FATF Crypto Guidance: Updates on VASPs & VAs


Last week, the Financial Action Task Force (FATF) – the global AML watchdog – released its updated Draft Guidance on a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers. The major amendments to the guidance are:

  • Applying Recommendation 16 (Travel Rule)
  • DeFi: DEXs & DApp are VASPs
  • Stablecoins are VAs, CBDCs are fiat
  • Non-Fungible Tokens which can facilitate ML and TF are Virtual Assets
  • VASPs should analyze & mitigate proliferation financing
  • Best approaches for due diligence for counterparties
  • Methods for minimizing peer-to-peer transaction risks

FATF Crypto Guidance: Applying Recommendation 16 (Travel Rule)

  • Higher-risk rating is associated with VASPs that have not implemented Recommendation 16.
  • VASPs must perform counterparty due diligence before transmitting the required info.
  • Irrelevant of the lack of regulation in the beneficiary jurisdiction – the sunrise problem – originating VASPs to a transaction cam require Recommendation 16 compliance from beneficiaries by contract/business practice. In general, those business decisions are made by each individual VASP based on their Risk-Based Approach.
  • Virtual Asset Service Providers should screen Txs to know counterparties are not sanctioned.
  • Providing beneficiary and originator info in bundles is acceptable, so long as provision happens securely and immediately in line with FATF Standards. Provision of the requisite info must not be permitted to happen ‘post facto’ (it must happen before or when the Virtual Asset transfer is carried out).
  • In cases where there is no originator/beneficiary institution (Txs to/from unhosted wallets), the Virtual Asset Service Provider has to still collate the necessary info with regards to their client. Nations should also examine the process of requiring Virtual Asset Service Providers to treat such Virtual Asset transfers as higher-risk Txs requiring stricter restrictions/investigation.

FATF Crypto Guidance: VA & VASP Definitions Update

  • CBDCs not treated by FATF as VAs but as fiat issued by central banks.
  • DEX and DApps’ owners or operators may be identified as Virtual Asset Service Providers. DApps themselves are not in and of themselves VASPs under the FATF crypto guidance standards (underlying software or technology cannot have standards applied).
  • Virtual Asset escrow providers, including those utilizing smart contracts, brokers, advanced trading resources, exchanges using order books, and custodians are all Virtual Asset Service Providers.
  • Certain Non-Fungible Tokens which might not initially seem to constitute Virtual Assets might actually be Virtual Assets owing to secondary markets which facilitate the exchange/transfer of value or enable ML, TF and PF.
  • No asset can be understood to be totally outside the FATF crypto guidance Standards (assets must not be thought to be missed by the FATF due to the format in which they are offered).

Related regulation: FinCEN’s Self-Hosted Wallet KYC Regulation Proposal

FATF Crypto Guidance: Dangers of Proliferation Financing

  • As well as AML/CFT procedures, VASPs should start to ascertain and manage proliferation financing.
  • The Financial Action Task Force is at present creating a different guidance on proliferation financing.

FATF Crypto Guidance: Stablecoins are Virtual Assets

  • The FATF crypto guidance update proposes that governments analyze and manage the money laundering and terrorism financing risks of the assets prior to launch – especially if the ‘stablecoin’ is to be used for facilitating peer-to-peer Txs.
  • Risk management may encompass software to surveil transactions that pose heightened risks in relation to Anti-Money Laundering and Combatting the Financing of Terrorism, ensuring that obliged entities are following AML/CFT legislation and limiting the ability of clients to conduct transactions anonymously.

FATF Crypto Guidance: P2P Transaction Risk Reduction

  • Tx to/from non-obliged entities (e.g. unhosted wallets) and transactions where at an earlier stage Peer-to-peer Txs have occurred should be considered higher-risk.
  • The FATF crypto guidance update proposes a few of the following as potential peer-to-peer risk management processes in higher-risk jurisdictions:
    • Applying the Virtual Asset equivalent of Currency Transaction Reports
    • Rejecting licencing of Virtual Asset Service Providers if they facilitate Txs to/from non-obliged entities (such as unhosted wallets)
    • Stricter record maintenance & Enhanced Due Diligence requirements
    • Government offices publishing advice to enhance awareness of red flags posed by peer-to-peer Txs

FATF Crypto Guidance: Due Diligence for Counterparties

  • When applying Recommendation 16 (i.e. the ‘Travel Rule’), it is crucial to administer due diligence on VASP counterparties. The FATF proposes a 3-phase procedure:
    • Phase 1: Ascertain if the Virtual Asset transfer is with an unhosted wallet, Virtual Asset Service Provider or another service (e.g. DApp).
    • Phase 2: Associate the beneficiary address with a Virtual Asset Service Provider counterparty.
    • Phase 3: Analyze whether the Virtual Asset Service Provider counterparty is an acceptable entity to transmit client data to and maintain a commercial connection to.
  • Blockchain analytics can be utilized to review VASPs and identify discrepancies.
  • Prior to a first transaction with a counterparty, a VASP should undertake due diligence of the corresponding party.
  • VASPs should regularly review their counterparty due diligence ratings.

FATF Crypto Guidance: Virtual Asset Service Provider Registration & Licencing

  • Jurisdictions are given leeway in regards to VASPs registration and licensing requirements.
  • In the least, it must be a requisite for VASPs to be registered or licensed within the jurisdiction(s) that they are formed.
  • VASPs that provide products/services to clients in a certain jurisdiction should be registered/licensed in that jurisdiction.
  • Government authorities should have procedures to surveil the Virtual Asset Service Provider industry and ascertain which individuals are conducting Virtual Asset actions without the required permit.

FATF Crypto Guidance: Collaboration Principles between VASPs

  • Because of the cross-border and multi-jurisdictional impact of Virtual Assets and Virtual Asset Service Providers, cross-jurisdiction knowledge sharing between the public and commercial sectors is imperative. A list of Principles of Information Sharing and Co-operation between VASP Supervisors has been created by the FATF draft crypto guidance update.
  • Every nation must select at a minimum of one competent office as their chosen supervisor of Virtual Asset Service Providers for Anti-Money Laundering and Combatting the Financing of Terrorism – so long as that office is not a self-regulatory body (e.g. the ‘JVCEA’ of Japan).
  • For Anti-Money Laundering and Combatting the Financing of Terrorism, nations following the FATF crypto guidance need to ascertain their Supervisor(s) of Virtual Asset Service Providers.
  • In the case of VASPs that maintain operations in numerous jurisdictions – as is often the case in crypto – the primary Supervisor can be associated with the jurisdiction that the VASP has a notable proportion of day-to-day business operations in.