8 Compliance Challenges VASPs Face with FATF’s Recommendation 16

The Financial Action Task Force (FATF) issued an R.16 “crypto travel rule” in June 2019 that requires virtual asset service providers (VASPs) to share beneficiary and originator transmittal data with each other when dealing with virtual assets. To ensure this becomes a reality, a technical solution will have to be built from scratch. 

With the FATF Plenary kicking off this week (16-21 February 2020) and only 4 months remaining till its June 2020 deadline, the race is heating up to find and implement workable Recommendation 16 solutions.

Here are 8 challenges that VASPs striving to comply with FATF will have to overcome. 

1. How will VASPs collect their counterparty’s name and information? 

blockchain handshake

Cryptocurrency technology has no built-in attribution protocol to identify the real identities behind public addresses. Virtual asset ownership is by design pseudonymous or anonymous, with only general data publically viewable on each digital asset’s blockchain. Currently, the only way of collecting a VASP counterparty’s information is to contact them directly and ask for it.

This could lead to incomplete or inaccurate data records due to language barriers, intent to misinform or human error. What is needed is a solution that shares the necessary data automatically, timely and ensures it’s accurate. 

2. How will VASPs verify each other’s identity? 

There is presently no industry standard or measure to ascertain the real-world identities of transacting parties and categorize them as either individual non-custodial wallets or VASPs. VASPs do not currently have an identifiable code similar to say the SWIFT codes that traditional financial institutions use for cross-border transactions.

This makes it currently impossible to verify if a cryptocurrency address is connected to a VASP and therefore subject to the FATF travel rule. 

3. How will VASPs protect user privacy? 

Know-your-customer computer screen

Due to significant security and data privacy considerations, VASPs cannot simply forward their users’ information through conventional electronic communication such as email. The interception of leaking of this personally identifiable information (PII) could have severe repercussions for VASPs and expose them to costly litigation.

Once law enforcement agencies demand that VASPs submit confidential transaction reports and compliance certificates, this will become an onerous and sensitive area that especially European Union-based exchanges, who are grappling with both the 5AMLD and General Data Protection Regulation (GDPR), will need to figure out. 

4. How will VASPs ensure that transfers remain fast enough?

Bitcoin around the world

The fast speed with which funds are exchanged during a crypto transaction, compared to say a traditional cross-border bank transmittal, is one of virtual assets’ most alluring advantages. However, the new data-sharing requirements could severely delay transactions, because VASPs would theoretically have to confirm both the status of their counterparts and verify the accuracy of shared data before agreeing to the transmitting of funds. If the process is not automated, this could cause untenable delays. For example, a VASP counterpart might be located in a different time zone and be unreachable for several hours or longer. 

5. How will VASPs retain their customers?

Cryptocurrencies like Bitcoin are synonymous with privacy and was initially (and are still) propagated by users with strong libertarian ideals, privacy beliefs and a deep aversion to government interference in their finances. Therefore, many VASPs and industry influencers believe that FATF’s amended Recommendation 16 will drive exchange users back “underground” to decentralized P2P wallets, where they can trade funds directly and anonymously with each other. 

6. How will smaller VASPs survive R.16’s costs?

It’s no secret that many smaller VASPs are already struggling to keep afloat financially. Of the world’s top 120 exchanges, two-thirds do not have a strong AML/KYC policy in place. Know-your-Customer (KYC) processes are time-consuming and expensive. 

VASPs traditionally struggle to get banking privileges due to the poor reputation and unregulated nature of the cryptocurrency industry. With new regulations like the R.16 travel rule coming into effect in 2020, and different jurisdictions now requiring VASPs to register domestically in each country at exorbitant costs, most smaller exchanges are likely to perish if Recommendation 16’s associated transaction fees are too high.

7. How will the June 2020 deadline be met?

FATF’s recommendations are created on an international level, yet the organization is leaving the development of legislation in the hands of each jurisdiction at a regional or national level. This makes it likely that several disjointed and different legal systems and approaches will be created that share limited commonality with each other.

This can already be seen in Europe’s recently adopted 5th Anti-Money-Laundering Directive (5AMLD), where countries like the UK, Germany and the Netherlands are taking vastly different approaches to their countries’ frameworks. For example, the UK recently announced that it would forego the June 2020 deadline to give its VASPs more time to comply with R.16.

It’s clear that jurisdictions will greatly vary with the final frameworks they construct to satisfy FATF’s R.16 requirements, therefore ideally, VASPs will have to take a unified approach to develop a global compliance standard that will meet both the FATF and member countries’ approval.

8. How will VASPs deal with regional name variations? 

A seemingly insignificant concern for English speakers can have a far-reaching impact in Asian and Arab countries with languages that use a non-romanized alphabet, for example, Chinese, Arabic, Japanese, Hebrew, Cyrillic, Thai, Greek, Korean and Tamil. 

Huawei CFO Sabrina Meng's passport
Huawei CFO Sabrina Meng held 3 different passports due to name changes (Source: Yahoo.com)

For example, Mandarin Chinese-speaking countries like China, Taiwan, and Hong Kong use different transliteration systems such as Hanyi pinyin, Tongyi pinyin, Wade-Giles, bopomofo and Yale romanization to transcribe individual names in everyday life. This means the same customer’s name can be registered very differently by VASP counterparts. For example, a user’s last name could be spelled either Xu or Hsu, Shih or Shi, Tsai or Cai. Many individuals also use English names in business, which can be used erroneously by different exchanges.

Conclusion

While the challenges discussed above are certainly daunting, they are in no way insurmountable.

Sygna Bridge is an alliance network that offers a simple and elegant solution to the obstacles that FATF’s R.16 implementation presents.

Bridge is a simple API messaging service that helps VASPs to effortlessly and cost-efficiently share compliance data with each other, with minimum disruption to their business operations.

Each alliance member is issued a VASP code (similar to identification codes used in traditional banking) that identifies them to VASP counterparts in the network. In order to speed up the transmittal process, Sygna Bridge helps VASPs share Virtual Asset Account Information (VAAI) automatically but with flexible data privacy settings.

Sygna Bridge's VAAI
Sygna Bridge’s VAAI

During transmittals, Sygna Bridge creates a private and secure off-chain communication tunnel for VASPs to share originator and beneficiary information. Sygna Bridge never has access to any private data.

Sygna's VASP code
Sygna Bridge’s VASP code

Sygna Bridge is currently being piloted by several leading VASPs in Japan, Taiwan, Korea and other FATF jurisdictions around the world.

To learn more about the Sygna Bridge solution, visit Sygna.io and request a demo or complete the contact form.

What are the 9 FATF-Style Regional Bodies (FSRBs)?

A Guide to the EU’s 5th Anti-Money Laundering Directive (AMLD5)