As the use of cryptocurrencies and virtual assets has expanded over the last several years, global regulators have sought new ways to address the associated AML/CFT challenges this growth has presented.
This is considered a critical challenge both for equipping law enforcement agencies to track and prevent criminals from using cryptocurrencies for illicit activities, and by extension, to provide a regulated environment in which cryptocurrencies can be used, and Virtual Asset Service Providers (VASPs) can operate.
In June 2019, the Financial Action Task Force (FATF) updated its Recommendation 16 – commonly referred to as the Travel Rule – to include VASPs.
The FATF’s Recommendation 16 concerns cross-border and domestic wire transfers – and the information that is meant to ‘travel’ from originator accounts to beneficiary accounts both within and across national borders.
The Travel Rule’s expanded regulatory focus is already demonstrating some very specific implications for VASPs, such as cryptocurrency exchanges and cryptocurrency wallet providers.
Specifically, Recommendation 16 now stipulates that VASP originators or senders of transfers need to submit the following pieces of information to beneficiaries, whether they are other VASPs or other financial institutions:
- Sender name
- Sender account number
- Sender address, national ID or passport number, or date and place of birth
- Beneficiary name
- Beneficiary account number
Additionally, the FATF also states that in the event that there is no specific account being used – as one can expect in certain crypto transactions – “a unique transaction reference number should be included” that can make tracing the transaction possible.
Collecting this information is considered by the FATF to be an integral component of a robust anti-money laundering regulatory framework, which the regulatory watchdog makes very clear all countries should be implementing.
However, getting VASPs to fully adhere to the Travel Rule for cryptocurrency transactions is not so simple, or easy. For an industry that was initially built on the concept of anonymous, decentralized financial transactions, attempts to reign in VASPs and to get them to collect the FATF’s benchmark of Know Your Customer (KYC) information has not been straightforward.
The problems many VASPs have in complying with the Travel Rule – and the regional/national regulatory regulations it informs such as, the BSA, 5AMLD and 6AMLD – relate to a wide range of issues and challenges.
These can range from the lack of an in-built technical architecture to collect and transmit the required KYC information internally, to delays in actual implementation of regulatory directives by individual states, and the perception that many VASP customers are averse to the idea of handing over their personal information.
The Travel Rule has therefore presented a challenge for both VASPs and individual governments that don’t want to fall foul of international and national financial regulatory regimes.
When the FATF introduces directives, its signatory members – which as of 2019 numbered 39, including most of the world’s major economies – are expected to implement them. Countries that are not yet members of the FATF do not escape its reviews, and face the threat of being put onto its ‘Grey List’ of countries that are under increased monitoring, or its ‘Black List’ if they demonstrate a severe lack of measures to combat money laundering and terrorist financing.
Being on any of the FATF’s watchlists is not something any country wants, as it essentially means they present significant amounts of risk for companies to do business in them. Jurisdictions – and the companies and institutions found or operating within them – that are considered risky may then find it difficult to do business in the FATF’s financial network of signatories and compliant members.
Travel Rule: Next Steps for VASPs
In light of these challenges – and the threat of non-compliance that looms over actors in the VASP space – the FATF released a report in July 2020 which examined the status of adoption of the Travel Rule for VASPs’ among its signatory members and a selection of other jurisdictions.
As well as providing detailed reviews of how money laundering and terrorism financing through virtual assets has evolved since the Travel Rule’s update in June 2019, the report also assesses how different jurisdictions have faired in implementing the Travel Rule. It also analyzes how the private sector has responded to the rule by developing new technical solutions that can make adherence to it less challenging for VASPs.
The report notes how out of the 54 countries that were included in its review, 35 have already made substantial progress implementing the new rules, while the remainder are working towards doing so. The main challenges to implementation identified by the report are the Covid-19 pandemic and lapses in technical infrastructure for both reporting by VASPs and tracking/enforcement by regulators.
The report also sets out the areas and steps the FATF will be focusing on in the coming year, before it takes its next regulatory actions in June 2021.
Since updating the Travel Rule, the FATF has been highly active in engaging and working with countries, VASPs and other key stakeholders, in order to find solutions to the challenges, both from the perspective of the crypto industry and of countries grappling to find ways to implement its guidance.
As a result of the depth of what by its own admission are complex challenges, it has extended the implementation period for another year. This period will involve a continued review of how implementation can be realized in practice, and will likely result in adjustments to its cross-border crypto transaction guidelines, as well as other issues related to their implementation.
The FATF has also set up a Virtual Asset Contact Group, which is intended to serve as a medium for communication and dialogue between actors in the Virtual Asset industry and international regulators to find more effective frameworks for compliance. The report’s emphasis on working more closely with VASPs to understand the complexities of compliance in the industry is particularly welcome.
While bringing VASPs into the fold of regulations once reserved for traditional financial companies was never going to be straightforward, it is slowly but surely proving to be possible.
Through innovative and determined efforts to reach solutions by the various stakeholders – both from the regulatory and VASP sides of the table – the future of VASPs in a world of more discerning and widespread compliance regimes no longer seems too insurmountable.