The Financial Action Task Force (FATF) at the end of June released its latest status report on the implementation of its recommendations on anti-money laundering (AML) and counter-terrorism financing (CTF) as pertains to cryptocurrencies or virtual assets. Called the “Targeted Update on Implementation of FATF Standards on Virtual Assets and Virtual Asset Service Providers (VASPs)”, the report touches on three main areas:
- the state of public sector implementation of FATF standards for virtual assets (VAs) and VASPs
- the state of implementation of the FATF Travel Rule
- updates on emerging risk areas in the industry.
Importantly, FATF will review efforts in June 2023 and once again stressed that the private sector should strengthen interoperability efforts between technological solutions, and “ensure flexibility to accommodate for nuances in domestic requirements.” This is something that Sygna and all leading Travel Rule solutions like Shyft, Notabene, TRISA, VerifyVASP and others are actively working on achieving.
Licensing and Regulating VASPs
The FATF report notes that the “vast majority” of countries have still not managed to fully implement FATF’s Recommendation 15 & Interpretive Note 15, which require the regulation and supervision of VASPs for AML/CTF purposes. It explains that out of the 53 jurisdictions assessed by the organization since June of last year, improvements are still needed in the majority, especially in the areas of AML/CTF risk assessment as well as prevention. This follows a similar negative assessment during the FATF’s second 12-month review in 2021 of the crypto industry’s implementation of its non-binding guidances. For a recent breakdown of where countries stand, see our State of FATF Travel Rule 2022 report.
So far, there has yet to be one jurisdiction that has received a rating of “fully compliant.” However, there has been progress, according to FATF, with a 4% year-on-year jump from June 2021 to 2022 (39% to 43%) in terms of countries that have introduced licensing and registration frameworks for VAs and VASPs.
The FATF’s Crypto Travel Rule
The FATF Travel Rule, also referred to as the Crypto Travel Rule, is a 2019 update to FATF’s Recommendation 16 that states that VASPs should share originator and beneficiary data on transactions above a $1,000 threshold. While FATF’s recommendations are non-binding, they are generally followed, as member countries wish to remain on the organization’s whitelist.
However, there is some leeway in how exactly the recommendations are implemented, and there has been some variance in the Crypto Travel Rule threshold set by different jurisdictions, with the US setting it at $3,000, while the EU appears to be opting for no threshold at all with its Markets in Crypto Assets framework (MiCA).
In its recent report, FATF makes clear that in the years since Recommendation 16 was expanded from wire transfers to crypto, we have seen inadequate progress in its adoption. As of last March, just 29 jurisdictions had enacted relevant regulations, while only 11 had begun enforcement and supervision. Although roughly a quarter of FATF’s total of 98 responding jurisdictions are in the middle of the regulatory process, another third have not even started.
The organization is concerned that these gaps will prolong the so-called sunrise problem, which refers to the holes left in the regulatory net by the different legislative timelines in various jurisdictions. With most nations still non-compliant with Recommendation 16, international transfers between VASPs may run into hurdles. As patchwork solutions to the sunrise problem, FATF proposes grace periods with exemptions as well as risk-mitigation measures on the part of VASPs.
The organization points out that private firms (of which Sygna can be considered an example, with our Sygna Bridge Travel Rule compliance service) have come a long way in terms of the technological solutions they are able to offer VASPs. The report adds that ensuring interoperability between the multitude of compliance tools on the market must remain a priority.
Market Developments and Emerging Risk Areas
In addition to FATF’s immediate concerns, which relate mostly to licensing regimes for VASPs and the worldwide rollout of a well-synchronized Crypto Travel Rule, the organization also pays some attention to sectors of crypto that it has not yet been able to address fully.
While FATF acknowledges that its guidelines do not apply to software and thus a decentralized finance (DeFi) protocol in the truest sense would be outside its current regulatory scope, it points out that many of today’s DeFi platforms are only decentralized in name, and as such, there may be persons and entities involved to which AML/CTF rules for VASPs should apply.
To ensure the relevance of current/CFT Standards, FATF will continue to monitor developments in DeFi,particularly the emergence of truly decentralized DeFi entities, and to create a constructive dialog on “common AML/CFT implementation challenges, risk assessment, and good practices.”
With a nod to the growth in the non-fungible token (NFT) market, FATF mentions that this sector has become a risk for illicit finance, with money laundering and wash trading especially common. The report also notes that varying definitions of an NFT in different markets could also present a problem for regulators. Whether an NFT qualifies as a VA continues to depend on if it is used as a form of payment or investment rather than as just a collectible. Expect a clearer stance on this in the future.
