During a Plenary meeting held on the 21st of June 2019, FATF finalized their recommendations on cryptocurrency regulation. From now on “virtual asset service providers” (VASPs) – a wide gamut of businesses dealing with cryptocurrencies and tokens, are to follow AML/CFT standards as other financial institutions do.
What is the new FATF regulation?
From the 21st of June 2019 virtual asset service providers will have to pass customer data to one another when transferring funds between companies – a FATF requirement that follows similar demands made by the US financial regulator – FinCEN.
The new guidance puts virtual asset service providers among traditional financial institutions, requiring them to identify the sender/recipient of the funds, sharing it with other providers of virtual assets and law enforcement, perform KYC, due diligence and develop a risk-based approach.
The reasons for enforcing harsher requirements
The new law is crucial for crypto businesses, preventing them from being used for money laundering and terrorism financing. The absolute anonymity of virtual assets has been a burning issue for a long time and a magnet for financial criminals, so the FATF decision was something the crypto space knew was coming.
Who does it affect and how
The new FATF rules will affect all virtual asset service companies – exchanges, funds, custodians, etc. From exchanges to asset management firms, businesses will have to gather customer data in cases with transactions of over $1,000 or 1,000 EUR. To comply, they will have to:
- Identify the sender/recipient of every transaction;
- Provide the details on the funds’ sender/recipient along with each transaction and share that data with the recipient’s service provider and, if necessary, law enforcement;
- Perform KYC and due diligence;
- Develop a risk-based approach that fits the company’s workflow and the demands of relevant regulators such as FATF, FinCEN, etc.
From now on, virtual asset providers will have to find a way to satisfy all the above-mentioned requirements and the applicable regulator demands themselves or with the help of a provider, facing additional compliance costs.