The Second 12-Month Review of the Revised FATF Standards on Virtual Assets has been published on the FATF website today.
Coinfirm has contributed to the preparation of the paper by providing blockchain analytics data to one of the elements of the review – namely peer-to-peer transactions metrics. Although we would recommend familiarizing one’s self with the summary of the data presented in the paper, the P2P market is not the only subject covered. The document discusses:
- FATF’s work on virtual assets since July 2020
- Jurisdiction’s progress in implementing the revised FATF standards
- Private sector’s progress in implementing the revised FATF Standards, including the travel rule
- How ML/TF risks and the virtual asset market have changed since July 2020
- Main issues identified in implementing the revised FATF Standards
FATF’s Work on Virtual Assets Since July 2020
The FATF has been continuing its efforts in providing guidance on virtual assets as well as fostering a dialogue between the private and public sectors. Between Sept 2020 and April 2021, FATF hosted or participated in several information sharing and guidance discussion meetings. Coinfirm had the opportunity to participate in meetings devoted to Travel Rule updates, discussion about market trends, and the proposal of updated FATF Guidance on Virtual Assets. We were also proud to present to FATF members the metrics that fed into the report.
Since September 2020 FATF has issued the following papers with guidance relating to crypto-assets:
- A report on Virtual Asset Red Flag Indicators of ML/TF
- Draft revisions to its 2019 Guidance, receiving 75 submissions from the public. The FATF expects to finalise and release the revised Guidance by November 2021
- Guidance on the supervision of VASPs as part of its broader Guidance on Risk-Based Supervision
- Guidance on Proliferation Financing Risk Assessment and Mitigation clearly extending the relevant obligations to VASPs
Jurisdiction’s Progress in Implementing the Revised FATF Standards
The paper provides numbers illustrating the progress in implementing the revised FATF standards in crypto, based on the self-assessment questionnaire responses provided by 128 jurisdictions and on mutual evaluations.
The overall conclusion is not optimistic, yet it does not come as a surprise to those close to the crypto-asset industry like Confirm:
After two years many jurisdictions still do not have the basic regulatory framework for VASPs. On a positive note though, the number of jurisdictions that have implemented crypto AML regulations is higher than reported last year.
Data indicating compliance rates:
- 74% (28/38) of reporting FATF members reported that they have passed the necessary laws/regulations to permit or prohibit VASPs
- 33% (30/90) of reporting FSRB members reported that they have passed the necessary laws/regulations to permit or prohibit VASPs
- 58 jurisdictions, (28 FATF members and 30 FSRB members) reported that they had the necessary legislation to implement R.15/INR.15
- 35 of these jurisdictions (18 FATF members and 17 FSRB members) reporting that their regime was operational
- A minority of jurisdictions have conducted examinations and still fewer have imposed any enforcement actions
Based on the data collected by FATF, 2,374 VASPs are registered/ licensed, which doubles the reported number of registered/licensed VASPs recorded in the first 12-month review (1,133 VASPs).
Private Sector’s Progress in Implementing the Revised FATF Standards, including the Travel Rule
The FATF review concludes that two years after the FATF revised its Standards, most jurisdictions and most VASPs are not complying with the Travel Rule.
- 11 jurisdictions reported that they were aware of VASPs in their jurisdiction complying with some Travel Rule requirements (through both manual and automated processes, development of third party technological and blockchain analytics)
- no jurisdiction advised that they were aware of a VASP which complied fully with each element of the Travel rule.
- 10 jurisdictions reported that they had implemented Travel Rule requirements for VASPs and that these requirements were being enforced.
- 14 jurisdictions reported that they had introduced Travel Rule requirements but these were not yet being enforced
How ML/TF Risks and the Virtual Asset Market Changed since July 2020
The FATF notes that the virtual assets sector market has grown significantly, which appears to indicate that introduced regulation does not stop the business development. In fact, more regulatory certainty may be conducive to business growth.
The review also notes the increasing adoption of virtual assets in the mainstream of the traditional financial sector.