According to FATF, Several notable developments for the NFT market include:
- the expansion of NFT markets and applications, and specifically non-financial entrants
- the increased number of active wallets which have bought or sold an NFT, despite decreasing global 2022 NFT sales
Discrepancies in NFT definitions and functions across jurisdictions can create a challenge to implement AML/CFT regulations in practice.
As clarified per FATF’s October 2021 update, NFTs that are unique, and used in practice as collectibles rather than as payment or investment instruments, are not VAs generally speaking for the purpose of the FATF Standards.
Nevertheless, jurisdictions should apply the FATF Standards on VAs to NFTs in cases they perform the same function as VAs (used for payment or investment purposes). Due to the rapid progress of NFT markets and their forms and functions, FATF will continue to monitor developments closely.
Peer-to-Peer (P2P) Transactions and Unhosted Wallets
For P2P transactions, FATF maintains its October 2021 Updated Guidance strategy to only monitor associated risks, such as illicit actors moving to P2P and exclusively unhosted wallets or non-compliant VASPs that fall outside of the scope of the FATF Recommendations.
Currently, the FATF does not see it necessary to update the FATF Standards, but FATF will continue to monitor emerging risks, including the possibility of criminals using only P2P transactions, without ever involving VASPs or on/offramps to the traditional fiat currency.
FATF once again highlighted the growing importance of stablecoins, especially in the DeFi sector, and said it remained “vigilant” to shifts in market developments for stablecoins, and will continue to continue to facilitate discussion between jurisdictions and other standard-setting bodies on implementation issues as stablecoin liquidity increases.
What’s Next for FATF and Crypto Asset Regulation?
As part of its assessment, FATF lists several priorities for crypto regulators going forward, with the short-term emphasis placed on expanding the adoption of both Recommendations 15 and 16. The organization encourages its member states to share their best practices and says that it will do its best to facilitate discussions between relevant parties, mentioning as well the need for some flexibility.
The report adds that it will continue to be on the lookout for new developments in the world of DeFi in NFTs and will give special attention to how crypto is being used in ransom payments.
Importantly, FATF says it will assist efforts on cross-border implementation and review progress again in June 2023.
With no clear consequences on the horizon for delayed rollouts of the Crypto Travel Rule, it makes sense that many jurisdictions are dragging their feet when it comes to compliance. In addition, there is not necessarily enough technological know-how to go around, and lawmakers in some countries may be apprehensive about over-regulating a sector they may not adequately understand.
As more time goes by without proper frameworks in place to halt illicit crypto flows, damage to the credibility of the industry will continue to mount. It’s essential that the impediments to a sound regulatory structure worldwide are removed at pace with the development of the sector.
For crypto compliance service providers, the task at hand remains to educate and help onboard VASPs, and also to foster greater interoperability between each other’s solutions, a request expressed by FATF during its first 12-month review in 2020.
Sygna has been hard at work to integrate market-leading blockchain analytics, sanction and transaction screening services into its Sygna Hub and Gate AML platforms from the likes of Elliptic, Chainalysis and most recently Coinfirm. Also, has and is building interoperability with the like TRISA and the industry’s biggest Travel Rule solutions in order to create a global network of verified VASPs (more partnerships coming in Q3 and Q4 2022). In the last year, two Sygna clients, Independent Reserve and Coinhako were granted operating licenses in Singapore by MAS.
CoolBitX’s Sygna aims to deliver the highest information and data security standards to help VASPs meet their evolving compliance needs and remains at the forefront of the digital asset industry’s AML compliance transformation.
It boasts three interoperable compliance offerings:
- Sygna Bridge, the Travel Rule protocol with its own VASP network
- Sygna Hub, the new full-service AML platform with integrated third-party solutions from leading service providers
- Sygna Gate, a SaaS browser-based gateway that requires no integration
In April 2021 Sygna Bridge achieved ISO/IEC 27001 certification, the globally recognized ISMS as well as a favorable review by ACCESS, the Singaporean blockchain association, in 2020. All Sygna products are now ISO/IEC 27001 certified.
Sygna Bridge, which is included in both Hub and Gate, is a simple API-based messaging service that enables VASPs to securely share all FATF R.16 Travel Rule-required originator and beneficiary transmittal information with one another through a private and secure tunnel, with support for all compliant virtual assets.