The Financial Action Task Force (FATF) released an updated version of its "A risk-based approach guide to virtual assets and VASPs" in 2021. The guide recommends regulating virtual assets and making AML/KYC laws mandatory for financial institutions dealing with them, similar to traditional financial systems.
The updated version of the guide includes restrictions on virtual service providers and VASPs, as well as regulations to increase oversight. Additionally, there are necessary extensions on what constitutes VASPs, requiring participants to collect a significant amount of information about others' activities and implement KYC measures.
Purpose of Guidance
The updated Guidance on AML/CFT measures for virtual assets (VAs) and VASPs aims to provide comprehensive support to national authorities and private sector entities in implementing the risk-based approach (RBA). The RBA is a crucial framework that enables VAs and VASPs to operate in a safe and secure manner, while mitigating the risks of money laundering and terrorism financing.
The guidance clarifies the application of FATF recommendations to VAs and VASPs, which is particularly important for national authorities in developing regulatory responses to covered VA activities and VASPs. It provides detailed guidelines for designing and implementing a risk-based AML/CFT regulatory and supervisory framework for VA activities and VASPs. These guidelines include preventive measures such as customer due diligence, record-keeping, and suspicious transaction reporting.
Despite some countries having already implemented regulatory regimes, many jurisdictions have yet to establish efficient AML/CFT frameworks. As such, this updated guidance is essential in helping national authorities and private sector entities understand and develop such frameworks, thereby mitigating money laundering risks and ensuring the integrity of the financial system.
Understanding VASPs
Virtual assets have become increasingly popular in recent years due to their speed and efficiency. However, they have also become a target for criminals who use them to facilitate illegal activities such as drug trafficking, fraud, tax evasion, and human trafficking. As a result, the FATF has strengthened its AML and CTF standards to prevent virtual assets from being used for illicit purposes.
VASPs are now required to comply with AML/CTF and other obligations to prevent money laundering and terrorist financing. Failure to comply with these regulations may result in criminal sanctions, and VASPs may be held liable for enforcement.
According to the new FATF guidelines, a virtual asset service provider refers to any natural or legal person conducting one or more of the following transactions on behalf of another natural or legal person as a business:
- Providing exchanges between virtual assets or fiat currencies.
- Transferring between virtual assets.
VASPs are required to conduct due diligence on their customers, which includes identifying and verifying their identity, assessing their risk, and monitoring their transactions. They must also report suspicious transactions to the relevant authorities.
In addition to AML/CTF regulations, VASPs must comply with other obligations, such as data protection, consumer protection, and tax laws. They must also have effective risk management and internal control systems in place to identify, assess, and mitigate risks associated with virtual assets.
The new FATF guidelines aim to ensure that virtual assets are used for legitimate purposes and not for illicit activities. By strengthening AML/CTF standards, VASPs can help prevent money laundering and terrorist financing and promote a safer and more reliable virtual asset market.
Brief Summary of Updated Guidance
In October 2018, FATF updated its Recommendations to include regulations for virtual assets. They introduced two new terms: "virtual asset" (VA) and "virtual asset service provider" (VASP). The updated Recommendation 15 requires VASPs to be licensed or registered, and be subject to effective monitoring or supervision to prevent money laundering and terrorist financing.
In June 2019, the FATF introduced an Interpretive Note to Recommendation 15 to provide more clarity on how their requirements apply to VA activities and VASPs. They also released a first version of their Guidance on the risk-based approach to VAs and VASPs, which was updated in October 2021. This Guidance aims to assist national authorities in creating regulatory and supervisory measures for VA activities and VASPs, while also helping private sector entities understand their AML/CFT obligations and how to comply with them effectively.
The guidance provides information on how countries, VASPs, and other entities involved in VA activities can understand the risks of money laundering and terrorist financing (ML/TF) associated with VA activities. It also suggests taking appropriate measures to address those risks. The Guidance explores how VA activities and VASPs fall within the coverage of the FATF Standards. It includes five types of activities covered by the VASP definition and gives examples of VA-related activities that would fall within the definition, as well as those that would potentially be excluded from the FATF scope. To become a VASP, certain criteria must be met. This includes operating as a business for someone else and engaging in activities related to VA, either by providing them directly or facilitating them.
The document outlines all the responsibilities that VASPs and VAs need to adhere to according to the FATF Recommendations. It clarifies that the terms "funds" and "value" in the FATF Recommendations also apply to VAs, meaning that countries should implement all the necessary measures for VAs, VA activities, and VASPs.
It also provides clear instructions on the registration and licensing requirements for VASPs. It will help VASPs determine which countries they need to be registered or licensed in. Some jurisdictions may require VASPs to be licensed or registered before conducting business in or from their territory. It's important for national authorities to take action against any natural or legal persons who conduct VA activities without the necessary license or registration.
The guidance on VASP supervision clarifies that only competent authorities, and not self-regulatory bodies, are allowed to act as VASP supervisory or monitoring bodies. These authorities should carry out risk-based supervision or monitoring, and have sufficient powers to conduct inspections, demand information, and impose sanctions. International cooperation between supervisors is essential due to the cross-border nature of VASPs' activities and services.
The guidance offers instructions on how to prevent fraudulent activities related to virtual assets. It includes steps that VASPs and other entities involved in virtual asset activities should follow, such as verifying customer information, keeping records, and reporting suspicious transactions. The guidance also provides details on the requirements for occasional transactions under the USD/EUR 1,000 threshold, and the need to securely obtain, hold, and transmit originator and beneficiary information during virtual asset transfers.
Conclusion
A 12-month review process has been agreed upon by the FATF to evaluate the implementation of revised standards. Monitoring the risk situations of both the private sector and the entire virtual asset sector regarding money laundering and terrorist financing, the FATF has created a report that reveals all the findings of this investigation.
According to the report, both the public and private sectors have made significant progress in implementing the revised FATF standards. Additionally, the enforcement of VAsPs and AML/CTF obligations by VASPs has dramatically improved. The fact that virtual assets have a decentralized system is important for regulators to have more control and transparency. The updates published by FATF aim to bring a centralized structure to the virtual asset industry.
Although there are some gaps between regulations and reality, the published updates largely control the money laundering risk and terrorist financing in the virtual asset world.
