In June 2019, the Financial Action Task Force (FATF) published its updated guidance, clarifying the applicability of FATF Recommendations to virtual currencies and Virtual Asset Service Providers (VASPs). In contrast to earlier guidance, which highlighted a subset of FATF Recommendations relevant to covered entities, this document maintained the following:
“[a]lmost all the FATF Recommendations are directly relevant to address money laundering/terrorist financing (ML/TF) risks associated with virtual currencies and VASPs, while other Recommendations are less directly or explicitly linked to virtual currencies or VASPs, though these are still relevant and applicable. VASPs therefore have the same full set of obligations as financial institutions or designated non-financial businesses and professions.” 1
Most notable is the applicability of Recommendation 16—wire transfer requirements—which mirrors the US’ travel rule. This rule was designed when bank wire transfers were the sole means of transferring value globally, and involves the inclusion of specified information together with the interbank transaction message. Recommendation 16 imposes that covered entities obtain, hold and transmit required originator and beneficiary information immediately and securely when conducting virtual currency transfers. Recognising the potential for conflict with existing legislation, the document notes, “relevant authorities should co-ordinate to ensure that this can be done in a way that is compatible with national data protection and privacy rules.”
Some view the travel rule’s applicability to virtual currencies and VASPs as merely applying the same set of rules to all entities engaged in the transfer of value, a common-sense regulatory approach to ensure consumer safety and a level playing field. However, others view it as a wholesale application of old rules to new technology, especially since the original rules were designed to fit the technical capabilities of the earlier, pre-existing and fully developed wire transfer technology. From an “institutional” perspective, entities performing the same function should be subject to the same rules. However, from a “technological” perspective, wholly new technology warrants new regulations. These clashing perspectives will shape the response of national regulatory authorities as they decide how to interpret and implement these new FATF requirements. As evidenced by the following jurisdictional updates, it became clear in 2019 that financial authorities in some jurisdictions are willing to diverge from the FATF standards and take a more stringent approach.
In May 2019, the Financial Crimes Enforcement Network (FinCEN) issued a new interpretive guidance, reminding those subject to the Bank Secrecy Act (BSA) how FinCEN’s regulations related to money services businesses (MSBs) apply to certain business models involving convertible virtual currencies (CVCs). It does not establish any new regulatory expectations or requirements but consolidates existing regulations, administrative rulings and guidance since 2011, and then applies these to other common business models involving CVCs. Furthermore, it outlines numerous business models that may or may not be exempt from the definition of money transmission, depending on the nature of their activity. Unlike the approach taken by several nations, this updated guidance by FinCEN is largely consistent with the new 2019 FATF guidance. Alignment between American regulators and FATF is perhaps to be expected, as this intergovernmental body has long been the channel through which the US has attempted to develop a globally standardised anti-money laundering (AML) regime.2
The potential for divergent interpretations of European AML regulations by member states was demonstrated by a recent announcement from the central bank of the Netherlands, the De Nederlandsche Bank (DNB). Citing the new EU AML laws, DNB announced that beginning 10 January 2020, companies or persons involved in the conversion of virtual assets to fiat currency, or that offer virtual asset deposit services, will be required to self-register with DNB. The order applies to all firms serving Dutch customers—regardless of whether they are established in the Netherlands or not.3
Although the interpretation of the EU’s Fifth Anti-Money Laundering Directive (5AMLD) requirements concerning virtual assets is clearly within the discretion of individual states, DNB states that these new far-reaching measures are meant to comply with new EU rules. The result is that any virtual asset entity serving Dutch nationals will be subject to AML assessments from DNB, which will consider past actions of each company in addition to “the specific function, the nature, size, complexity and risk profile of the country, and the composition and functioning of the collective.”
