It has been one year since the Financial Action Task Force (FATF) released a global regulatory framework for the crypto industry. The Guidelines for Virtual Assets and Virtual Asset Service Providers (VASPs) was released in June 2019. One of its most notable requirements is Recommendation 16, the so-called Travel Rule. The guidelines also required that jurisdictions implement AML/CFT regimes in accordance with FATF’s guidelines, including the registration or licensing of VASPs.
On July 7th 2020, FATF released a report containing a 12-month review and assessment, measuring implementation of these guidelines by jurisdictions and the private sector. The release of the report followed a virtual Plenary meeting held by the FATF on June 24th, 2020. In the review, the travel rule is highlighted as “the issue of most focus in terms of VASPs’ compliance with the revised FATF Standards.” What were the key findings of this review, and what does it mean for compliance teams in the crypto industry?
Below is a short summary outlining high-level take-aways and what’s next from FATF, in addition to implications for your business.
Summary of the 12-month review
- The 12-month review was prepared by FATF to measure the implementation of the revised Standards that it introduced in 2019 by both jurisdictions and the private sector. It also covers any changes in risks, typologies and market structure of the virtual asset industry.
- FATF reports that there has been marked progress by jurisdictions in the implementation of a regulatory regime for virtual assets, with 35 out of 54 reporting jurisdictions having implemented the revised FATF standards. 32 of these jurisdictions introduced a regulatory framework for crypto businesses, with the majority by method of new legislation. A large number of these regulations apply to VASPs that operate in their jurisdictions but who may be domiciled in other jurisdictions. So far, 20 jurisdictions have reported a total of 1,133 registered or licensed VASPs.
- The FATF review highlights that there has been increased readiness by the private sector for travel rule compliance, with the emergence of multiple travel rule solutions as well as technical standards to facilitate interoperability.
- Many issues were raised by jurisdictions and the private sector during the implementation of the regulatory framework. These include specific concerns with implementing the Travel Rule, like the identification and due diligence of VASPs in a timely manner, as well as broader concerns with how to deal with non-custodial wallets and stablecoins.
What’s next from FATF?
Going forward, FATF expects all of its members and its broader global network of FATF-Style Regional Bodies (FSRBs) to have fully implemented these guidelines by June 2021. While FATF has deemed that at this point there is no need to update its existing Standards, it will be providing additional Guidance to the industry by October 2020 (mainly in response to the concerns raised in the report). It will also continue its engagement with the private sector through its Virtual Assets Contact Group.
Finally, the FATF will continue to closely monitor the risks posed by stablecoins and anonymous peer-to-peer transactions via non-custodial wallets. Should there be substantial changes in market trends, it may choose to revisit its guidelines.
What does this review mean for your business?
If your business is a VASP, it is recommended that your compliance team:
- Assess which jurisdictions that you are incorporated in or operate in require that you are regulated. If you are not yet regulated, you need to determine how to become compliant and if there are licensing or registration requirements. If you are in doubt whether you need to be regulated, contact the local regulators for more information. Please note that requirements may change across jurisdictions, and you will have to keep up-to-date with the latest requirements.
- Start early (if you haven’t already) implementing comprehensive AML/CFT policies in line with your regulating jurisdiction’s guidelines.
- Implement the travel rule as soon as possible. The travel rule requires changes to current compliance processes and flows. It is recommended that the compliance team start testing early and accommodate these changes into current processes, so that the impact of the travel rule on your daily operations is minimized.
- Perform an internal ML/TF risk assessment of existing and new products, in particular if they are of a cross-border nature or have been highlighted as sources of potential concern (eg stablecoins, non-custodial wallets). For new products, these risks are best addressed before their launch.