FATF is an intergovernmental international organization established in 1989 to study the dangers of money laundering, prevent money laundering, and coordinate international actions against money laundering. It is one of the most influential anti-money laundering and the most authoritative international organizations in the field of anti-terrorism financing in the world. Its member states are located in major financial centers on all continents. The Forty Anti-Money Laundering Recommendations and the Nine Special Anti-Terrorism Financing Recommendations formulated by the FATF (FATF 40+9 Recommendations) are the most authoritative documents in the world for anti-money laundering and counter-terrorism financing.
In order to combat illegal financial activities in the crypto market, FATF issued guidelines for crypto assets for the first time in 2019.
The guidelines call on cryptocurrency exchanges and wallet merchants and other cryptographic service providers (VASPs) to meet the standards applicable to traditional financial companies and require cryptographic service providers to collect detailed identity information of the initiators and beneficiaries involved in transactions. Since then, FATF has continued to review and revise the guidelines to classify entities that are not easily classified in the DeFi field to the standards of traditional financial companies.
Recently, the FATF released the final version of the “Updated Guidelines for Risk-Based Approaches for Encrypted Assets and Encrypted Service Providers.” The updated guide has major changes from the previous version, including clarifications on the DeFi protocol, CBDC, stablecoin, and NFT.
The DeFi guide outlines the need for countries, crypto service providers, and other entities participating in cryptocurrency to understand the money laundering and terrorist financing (ML/TF) risks associated with crypto, and emphasizes the need for appropriate mitigation measures to deal with these risks sex.
For the definition of encryption service provider (VASP):
As an enterprise, any natural or legal person that performs one or more of the following activities or businesses for or on behalf of other natural or legal persons.
- The exchange between crypto assets (VA) and legal tender.
- The exchange of one or more forms of encrypted assets.
- The transfer of encrypted assets.
- Custody and/or management of encrypted assets or tools capable of controlling encrypted assets.
- Participate in and provide financial services related to the issuer’s offer and/or sale of encrypted assets.
For the definition of encrypted assets (VA):
“Crypto assets are not just digital representations of value, they must also have tradable or exchangeable functions. The value must be transferable, not just a way of keeping records.”
The FATF stated in the guidelines that although some countries have implemented regulatory systems for VA and VASP, many jurisdictions have not yet developed an effective anti-money laundering framework to mitigate risks. Nowadays, the rapid development of the encryption industry, the continuous increase in functions, the increasing adoption, and the global and cross-border nature of the encryption industry require countries to take urgent actions to reduce the money laundering and terrorist financing risks caused by VA activities and VASP. Become a priority for FATF.
The regulatory framework should be based on VASP and VA. Countries should not formulate regulatory rules based on the technical terms, operating models, technical tools, blockchain design, or any other operational functions used to describe their activities. Instead, they need to be based on them. The basic financial services provided shall prevail.
Second, it also updated the travel rules, which require financial institutions to record and report information about the sender and recipient of encrypted funds transfers with a value of at least $3,000, as it applies to encrypted transactions. After the new guidelines are updated, the rules only apply to transfers between service providers, not to transfers from private wallets.
The guide enumerates the leading regulatory frameworks in Italy, Japan, Norway, Switzerland and the United States, and proposes that countries should adopt the principles of information sharing and cooperation, and build on mutual trust.
In addition, the guide also provides recommendations for countries on specific areas of the encryption industry.
Does NFT belong to VA?
Based on the above definition of VA, FATF believes that NFTs do not seem to constitute VA, but if they are used in a way that conforms to FATF standards, they should be regulated. FATF recommends a selective approach to regulating these new types of assets that seem to cross defined boundaries.
“Some NFTs that do not seem to constitute VA on the surface may fall under the definition of VA if they are used for payment or investment purposes in practice. Therefore, although NFTs are excluded from the FATF’s definition of VA, they will be treated as such. Financial assets are covered by FATF’s regulatory standards.”
In other words, according to the FATF’s definition of encrypted assets, NFTs or encrypted collectibles are not classified as encrypted assets. However, the nature and actual functions of NFTs need to be considered. NFTs used for payment or investment purposes will belong to the definition of encrypted assets and will be regulated.
Because DeFi can promote or carry out the exchange or transfer of encrypted assets in order to realize the ultimate interests of the owner/operator/developer/community, it belongs to the encryption service provider (VASP).
