FATF Targets Decentralized Finance in Its Revised Guidance on Virtual Assets

The FATF has drafted revised guidance on virtual assets. If finalized, new types of crypto services could fall under AML regulation, so businesses better pay close attention. In this article, we explain how you can prepare for possible changes to your jurisdiction.
FATF Targets Decentralized Finance in Its Revised Guidance on Virtual Assets

On March 19th, 2021, the Financial Action Task Force (FATF), a global AML standard-setting authority, published a draft of their updated Guidance for a risk-based approach to virtual assets and virtual assets service providers.” The document is set to be finalized by November, 2021, after the FATF considers industry feedback. 

If adopted, the new guidance could significantly impact regulations on virtual assets and virtual asset service providers in countries following FATF Standards. This includes NFT marketplaces, stablecoin providers, and decentralised crypto platforms falling under AML obligations. 

How FATF guidance on virtual assets affects crypto businesses 

The FATF issues guidance to help national regulators apply FATF Recommendations. This also helps crypto businesses understand and effectively comply with AML/CFT obligations. As with other FATF documents, the guidance is not legally binding. It’s on national regulators to decide whether to implement the guidance word by word, if at all.

Still, countries tend to use FATF guidance as reference for their crypto AML regulations. According to a FATF review, published in July, 2021, 58 out of 128 reporting countries apply FATF Recommendations to their crypto AML regulations.

It’s a good idea for crypto businesses to keep an eye on FATF guidance to be prepared for possible changes in their jurisdictions. Otherwise, businesses may leave themselves open to penalties, as implementing KYC tools may take time—even when outsourced.

How the FATF’s approach to cryptocurrencies evolved over time 

In the 2015 version of its guidance, the FATF extended the risk-based approach to the crypto sector. This approach requires crypto businesses to assess their AML-related risks and concentrate resources in hazardous activities, such as operations in high-risk countries. 

In 2018, the FATF updated Recommendation 15, expanding AML requirements to crypto businesses, including cryptocurrency exchanges, crypto transfer services, crypto wallets, as well as ICO issuers. This primarily impacted centralised services, i.e. where the platform operates as an intermediary in transactions. 

In 2019, the FATF issued an Interpretive Note to Recommendation 15 and revised its guidance on virtual assets. The documents clarified AML obligations for virtual assets service providers, namely customer due diligence, KYC, recordkeeping, transaction monitoring, suspicious transaction reporting,  and applying the risk-based approach.

FATF Targets Decentralized Finance in Its Revised Guidance on Virtual Assets

Now, as new types of virtual assets emerge and the decentralized finance industry hits all-time highs, the FATF sees the need to amend its guidance, clarifying the status of non-fungible tokens (NFTs), stablecoins, and decentralised exchanges (DEXs). At the same time, the primary AML/KYC requirements for crypto businesses remain as established in 2019.

Thinking about starting an NFT business? Get Sumsub’s NFT Handbook and learn from our Chief Legal Officer, Tony Petrov, about AML compliance for NFT markets

Revised guidance on virtual assets: what are the main updates proposed?

The draft guidance more specifically defines “virtual assets” and “virtual asset service providers”, expanding the list of businesses that might fall under AML regulations. It expands AML obligations to any service relating to virtual assets, not just centralized platforms. If the changes are finalized and adopted, decentralized platforms will also fall under the AML scope. This will force many businesses to implement some form of KYC, even for services that originally promised to remain fully anonymous.

Click the toggles for more details.

Who is affected: Decentralised services (DEXes, DApps, P2P platforms and self-hosted wallets providers).

Current guidance: Decentralised services fall under the scope of FATF Recommendations, though their AML obligations  are unspecified

Potential changes: Owners/operators of decentralised services may fall under AML regulations if they operate as a business and exchange/transfer/store virtual assets on behalf of customers. Developers who create software/protocols for decentralised platforms won’t fall under AML obligations. 

How businesses can prepare: Company-wide AML programs can be developed ahead of time. This includes hiring a compliance officer, drafting internal policies, implementing KYC tools and transactions monitoring, as well as evaluating client risk profiles.

Who is affected: Providers of stablecoin-related services 

Current guidance: Stablecoins are not covered by FATF Recommendations or the current guidance. Still, in a June 2020 report to the G20 on so-called stablecoins, the FATF already recommended regulating them as virtual assets or traditional financial assets. 

Potential changes: The FATF could designate stablecoins as either virtual assets or traditional assets. Accordingly, providers of stablecoin-related services may fall under AML regulations. Developers who create software for stablecoin-related services won’t be covered by AML obligations. 

How businesses can prepare: Company-wide AML programs can be developed ahead of time. This includes hiring a compliance officer, drafting internal policies, implementing KYC tools and transactions monitoring, as well as evaluating client risk profiles.

Who is affected: NFT marketplaces and other non-transferable, non-exchangeable, and non-fungible assets. 

Current guidance: NFTs fall under the scope of FATF Recommendations, but without detailed clarification of their status.

Potential changes: NFTs may be designated as virtual assets if they are sold on secondary markets. Operators of NFT marketplaces may fall under AML regulations in their local jurisdictions. 

How businesses can prepare: Company-wide AML programs can be developed ahead of time. This includes hiring a compliance officer, drafting internal policies, implementing KYC tools and transactions monitoring, as well as evaluating client risk profiles.

Who is affected: Businesses handling virtual assets.

Current guidance: The Travel Rule obliges virtual asset service providers to conduct KYC on senders and recipients during transfers of virtual assets. They also have to perform sanctions screening and be prepared to freeze/prohibit transactions.

Potential changes: Crypto businesses may be required to implement KYC for the sender and the recipient for any transaction involving virtual or fiat currency, including those between:

  • two virtual asset service providers;
  • a virtual asset service provider and another AML/CFT-obligated party (bank, e-payment provider);
  • a virtual asset asset service provider and a non-obligated party (unhosted, private wallets).

Firms will continue to be required to perform sanctions screening and freeze/prohibit transactions. 

How businesses can prepare: Even if a recipient provider is not yet AML/CFT-obliged, the sender provider can suggest they both comply with the Travel Rule as part of a business agreement.

Sign up for our Newsletter

Thank you for subscribing to our newsletters.

FATF Targets Decentralized Finance in Its Revised Guidance on Virtual Assets

We are always happy to help you in case of any questions.

Feel free to contact us at [email protected]

Thanks for contacting us!

We will get in touch with you shortly.

Be up and running in minutes.

Questions? Schedule some time to talk with one of our experts.

This contact form is available only for logged in users.