How does the Financial Action Task Force define virtual assets?

The definitions of virtual assets (VAs) and virtual asset service providers (VASPs) provided by the FATF (page.109 of its updated guidance) are key to understanding the impact of the FATF Recommendations on crypto businesses and services. These definitions inform which types of crypto assets and services should be covered by AML/CFT frameworks across the globe.

A virtual asset is a digital representation of value that can be digitally traded or transferred and can be used for payment or investment purposes. Virtual assets do not include digital representations of fiat currencies, securities, or other financial assets that are already covered elsewhere in the FATF Recommendations. 

How does the Financial Action Task Force define virtual asset service providers?

Virtual asset service provider means any natural or legal person who is not covered elsewhere under the Recommendations, and as a business conducts one or more of the following activities or operations for or on behalf of another natural or legal person:

• exchange between virtual assets and fiat currencies;
• exchange between one or more forms of virtual assets;
• transfer of virtual assets;
• safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; and
• participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset

FATF clarifies that the following definitions are to be interpreted broadly and expansively. FATF’s position is that no financial asset, regardless of the format in which it is offered, shall fall outside the FATF standards. (FATF’s Updated Guidance [OCT 2021], paragraph 46.)

The novelty of decentralization, paired with the fast-paced evolution of the crypto space, creates opportunities for gray areas in the interpretations of these definitions. 

Do NFTs qualify as VAs? Is there a VASP in a DeFi protocol? 

The sections below explain how some of these issues are addressed in the FATF’s most recent guidance, published in October 2021. 

Are NFT platforms VASPs according to FATF?

Although the underlying technology is not new - non-fungible tokens have their origins in 2013 with Colored Coins, a colorful representation of bitcoin coins - in 2021, the volume traded in NFTs spiked, and infamous purchases of NFTs repeatedly made it to mainstream headlines.

‍

How FATF determines if an NFT is a virtual asset:

The FATF acknowledged this trend in its October 2021 updated guidance, and outlined a framework to determine whether or not NFTs qualify as VAs:

1. Is the digital asset unique as opposed to interchangeable?
2. Is the digital asset used as a collectible rather than for payment or investment purposes?

If the answers to both these questions are yes, then these assets would not fall within the definition of VAs (10 FATF’s Updated Guidance [OCT 2021], paragraph 53.) Hence, whether or not NFTs are VAs will depend on their function in practice. As the answers to the previous questions depend on context, providing clear guidelines on how NFT-related activities (such as issuance and secondary sale services) will be regulated may prove to be a difficult task. Regulatory obligations will likely be assessed on a case-by-case basis (as seen in other areas, such as token offerings) until it is possible to formulate generalizable rules.

On the uniqueness criteria, crypto lawyer Gabriel Shapiro argues that NFTs are not inherently unique or rare, as NFTs alone do not confer any copyrights to their owner. Therefore, there is nothing preventing others from copying them. They rightfully state that “there is nothing on the blockchain layer to prevent another person from creating many more NFTs with the same exact metadata.” Shapiro also makes the case that NFTs are not inherently non-fungible, as this is a “context-relative” concept.

It is also challenging to make an ex-ante assessment of whether an NFT is used as a collectible or for payment and investment purposes. This will vary across buyers (some will collect NFTs and use them as part of their digital identity or to play games; others will “sweep the floors” of any NFT project with appreciation potential) and may change over time (NFTs initially bought as collectibles may become a profitable investment and be accepted as loan collateralby financial institutions.)

Nonetheless, the FATF clarifies that if, in practice, NFTs are being used as interchangeable assets bought primarily for investment purposes, they will qualify as VAs even if they have the potential to be used (and are being used by some) as collectibles. This, in turn, implies that platforms that facilitate, for example, the issuance and secondary sales of NFTs with those characteristics will likely qualify as VASPs.

Are Stablecoin providers considered VASPs by FATF?

Stablecoins rank high on the list of regulators’ concerns due to their potential for mass adoption. Stablecoins overcome the volatility issues associated with other crypto assets and therefore constitute a more suitable option for payments. (FATF’s Updated Guidance [OCT 2021], Box 1. Stablecoins and ML/TF risks, p. 17.) 

The governance bodies responsible for stablecoins may be more or less centralized.

If the governance is centralized (e.g., USDT, governed by Tether, or USDC, governed by Circle), the central governing body will be covered by the FATF standards as a VASP or or a Financial Institution (FI).

In cases where the stablecoin is governed by decentralized bodies (e.g., the MKR token holders, which govern the Maker Protocol), finding the entity to burden with AML/CFT obligations becomes more challenging. The FATF expects countries to “take a functional approach to identify obliged entities” and “mitigate the relevant risks based on a RBA regardless of institutional design and names.” (FATF’s Updated Guidance [OCT 2021], box 1. Stablecoins and ML/TF risks, p. 17.)

‍

Entities that, according to the FATF, could fall within the scope for regulatory or supervisory action are the following: 

• The initial driver of the development and launch of the arrangement that eventually becomes decentralized; 
• Exchanges facilitating trading with stablecoins; 
• Custodial wallet services supporting stablecoins.

‍

What about DeFi?

Decentralized finance (DeFi) removes the intermediary in several financial services, such as asset trading and lending. These services are, instead, executed by code deployed on blockchains. In 2021, we witnessed unprecedented growth in adopting DeFi protocols and, consequently, exponential disintermediation of crypto transactions.

The existing AML/CFT frameworks rely on financial intermediaries to enforce the required controls and, hence, applying those same frameworks in the DeFi context is not linear. The FATF recognizes that the DeFi application (the software program) could not qualify as a VASP. However, entities maintaining “control or sufficient influence” over a DeFi protocol should be subject to AML/CFT obligations if they provide or facilitate VASP services. 

Outlined on FATF’s Updated Guidance [OCT 2021], paragraph 67, examples of such entities include:

• Entities with an ongoing business relationship with the users of a DeFi protocol (even if exercised through smart contracts or voting protocols);
• Entities that profit from the DeFi service;
• Entities that can set or change the parameters of the DeFi protocol.

The FATF expects countries to determine, on a case-by-case basis, whether an identifiable person is providing a VASP service within the DeFi arrangement according to a broad interpretation of the definitions provided in the FATF’s standards.

In paragraph 68 and 69 of it’s updated guidance, the FATF also acknowledges that:

1. It may not be possible to identify an entity with control or sufficient influence over a DeFi arrangement, and, therefore, a VASP may not exist. In these cases, countries should assess the risks emerging from such activities and adopt risk mitigation measures, such as requiring regulated VASPs to be involved in the activities of the DeFi arrangement, if deemed necessary;
2. Holders of governance tokens of a DeFi protocol do not qualify as a VASP as long as they cannot control or substantially influence the protocol’s governance.

How does Notabene help VASPs comply with FATF’s Crypto Travel Rule?

Notabene assists all organizations designated as “VASPs”–be it exchanges, financial institutions, or custodial wallet services to comply with FATF’s Crypto Travel Rule.

Companies leverage our first-to-market FATF Travel Rule solution to identify virtual asset accounts, perform mandated VASP due diligence, and manage regulatory and counterparty risks from one holistic dashboard.