As many open source projects and development contributors in the DeFi field exist globally, the number and functions of DeFi projects are rapidly expanding. Although the guide is intended to provide guidance, countries need to assess the facts and circumstances of each situation to determine whether there is an identifiable person, whether legal or natural, to provide the covered services. Countries should apply the principles contained in the standard in a broad interpretation of the definition, but the actual intent of the functional approach should be considered.
Based on the guidelines, countries should consider for DeFi assessments: if they meet the definition of VASP, owners/operators should conduct money laundering and terrorist financing risk assessments before launching the platform, and take appropriate measures and proactive ways to mitigate these risks. If the user can purchase the DeFi governance tokens, the DeFi platform should fulfill its anti-money laundering obligations and responsibilities.
Initial issuance of tokens (1C0)
The FATF interprets the definition of 1C0 as “a means of raising funds for new projects from early supporters.” Does providing 1C0 comply with VASP?
According to the explanation in the guide, middlemen who provide services for initial token issuance and sale belong to VASP. In addition, if the issuer offers to convert the token into legal tender, or to provide liquidity, it also belongs to the category of VASP.
Alternatively, the token can be regarded as a security under the laws of a certain country. In this case, depending on the facts of the token, national securities laws may apply to the token. Therefore, whether the issuer will be regarded as a VASP or a securities issuer will depend on the facts of the ICO and the laws of the country.
The guide pointed out that the FATF does not recognize the term “stable currency” because it is not a clear legal or technical category, but is mainly a marketing term used by the promoters of this type of currency.
Regarding the definition of stable currency, FATF believes that it is “aim to maintain a stable value relative to certain reference assets or assets.”
Any stablecoin needs to establish a central developer or governance organization internally before it is released. The governance body consists of one or more natural or legal persons, and they must establish rules for managing stablecoins (for example, determine the functions of stablecoins, who can access arrangements, and how to take anti-money laundering/anti-terrorism financing preventive measures).
Suppose Acompany (company) is designing a platform based on blockchain technology to issue stablecoins. under these circumstances:
The stablecoin will be backed by assets held in a reserve fund managed by the company. Only authorized participants can purchase or redeem coins from the reserve fund through the company. According to the company’s proposed ecosystem, the company and validators will operate a licensed blockchain network and raise funds for tokens through 1C0.
In this case, the company complies with VASP under the FATF standard because its functions include exchanging tokens and raising funds through ICO. Therefore, the company must assume anti-money laundering obligations. According to FATF standards, companies should take appropriate measures to reduce the risk of money laundering and terrorist financing in the entire ecosystem (for example, in terms of coin design, standards and procedures for approving authorized participants, etc.).
In addition, authorized participants are also VASPs, because their functions include facilitating the issuance, distribution and trading of the stablecoin; trading platforms are also VASPs, because their functions include the exchange of stablecoins, fiat currencies and other encrypted assets , Transfer and custody. Escrow wallets are also VASPs because their functions include transferring and custody of stablecoins.
What do encryption experts think about this guide?
Peter Van Valkenburgh, Research Director of Coin Center, believes that after the update of the guidelines, the good point is that the FATF clarifies better clarity for the creation of new assets by crypto developers and the regulatory framework in various fields, but there are still many insufficient:
Although the guide clarifies that decentralized applications themselves are not VASPs, it points out that “creators, owners, and operators who maintain control or sufficient influence need to be established in DeFi, even if these seem to be centralized, but It also belongs to VASP.” In other words, the consequence of this is that DeFi projects are only called “decentralized”, but this is not necessarily the case.
Secondly, the new guidelines are still too broad. In particular, “any party who benefits from the service or has the ability to set or change parameters” may still be regarded as a VASP.
Finally, with regard to measures taken by various countries, the United States, Switzerland, Japan and other countries have issued clear regulatory frameworks and regulations, which are sufficient to implement the FATF’s recommendations. Therefore, the new guidelines do not require the anti-money laundering regulatory agencies of these countries to formulate new policies.
It should be noted that the title of “Updated Guidelines for Risk-Based Approaches for Encrypted Assets and Cryptographic Service Providers” implies intent. The recommendations in the guide are not rules or regulations, but standards that members should follow to combat money laundering and terrorist financing. Some countries that do not comply may find themselves on a “blacklist” and excluded from the global financial system.
In any case, it may take months or even years for countries to implement their recommendations within their legal systems. Even so, it remains to be seen whether the new regulations will have a measurable impact on the industry.