Coinfirm’s Regulatory Affairs has summarised June’s Financial Action Task Force (FATF) and Bank for International Settlements (BIS) updates, papers and consultation documents, encompassing:
- FATF Paper: Targeted Update on Implementation of the FATF Standards on Virtual Assets and Virtual Asset Service Providers
- BIS Bulletin Paper: DeFi lending: intermediation without information?
- BIS Bulletin Paper: Miners as intermediaries: extractable value and market manipulation in crypto and DeFi
- BIS’ Basel Committee on Banking Supervision Consultative Document: Second consultation on the prudential treatment of cryptoasset exposures
FATF: Targeted Update on Implementation of the FATF Standards on Virtual Assets and Virtual Asset Service Providers
FATF has published a 3rd report presenting the state of implementation of FATF Standards on VAs and VASPs. The report focuses mainly on the Travel Rule, providing additionally brief updates on Decentralised Finance (DeFi), Non-Fungible Tokens (NFTs), unhosted wallets, sanctions evasion, and ransomware.
State of Travel Rule Compliance
FATF’s Mutual Evaluation (MER) and follow-up report (FUR) results suggest that jurisdictions have made only limited progress in implementing the Travel Rule:
From June 2021 to May 2022, the FATF and its Global Network have published 53 MERs and FURs, which include assessments of country compliance with the FATF’s requirements on VAs and VASPs. The results showed the following state of complaince:
- None of jurisdictions was assessed as ‘fully compliant’
- 23% of jurisdictions – ‘largely compliant’
In March 2022 FATF conducted a survey on the implementation of Travel Rule. Among 98 responding countries:
- 29 jurisdictions reported having passed Travel Rule legislation with only 11 confirming they started enforcement and supervisory measures
- Around 25% of jurisdictions have now started passing relevant laws and regulations, with most expecting to implement them by the end of 2023
- 37% have not yet started introducing the Travel Rule
There are nuances in national travel rule requirements across jurisdictions, including on: de minimis thresholds, data privacy issues, approaches to transactions with unlicensed/unregistered and unhosted wallets.
Sunrise issue remains to be a challenge and some jurisdictions reported addressing it with:
- Introducing temporary flexibility for domestic requirements to address delays in global implementation, and
- Providing guidance to the domestic VASPs on how to deal with situations where counterparties are unlicensed/unregistered, or unable to share Travel rule data.
With regards to (2), there are two aspects of this issue, namely
2a) guidance on whether domestic VASPs are permitted to make transactions with those VASPs;
2b) guidance on whether domestic VASPs are required to send Travel Rule-related transactional and customer information to those VASPs
Travel Rule Requirements for Unhosted Wallets
The report also outlines differences among jurisdictions in terms of Travel Rule requirements for unhosted wallet transfers with:
- Most of the jurisdictions reporting that they have or plan to require beneficiary and originator information for unhosted wallet transfers.
- Other jurisidctions report the plans to require VASPs to impose additional mitigation measures in transfers to/ from unhosted wallets (such as verifying the identity of the unhosted wallet owner, or performing enhanced due diligence).
- Several jurisdictions indicated they are addressing this issue by requiring VASPs to use blockchain analytic services to mitigate some of the ML/TF risks of unhosted wallets.
De Minimis Thresholds in Travel Rule:
Jurisdictions indicated varying approaches to the application of de minimis thresholds allowed by the FATF standards (under which limited scope for information is collected for the Travel Rule).

Data Privacy in Travel Rule:
- most jurisdictions require licensed/registered VASPs to meet local DPP regulations when processing any personal data in accordance with national AML/CFT requirements.
- some jurisdictions have imposed additional data security requirements on VASPs in the process of registration/licensing approvals, such as asking to obtain an information security certificate
Solutions for TR Compliance:
The report notes there is a growing number of technological solutions supporting TR compliance, there are still areas to address, in particular around interoperability of the solutions. 2 FATF jurisdictions have developed a list of guiding questions on Travel Rule solutions to help clarify their jurisdictions’ expectations for solution providers, which are included as an Appendix t0 the report
DeFi Market Update
The report highlights two areas of DeFi development:
- Increasing use of stablecoins
- Increase in cross-chain bridges
FATF reiterates its stance outlined in previous report on the application of VASP definition to DeFi, highlighting that in many cases decentralization is more of a marketing term than a true givernance model and that the applicability of VASP definition to DeFi must be assessed on case by case basis.
