As promised following its plenary session in February, the Financial Action Task Force (FATF) has now released its draft guidance for Virtual Asset Service Providers (VASPs) for public consultation.
The proposed guidance update covers six main areas:
- Clarifying the definition of Virtual Assets (VAs) and VASPs
- Guidance on how FATF Standards apply to stablecoins
- Additional guidance on potential risks and risk mitigation strategies for peer-to-peer transactions
- Updated guidance on licensing and registration for VASPs
- Additional public and private sector guidance for the implementation of the Travel Rule
- Includes its Principles of Information-Sharing and Co-operation Amongst VASP Supervisors
The FATF is keen on gathering insights and feedback from private sector stakeholders in the crypto and virtual asset industry on its proposed regulatory guidance, as it is aware that its guidance needs to make functional and economic sense if it is to be successful.
While the global regulatory body is very serious about the need for more diligent regulation of the industry, the good news is that it appears determined to create regulations that can safeguard against money laundering and other illicit financial activity while also allowing the industry to grow.
Now that the official draft guidance has been released for public consultation, we have more details of how the global regulatory body is considering its approach to regulation of the virtual asset space in the short to medium term future.
Below, we outline some of the key updates and changes proposed in the draft guidance.
- Virtual Asset (VA) and Virtual Asset Service Provider (VASP) Definitions
- VAs need to be digital, and must have an “inherent ability” to be traded in exchange for other VAs or fiat, or to be used for other investment purposes. A digital representation of fiat, securities, or other financial assets (such as a bank record) cannot be considered a VA. As such, the FATF does not consider central bank digital currencies (CBDCs) as VAs, instead treating them as fiat.
- DEXs and crypto escrow services are considered Virtual Asset Service Providers (VASPs)
- The FATF Standards do not classify decentralized exchanges or distributed applications (DApps) as VASPs per se, as the standards do not apply to underlying technology or software. However, entities involved with decentralized exchanges and DApps, such as users and owners, can be classified as VASPs if they qualify according to its other definitions.
- Non-Fungible Tokens (NFTs), such as the Ethereum-based “digital art” that has been the subject of recent attention in mainstream media, can sometimes be considered VAs depending on how they are traded on secondary markets, and as such need to be considered as possible tools for money laundering and illicit activities.
- In general, even if an asset does not appear to qualify as a VA according to FATF Standards, this does not preclude it from being treated as an asset by the standards.
- FATF Standards apply to Stablecoins
The FATF has placed added emphasis on the need for national regulators to apply stringent AML and CTF processes to vet stablecoins for potential risks and exploitation by criminals, applying the same KYC standards as those that apply to VAs, securities, and other financial assets.
- P2P Transactions: Risks and Mitigation Options
The guidance proposes treating transactions that take place between non-obliged entities such as unhosted or private wallets as high risk.
The FATF also offers some suggestions on how to mitigate the use of peer-to-peer transactions for illicit purposes in high-risk jurisdictions, including:
- Increased scrutiny and continued supervision of VASPs, implementing Enhanced Due Diligence (EDD) protocols and a VA equivalent of Currency Transaction Reports (CTRs)
- Denying licenses to VASPs that allow transfers to/from unhosted/private wallets
- Releasing public guidance on the risks associated with P2P transactions
- Updated Guidance on Licensing and Registration of VASPs
The FATF has proposed a relatively flexible approach to how different jurisdictions register VASPs.
However, it has outlined that at the very minimum, a VASP should at least be registered in the jurisdiction it was formed in, and that other national regulators may require VASPs that transact with entities or customers found in their jurisdictions to also register with them.
Additionally, national regulators should have systems in place to track and monitor the activity of VASPs in their own financial networks, and to identify if any are operating without the required licensing or authorization.
- Travel Rule implementation
The updated guidance makes some detailed clarifications on how the FATF’s Recommendation 16 – the so-called Travel Rule – should be applied with regards to VASPs. These include:
- Originator VASPs must require Travel Rule compliance from beneficiaries through their contractual agreements or individual business protocols.
- Any VASP that has not implemented Travel Rule guidelines should be considered high risk by its regulating authorities.
- Originator and beneficiary identifying information can be submitted in batches, as long as it happens immediately and securely. Transmitting Travel Rule information should not be permitted after a transaction has occurred.
- VASPs that accept transactions with private or unhosted wallets still need to collect Travel Rule information from the owner of the wallet. As mentioned above, these types of transactions can be considered high risk by individual jurisdictions.
- VASPs are responsible for carrying out counterparty due diligence before facilitating a transaction and transmitting the required transactional information. The FATF recommends VASPs employ a three-phase approach:
- Determining whether the transfer will be made to a counterparty such as another VASP, or if it will be to a private wallet or other entity.
- Identify the counterparty
- Assess whether the counterparty is eligible to receive transactional data and whether it is possible to enter a business relationship and with it.
- Principles of Information-Sharing and Co-operation Amongst VASP Supervisors
Due to the transnational nature of the financial system in general and VASP sector in particular, communication and cooperation between stakeholders in the space is critical in the fight against money laundering and terrorist and (weapons of mass destruction) proliferation financing (PF), which the FATF has also added emphasis to in its updated guidance.
As such, it recommends VASP Supervisors such as national regulators and compliance agents take a number of steps to bolster their cooperation, including:
- Each country must designate and clearly identify at least one competent authority as its regulator of VASPs for AML/CFT/PF purposes, which should not be self-regulating.
- Supervisors can be classified as the primary supervisor of a VASP according to where it conducts a significant proportion of its business.
The FATF has invited any industry stakeholders to offer their views and insights as part of the consultation, with a deadline for feedback submission set to 20 April 2021.
Specifically, it is seeking feedback on the following questions and areas:
- Does the revised Guidance on the definition of VASP (paragraphs 47-79) provide more clarity on which businesses are undertaking VASP activities and are subject to the FATF Standards?
- What are the most effective ways to mitigate the money laundering and terrorist financing (ML/TF) risks relating to peer-to-peer transactions (i.e., VA transfers conducted without the use or involvement of a VASP or other obliged entity, such as VA transfers between two unhosted wallets) (see paragraphs 34-35 and 91-93)?
- Does the revised Guidance in relation to the travel rule need further clarity (paragraphs 152-180 and 256-267)?
- Does the revised Guidance provide clear instruction on how FATF Standards apply to so-called stablecoins and related entities (see Boxes 1 and 4 and paragraphs 72-73, 122 and 224)?
- Are there any further comments and specific proposals to make the revised Guidance more useful to promote the effective implementation of FATF Standards?
Details on how to take part in the consultation, and to access the draft report itself, can be found here.