Does blockchain technology carry risks of money laundering and terrorist financing? The Financial Action Task Force (“FATF”) responds affirmatively. In October 2021, FATF published an Updated Guidance for a Risk-Based Approach (“Guidance”), as a result of crypto market monitoring. The Guidance is based on the assessment of the risk of money laundering and terrorist financing regarding the regulation and supervision of virtual assets (“VA“) and Virtual Assets Service Providers (“VASP“).
The amendments to the Guidance are the result of the FATF’s ongoing work and oversight of the VA and VASP sectors and their development, to prevent money laundering and terrorist financing (“ML/TF”). States should assess and mitigate the financial risks associated with VAs and VASPs, and subject VASPs to licensing or registration, as well as oversight. The Guidance should assist states and the VASP in the fight against organized crime, corruption and terrorism and enable the effective application of the FATF Standards (“Standards“), likewise in the financial sector.
The FATF does not seek to regulate technology associated with VA or VASP, but the activities of natural or legal persons related to digital assets.
The Guidance clarifies the definition of VA and VASP, instructing national regulators to broadly define VA and VASP (functional approach). Thus, VA implies a digital form, which can be digitally traded or transferred and used for payment or investment purposes, while VASP means a natural or legal person who in the form of business activities performs activities related to digital assets for or on behalf of another natural or legal entity. It is important to note that peer-to-peer transactions (“P2P”) are not subject to auditing within the Standards. This is because the Standards generally place obligations on intermediaries, rather than on individuals themselves. Considering the definition of P2P transactions, the reasoning is clear per se.
Furthermore, the systemic risk of the increasing use of stablecoins is addressed. Since these cryptocurrencies provide their holders with value stability, like national currencies, they are also attractive to professional investors, thus bringing risk to the financial system. Therefore, states, VASP and other stakeholders are invited to identify and assess the risks of ML/TF before launching stablecoin.
Furthermore, guidelines are provided for resolving the risk of ML/TF in P2P transactions, for licensing and registration of VASP and the application of the so-called travel rule. The travel rule implies the obligation of VASP to implement procedures that will enable the identification of originator and beneficiary of digital currencies (this is a similar procedure as transferring funds in banks when it must be known who received the money and who sent the money). The procedure involves sharing data on the transaction, originator, and beneficiary (name, address, and account details) between providers. In this regard, an interesting question arises as to the permissibility of such a solution from the point of view of personal data protection. Except for the hereinabove, the Guidance specifies that the travel rule does not apply to transaction fees and transactions with automatic refunds.
The Guidance clarifies the application of preventive measures by VASP and other obliged entities that engage in /or provide VA activities covered by the Guidance. An example of such measures is Customer due diligence – collecting data on the type and scope of the transaction, frequency of transactions, use of software that allows the IP address to remain hidden, the size of the transaction, its members, record-keeping of all transactions, international cooperation, etc.
The Guidance also provides an overview of various legal solutions in the regulation and supervision of VA and VASP, and within the fight against ML/ TF. Italy and Finland introduced the registration of VASP, as a precondition for performing activities related to digital assets, while Japan has a special procedure that precedes VASP registration. The procedure includes checking financial documentation, interviewing boards of directors regarding their position on risk management, etc.
Finally, the Guidance discusses the principles of information exchange and cooperation between national authorities supervising VASP (Principles of Information-Sharing and Co-operation). Thus, supervisory authorities should quickly and constructively exchange information with their foreign colleagues, regardless of their nature or status as well as differences that exist in the nomenclature or status of the VASP. The given principles are not binding, but they serve to ensure fast and constructive exchange of information.
To conclude, FATF actively monitors the dynamics of the cryptocurrency market development and related risks to ensure a timely response of national regulatory authorities and obligors regarding ML/ TF, and to protect the stability of not only national but also global financial flows. In the following period, a reaction of the domestic legislator can be expected to harmonize with the amendments to the Guidance.
Authors: Miodrag Jevtić, Žarko Popović, Jasmina Glavšič. Teodora Ristić