"FATF Crypto AML Guidance may put Cryptocurrency Firms at Risk," Blockchain Law Center

On October 28, 2021, the Financial Action Task Force (FATF), an international, intergovernmental anti-money laundering (AML) policy-making body that standardizes financial surveillance rules, released its revised and finalized crypto guidance, calling for jurisdictions worldwide to implement more stringent regulations for crypto firms as a way of preventing money laundering and terrorism financing. While the FATF lacks the power to create binding laws or policies, its proposals significantly influence the content of anti-money laundering and counter-terrorist financing standards globally. For example, one of the agencies that follows FATF's standards guidance is the U.S. Department of Treasury. Thirty-nine countries belong to the FATF, including the United States, China, and a significant portion of Europe. The FATF officially stated that it "expects countries and the private sector to implement FATF standards on Virtual Assets (VA) and Virtual Asset Service Providers (VASPs) as soon as possible."

The new guidance expands both the scope of the activities and the data crypto firms must monitor to combat money laundering. Specifically, the task force requires that crypto firms track and share the identities and funds of their users and report any suspicious transaction activity to regulators. Crypto firms that offer blockchain-based decentralized finance (DeFi) applications, stablecoins, and services supporting peer-to-peer transactions are among the firms who will be subject to these surveillance and disclosure obligations.

Here are the key points highlighted in the FATF updated guidance:

Definition of Virtual Asset Service Providers (VASPs)

Taking an "expansive approach," the updated guidance broadens the definition of VASPs. It provides an explanation of the five activities that cause an entity to be classified as a VASP. The guidance defines a VASP as "any natural or legal person who as a business conducts one or more of the following activities or operations for or on behalf of another natural or legal person: 1. Exchange between virtual assets and fiat currencies; 2. Exchange between one or more forms of virtual assets; 3.Transfer of virtual assets; 4. Safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; 5. Participation in and provision of financial services related to an issuer's offer and/or sale of a virtual asset."

Decentralized finance (DeFi) falls under the VASPs definition and is subject to FATF Standards

The guidelines further explain: "creators, owners and operators or some other persons who maintain control or sufficient influence in the DeFi arrangements, even if those arrangements seem decentralized, may fall under the FATF definition of a VASP where they are providing or actively facilitating VASP services." As a result of this expanded definition, the DeFi developers and companies are now considered to be VASPs simply based on their earning profits through the platform's operations. This means that any party in the DeFi ecosystem that owns or operates DeFi platforms and collects transaction fees or direct payments from a protocol under its control, will be required to track and share users' identities as part of its anti-money-laundering obligations. The updated guidance also calls into question the autonomy of DeFi protocols: "It seems quite common for DeFi arrangements to call themselves decentralized when they actually include a person with control or sufficient influence, and jurisdictions should apply the VASP definition without respect to self-description."

FATF Travel Rule

The updated guidance further clarifies the obligations imposed under the FATF "travel rule." Under that rule, VASPs, such as cryptocurrency exchanges, digital wallet providers, and financial institutions who deal with crypto assets, will be required to disclose customer data regarding the parties involved in a cryptocurrency transaction.

Stablecoins

The updated guidelines also reaffirmed that stablecoins are subject to FATF's standards. The FATF further added that companies involved with stablecoin arrangements could qualify as VASPs and will be required to comply with anti-money-laundering rules.

The guidance updates may result in significant changes to the regulation and governance of the cryptocurrency industry. Various representatives in the crypto sector have criticized the guideline, raising major concerns about its impact on customers' privacy, about its slowing or skewing cryptocurrency innovation, and about difficulties VASPs face in complying with the guidance due to the nature of digital-asset technology and blockchain.

DISCLAIMER: This article was originally published by McGonigle PC prior to their combination with Davis Wright Tremaine LLP.  The article is published here with permission.