FATF Publications: Horizon Scan on AI and Deepfakes, Report on Stablecoins and Unhosted Wallets

Dear licensee,

The Financial Action Task Force (“FATF”) has published reports on the money laundering, terrorism financing and proliferation financing (“ML/TF/PF”) risks posed by new and emerging technologies and rising trends in such technologies, in particular, a Horizon Scan on Artificial Intelligence (“AI”) and Deepfakes, and a Targeted Report on Stablecoins and Unhosted Wallets.

The FATF reports highlight how these technologies may be exploited by illicit actors and underscore the need for regulated entities to remain vigilant to the risks that these technologies pose.

What are the rising trends in these technologies?

There is a rising trend where AI enabled deepfakes (e.g., videos, images or audio created using AI techniques) are now more widely used, including to mimic real people’s appearance, voice or actions to impersonate individuals and/or facilitate fraud and other illicit activities.

Stablecoins, including through unhosted wallets (i.e., wallets that do not involve a virtual asset service provider (“VASP”) or financial institution (“FI”) subject to anti-money laundering, countering financing of terrorism and countering proliferation financing (“AML/CFT/CPF”) obligations), have increasingly become a common component of ML, TF and PF schemes that use virtual assets (“VAs”). Stablecoins generally refer to a type of VA, and can be used as a means of payment and/or store of value. Stablecoins have a mechanism (e.g., linkage to reference assets such as fiat currencies or other VAs) with which they purport to maintain price stability.

Why are these rising trends a concern?

Once rare, deepfakes have become increasingly prevalent and can be used to circumvent AML/CFT/CPF controls, particularly customer due diligence (“CDD”) systems and measures. Deepfakes can be used to impersonate individuals and manipulate biometric authentication, a concern given a growing reliance on biometric verification. They can be used to commit ML/TF/PF, and such technologies are also being used in consumer fraud schemes and phishing attacks. Generative AI can also be used to create fake documents that can facilitate fraud and deception, including by creating false documentation so that transactions or economic activities appear real.

While stablecoins have the same vulnerabilities as other VAs, stablecoins are more likely to be used in peer-to-peer (“P2P”) transactions due to their price stability and ample liquidity. Conducted without the involvement of AML/CFT/CPF-obliged intermediaries, P2P transactions via unhosted wallets are exposed to heightened ML/TF/PF risk. Reports indicate that stablecoins are the most popular VA used in illicit transactions, and the FATF has observed that the use of stablecoins by illicit actors has continued to increase over time. Stablecoins have become increasingly attractive to illicit actors due to their liquidity, interoperability and ease of cross-border transfer. Illicit actors may collect illicit proceeds in the form of stablecoins or convert laundered funds into stablecoins, before exchanging them into fiat currency.

What can you do?

Licensees should:

• Keep abreast of evolving cyber risks and threats, relevant advisories, and ensure your risk mitigation measures, internal controls, staff training, and technological and system defences are reviewed and enhanced where necessary. You are encouraged to review how cyber-enabled threats may impact how you fulfil your AML/CFT/CPF obligations, such as CDD/ enhanced CDD (“ECDD”) measures.

• Regularly review your risk assessment and internal policies, procedures and controls to align with AML/CFT/CPF requirements and ensure they remain updated and relevant, addressing risks posed by evolving technology – including but not limited to GenAI and deepfake technologies.

Licensees may also refer to earlier papers published by the Monetary Authority of Singapore (“MAS”) concerning cyber risks associated with generative artificial intelligence (“GenAI”) and deepfakes.

Licensees are also reminded of:

• The obligation under Part 2 of the Third Schedule of the Pawnbrokers Act 2015 (“PBA”) to conduct CDD, including before the pawnbroker makes a relevant loan, relevant transaction or where the pawnbroker has reason to suspect ML/TF/PF, and to conduct ECDD when they have reason to believe that a pawner or customer, a person on whose behalf the pawner or customer is acting, a beneficial owner of the person, or a relevant loan or relevant transaction may present a high risk of ML/TF/PF.

• Licensees should carefully assess the risks of loans or transactions involving payment in stablecoins or other digital payment tokens, conduct CDD and ECDD where required, and file a suspicious transaction report (“STR”) in a timely manner if circumstances exist that require the licensee to do so.

Click here and here to access the FATF Reports. These publications are also uploaded at the ROP website https://go.gov.sg/pawnbrokers-aml.

Thank you.

Registry of Pawnbrokers
Ministry of Law