Virtual assets (VAs) and virtual asset service providers (VASPs): what are they?
According to FATF:
- VAs are digital representations of value that can be traded and used for payments or investments.
- VASPs are any natural or legal person who exchanges, holds, safe-keeps, sells, converts, or otherwise transfers VAs on behalf of another natural or legal person.
- Depending on the content, NFTs, Stablecoin providers, and entities that maintain sufficient control or influence over a DeFi protocol may qualify as VASPs.
- The FATF expects countries to determine whether an identifiable person is a VASP within the DeFi arrangement on a case-by-case basis.
- Stablecoins are considered a high-risk area due to their potential for mass adoption.
- Travel Rule compliance solutions should cover all virtual asset types.
The definitions of VAs and VASPs provided in the FATF’s updated guidance (FATF 2021, 109) are vital to understanding the impact of FATF Recommendations on crypto businesses and services. Anti-money laundering and counter-terrorism financing (AML/CTF) frameworks apply to certain crypto assets and services across the globe, and these definitions inform which types of crypto assets and services AML/CFT frameworks should cover across the globe.
The FATF notes that their provided definitions are to be interpreted broadly and expansively. FATF’s position is that no financial asset, regardless of the format in which it is offered, should be classified as falling outside FATF standards. (FATF 2021b, p. 22, para. 46)
What are virtual assets?
FATF defines VAs as the following:
A virtual asset is a digital representation of value that can be digitally traded or transferred and can be used for payment or investment purposes. Virtual assets do not include digital representations of fiat currencies, securities, or other financial assets that are already covered elsewhere in the FATF Recommendations. (FATF. 2021b, p. 109)
What are examples of virtual assets?
The most common examples of virtual assets are virtual currencies such as Bitcoin, Ether, Solana, Tether, and Litecoin. Below, we explain in which circumstances gaming tokens, NFTs, and governance tokens could be considered virtual assets and therefore subjected to comply with the FATF’s Crypto Travel Rule. Many compliance solutions on the market offer coverage of limited virtual asset types, which would be considered non-compliant in FATF’s eyes. VASPs looking to comply should choose an end-to-end Travel Rule compliance solution that supports all virtual assets.
What are virtual asset service providers (VASPs)?
FATF defines VASPs as the following:
A Virtual asset service provider (VASP) means any natural or legal person who is not covered elsewhere under the Recommendations and as a business, conducts one or more of the following activities or operations for or on behalf of another natural or legal person:
- the exchange between virtual assets and fiat currencies;
- the exchange between one or more forms of virtual assets;
- transfer of virtual assets;
- safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; and
- participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset. (FATF. 2021b, p. 109)
What are examples of virtual asset service providers?
Examples of VASPs that are now required to comply with the FATF’s crypto Travel Rule are:
- Custodians
- Mining pools
- Wallet providers
- Brokerage services that issue and trade VAs on behalf of natural or legal persons.
- Bitcoin ATMs and kiosks that exchange virtual assets for fiat currency or other virtual assets.
Dependent upon context:
- The central developer of the governance body behind a stablecoin (dependent upon stablecoin design)
- Creators, owners, and operators who maintain control or sufficient influence over DeFi protocol arrangements
- NFTs (when used for payment or investment purposes)
- Decentralized exchanges.
The novelty of decentralization, paired with the fast-paced evolution of the crypto space, has created ample opportunities for gray areas to inform the interpretation of these definitions.
Are NFTs, stablecoin providers, and decentralized finance protocols VASPs?
The sections below explain how FATF addresses some of these issues in its most recent Guidance, published in October 2021.
Are NFT platforms VASPs according to FATF?
Although the underlying technology is not new — non-fungible tokens (NFTs) originated in 2013 with Colored Coins, a colorful representation of bitcoin coins — in 2021, the volume of NFT trading spiked, and news of NFT purchases repeatedly made it to mainstream headlines.
How FATF determines whether an NFT is a VA.
The FATF acknowledged the NFT trend in its October 2021 updated guidance and outlined a framework to help users determine whether NFTs qualify as VAs:
- Is the digital asset unique as opposed to interchangeable?
