Designated Non-Financial Business and Profession (DNFBP)

Financial institutions are not the only entities under scrutiny in the global fight against money laundering and terrorism financing. Non-financial businesses and professions also pose significant risks and are subject to regulatory oversight. These are collectively referred to as Designated Non-Financial Businesses and Professions (DNFBPs), a term introduced by the Financial Action Task Force (FATF), the leading global watchdog organization for anti-money laundering (AML) and counter-terrorist financing (CTF).

What Are DNFBPs?

DNFBPs are businesses or professions that play important roles in financial transactions but don’t primarily operate as financial institutions. Due to their nature, they can be exploited by criminals to launder money, shelter illicit assets, or finance terrorism. As a result, DNFBPs are now widely included in AML/CTF regulatory frameworks around the world.

While countries and territories that are often associated with tax neutrality and offshore entities have drawn a lot of attention, like the Bahamas, DNFBPs operate everywhere, from real estate agencies in London to casinos in Macau and legal firms in New York City. Their exposure to financial crime risk is universal, not region-specific.

Categories of DNFBPs

DNFBPs broadly fall into two groups: individuals and entities. Here’s how they are categorized:

For Individuals

People are identified as DNFBPs based on their professions, especially those that facilitate high-value or complex transactions. Common roles include:

• Real estate agents and brokers involved in the buying and selling of property.
• Dealers in luxury goods like gold, jewelry, precious stones, and antiquities.
• Corporate service providers including directors, nominee shareholders, and company secretaries.
• Legal professionals like lawyers, notaries, and corporate tax advisors.
• Auditors and accounts that offer independent financial services.
• Gambling operators running casinos, betting websites, or gaming platforms.

For Entities

Businesses may be classified as DNFBPs if they meet certain operational criteria, such as:

• Law firms and other legal service providers that operate as sole partnerships.
• Accounting and audit firms that manage or advise on financial structures.
• Company formation agents involved in establishing corporate entities.
• Trust and company service providers (TCSPs) that offer registered offices, business addresses, nominee arrangements, or legal structure services.
• Nonprofits and foundations operating independently from state funding, especially those that frequently receive cross-border funding.

Risks Associated With DNFBPs

Without proper compliance mechanisms in place, DNFBPs face a wide range of money laundering and terrorist financing risks. According to the International Monetary Fund (IMF) and FATF, the most prominent risks include:

1. Weak KYC and Due Diligence Practices

Many DNFBPs lack the same robust customer due diligence (CDD) frameworks as banks and other financial institutions. This gap enables criminals to exploit those businesses to obscure the origins of their funds. Implementing stringent KYC policies is critical, even when not explicitly required by law.

2. Limited Recordkeeping and Transaction Monitoring

In some countries, DNFBPs are not legally required to record customer transactions, maintain audit trails, or verify the source of their funds. This creates significant blindspots in the detection of suspicious activities. While they may be legally mandated to file Suspicious Transaction Reports (STRs) to national Financial Intelligence Units (FIUs), proactive monitoring may not always be practiced.

3. Inconsistent Regulatory Requirements

AML/CTF obligations vary from region to region. In some jurisdictions, DNFBPs may not be fully covered by national AML laws or may face lenient enforcement. This fragmentation allows bad actors to exploit these regions with weak oversight, also known as regulatory arbitrage.

4. Lack of Internal Controls and Training

DNFBPs can often underestimate the need for these internal compliance programs due to them not being financial institutions. Many lack formalized AML programs, designated compliance officers, or staff training procedures. Without these, businesses are thoroughly unprepared to identify or manage financial crime risks.

Regulatory Landscape: How DNFBPs Are Governed

Globally, the regulation of DNFBPs is increasingly in tune with that of financial institutions. FATF Recommendations 22 and 23 specifically address DNFBPs, mandating that they implement AML/CTF measures such as:

• Customer Due Diligence
• Financial recordkeeping
• Reporting of suspicious transactions
• Internal controls and compliance functions

Regional Implementation

• European Union: Under the 6th Anti-Money Laundering Directive (6AMLD), DNFBPs must adhere to uniform AML standards, including criminal culpability for entities and strict penalties.
• United States: The Financial Crimes Enforcement Network (FinCEN) oversees AML compliance for many DNFBPs, although legal professionals and accountants are not uniformly regulated.
• Asia-Pacific: Regulatory expectations vary wildly here. Countries like Singapore and Australia have implemented strict DNFBP AML laws, while others are still developing their frameworks.
• Middle East and Africa: With increasing FATF engagement, many countries are bringing DNFBPs under AML oversight to improve transparency and internal cooperation.

Strengthening Compliance for DNFBPs

To reduced exposure to financial crime and align with international standards, DNFBPs should prioritize:

1. Implementing Risk-Based AML Programs

Rather than adopting a one-size-fits-all model, businesses should tailor AML programs based on their specific risk, clientele, and transaction profiles.

2. Enhancing KYC Processes

Collecting and verifying customer identity information at onboarding, and updating it regularly, is essential. Enhanced due diligence should be applied to high-risk clients or politically exposed persons (PEPs).

3. Appointing a Compliance Officer

Assessing a qualified AML compliance officer ensures accountability and strengthens the organization’s ability to meet regulatory expectations.

4. Conducting Regular Training

Employees should be trained on AML laws, red flags for suspicious activities, and internal procedures. Training should be updated annually and adapted to changing risks.

5. Maintaining Detailed Records

Even when not legally required, keeping comprehensive records of client interactions, financial transactions, and risk assessments can significantly improve readiness for audits or investigations.

Final Thoughts

Designated Non-Financial Businesses and Professions are now widely recognized as essential components in global AML and CTF frameworks. Their ability to influence financial channels without being traditional financial institutions makes them simultaneously valuable and vulnerable. Strengthening their compliance posture is no longer optional but an important step toward maintaining operational integrity.

As oversight increases worldwide, DNFBPs have an opportunity to align more closely with international best practices. By proactively managing risks, enhancing transparency, and committing to ongoing education, these businesses can not only meet regulatory expectations but also build stronger reputations in an increasingly scrutinized global economy.