In October 2018, the Financial Action Task Force (FATF) adopted changes to its Recommendations to explicitly clarify that they apply to financial activities involving virtual assets (VAs) and virtual asset service providers (VASPs), who must now be regulated for anti-money laundering and combating the financing of terrorism (AML/CFT) purposes.
In a recent report, the FATF presents the key considerations in the regulation of VAs and VASPs, provides important Recommendations, and highlights the wider potential impact on entities such a financial institutions.
What is a virtual asset (VA)?
The FATF defines a virtual asset (VA) as:
A digital representation of value that can be digitally traded, or transferred, and can be used for payment or investment purposes. Virtual assets do not include digital representations of fiat currencies, securities and other financial assets that are already covered elsewhere in the FATF Recommendations.
What is a virtual asset service provider (VASP)?
The FATF defines a virtual asset service provider (VASP) as:
Any natural or legal person who is not covered elsewhere under the Recommendations, and as a business conducts one or more of the following activities or operations for or on behalf of another natural or legal person:
- exchange between virtual assets and fiat currencies;
- exchange between one or more forms of virtual assets;
- transfer of virtual assets (i.e. a transaction on behalf of another natural or legal person that moves a virtual asset from one virtual asset address or account to another;
- safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; and
- participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.
Key areas requiring regulation
In June 2019, the FATF adopted an Interpretive Note to Recommendation 15 to further clarify how the FATF requirements should apply in relation to VAs and VASPs. Key areas include:
- The application of the risk-based approach (RBA) to VA activities or operations and VASPs;
- Supervision or monitoring of VASPs for AML/CFT purposes;
- Licensing or registration;
- Preventive measures, such as customer due diligence, recordkeeping, and suspicious transaction reporting, among others;
- Sanctions and other enforcement measures; and
- International co-operation.
A risk-based approach
The FATF provides Guidance on the application of the risk-based approach (RBA) to VAs and VASPs intended “to help both national authorities in understanding and developing regulatory and supervisory responses to VA activities and VASPs, and to help private sector entities seeking to engage in VA activities, in understanding their AML/CFT obligations and how they can effectively comply with these requirements.”
The Guidance document:
- Provides examples of risk indicators that should specifically be considered in a VA context, and highlights the key elements required to qualify as a VASP.
- Describes the application of the FATF Recommendations to other entities that engage in VA activities such as financial institutions and banks.
- Clarifies that all the value-based terms in the FATF Recommendations such as “funds” must also apply to VAs.
- Explains the VASP registration or licensing requirements, particularly how to determine in which jurisdiction/s VASPs should be registered or licensed
- Highlights how national authorities are required to take action to identify persons that carry out VA activities without the requisite license or registration.
- Makes clear that only competent authorities can act as VASP supervisory or monitoring bodies, (not self-regulatory bodies) and stresses the importance of international cooperation.
There is a strong focus on the need for all stakeholders to understand the ML/TF risks associated with VA activities and take appropriate mitigative actions.
The FATF provides a number of Recommendations specific to operational and law enforcement:
- Suspicious Transaction Reports (STRs) filed by VASPs (or other entities such as financial institutions operating in the VA space) must be filed with the FIU (AUSTRAC in Australia).
- FIUs should be able to obtain timely financial, administrative and law enforcement information from reporting entities in their jurisdiction, which includes VASPs.
- Authorities should be able to access all necessary documents and information help by VASPs, and should have powers to use compulsory measures for the production of records.
- Authorities should have effective mechanisms in place to identify a VASP’s assets, without prior notification to the owner.
- Authorities should establish guidelines to assist VASPs and other concerned entities in applying appropriate AML/CTF measures and reporting suspicious transactions.
The FATF provides a number of Recommendations specific to international cooperation:
- International cooperation between countries and competent authorities is essential in effectively regulating VA activities and the VASP sector
- Effective cooperation will also help to ensure market fairness (e.g. limit jurisdiction hopping)
- Countries should have in place the tools and mechanisms required to effectively cooperate with each other, including being able to provide:
- Mutual legal assistance
- Help in identifying and confiscating proceeds of crime (VAs as well as traditional assets)
- Provide effective extradition assistance in the context of VA-related crimes
- Supervisors of VASPs should engage in timely and constructive exchange of information
- FIUs should co-operate and exchange information on relevant STRs with their counterparts in a timely manner, especially in relation to cross-border VA activities or VASP operations
- Sufficient oversight and regulatory control of VASPs is critical to ensure effective international cooperation