FATF 3rd Follow-Up Report: U.S. Crypto Regulation “Largely Compliant”, but with Deficiencies


On 31 March 2020, the Financial Action Task Force (FATF) released its latest follow-up report on the United States, which aims to align the U.S.’ anti-money laundering and counter-terrorism funding (AML/CFT) policies with its FATF Standards.

This is the States’ 3rd enhanced follow-up report and first technical compliance re-rating since its 2016 Mutual Evaluation Report (MER). The FATF’s follow-up report praises but also offers improvements for the regulation of virtual assets (also known as digital assets) in the States.

While the FATF now finds the United States “largely compliant” with its updated guidances like the Recommendation 15 on New Technologies, it has highlighted a few “minor deficiencies” and “technical gaps” still associated with virtual assets that may enable bad actors to evade AML/CFT efforts.

This is an area that U.S. regulators like FinCEN and the SEC are still struggling to build a cohesive and clear framework for, due to its complexity and swift-changing nature.

FATF 3rd Enhanced Follow-Up Report & Technical Compliance Re-rating on US

In their latest report, officially monikered the “3rd Enhanced Follow-Up Report & Technical Compliance Re-rating”, the FATF again assessed the States according to its technical compliance of the FATF’s non-binding 40 Recommendations, an AML/CFT bible followed by its 200+ associated countries.

The FATF found the U.S. to be compliant on 9 recommendations, largely compliant (LC) on 22, partially compliant (PC) on 5 and non-compliant (NC) on 4. 

U.S. Technical ComplianceRated Recommendations
Compliant (C)9
Largely compliant (LC)22
Partially compliant (PC)5
Non-compliant (NC)4
U.S. flag with cryptocurrencies bitcoin

FATF says U.S. virtual asset regulation “largely compliant”, but…

The FATF report praises the United States for their improved regulation of virtual assets as follows:

“US authorities understand and are aware of the ML/TF risks emerging from virtual assets. Aside from various taskforce and working groups set up to consider the risks, their risk understanding is also reflected in their 2018 National Money Laundering Risk Assessment and National Terrorist Financing Risk Assessment, as well as the 2018 National Strategy for Combating Terrorist and Other Illicit Financing.”

The task force also singles out FinCEN’s May 2019 guidance on Convertible Virtual Currencies (CVCs) as “a good overview of the existing regime and regulatory expectations with regard to CVC providers in the U.S.”

Recommendation 10 &15: Minor deficiencies and technical gaps

However, in its assessment of the U.S.’ compliance with Recommendation 10 on Customer Due Diligence and Recommendation 15 on New Technologies, the FATF flagged the following “minor deficiencies” and “technical gaps”: 

  • The U.S. money transmitter licensing threshold might be too low. While FATF recommends a $1,000 threshold to its member countries before transmittals have to be recorded in detail, the United States’ Customer Due Diligence (CDD) regulation only requires this from companies who are involved in transactions exceeding $3,000. According to the G20 watchdog, the U.S.’ three times higher threshold is not conclusively supported by low money laundering and terrorism funding risks. There is a risk that bad actors can operate under the radar. 
  • While FinCEN and the IRS have examined various leading convertible virtual currency (CVC) providers and individual P2P exchangers since 2014, they fail to specifically identify higher-risk virtual asset service providers (VASPs).
  • These VASPs may fall under the U.S.’ wider money service business (MSB) framework, but it may not be enough as only 30% of registered CVC providers have been subjected to inspection over the last 6 years. Therefore it is unclear whether the U.S.’ current approach is “sufficiently risk-focused”. 
  • The FATF commends the fact that the U.S.’ various policies and agencies do cover the 5 types of virtual asset service providers as identified by the FATF, however, they do not explicitly cover VASPs that are incorporated in the States but don’t actually do business there. This presents a technical gap: a States-based VASP who only deals with non-U.S. companies can therefore potentially circumvent U.S. regulatory requirements. 
  • Another deficiency identified is that investment advisors (IA) are still not covered by the country’s Bank Secrecy Act (BSA). 

The U.S. “non-compliant” on 4 Recommendations

The FATF also found that the United States is still non-compliant on:

  • Recommendation 22: customer due diligence and record-keeping requirements for designated non-financial businesses and professions (DNFBPs)
  • Recommendation 23: other measures for DNFBPs
  • Recommendation 24: transparency and beneficial ownership of legal persons
  • Recommendation 28: regulation and supervision of DNFBPs


The FATF’s latest follow report illustrates how difficult it can be for countries to get their house in order when it comes to domestically regulating virtual assets.

Proof in point: In 2019 the SEC, CFTC and FinCEN made strong plays, occasionally as a united front, to rein in and punish VASPs and MSBs not adhering to the rules of the Bank Secrecy Act, as individual money transmitter Eric Powers can attest to.

In October 2019, the leaders of these three regulators also issued a joint statement on digital assets and were mentioned in the Crypto-Currency Act of 2020 draft bill as the three potential “Primary Federal Digital Asset Regulators” in the U.S. 

While good progress has been made, there are still regulatory blindspots where “minor deficiencies” and “technical gaps’ can allow some of crypto’s bad actors to slip through the cracks and evade the authorities.

With the FATF’s Recommendation 16 Travel Rule for VASPs set to come into effect officially by July 2020, the U.S.’s follow-up report provides a good benchmark for other countries to compare their efforts against. 

Why a Fed-issued Digital Dollar nearly made the U.S. Congress' $2 Trillion Stimulus Bill

South Africa's IFWG and CAR WG Publish FATF-Compliant Crypto Asset Regulatory Framework