The FATF report on Virtual Asset Service Providers & Anti-Money Laundering: What This Means for DeFi & the Markets
Paris, France, October 28th, 2021, the FATF (Financial Action Task Force) issued its long-awaited, 111-page report, "Updated Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers."
What is the FATF?
For those not familiar with the FATF, it's an international organization established in 1989, requested by the G7 as a watchdog on the stock market and international finance. The FATF ostensibly creates policies and recommendations to prevent financial crime such as money laundering and terrorist financing and preserve financial stability worldwide. Today there are 39 members of the FATF, including the United Nations and the World Bank. For membership, a country must be considered strategically important (by the size of the population, GDP, banking, and insurance sector), must follow globally accepted financial standards, and participate in international organizations. Its reach is vast, with nearly 200 jurisdictions worldwide looking to the Financial Action Task Force for guidance.
The new report updates its 2019 guidance to a risk-based approach for virtual assets and VASPs (Virtual Asset Service Providers), particularly focusing on the DeFi industry. It attempts to provide guidance for anti-money laundering/counter-terrorist financing (AML/CFT) practices, unhosted digital wallets–cold storage of cryptocurrencies such as a Nano Ledger or Trezor–and compliance with the "travel rule" plus how information should be shared between cryptocurrency platforms.
It seems cryptocurrency, its adoption, and its practical application in finance may be reaching a new landmark level as Association of Certified Anti-Money Laundering Specialists (ACAMS) Executive Director Rick McDonell had this to say about the FATF guidance: "...the area of crypto now is too big to ignore."
Let's break down the report and its new guidance and what it will mean for DeFi and the markets. Since the report is quite extensive, urging governments worldwide to classify types of cryptocurrencies, cooperate with each other on many points and establish new agencies for regulations of many kinds plus much more, we're going to focus just on the recommendations for rules in what the FATF denotes as VASPs.
Defining a VASP
On page 24, the FATF guide states, "Each country must determine whether such assets and their activity fall into the definition of VA (Virtual Asset) or some other variety of financial asset and VASPs or FIs (Financial Institutions)."
That said, there is some clear guidance on the same page defining a VASP as :
"...any natural or legal person who is not covered elsewhere under the Recommendations and as a business conducts one or more of the following activities or operations for or on behalf of another natural or legal person:
i. Exchange between virtual assets and fiat currencies;
ii. Exchange between one or more forms of virtual assets;
iii. Transfer of virtual assets; and
iv. Safekeeping and/or administration of virtual assets or instruments
enabling control over virtual assets;
v. Participation in and provision of financial services related to an issuer's
offer and/or sale of a virtual asset."
It has been primarily assumed that DeFi applications themselves are not considered VASPs under these standards since they "do not apply to underlying software or technology." However, the document states on page 29 that DeFi developers and others may be considered VASPs:
"Creators, owners, and operators or some other persons who maintain control or sufficient influence in the DeFi arrangements, even if those arrangements seem decentralized, may fall under the FATF definition of a VASP where they are providing or actively facilitating VASP services."
Theoretically, this might extend to anyone tasked with moving funds to fulfill a smart contract, including developers and core team members.
Pelle Brændgaard, CEO of the crypto compliance startup Notabene now working with Tether, opined, "If a business is extracting transaction fees or direct revenue from a protocol that they control, they likely will be classified as a VASP. More fully decentralized protocols could be covered under certain cases as well, but not all cases."
In fact, on page 30, we read this passage that seems to excuse fully decentralized protocols of the FATF recommendations:
"Where it has not been possible to identify a legal or natural person with control or sufficient influence over a DeFi arrangement, there may not be a central owner/operator that meets the definition of a VASP."
To be clear of its reach, the paper states on page 33: "...the FATF envisions very few VA arrangements without VASPs involved at some stage if countries apply the definition correctly."
This makes sense for any new project. First, there will be campaigns for fund-raising and the establishment of protocols by the watchful eyes of developers through various iterations and adjustments facilitated by a core team.
FATF Standards for VASPs
Specific guidance for VASPs starting on page 80 include a recommendation to:
Collect KYC information on all users regardless of activity on the platform
Request more information for certain transactions
Refuse services to anyone not providing requested information
Create a unique risk profile for every user based on FATF recommendations
Blacklist any account associated with a high-risk user
Identify any politically exposed persons
Block or freeze any transactions by any user engaging in any suspicious activities
Collect information about other VASPs
Limit any transactions with other VASPs that are not following FATF guidance
Note transactions from unhosted wallets and refuse if deemed high risk
Flag any suspicious activity and report to authorities
Note and take action against high-risk factors, including:
• Privacy coins/projects
• Transactions from certain countries/anti-FATF jurisdictions
• Suspicious, irregular, or uncommon transactions
• Any large transactions
• Strange user profiles
What does it mean moving forward?
The former FATF executive secretary, current Director of the Association of Certified Anti Money Laundering Specialist, Rick McDonell, referred to this process of compliance as ongoing and developing, saying, "I would expect that this is going to take quite some time, a year or two in my view, to get all of the moving parts in place by most of the virtual asset service providers who don't yet have those tools in existence."
These newly defined regulations will incur challenges for platforms to comply as quickly, smoothly, and efficiently as possible. To that end, new companies like Shyft Network, Notebene, and Astra Protocol are emerging, offering services to aid in compliance.
Many major CeFi (Centralized Finance) cryptocurrency exchanges already welcome more explicit guidance in AML/CFT. For example, KuCoin CEO Johnny Lyu said in a recent interview, "In short, crypto needs regulation. Every sector of the economy of developed countries worldwide is now engaged in solving the problems of legal regulation of cryptocurrency activities."
The regulated crypto space will continue to grow, more thoughtfully with AML/CFT measures secured, and so a bit more slowly, but also more robustly as a result. As a result, the DeFi space could finally mature, with carefully placed regulations to protect retail investors and encourage institutional investment, which history has already shown drives true adoption. Institutional investment today accounts for most of the nearly $3 trillion crypto market share.
With safety and security a constant concern in these uncertain times, knowing a platform is compliant with current regulations is a priority. EQIFI.com is an innovative DeFi platform offering a full suite of financial products to new users and experienced investors. It's uniquely positioned to thrive in this new era of compliance, powered by the licensed and regulated global digital bank, EQIBank.
Follow with us at EQIFI as we navigate the complex terrain of digital assets together into a future of prosperity.
