In June 2019, the Financial Action Task Force (FATF) released a global regulatory framework for the crypto industry. One year later, on July 7th 2020, FATF released a report containing a 12-month review and assessment that measures implementation of these guidelines by jurisdictions and the private sector.
This report highlights a number of issues that regulators and representatives from the private sector have raised during implementation and asked for greater clarity and guidance on them. We have summarized these issues below. To shed more light on these issues and how to resolve, FATF is likely to introduce additional guidance by October 2020.
1. Definitions in the FATF guidelines
- Increased guidance on the definition of virtual assets - For example, stablecoins can be categorized as traditional financial assets but built with virtual asset technologies. Under which AML/CFT regime should they be regulated?
- Clarification on the scope of VASP activities (eg safekeeping and/or administration of virtual assets) - This can help increase consistency across jurisdictions in terms of which companies are regulated as VASPs.
2. Transacting with non-custodial wallets
- Gap in tracing illicit flows of crypto - Some jurisdictions raised concerns that if non-custodial wallets remain unregulated, they may represent “a leak in tracing illicit flows of virtual assets”. However, FATF has reported that currently there isn’t sufficient evidence that they present a lot of risk and will continue to not cover them for the time-being.
- Anonymous P2P transactions are a concern - If a ‘privacy coin’ gains wide mass adoption, then FATF will study the prevalence of non-custodial wallets associated with it and reassess whether this constitutes a threat to existing ML/TF regimes.
3. Identifying VASPs for registration and licensing
- Many jurisdictions are requiring the regulation of VASPs not only incorporated in their countries but also operating there or selling services to their citizens. Some jurisdictions have reported challenges identifying which VASPs should be regulated and by whom.
- In particular, they are interested in what approach they should take with VASPs operating from overseas but selling to their citizens. They are interested in identifying who the ‘right’ regulatory authority is for these VASPs, especially if they were decentralized and had no home country.
4. Travel rule implementation
- Identifying counterparty VASPs and performing due diligence in a timely manner remains a challenge. In particular, concern has been raised about difficulty in identifying if a VASP is registered / licensed by a jurisdiction with adequate AML/CFT regimes. A proposed way forward is a ‘global list of VASPs’, but in theory is difficult to implement due to a number of reasons, including maintaining accurate and secure information and who governs and supervises this list.
- Concerns with how to deal with transactions with non-custodial wallets - There are challenges identifying whether a wallet is non-custodial. VASPs would like more clarity on whether they are allowed to transact with non-custodials, and what AML/CFT requirements they should put in place to mitigate risks.
- Guidance on frequency and timeliness of travel rule information sharing - Some VASPs requested whether they can do batch data submission of transfers, submit travel rule data at a later time (end of day, in 5-6 days) instead of immediately, and whether they have to do travel rule for past transfers.
- Interoperability of travel rule solutions - Common messaging standards will need to have built-in flexibility to accommodate for changes in privacy or AML/CFT standards across jurisdictions
- Sunrise issue - VASPs are not sure yet how to deal with VASPs in jurisdictions that do not yet mandate travel rule guidelines.