FATF Expands Scope and Sets Its Sights on Decentralized Finance Platforms

The Financial Action Task Force (FATF), a global AML watchdog, shook up the cryptocurrency industry in March when it published updated draft guidance for virtual assets (VAs) and Virtual Asset Service Providers (VASPs), dramatically expanding the scope of the guidance.

The biggest impact of the new guidance is the reclassification of smart contract-based decentralized exchanges (DEXs) and other decentralized finance (DeFi) platforms and applications as VASPs. Currently, DEXs operate as information providers. While FATF standards would not apply to the underlying software, the draft guidance would classify DeFi developers and platform operators that stand to gain a direct or indirect benefit as VASPs.

This change is significant because VASPs incur obligations that mirror those to which traditional financial institutions are subject. FATF’s Recommendation 16 says that VASPs must perform due diligence on customers, conduct sanctions screening, and comply with the requirements of the so-called “Travel Rule” for cross-border transactions.

These changes, if finalized in their current form by FATF and adopted by regulators, mean that DEXs and other DeFi platforms would have significant regulatory challenges to meet. At present, the barriers to entry for DeFi platform users are virtually nonexistent. If FATF expands the definition of a VASP, DEXs will need to implement some sort of screening system at a minimum in order to know who is using their platform. Additionally, as Travel Rule requirements are adopted in new jurisdictions, DEXs would also need to transmit and receive beneficiary and sender information.

VASPs that have not implemented the Travel Rule should be considered higher risk; VASPs need to undertake counterparty VASP due diligence before they transmit the required information.

The FATF considers unhosted wallets and transactions in close proximity P2P transactions to be higher risk. FATF’s recommended P2P risk mitigation tactics in high-risk jurisdictions include implementation of the VA equivalent of CTRs, enhanced recordkeeping requirements and enhanced due diligence (EDD) requirements and even the denial of licensing to VASPs if they allow transactions to or from unhosted wallets.

Other key changes in the draft guidance include a focus on stablecoins, such as Diem, and a move to apply FATF standards to stablecoins and to non-fungible tokens (NFTs). NFTs have garnered a lot of attention lately, with digital art selling for tens of millions of dollars. Once considered the electronic equivalent of baseball cards, NFTs increasingly appear to be a potential avenue for money laundering.

Industry bodies, including Travel Rule Information Sharing Alliance, Global Digital Finance and the Chamber of Digital Commerce are working to respond to the draft guidance. FATF held a series of three meetings in April to receive industry feedback. During the first open meeting, held on April 8, 2021, FATF reiterated that the G20 recently committed to strengthening FATF’s mandate, especially with respect to virtual assets. At the April 15 meeting, CipherTrace presented on risky transactions of bitcoin, Ethereum, and Tether to a privacy audience, and the private sector consultant forum on April 20 drew a broad audience of over 250 attendees.

With final guidance expected in mid-June 2021, the cryptocurrency community will be watching closely.

Watch CipherTrace CEO Dave Jevans discuss FATF’s draft guidance with Laura Shin on Unchained.