- Is the digital asset used as a collectible rather than for payment or investment purposes?
If the answers to both these questions are yes, the assets in question do not fall under the definition of VA. (FATF. 2021b, p. 24, para. 53) Thus, whether NFTs are VAs will depend on their function in practice.
Because the answers to the questions above depend on context, it will be difficult to establish clear guidelines on how NFT-related activities (such as issuance and secondary sale services) will be regulated. Regulatory obligations will likely be assessed case by case (as seen in other areas, such as with token offerings) until it is possible to formulate generalizable rules.
On the uniqueness criteria (question 1), crypto lawyer Gabriel Shapiro (2020) argues that NFTs are not inherently unique or rare, as an NFT alone does not confer the copyright to its owner. Therefore, nothing prevents others from copying. Shapiro rightfully states that “there is nothing on the blockchain layer to prevent another person from creating many more NFTs with the same exact metadata.” Shapiro also makes the case that NFTs are not inherently non-fungible, as this is a “context-relative” concept.
Assessing whether an NFT is used as a collectible or for payment and investment purposes is dually challenging, as the reason for purchase will vary across buyers:
- Some will collect NFTs and use them as part of their digital identity or use them to play games.
- Others will “sweep the floors” of any NFT project with appreciation potential and may change over time. (According to Nexo in a December 16, 2021, article, NFTs initially bought as collectibles may become a profitable investment and be acceptable to FIs as loan collateral.)
Nonetheless, the FATF clarifies that if, in practice, NFTs are being used as interchangeable assets bought primarily for investment purposes, they will qualify as VAs even if they have the potential to be used (and are being used by some) as collectibles. This, in turn, implies that platforms that facilitate, for example, the issuance and secondary sales of NFTs with such characteristics will likely qualify as VASPs.
Does the FATF consider stablecoin providers VASPs?
Stablecoins rank high on the list of regulators’ concerns because of their potential for mass adoption. Stablecoins overcome the volatility issues associated with other crypto assets and therefore constitute a more suitable option for payments (FATF. 2021b, p. 17, Box 1).
Stablecoins may have decentralized governance. If governance is centralized (e.g., as USDT is governed by Tether or USDC by Circle), the central governing body will be covered by FATF as a VASP or FI. In circumstances where decentralized entities regulate the stablecoin (e.g., MKR token holders who oversee Maker Protocol), locating the entity responsible for AML/CTF becomes more difficult.
The FATF expects countries to “take a functional approach to identify obliged entities” and “mitigate the relevant risks based on a risk-based approach (RBA) regardless of institutional design and names” (FATF. 2021b, p. 17, Box 1).
Entities that, according to the FATF, could fall within the scope for regulatory or supervisory action are the following:
- The initial driver of the development and launch of the arrangement that eventually becomes decentralized
- One that facilitates trading with stablecoins
- Custodial wallet services that support stablecoins
What about decentralized finance?
Decentralized finance (DeFi) removes the intermediary in several financial services, such as asset trading and lending. These services are instead executed by code deployed on blockchains. Decentralized applications are digital applications or programs that run on a blockchain or peer-to-peer (P2P) network of computers, as opposed to a central computer.
In 2021, we witnessed unprecedented growth in the adoption of DeFi protocols and applications and, consequently, the exponential disintermediation of crypto transactions.
The existing AML/CTF frameworks rely on financial intermediaries to enforce the required controls; however, because of the absence of such intermediaries in the DeFi context, applying those same frameworks is not linear.
The FATF states:
A DeFi application (i.e. the software program) is not a VASP under the FATF standards, as the Standards do not apply to underlying software or technology (see paragraph 82 below). However, creators, owners and operators or some other persons who maintain control or sufficient influence in the DeFi arrangements, even if those arrangements seem decentralized, may fall under the FATF definition of a VASP where they are providing or actively facilitating VASP services. (FATF. 2021b, p. 27, para. 67)
However, the following entities that maintain “control or sufficient influence” over a DeFi protocol should be subject to AML/CTF obligations if they provide or facilitate VASP services that include:
- Maintaining an ongoing business relationship with the users of a DeFi protocol (even if exercised through smart contracts or voting protocols.)
