As a consequence of crypto market monitoring, the FATF produced updated guidance for a Risk-Based Approach (Guidance) in October 2021. The Guidance is based on a risk assessment of money laundering and terrorist financing with relation to virtual assets (VA) and Virtual Assets Service Providers (VASP).
A VASP is defined as "any natural or legal person who, for or on behalf of another natural or legal person, undertakes one or more of the following activities or operations as a business." The Guidance modifications are the outcome of the FATF's continued work and monitoring of the VA and VASP sectors and their growth in order to avoid money laundering and terrorist financing (ML/TF).
Furthermore, the systemic risk posed by the growing usage of stablecoins is also addressed. Because cryptocurrencies, like national currencies, offer their holders value stability, they are also appealing to professional investors, posing a risk to the financial system. As a result, before introducing a stablecoin, governments, VASP, and other stakeholders are encouraged to identify and examine the dangers of ML/TF.
The FATF expanded the risk-based approach to the crypto industry in the 2015 edition of its recommendations. This method necessitates crypto firms to analyze their AML-related risks and focus resources on high-risk activities, such as operations in high-risk countries.
In 2018, The FATF amended Recommendation 15, extending AML rules to cryptocurrency enterprises such as cryptocurrency exchanges, crypto transfer services, crypto wallets, and ICO issuers. This has the greatest impact on centralized services, i.e., where the platform acts as a middleman in transactions.
The FATF amended its guidelines on virtual assets and released an Interpretive Note to Recommendation 15 in 2019. The papers defined AML duties for virtual asset service providers, including client due diligence, KYC, recordkeeping, transaction monitoring, suspicious transaction reporting, and using a risk-based approach.
As new forms of virtual assets arise and the decentralized financial industry reaches new heights, the FATF sees the need to revise its recommendations in 2021, clarifying the position of non-fungible tokens (NFTs), stablecoins, and decentralized exchanges (DEXs).
The new regulation broadens the scope of the actions as well as the data that crypto businesses must monitor in order to fight money laundering. The task force specifically wants crypto businesses to track and share their users' names and funds, as well as report any questionable transaction behavior to regulators. These monitoring and transparency responsibilities will apply to crypto businesses that provide blockchain-based decentralized finance (DeFi) apps, stablecoins, and services supporting peer-to-peer transactions.
Following are the important aspects noted in the FATF's new guidance:
The FATF urges authorities not to trust crypto sector marketing that vaguely refers to diverse platforms as "decentralized." In order for these platforms to work, there must be a natural, if not legal, person someplace who controls or affects their operations. The word "controls or influences" is important since it provides a framework for determining who should be held accountable under AML/CFT legislation.
According to the FATF, nearly all DeFi systems are still Virtual Asset Service Providers (VASP). FATF provides a comprehensive roadmap for bringing DeFi platforms under regulatory control, including one recommendation that if a DeFi platform actually lacks an entity administering it, a jurisdiction might require that a VASP be installed as its obligated company.
In 2022, the emergence of new DeFi systems is likely to slow. Furthermore, there will almost certainly be legal squabbles between regulators and blockchain entrepreneurs about who "controls or influences" various DeFi protocols. Many organizers of DeFi platforms are also expected to accelerate efforts to become completely decentralized, such as attempting to dissolve on- and off-chain relationships that specific persons may have with platforms.
However, DeFi platforms that operate without adhering to AML/CFT rules, as do other regulated VASPs, will be viewed as riskier operations by those VASPs.
Stablecoin providers, as well as exchanges and custodians that handle stablecoins, will be required to follow all existing standards and undergo extensive anti-money-laundering and anti-terrorism-financing inspections. FATF recommended nations to address risks before launching new stablecoins, and to continue monitoring efforts afterward.
According to the FATF, one significant element defines the risks associated with stablecoins: the possibility for widespread market adoption. Therefore, FATF underlines the need for governments to supervise stablecoin initiatives before they start and ensure that AML/CFT mitigation measures are in place during the planning stage.
Launching a genuinely "global" stablecoin is going to become increasingly challenging in the next year. Regulators are likely to feel a greater sense of urgency in overseeing stablecoin issuers and developing laws and processes particular to this form of crypto assets. Furthermore, although the FATF concentrates on AML/CFT and sanctions legislation, it appears probable that other types of financial authorities will be encouraged to exert their jurisdiction over stablecoins in their various areas of control including securities regulation, consumer protection, etc.
The guideline highlighted peer-to-peer (P2P) transactions (transfers to and from "unhosted wallets") and the possibly increased AML/CFT risks these activities offer. It underlines the need for governments to understand these dangers and how peer-to-peer transactions are used, particularly when new forms of VAs join the market or pre-existing VAs get widespread usage. It also suggests steps that nations might take to reduce these risks.
The guideline also discusses the execution of the travel rule and suggests that VASPs that conduct bitcoin transactions in excess of USD$1,000 reveal certain identifying facts about the receiver. A VASP should be aware of the hazards associated with transfers to/from unhosted wallets and may choose to impose extra limitations or controls on such transactions with unhosted wallets.