FATF and BIS May Crypto Compliance Standards, FI Adoption and DeFi Regulation Reports

Coinfirm’s Regulatory Affairs summaries reports published in May by the Financial Action Task Force (FATF) and the Bank for International Settlements (BIS) on crypto-asset compliance standards, adoption of the asset class by financial institutions and potential methods of regulation for decentralised finance.

FATF Report on the State of the Effectiveness and Compliance with the FATF Standards

The FATF has published a report on the State of the Effectiveness and Compliance with the FATF Standards. The report’s findings are based on the results the 4th Round of Mutual Evaluations conducted by the FATF and FATF-style Regional Bodies. 120 out of 205 jurisdictions had been evaluated with a completed mutual evaluation report. The FATF peer evaluation system and risk-based approach analyses technical compliance as well as effectiveness. 

Some key findings are:  

  • In terms of laws and regulations, 76% of countries have now satisfactorily implemented the FATF’s 40 Recommendations. This is a significant improvement in technical compliance, which stood at just 36% in 2012, demonstrating the positive impact of the FATF Mutual Evaluation and Follow-up processes.  
  • Nearly all (97%) of 120 assessed countries have low to moderate effectiveness ratings for preventing money laundering and terrorist financing in the private sector. In particular, the non-financial sector performs poorly in terms of risk awareness and applying preventive measures. In general, private sector entities need a change of culture in applying a true risk-based approach to conduct customer due diligence, keep records, and file suspicious transaction reports.  
  • Countries have made progress in the supervisory framework of laws and regulations and enhancing the powers of supervisors that monitor relevant entities. However, the implementation and extent of supervision remains inadequate. Just 10% of countries’ supervisory systems demonstrated effectiveness. 
  • About half (52%) of assessed jurisdictions have adequate laws and regulatory structures around transparency in beneficial ownership. However, countries are not effectively implementing these laws with only 9% of countries substantially effective in this area. Countries need to prioritize their efforts and demonstrate improvements in recording, reporting and verifying information regarding legal persons and arrangements.  
  • Criminal justice frameworks to tackle money laundering and terrorist financing are now in place and most countries have financial intelligence units, designated authorities for financial investigations (for both money laundering and terrorism) and specialists tasked with asset recovery for identifying and confiscating the proceeds of crime. Countries are also exchanging more information with international counterparts. Nevertheless, investigations and prosecutions of money laundering and terrorist financing remain rare in most countries, particularly for complex cases or cases involving a cross-border element, despite some strong international co-operation among countries. Furthermore, only a tiny fraction of all proceeds of crime are recovered. As such, convictions for money laundering are often not in line with the major risks identified within each country 

The findings of the report relate to the overall effectiveness of compliance with FATF standards, including virtual assets related recommendations.  

One specific mention of virtual assets relates to the identified need for more guidance around proliferation financing guidance with regards to particular identified sectors – one of them being virtual assets:  

Similarly, countries should provide guidance to relevant private sector entities (particularly correspondent banking services, trade financing and virtual asset service providers) on the potential risks of breach or evasion of targeted financial sanctions 

The report shows clearly that there is a substantial gap between the countries ‘technical compliance’ with recommendations vs ‘effectiveness’. What that means in practice, is that while countries may have addressed the required points in risk assessments, policies and guidelines, the actual affective implementation of the requirements by private sector and their enforcement is far lower. The technical compliance level within FATF member countries is as high as 85%, while the effectiveness compliance rate is 43%. The gap is even bigger with FSRB countries- with 73% of technical compliance vs 14% of effectiveness rate.  

BIS Report: Banking in the shadow of Bitcoin? The institutional adoption of cryptocurrencies

The Bank for International Settlements has published a paper examining the institutional adoption of cryptocurrencies.  

The report contains different data sets picturing the exposure of banks and asset managers to cryptocurrencies as well as the analysis of factors influencing the rate of adoption.