Perhaps indicative of a willingness by EU members to align their AML regimes with their national interest rather than with FATF. It has been reported that local Dutch VASPs are happy with the regulation. According to one local founder, “bad actors will not be able to live up to the DNB standards, helping mature the market with their exit.”4 The regulations have been reported as “good for local companies,” and have had the potential to block competitors from Germany, France and elsewhere. This Dutch assertion of monetary sovereignty—the ability to retain some political control over the movement of money within and across national borders—perhaps foreshadows a global shift away from deference to FATF toward the introduction of national AML regimes that are tailored to the interest of each individual legislative or monetary authority. The future development of anti-money laundering and combatting the financing of terrorism (AML/CFT) laws will likely be heavily influenced by this tension between the furtherance of national interests and the need for some global standardisation.
As with the Netherlands, Canadian regulators will soon be expanding their licence and registration requirements to include foreign MSBs that provide services to persons or entities in Canada. Previously, such reporting was only required if the entity in question had a “real and substantial connection” with Canada, a legal test involving indicators such as having incorporation, agents, a physical location, a bank account, or a server in Canada for carrying out MSB activities. Now, beginning 1 June 2020, foreign MSBs will be required to report to Canadian authorities all transactions above certain thresholds where the originator or beneficiary is a person or entity in Canada. These new regulations significantly widen the scope Canadian AML/CFT laws, as these will soon apply to multi-national organizations with exposure to Canada.5
Like DNB, Switzerland appears ready to diverge from both the US and FATF. In August 2019, the Swiss Financial Market Supervisory Authority (FINMA) published additional guidance, “Payments on the blockchain,” which addressed the application of AML regulatory requirements to virtual asset payments for financial service providers under FINMA’s supervision. Consistent with FATF Recommendation 16 and FinCEN’s travel rule, Article 10 AMLO-FINMA requires that information about the client and beneficiary be transmitted with payment orders. The guidance indicates that under this rule, receiving intermediaries will have the opportunity to check the name of the sender against sanction lists and return the payment in the event of information discrepancies.
FINMA maintains that because this provision must be interpreted in a “technology-neutral” way, it applies equally to services based on blockchain technology. As with FATF, FINMA acknowledges that it is “not necessary for the information to be transmitted on the blockchain.” However, FINMA goes much further than FATF’s standards in that no exception is provided for payments involving what are termed “unregulated wallet providers,” the rationale being that such an exception “would favour unsupervised providers and would result in supervised providers not being able to prevent problematic payments from being executed.” Despite using the phrase “unregulated wallet provider,” FINMA makes it clear that this term is meant to encompass non-custodial wallet. If an institution supervised by FINMA is not able to send and receive the information required in payment transactions, such transactions are only permitted from and to external wallets if these belong to one of the institution’s own customers. Furthermore, FINMA requires that the ownership of external wallets “must be proven using suitable technical means.”6
This new guidance is highly significant as it marks the first attempt to bring personally held, non-custodial virtual asset wallets within the purview of AML/CFT requirements, should they interact with VASPs. While it remains to be seen how VASPs and other jurisdictions respond to this new approach, FINMA’s latest guidance could potentially lead to a dramatic widening of the regulatory net being cast upon the virtual asset space.
In July 2019, the Financial Conduct Authority (FCA) published an updated guidance on crypto assets. This policy statement focused on whether a given crypto asset would fall within the FCA’s regulatory perimeter, independent of whether it fits the criteria of traditional currency. Notably, it responded to questions from earlier guidance regarding regulatory applicability of the three identified types of virtual currencies. While emphasising that individual determinations must be made on a case-by-case basis, the FCA maintained that exchange tokens usually fall outside of their regulatory perimeter, utilities tokens would sometimes fall within it and security tokens would most often fall within it.
In response to a small number of respondents who highlighted that certain exchange tokens—particularly those whose volatility has been stabilised—can be used to facilitate regulated payments, the FCA introduced a new taxonomy to clarify regulatory applicability:
- Security tokens provide rights and obligations akin to specified investments as set out in the Regulated Activities Order, excluding e-money.