- Profiting from the DeFi service.
- Setting or changing the parameters of the DeFi protocol. (FATF. 2021b, p. 27, para. 82)
The FATF expects countries to determine whether an identifiable person is a VASP within the DeFi arrangement on a case-by-case basis, according to a broad interpretation of the definitions provided in FATF’s standards.
In paragraphs 68 and 69 of its updated guidance, the FATF also acknowledges that:
- It may not be possible to identify an entity that controls or has sufficient influence over a DeFi arrangement; therefore, a VASP may not exist. In these cases, countries should assess the risks presented by such activities and adopt risk mitigation measures, such as requiring regulated VASPs to be involved in the activities of the DeFi arrangement, if deemed necessary;
- Those who hold the governance tokens of a DeFi protocol do not qualify as VASPs so long as they cannot control or substantially influence the protocol’s governance.
References:
FATF. 2021b | Updated Guidance for a Risk-based Approach to Virtual Assets and Virtual Asset Service Providers.
How does Notabene help VASPs comply with the FATF’s Crypto Travel Rule?
Notabene enables all organizations designated as “VASPs”—exchanges, financial institutions, or custodial wallet services—to comply with the FATF’s Crypto Travel Rule. Companies leverage our first-to-market FATF Travel Rule solution to identify virtual asset accounts, perform mandated VASP due diligence, and manage regulatory and counterparty risks from one holistic dashboard.
Learn more about the crypto Travel Rule and what it requires VASPs to do.
Our certification program covers this topic and much more
FAQ
VASP FAQ
What is a VASP?
The Financial Action Task Force (FATF) classified any institution that exchanges, holds, safe-keeps, converts or sells virtual assets as virtual asset service providers (VASPs.)
The FATF extended its global standards for combatting money laundering and terrorist financing to VASPs in 2018. Most notably, is the Travel Rule, which requires VASPs to disclose specific customer data when transacting virtual assets over a particular threshold.
🙌 Why are VASPs important?
Virtual assets (VAs) usage is on the rise, and many retail investors interact with VAs through VASPs. With the explosion of crypto, regulators have shifted from their historical focus on fiat and are now regulating crypto. It is imperative for VASPs to comply with regulations, or they will be fined, and may risk being sanctioned.
Notabene helps VASPs comply with FATF’s application of the Travel Rule to virtual assets.
🚀 How do I get started with Notabene’s Free Sunrise Plan?
No integration is required!
- Step 1: Sign up for our VASP directory
- Step 2: Claim your company profile
- Step 3: View all incoming Travel Rule data transfers in our secure dashboard
- Step 4: Share your company profile with your counterparties
- Step 5: Begin receiving Travel Rule data transfers directly to your dashboard
📥 Why should VASPs use Notabene for crypto compliance?
Notabene's software, tools, and comprehensive data help crypto businesses comply with FATF’s recommendations. Companies leverage our first-to-market FATF Travel Rule solution to identify virtual asset accounts, perform mandated VASP due diligence, and manage regulatory and counterparty risks from one holistic dashboard.
📤 How do I send Travel Rule data transfers?
Send Travel Rule data transfers up to the US $10,000.00 volume per month to any of your counterparties–regardless of which, if any, Travel Rule solution they use.
Learn how to send your first Travel Rule data transfer here.
🔒 Is Notabene secure?
Notabene's software, tools, and comprehensive data help crypto businesses comply with FATF’s recommendations. Companies leverage our first-to-market FATF Travel Rule solution to identify virtual asset accounts, perform mandated VASP due diligence, and manage regulatory and counterparty risks from one holistic dashboard.
📥 Why should VASPs use Notabene for crypto compliance?
Notabene uses encryption and the highest best practices around security measures to protect the data of our users. We’ve earned our SOC2 compliance certificate and are happy to give you access to a real-time view of our security policies on request.
After verifying various requirements, any PII sent or received is held in escrow and is only shared as part of a Travel Rule transaction.