The data set analysed is until the end of 2020 – as this is the most update ‘global supervisory data’. The key takeaway from the report are 3 conclusions, quoted below, underscoring the importance of application of the same regulatory standards to cryptocurrencies as to traditional finance, also in DeFi space:  

First, the ongoing digitalisation of finance and interest in DeFi could spur the growth in, and systemic risk of, the crypto shadow financial system. While market activity has started from a relatively low base, the growth and trends over the past years underline the potential for cryptocurrencies and other forms of digital money (eg stablecoins and central bank digital currencies) to scale up quickly and become widely used. This, in turn, requires a proactive and forward-looking approach to regulating and overseeing such markets. As such, cryptocurrencies and their intermediaries, including crypto exchanges, should be subject to the same types of regulation and oversight as economically equivalent asset classes and institutions, including with regards to financial stability, consumer protection, and AML/CFT standards. The purportedly decentralised nature of cryptocurrencies does not render these safeguards dispensable.

Second, while most cryptocurrencies have originated from outside the traditional financial system, risks from cryptocurrencies could easily transfer to banks and other established financial institutions. Indeed, banks and asset managers could potentially be exposed to cryptocurrencies through a number of direct and indirect channels over the coming years. Initiatives to promote regulatory clarity on the treatment of these potential exposures, such as ongoing efforts by the BCBS (BCBS (2021)), could help to ensure a more level playing field and the prudent management of risks. This calls for both comprehensive regulation and supervisory oversight of crypto exchanges with regard to the provision of financial services and a conservative prudential approach to the treatment of banks’ cryptocurrency exposures. 

Third, data gaps risk undermining the ability of authorities to oversee and regulate cryptocurrencies holistically. While some of these blind spots reflect the decentralised setup of cryptocurrencies, there is scope to enhance the systematic collection and publication of cryptocurrency data in a more rigorous and robust manner. One option for such a framework is ’embedded supervision’, developed in Auer (2022), which harnesses information in distributed ledger based-finance. The aim is to increase the quality of data available to supervisors and to reduce administrative costs for firms.

BIS Revised Paper: Embedded supervision: how to build regulation into decentralised finance

A paper by the BIS discusses the idea of ‘embedded supervision’ with compliance regulatory framework with automatic compliance monitoring by reading the market’s ledger. The author claims that while regulation should remain technology-neutral, supervision should evolve in parallel with technology and that Instead of focusing on fitting DeFi and crypto-assets into existing regulations, such as securities laws formulated long before the advent of DLT, it is worth asking how new technologies could serve to better monitor risks in financial markets.

What is being proposed by the BIS, on a very high and simplified level, is that supervision can be conducted with the use of the data stored in DLT, instead of the ‘traditional’ data request and verification process applied so far. One of the examples provided is the case of a bank that holds asset-backed tokens – where compliance with the Basel III capital standards could be automatically verified by relying on DLT data.  

The paper presents principles that such ‘embedded supervision’ would need to met.  

  • Embedded supervision can only function as part of an overall regulatory framework that is backed up by an effective legal system and supporting institutions i.e. the connection between the underlying asset and the digital token must be guaranteed by the legal system. 
  • Embedded supervision can be applied to decentralised markets that achieve economic finality i.e.  there has to be a definition on when a transaction in decentralized network can be considered as ‘final’. The author proposes  that a transaction can be considered as final once it is certain that, from a specific moment, it will never be profitable to undo. 
  • Embedded supervision needs to be designed within the context of economic market consensus, taking into account how the market will react to being automatically supervised supervisors need to ensure that the market’s economic consensus for approving transactions in blockchain is so strong that any attempt to deceive the supervisor will be unprofitable. 
  • Embedded supervision should promote low-cost compliance and a level playing field for small and large firms. 

The paper goes into the technical detail of how each of the above principles could be achieved. Among the final conclusions, it makes an observation that I think is one of the key deciding factors of the proposed approach: regulators would also be required to acquire substantial technological know-how and the willingness to adjust their operational approach to the technology that is being developed by the financial sector.