The FATF outlines the following AML/CFT trends observed in virtual assets:
- Value of virtual assets involved in most ML/TF cases detected to date remains relatively small compared to cases using more traditional financial services and products
- Most detected cases involved the use of one type of virtual asset only
- Layering of illicit proceeds through ‘mixing’ – moving ssets across multiple addresses, VASPs, types of virtual asset, or different blockchains
- Types of offences involving virtual assets include ML, the sale of controlled substances and other illegal items (including firearms), fraud, tax evasion, sanctions evasion, computer crimes (e.g. cyberattacks resulting in thefts or ransomware), child exploitation, human trafficking and terrorist financing
- Narcotics-related and fraud offences (e.g. investment scams and swindling, blackmail, and extortion) are the most prevalent
- Large increase in the value of virtual assets collected as ransomware payments and in the use of virtual assets to commit and launder the proceeds of fraud
- Most identified ML/TF activity relates to activity that is native to virtual assets. That is, it is ML/TF activity where the predicate activity begins in virtual assets
- Jurisdictional arbitrage is a growing problem
- Tools and methods to increase anonymity in virtual asset transfers continued to be used and developed (registering internet domain names through proxies and using DNS registrars that supress or redact the true owners of the domain names, the use of tumblers, mixers and AECs or privacy coins and privacy wallets, chain-hopping and dusting and the use of decentralized applications, decentralized exchanges and atomic swapping exchange)
Peer-to-Peer (P2P) Market Metrics
The report provides a concise graphic summary of the metrics provided comparing the results from the seven companies that participated in the exercise. The FATF notes the differences in the statistics provided by blockchain analytics companies explaining various factors that may have influenced these discrepancies, at the same time underlying that:
“Despite these limitations, blockchain analytics can provide interesting insights into the use of virtual assets that are not available with traditional financial products and services. Moreover, blockchain analysis can be useful for investigative purposes to track identified illicit funds or attribute identities of wallet holders. Such tools can be of great potential benefit to law enforcement, FIUs, supervisors, VASPs and the broader private sector in fulfilling their AML/CFT obligations and combating illicit activity.”
Below are two selected graphs from the section of Peer-to-Peer Market Metrics, Graph 2, detailing the proportion of bitcoin transactions that occured without a VASP between 2016-2020 and Graph 3, detailing the proportion of identified illicit bitcoin transactions between 2016-2020. Both graphs show data given by a number of blockchain data analytics firms.
The FATF notes the differences in the statistics provided by blockchain analytics companies explaining various factors that may have influenced these discrepancies. It was the first attempt at gathering market metrics and one of the lessons learnt was the fact that different data providers may have used different definitions of;
- what constitutes an ‘illicit’ transaction. For instance, mixing services are not illegal. Some providers would consider a mixer/ tumbler transaction as ‘illicit’ due to high ML risk, some would classify it as ‘high risk’, but not necessarily illicit.
- what transactions to include as ‘VASP’ transactions. For instance, while some providers may include smart contract transactions with a DeFi platform as transactions ‘with VASP’, others may have not included decentralized platforms in the VASP transaction bucket.
Main Issues Identified in Implementing the Revised FATF Standards
The first 12-month review identified five main issues where further FATF Guidance was needed;
- Definition of virtual asset and VASP;
- Peer-to-peer transactions and unhosted wallets;
- So-called ‘stablecoins’;
- Licencing and registration of VASPs; and
- Implementation of the Travel Rule
To address these five areas, the FATF is updating its 2019 Guidance on virtual assets and VASPs (to be published by Nov 2021).
Definition of virtual assets and VASPs:
- ‘Segmented approach’ : So far, FATF created definitions of virtual asset and VASPs as well as included all AML/CFT obligations in relation to virtual assets and VASPs in R.15/INR.15, which relates to new technologies. It is noted that this ‘segmented approach’ caused unintended consequences of creating a divide in the FATF Standards between VASPs and the broader category of financial institutions (FIs). This in turn may lead to views that there are different standards for VASPs and FIs and make it more difficult to note the actual requirements for these two groups (e.g. in terms of Travel Rule). Also, covered activities of FIs are broader than those of VASPs, which creates less flexibility in application of standards to new services in crypto assets.
- Application of VASP definition to DApps: FATF explains that the inclusion of DeFi in the VASP definition is not newly introduced in March 2021 revised guidance draft, but was in fact articulated in 2019 Guidance (www.fatf-gafi.org/media/fatf/documents/recommendations/RBA-VA-VASPs.pdf paragraph 40). Based on the feedback received FATF will further review its guidance on VASP definition application to DeFis.
Peer-to-Peer Transactions and AML/CFT Intermediaries
The FATF states its focus will be maintained on placing AML/CFT controls on intermediaries – in the absence of clear evidence that P2P transactions constitute a significant portion of illicit transactions and given the strong evidence of the risks posed by deficient or non-compliant VASPs. At the same time, it is clearly noted that if P2P transactions were to increase, FATF Standards may need revision.
Jurisdictions and private sectors need to consider ways to identify and mitigate risks posed by P2P in advance. The FATF revised guidance by November 2021 will provide more information on P2P risk and mitigation.
Travel Rule Implementation
The FATF will release updated guidance that includes more information on the Travel Rule by November 2021
All jurisdictions should take action to implement the Travel Rule. Rapid implementation by all jurisdictions is believed to act as the catalyst to promote the development of technical solutions and compliance by VASPs.
The overall conclusion is that there is not yet sufficient implementation to enable a global AML/CFT regime for VASPs.
The FATF calls all jurisdictions to implement and enforce AML/CFT requirements for VASPs as soon as possible. If they do not consider that they can effectively regulate VASPs, they should consider prohibiting VASPs through the law while they develop this expertise.
Proliferation Financing Obligations
In June 2021 FATF released Guidance on Proliferation Financing Risk Assessment and Mitigation, which – among other things – aligns the proliferation financing obligations across FIs, DNFBPs, and VASPs.