- E-money tokens meet the definition of e-money (FCA Handbook PERG 3A.3).
- Unregulated tokens are tokens that do not meet the definition of either security tokens ore-money and can take numerous forms.
The new category of “unregulated tokens” includes those previously referred to as “utility” or “exchange” tokens, but these latter categories can also fall within the FCA’s regulatory perimeter via classification as either a security or e-money token.
Guidance was provided on the regulatory treatment of what have come to be known as “stablecoins,” with the FCA maintaining that “depending on what they are backed with, how they are arranged and how they are structured, will fall in different categories of our taxonomy” (security, e-money, or unregulated). These determinations must be made on a case-by-case basis. However, it was noted that even “activities performed ‘with unregulated tokens’ may still be subject to regulation, for instance AML requirements.”7
With the UK government preparing to transpose the 5AMLD, prospective AML requirements were an additional area of focus. These regulations will introduce an AML regime for crypto assets, including exchange tokens. The UK government has authorised the FCA to be the supervisor of this regime, a separate responsibility from their existing or potentially expanded regulatory perimeter. The 5AMLD will be transposed into UK law by 10 January 2020 to introduce AML requirements to certain crypto asset activities. These laws’ specific content remains uncertain, but the government has announced that the UK may go beyond the scope of both, the 5AMLD and FinCEN recently published guidance in 2019 to include a wider range of entities. The breadth of this potentially additional coverage is yet to be determined, but a significant divergence from FinCEN or FATF’s 2019 positions—as seen in both the Netherlands and Switzerland—would further complicate the global regulatory landscape.
A Way Forward
The relative ease by which ill-gotten wealth can be mobilised and transferred using virtual currencies is a global issue, one that requires nations to collaborate in their efforts to combat money laundering. This will require a relatively consistent approach to AML; otherwise, criminals will remain mobile by exploiting a fragmented regulatory environment. The regulatory landscape is changing rapidly, and this trend will likely continue. The final adoption and enforcement of regulations guided by FATF’s recent 2019 guidance, the EU’s 5AMLD in January 2020, and the UK’s transposition of the EU rules all have the potential to shake up the industry in a serious way. Regulatory responses from the Netherlands, Canada, and Switzerland point towards a willingness to diverge from FATF’s standards, should domestic legislative or monetary authorities perceive it to be in their national interest.
Sovereign considerations appear poised to add much regulatory complication to the ongoing global “war” against ML/TF. To some, this growing “smorgasbord” of regulations may seem like an impediment to the virtual currency industry’s growth. However, an intensifying regulatory environment may simply be a testament to the breadth of transformation expected from this new technology, and the gradual recognition of this fact by political authorities—a necessary hurdle. However, as demonstrated by the Netherlands and Switzerland, these recognitions can lead to divergent outcomes.
Virtual currencies and their underlying technologies will be poised to expand further if the industry can establish trust with governments, regulators, financial institutions (FIs) and the public. This can occur when global minimum standards—together with local laws, regulations and enforcement provisions—work to create a system of credible accountability. Regulatory inconsistencies create unnecessary discontinuity between the traditional financial sector and the virtual currency industry, often causing many companies in the virtual currency space to have difficulty acquiring and keeping the necessary banking relationships for their businesses. Virtual currency service providers with weak AML/CFT controls worsen this problem for those with appropriate compliance programs, as de-risking efforts by traditional FIs lump the former entities together with the latter. Consistent regulations that emphasise public safety are needed without stifling innovation and business growth, things that the public at large has a strong interest in maintaining. For this reason, efficient and pragmatic regulations that draw from the knowledge of both responsible virtual currency operators and law enforcement can best handle the related ML/TF risks.
It is important that representative authorities be exposed to a balance of perspectives, such as the “institutional” and “technological” perspectives mentioned above. Rather than relying on FATF to provide detailed steps to implement its Recommendations adequately, national political authorities should seek input from a wide range of domestic market participants. Financial regulation has long been a matter of expertise left to specialised delegated administrative authorities. However, given the transformative nature of virtual currencies and their underlying technologies, the vital topic of their regulation requires fresh consideration from representative political authorities at all levels.
