VASPs (Virtual Asset Service Providers): What are they?

How does the Financial Action Task Force define virtual assets?

FATF’s definitions of virtual assets (VAs) and virtual asset service providers (VASPs) listed on page 109 of its updated Guidance are vital to understanding the impact of the Recommendations on crypto businesses and services. These definitions inform which types of crypto assets and services anti-money laundering and combating the financing of terorrism (AML/CTF) frameworks should cover across the globe.

A virtual asset is a digital representation of value that can be digitally traded or transferred and used for payment or investment purposes. Virtual assets do not include digital representations of fiat currencies, securities, or other financial assets already covered elsewhere in the FATF Recommendations.

‍

How does the Financial Action Task Force define virtual asset service providers?

A Virtual asset service provider (VASP) means any natural or legal person who is not covered elsewhere under the Recommendations and as a business, conducts one or more of the following activities or operations for or on behalf of another natural or legal person:

• the exchange between virtual assets and fiat currencies;
• the exchange between one or more forms of virtual assets;
• transfer of virtual assets;
• safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; and
• participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset

FATF clarifies that the following definitions are to be interpreted broadly and expansively. FATF’s position is that no financial asset, regardless of the format in which it is offered, shall fall outside the FATF standards. (FATF’s Updated Guidance [OCT 2021], paragraph 46.)

The novelty of decentralization, paired with the fast-paced evolution of the crypto space, creates opportunities for gray areas in interpreting these definitions. 

Do NFTs qualify as VAs? Is there a VASP in a DeFi protocol? 

The sections below explain how FATF addresses some of these issues in its most recent Guidance, published in October 2021. 

Are NFT platforms VASPs according to FATF?

Although the underlying technology is not new - non-fungible tokens have their origins in 2013 with Colored Coins, a colorful representation of bitcoin coins - in 2021, the volume traded in NFTs spiked, and infamous purchases of NFTs repeatedly made it to mainstream headlines.

How FATF determines if an NFT is a virtual asset:

The FATF acknowledged this trend in its October 2021 Updated Guidance and outlined a framework to determine whether or not NFTs qualify as VAs:

1. Is the digital asset unique as opposed to interchangeable?
2. Is the digital asset used as a collectible rather than for payment or investment purposes?

If the answers to both these questions are yes, these assets will not fall within the definition of VAs (FATF’s Updated Guidance [OCT 2021], paragraph 53.) Hence, whether or not NFTs are VAs will depend on their function in practice.

As the answers to the previous questions depend on context, providing clear guidelines on how NFT-related activities (such as issuance and secondary sale services) will be regulated may prove difficult. Regulatory obligations will likely be assessed on a case-by-case basis (as seen in other areas, such as token offerings) until it is possible to formulate generalizable rules.

‍

On the uniqueness criteria, crypto lawyer Gabriel Shapiro argues that NFTs are not inherently unique or rare, as an NFT alone does not confer the copyright to its owner. Therefore, there is nothing preventing others from copying them. Shapiro rightfully states that “there is nothing on the blockchain layer to prevent another person from creating many more NFTs with the same exact metadata.” Shapiro also makes the case that NFTs are not inherently non-fungible, as this is a “context-relative” concept.

Assessing whether an NFT is used as a collectible or for payment and investment purposes is dually challenging, as this will vary across buyers:

• Some will collect NFTs and use them as part of their digital identity or use them to play games; 
• Others will “sweep the floors” of any NFT project with appreciation potential) and may change over time. (NFTs initially bought as collectibles may become a profitable investment and be accepted as loan collateral by financial institutions.)

Nonetheless, the FATF clarifies that if in practice, NFTs are being used as interchangeable assets bought primarily for investment purposes, they will qualify as VAs even if they have the potential to be used (and are being used by some) as collectibles. This, in turn, implies that platforms that facilitate, for example, the issuance and secondary sales of NFTs with those characteristics will likely qualify as VASPs.

Are stablecoin providers considered VASPs by the FATF?

Stablecoins rank high on the list of regulators’ concerns due to their potential for mass adoption. Stablecoins overcome the volatility issues associated with other crypto assets and therefore constitute a more suitable option for payments. (FATF’s Updated Guidance  [OCT 2021], Box 1. Stablecoins and ML/TF risks, p. 17.) 

The governance bodies responsible for stablecoins may be more or less centralized.

If the governance is centralized (e.g., USDT, governed by Tether, or USDC, governed by Circle), the central governing body will be covered by the FATF standards as a VASP or a Financial Institution (FI).

In cases where decentralized bodies govern the stablecoin (e.g., the MKR token holders, which govern the Maker Protocol), finding the entity to burden with AML/CTF obligations becomes more challenging. The FATF expects countries to “take a functional approach to identify obliged entities” and “mitigate the relevant risks based on a risk-based approach (RBA) regardless of institutional design and names.” (FATF’s Updated Guidance  [OCT 2021], box 1. Stablecoins and ML/TF risks, p. 17.)

Entities that, according to the FATF, could fall within the scope for regulatory or supervisory action are the following: 

• The initial driver of the development and launch of the arrangement that eventually becomes decentralized; 
• Exchanges facilitating trading with stablecoins; 
• Custodial wallet services supporting stablecoins.

‍

What about DeFi? Are they VASPs?

Decentralized finance (DeFi) removes the intermediary in several financial services, such as asset trading and lending. These services are, instead, executed by code deployed on blockchains. In 2021, we witnessed unprecedented growth in adopting DeFi protocols and, consequently, the exponential disintermediation of crypto transactions.

The existing AML/CTF frameworks rely on financial intermediaries to enforce the required controls and, hence, applying those same frameworks in the DeFi context is not linear. The FATF recognizes that the DeFi application (the software program) could not qualify as a VASP. However, entities maintaining “control or sufficient influence” over a DeFi protocol should be subject to AML/CTF obligations if they provide or facilitate VASP services. 

Outlined on FATF’s Updated Guidance [OCT 2021], paragraph 67, examples of such entities include:

• Entities with an ongoing business relationship with the users of a DeFi protocol (even if exercised through smart contracts or voting protocols);
• Entities that profit from the DeFi service;
• Entities that can set or change the parameters of the DeFi protocol.
  
  

The FATF expects countries to determine, on a case-by-case basis, whether an identifiable person is providing a VASP service within the DeFi arrangement according to a broad interpretation of the definitions provided in the FATF’s standards.

In paragraphs 68 and 69 of its updated Guidance, the FATF also acknowledges that:

1. It may not be possible to identify an entity with control or sufficient influence over a DeFi arrangement; therefore, a VASP may not exist. In these cases, countries should assess the risks emerging from such activities and adopt risk mitigation measures, such as requiring regulated VASPs to be involved in the activities of the DeFi arrangement, if deemed necessary;
2. Holders of governance tokens of a DeFi protocol do not qualify as VASPs as long as they cannot control or substantially influence the protocol’s governance.