Revisiting FATF Guidelines on Virtual Assets
This article is the too-long, didn't read ("TLDR") version of the Financial Action Task Force perspective on crypto.
Nothing herein should be construed as legal advice. The material published is intended for informational, educational, and entertainment purposes only. Please seek the advice of counsel, and do not apply any of the generalized material to your individual facts or circumstances without speaking to an attorney.
What is FATF
The Financial Action Task Force ("FATF") was established in 1989 on the initiative of the G7 to develop policies to combat money laundering. In 2001, its mandate was expanded to include terrorism financing. FATF is currently an intergovernmental organization that does not create binding laws, but its guidelines influence counter-terrorist financing and anti-money laundering (AML) laws among its members. FATF comprises 39 member jurisdictions, including the United States, Canada, and Mexico. Regulators, such as the U.S. Department of the Treasury, often implement regulations based on FATF’s guidance.
In October 2021, FATF updated its 2019 Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers (VASPs). The recently updated guidance touches on six key areas:
Clarifying virtual assets and VASPs
Applying the FATF Standards to stablecoins
Risks and the tools available for countries to address money laundering and terrorist financing risks for peer-to-peer transactions
Licensing and registration of VASPs
Implementation of the “travel rule”
Information-sharing and co-operation amongst VASP Supervisors
Clarifying Virtual Assets
Virtual Assets are defined as "a digital representation of value that can be digitally traded, or transferred, and can be used for payment or investment purposes.”
Defining VASPs
FATF broadens the definition of VASPs, taking a functional approach to accommodate technological advancements and innovative business models. A “virtual asset service provider” is defined as an entity conducting one or more of the following activities:
Exchanges between virtual assets and fiat currencies
Exchanges between multiple forms of virtual assets
The transfer of digital assets
The safekeeping and administration of virtual assets
Participating in and providing financial services relating to the offer and sale of a virtual asset.
If labeled as a VASP, an entity must implement the AML and counter-terrorism programs of its jurisdiction, be licensed or registered with its local government, and is subject to supervision or monitoring by that government.
Below is an overview of jurisdictional approaches to regulating and supervising virtual asset financial activities and related providers, including tools and other measures for sanctioning or enforcing against persons that fail to comply with their AML/CFT obligations.
Italy
Service providers related to VAs are required to be listed in a special section of the register held by “Organismo degli Agenti e dei Mediatori” (OAM). The registration is a precondition for service providers related to VAs to carry out their activity in Italy.
Finland
VASPs are required to register (authorization) with the Finnish Financial Supervisory Authority (FIN-FSA). The definition of VASPs includes exchanges (both fiat to VAs and between VAs as well as VAs and other goods such as gold), custodian wallet providers, and issuers of virtual currency. The requirements for registration include basic fit and proper checks, requirements for handling customer funds, and simple rules regarding marketing (i.e., an obligation to give all relevant information and an obligation for truthful information). VASPs are obliged entities as defined in the AML Act (444/2017) and were required to comply with AML/CFT obligations from December 1st 2019.
Japan
As a part of its registration procedure, the JFSA assesses applicants’ AML/CFT
programs, with a focus on consistency between the applicants’ risk assessment and
their business plan, through document-based assessment and off-site or on-site
interviews with them.
JFSA conducts the registration process as follows:
sending the questionnaire to applicants, which is published on JFSA website;
based on the answer the applicant provides, JFSA asks further questions and requests evidence, where necessary;
conduct interviews with the board members about their mindset toward risk management as well as the business plan.
proceed with registration examination on a document basis, focusing on: 1) risk management of the VA they will deal with; 2) segregation management of customers' assets; 3) IT system management; 4) AML/CFT regime; 5) outsourcing management; 6) business management including internal audit regime;
based on the results of the previous processes, JFSA makes it a rule to visit the applicant's office to verify the effectiveness of the planned operation of the rules and policies, especially for their risk management regime (on-site examination); and
once JFSA confirms there are no concerns about their operation throughout the entire registration examination, JFSA accepts the application, and then gives registration.
For the full report, please click this link.