Thus far, national regulators have taken measures to mitigate risks associated with virtual currencies, such as placing controls on the industry and its participants. A consistent approach to global minimum standards is critical, but it is also important that regulators tailor their framework to mitigate risks that are unique to virtual currencies. In addition, political authorities will seek to retain the flexibility necessary to align their regulatory treatment of cryptocurrencies with their national interests, which will differ across countries for strategic reasons—as evidenced by the new Dutch and the Swiss regulatory approaches which diverge from FATF. This panoply of considerations is another reason why political engagement from all levels of society, from individual citizens to the highest levels of representative government, is paramount.
A wholesale application of legacy legal standards from the traditional financial industry to the new and innovative virtual currency space is unlikely to be warranted. Such a move could stifle growth and cause much unnecessary reporting and the associated privacy concerns. A potential way forward is to reconcile the “institutional” perspective (same function, same rules) and the “technological” perspective (different technology, different rules), by instead focusing on risk—e.g., same risk, same rules. This would involve a side-by-side comparison of traditional wire transfer and virtual currency technology, with a view as to how technological and institutional differences between them create different risk profiles, both at point-of-use and downstream. For example, unlike bank wire transfer data, much virtual currency transaction data is publically stored on an immutable ledger, allowing a degree of traceability potentially greater than is possible at banks.
If such differences meaningfully alter the ML/TF risk profile of virtual currencies, any regulations thereof should be crafted with this differential taken into consideration. Such an approach would be highly consistent with FATF’s longstanding emphasis on a “risk-based approach.” A cohesive starting point is necessary for effective virtual currency regulation. However, in the long run, a flexible and far-sighted regulatory strategy, one that can grow alongside the technology, will undoubtedly yield better outcomes for society than a one-size-fits-all approach.
Matthew Alexander, analyst-compliance, Tether, Matthew@tether.to
Julian Arriagada, manager-compliance, Tether, Julian@tether.to
Yasmin Ibrahim, analyst-compliance, Tether, Yasmine@tetehr.to
Contributor: Leonardo Real, chief compliance officer, Tether, email@example.com
- “FATF Guidance for a Risk-Based Approach,Virtual Assets and Virtual Asset Service Providers,” 21 June 2019, FATF, https://www.fatf-gafi.org/media/fatf/documents/recommendations/RBA-VA-VASPs.pdf
- Liliya Gelemerova, “On the frontline against money-laundering: the regulatory minefield,” 3 December 2008, Springer Link, https://link.springer.com/article/10.1007/s10611-008-9175-8
- William Foxley, “Crypto Firms Serving Netherlands Must Register with Dutch Central Bank,” 4 September 2019, CoinDesk, https://www.coindesk.com/crypto-firms-serving-netherlands-must-register-with-dutch-central-bank
- William Foxley, “Netherlands may Block Foreign Crypto Firms under Anti-Money Laundering Laws,” 10 September 2019, CoinDesk, https://www.coindesk.com/dutch-interpretation-of-eu-anti-money-laundering-rules-may-block-foreign-firms
- “To MSB or not to MSB: An Analysis of FINTRAC Guidance on the Interpretation of Money Service Business,” May 2019, KPMG, McCarthy Tetrault, https://www.mccarthy.ca/sites/default/files/2019-05/To%20MSB%20or%20not%20to%20MSB.pdf
- “FINMA Guidance: stringent approach to combating money laundering on the blockchain,” 26 August 2019, FINMA, https://www.finma.ch/en/news/2019/08/20190826-mm-kryptogwg/
- “FCA Provides clarity on current cryptoassets regulation,” 31 July 2019, Financial Conduit Authority, https://www.fca.org.uk/news/press-releases/fca-provides-clarity-current-cryptoassets-regulation