The Financial Action Task Force (FATF) is updating its Guidance on the risk-based approach to virtual assets (VAs) and virtual asset service providers (VASPs).
The proposed updates have been eagerly anticipated particularly in the DeFi community, as they clarify how the AML/CFT rules apply to peer-to-peer transactions. FATF takes a very broad view of when and how AML/CFT obligations apply to VAs and VASPs.
Although this may not come as a surprise, it does create legal headaches for decentralised applications and their founders. Miners and validators are not considered VASPs (as long as they do not engage in, or facilitate, any VASP activities on behalf of customers). Software developers could, under certain circumstances, be considered a VASP. “Each natural or legal person constituting the governance body could also be a VASP depending on the extent of the influence it may have,” according to the updated Guidance.
“The decentralization of any individual element of operations does not eliminate VASP coverage if the elements of any part of the VASP definition remain in place,” the updated Guidance warns. “The FATF takes an expansive view of the definitions of VA and VASP and considers most arrangements currently in operation, even if they self-categorize as P2P platforms, may have at least some party involved at some stage of the product’s development and launch that constitutes a VASP.”
“For purposes of determining VASP status, launching a self-propelling infrastructure to offer VASP services is the same as offering them, and similarly commissioning others to build the elements of an infrastructure, is the same as building them.”
Focus areas for the consultation are:
1. Does the revised Guidance on the definition of VASP (paragraphs 47-79) provide more clarity on which businesses are undertaking VASP activities and are subject to the FATF Standards?
- Is further guidance needed on how the FATF Standards apply to various business models, as stated in paragraphs 56-59? How should the Guidance further address the challenges in applying the definition of VASP to businesses which decentralize their operations across multiple parties?
- Is more guidance necessary on the phrase ‘for or on behalf of another natural or legal person’ in the FATF definition of VASP? What are the challenges associated with applying the business-customer relationship concept in the VASP context?
- Do the clarifications on the ‘expansive’ approach to the definition of VASP in identifying and policing the ‘regulatory perimeter’ for VASPs provide countries and the private sector with enough guidance? What additional clarity can be given to make the perimeter clearer?
2. What are the most effective ways to mitigate the money laundering and terrorist financing (ML/TF) risks relating to peer-to-peer transactions (i.e., VA transfers conducted without the use or involvement of a VASP or other obliged entity, such as VA transfers between two unhosted wallets) (see paragraphs 34-35 and 91-93)?
- How are peer-to-peer transactions being used for ML/TF purposes and what options are available to identify how peer-to-peer transactions are being used? What role and implications (e.g., benefits) do peer-to-peer transactions and unhosted wallets have in VA ecosystems?
- What specific options are available to countries and VASPs to mitigate the ML/TF risks posed by peer-to-peer transactions?
- Are the risk mitigation measures proposed in the Guidance in paragraphs 91-93 appropriate, sufficient and feasible?
3. Does the revised Guidance in relation to the travel rule need further clarity (paragraphs 152-180 and 256-267)?
- Are there issues relating to the travel rule where further guidance is needed? If so, where? Please provide any concrete proposals.
- Does the description of counterparty VASP due diligence clarify expectations, while remaining technology neutral and not prescribing how VASPs must undertake this process (see paragraphs 172-177 and 261-265)?
4. Does the revised Guidance provide clear instruction on how FATF Standards apply to so-called stablecoins and related entities (see Boxes 1 and 4 and paragraphs 72-73, 122 and 224)?
- Is the revised Guidance sufficient to mitigate the potential risks of so-called stablecoins, including the risks relating to peer-to-peer transactions?
5. Are there any further comments and specific proposals to make the revised Guidance more useful to promote the effective implementation of FATF Standards?
Responses to the consultation can be sent to FATF.Publicconsultation@fatf-gafi.org with subject-line “Comments of [author] on the draft revised VASP Guidance”, by 20 April 2021 (18:00 UTC).
For more information, see FATF’s website here.