NFT Update
The report also notes further NFT growth including:
- Expansion of NFT markets and applications
- Increase number of active wallets which have bought or sold an NFT
FATF will be further monitoring developments in DeFi, NFTs, stablecoins or P2P transactions.
Emerging Risks: Ransomware and Sanctions Evasion
The report also highlights the above areas as emerging risks. In both of these areas, the report highlights the use of blockchain analytics:
- Sanctions: GeoIP monitoring and blocking and pattern analysis using blockchain analytic tools, to assist in sanction screening for VA transactions.
- Ransomware: blockchain analytics tools have supported and informed successful enforcement cases, targeted financial sanctions, and other actions to disrupt ransomware-financing.
BIS Bulletin Paper No.57: DeFi lending: intermediation without information?
The paper discusses misconceptions and challenges around DeFi lending structures, focusing on the over-collateralization of loans and its pro-cyclicality as well as perceived influence on financial inclusion.
Key Takeaways:
• Lending platforms are a key part of the decentralised finance (DeFi) ecosystem, but their institutional features mostly facilitate speculation in cryptoassets rather than real economy lending.
• Due to the anonymity of borrowers, over-collateralization is pervasive in DeFi lending, which generates pro-cyclicality. Reliance on collateral also limits access to credit to borrowers who are already asset-rich, negating financial inclusion benefits.
• For DeFi lending to make inroads into the real economy, it needs to tokenise real assets and rely less on collateral by developing its ability to gather information about borrowers; as such, the system is likely to gravitate towards greater centralisation.
DeFi lending platforms require borrowers to provide collateral for the loans that is higher than the borrowed amount. Typically a 120% to 150% minimum of collateralization is required, which effectively means that borrowers need to deposit more assets than they borrow. The main reason for that is the inability to perform borrowers’ credit checks that are done in traditional finance lending. In DeFi the lenders are typically not subject to identify checks and over-collateralization of the loans ensures sufficient repayment trust level for the lenders – in case of the borrower’s default there is more than 100% capital that can be used for repayment. Given price volatility in crypto as well as DeFi liquidation mechanisms, more than 100% collateral is needed.
The paper highlights two challenges with this mechanism, namely:
- Requiring collateral higher than the borrowed amount stands in conflict with the notion of ‘financial inclusion’ that DeFi claims to pursue as the borrowers already need to own assets.
- Collateral values tend to increase in booms and decline in busts causing procyclicality in lending volumes and prices.
The paper outlines the following possible ways forward for DeFi lending:
- Smart contracts can complement automated underwriting in traditional finance and help to bring down the costs of financial intermediation.
- Composability – the ability of DeFi protocols to interact with one another – allows end-users to combine various “money legos” to build customised financial products. This possibility can be particularly relevant in complex chains of transactions such as trade finance.
However, the authors also note that there are certain pre-conditions that must be met to achieve the above benefits, namely:
- DeFi lending must engage in large-scale tokenisation of real-world assets, unless it wants to remain a self-referential system fuelled by speculation. Representing assets such as buildings or capital equipment on the blockchain, so that it can serve as collateral underpinning loans, would be particularly beneficial for SMEs, which have more limited access to finance.
- to serve the un- or underbanked, DeFi will need to abandon anonymity and use real names, and ultimately to fall within the regulatory umbrella […] the need for collateral also stands in the way of financial inclusion and “democratising finance” – declared goals of DeFi. Across the world, the asset-rich tend to have better access to financial services. The financially excluded, on the other hand, often own few to no assets. They remain excluded also in DeFi, which, due to over-collateralization, actually requires participants to own more assets than they wish to borrow.
BIS Bulletin Paper No. 58: Miners as intermediaries: extractable value and market manipulation in crypto and DeFi
The paper explores the notion of “miner extractable value” (MEV) highlighting the potential for the miners or validators to take advantage of their insider knowledge to process transactions profitable to them.
Key Takeaways:
• Cryptocurrencies such as Ethereum and decentralised finance (DeFi) protocols built on them rely on validators or “miners” as intermediaries to verify transactions and update the ledger.
• Since these intermediaries can choose which transactions they add to the ledger and in which order,they can engage in activities that would be illegal in traditional markets such as front-running and sandwich trades. The resulting profit is termed “miner extractable value” (MEV).
• MEV is an intrinsic shortcoming of pseudo-anonymous blockchains. Addressing this form of market manipulation may call for new regulatory approaches to this new class of intermediaries.
Miners or validators deciding on which transactions to add in the block and in which order have the knowledge of what trades are pending in the queue. While in principle they should choose the transactions based on the amount of fee, they have the ability to add their own trades to the block before or after the queued ones to take advantage of the price movements caused by the trades pending.
