and emerging technologies and rising trends in such technologies, in particular, a Horizon Scan on Artificial Intelligence (“AI”) and Deepfakes, and a Targeted Report on Stablecoins and Unhosted Wallets.

The FATF reports highlight how these technologies may be exploited by illicit actors and underscore the need for regulated entities to remain vigilant to the risks that these technologies pose.

What are the rising trends in these technologies?  

There is a rising trend where AI enabled deepfakes (e.g., videos, images or audio created using AI techniques) are now more widely used, including to mimic real people’s appearance, voice or actions to impersonate individuals and/or facilitate fraud and other illicit activities.

Stablecoins, including through unhosted wallets (i.e., wallets that do not involve a virtual asset service provider (“VASP”) or financial institution (“FI”) subject to anti-money laundering, countering financing of terrorism and countering proliferation financing (“AML/CFT/CPF”) obligations), have increasingly become a common component of ML, TF and PF schemes that use virtual assets (“VAs”). Stablecoins generally refer to a type of VA, and can be used as a means of payment and/or store of value. Stablecoins have a mechanism (e.g., linkage to reference assets such as fiat currencies or other VAs) with which they purport to maintain price stability.

Why are these rising trends a concern?

Once rare, deepfakes have become increasingly prevalent and can be used to circumvent AML/CFT/CPF controls, particularly customer due diligence (“CDD”) systems and measures. Deepfakes can be used to impersonate individuals and manipulate biometric authentication, a concern given a growing reliance on biometric verification. They can be used to commit ML/TF/PF, and such technologies are also being used in consumer fraud schemes and phishing attacks. Generative AI can also be used to create fake documents that can facilitate fraud and deception, including by creating false documentation so that transactions or economic activities appear real.

While stablecoins have the same vulnerabilities as other VAs, stablecoins are more likely to be used in peer-to-peer (“P2P”) transactions due to their price stability and ample liquidity. Conducted without the involvement of AML/CFT/CPF-obliged intermediaries, P2P transactions via unhosted wallets are exposed to heightened ML/TF/PF risk. Reports indicate that stablecoins are the most popular VA used in illicit transactions, and the FATF has observed that the use of stablecoins by illicit actors has continued to increase over time. Stablecoins have become increasingly attractive to illicit actors due to their liquidity, interoperability and ease of cross-border transfer. Illicit actors may collect illicit proceeds in the form of stablecoins or convert laundered funds into stablecoins, before exchanging them into fiat currency.

What can you do?

Licensed and exempt moneylenders should:

  • Keep abreast of evolving cyber risks and threats, relevant advisories, and ensure your risk mitigation measures, internal controls, staff training, and technological and system defences are reviewed and enhanced where necessary. You are encouraged to review how cyber-enabled threats may impact how you fulfil your AML/CFT/CPF obligations, such as CDD/ enhanced CDD (“ECDD”) measures.

  • Regularly review your risk assessment and internal policies, procedures and controls to align with AML/CFT/CPF requirements and ensure they remain updated and relevant, addressing risks posed by evolving technology – including but not limited to GenAI and deepfake technologies.

Licensed and exempt moneylenders may also refer to earlier papers published by the Monetary Authority of Singapore (“MAS”) concerning cyber risks associated with generative artificial intelligence (“GenAI”) and deepfakes.

Licensed and exempt moneylenders are also reminded of:

  • The obligation under the Moneylenders (Prevention of Money Laundering, Terrorism Financing and Proliferation Financing) Rules 2009 (“Moneylenders PMLTFPF Rules”), including regulation 6 and 6F of the Moneylenders PMLTFPF Rules, to conduct CDD, including when the moneylender intends to grant, or is considering the grant of a relevant loan, or where the moneylender suspects that the borrower or any agent, connected party or beneficial owner of the borrower is engaged in ML/TF/PF, and to conduct ECDD, including in respect of all complex or unusually large relevant loans or unusual patterns of relevant loans that have no apparent or visible economic or lawful purpose, or for any other categories of borrowers, agents, connected parties or beneficial owners of borrowers, or relevant loans which the moneylender considers may present a high risk of ML/TF/PF.

  • Licensed and exempt moneylenders should carefully assess the risks of loans involving payment in stablecoins or other digital payment tokens, conduct CDD and ECDD where required, and file a suspicious transaction report (“STR”) in a timely manner if circumstances exist that require the licensed or exempt moneylender to do so.

Click here and here  to access the FATF Reports. These publications are also uploaded at the ROM website https://go.gov.sg/moneylenders-aml

Thank you.

Registry of Moneylenders
Ministry of Law