The paper notes that this type of behaviour is considered illegal in traditional finance, at the same time noting the challenges of using the same approach in crypto world. The identities of miners not known and they are not regulated institutions- in contrast to the traditional finance world where regulated financial intermediaries decide on the trade processing sequence.
BIS’ Basel Committee on Banking Supervision: Second consultation on the prudential treatment of cryptoasset exposures
The paper is the second consultative document aiming to address the issues raised by respondents to the first consultation paper (exclusion of CBDCs).
The first paper proposed the following categorisation of assets for the purpose of capital requirements:
• Group 1 cryptoassets. Those that meet in full a set of classification conditions. Group 1 cryptoassets include tokenised traditional assets (Group 1a) and cryptoassets with effective stabilisation mechanisms (Group 1b), which would be subject to at least equivalent risk-based capital requirements based on the risk weights of underlying exposures as set out in the existing Basel capital framework.
• Group 2 cryptoassets. Those that fail to meet any of the classification conditions. As a result, they pose additional and higher risks compared with Group 1 cryptoassets and consequently would be subject to a newly prescribed conservative capital treatment.
The second paper introduces a number of changes and refinements to the first proposal- summarised below. Also, it contains the proposal of the language for the specific standards text (to be included in the Basel Framework in the form of a new chapter (SCO60)).

Refinement of the Classification Conditions
The paper includes a proposal of refined requirements for stablecoins to be included in Group 1b- they would need to meet two of the following tests:
- Redemption risk test – testing that the reserve assets are sufficient to enable the cryptoassets to be redeemable at all times.
- Basis risk test – testing that the holder of a cryptoasset can sell it in the market for an amount that closely tracks the peg value. This test retains the 10bps threshold form the 1st consultation, but introduces a second threshold to reduce cliff effects.
Other classification conditions have been added in the proposal, namely:
- Banks to conduct a legal review of the cryptoasset arrangement to ensure that the classification condition is met
- Stablecoins must allow for redemption to be completed within 5 calendar days of the redemption request
- Documentation required by classification condition 2 must be publicly disclosed
One area of the proposals on which the Committee would particularly welcome feedback is the treatment of cryptoassets that are based on permissionless blockchains. The paper concludes that it is highly unlikely that any cryptoassets based on permissionless blockchains will be able to meet the classification conditions to be included in Group 1. The Committee is seeking the feedback on what modifications in the conditions would allow permissionless blockchains to be included and how to mitigate risks related to including them in this group.
Infrastructure Risk Add-On
Committee proposes to put in place an add-on to risk-weighted assets that would apply to all Group 1a and Group 1b cryptoassets to cover unforeseen risks that may develop in future in relation to those assets. The proposed calibration of the add-on is 2.5% of the exposure value.
Recognition of Hedging of Certain Group 2 Cryptoassets
In the June 2021 consultative document, the Committee proposed the formula to calculate risk-weighted assets (RWA) for banks exposures to Group 2 cryptoassets. The respondents highlighted that the formula applies on an overly conservative approach. To address that concern, the Committee proposes to permit banks to screen Group 2 cryptoassets against a set of hedging recognition criteria as well as use standardised or simplified approaches to market risk.
Removal of Accounting Classification Link
In the June 2021 consultative document, the Committee proposed that cryptoassets that are classified as intangibles would be deducted from Common Equity Tier 1 (CET1). I this paper the Committee proposes a different approach where the prudential treatment should be delinked from the intangible accounting classification.
Operational Risk Clarifications
The proposal relating to operational risk and resilience has been updated with a clearer delineation between risks that would be covered by the operational risk framework versus those that should be captured in credit and market risk frameworks.
Detail on Application of Liquidity Rules
The Committee has added more detail on the application to cryptoassets of the Liquidity Coverage Ratio (LCR) and Net Stable Funding Ratio (NSFR).
Group 2 Exposure Limit
The Committee proposes to introduce a new exposure limit for all Group 2 cryptoassets outside of the large exposure rule. The large exposure rules of the Basel Framework are designed to capture individual counterparties or groups of connected counterparties, which would result in no large exposure limits on cryptoasset where there is no counterparty (e.g. Bitcoin).
Looking to comply with crypto AML compliance stipulations?
Contact Coinfirm or sign up/log in to the AML Platform to experience the most flexible blockchain RegTech platform powered by more than 350 proprietary risk analysis algorithms.