On June 21, 2019, the Financial Action Task Force (“FATF”), a multi-national, inter-governmental body established in 1989 “to set standards and promote effective implementation of legal, regulatory and operational measures for combating money laundering, terrorist financing and other related threats to the integrity of the international financial system,” issued its Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers (the “Guidance”), i.e. virtual currency and virtual currency platforms.
Although the standards adopted by FAFT and recommended to member countries were telegraphed months prior to issuance of the Guidance, it nevertheless sent shockwaves through the virtual currency market due to FAFT’s adoption of standards many call onerous and others call impossible to meet. Notwithstanding this backlash, at a meeting of members of the Group of Twenty (“G20”) held in Osaka, Japan on June 28-29, 2019, the G20 nations declared they “reaffirm [their] commitment to applying the recently amended FAFT Standards to virtual assets and related providers for anti-money laundering and countering the financing of terrorism.” Thus, member nations will begin the process of crafting regulations intended to carry out the FAFT recommendations.
Started in 1989, FAFT is a thirty-nine (39) member international association organized to develop and recommend measures to combat money laundering and terrorist financing and monitor the implementation of those regulations. Since its inception, FAFT has crafted a comprehensive framework for member countries to implement to prevent and detect money laundering and terrorist financing. This framework takes the form of an international protocol intended to create consistency in the detection and prevention of money laundering and terrorist financing from country to country and encourage cooperation among member countries to combat money laundering and terrorist financing. FAFT has compiled 40 Recommendations to member countries outlining adequate AML policies and approaches, preventative measures, transparency and beneficial ownership, regulatory and institutional compliance, international cooperation and information sharing.
Application to Virtual Currency
In 2012, FAFT issued Recommendation 15, which states that “[c]ountries and financial institutions should identify and assess the money laundering or terrorist financing risks that may arise in relation to (a) the development of new products and new business practices, including new delivery mechanisms, and (b) the use of new or developing technologies for both new and pre-existing products.” While, in the years since, FAFT has issued forms of guidancepertaining to virtual currency, not until October 2018 did it formally revise Recommendation 15 to explicitly clarify that FAFT Recommendations apply to virtual currency and to add two new definitions to the FAFT Glossary: “virtual asset (“VA”)” and “virtual asset service providers (“VASP”).”
Under revised Recommendation 15, FAFT defines “Virtual Asset” as “a digital representation of value that can be digitally traded or transferred and can be used for payment or investment purposes. Virtual assets do not include digital representations of fiat currencies, securities, and other financial assets that are already covered elsewhere in the FATF Recommendations.” A “Virtual Asset Services Provider” is “any natural or legal person who is not covered elsewhere under the Recommendations and as a business conducts one or more of the following activities or operations for or on behalf of another nature or legal person: (i) exchange between virtual assets and fiat currencies; (ii) exchange between one or more forms of virtual assets; (iii) transfer of virtual assets [“transfer means to conduct a transaction on behalf of another natural or lea person that moves a virtual asset from one virtual asset address or account to another]; safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; and participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.”
The Updated Guidance
On June 21, 2019, FAFT issued a long-awaited interpretive guidance setting forth with greater clarity how FAFT Recommendation apply to VA and VASPs. The Guidance included an interpretive guide to Recommendation 15 that “reinforce[d] the fundamental risk-based approach and related obligations for countries and obliged entities in the context of new technologies, in order to clarify its application in the context of Vas, covered VA financial activities, and VASPs.” Recommendation 15 requires countries to identify money laundering and terrorist financing risk in the context of VA and VASPs and assess money laundering and terrorist financing risks “relating to the development of new products and business practices.” The Interpretive Guide goes on to explain that “countries should manage and mitigate the risks emerging from VAs and ensure that VASPs are regulated for AML/CFT purposes, licensed or registered, and subject to effective systems for monitoring and ensuring compliance with the relevant measures called for in the FATF Recommendations.”
As feared by many in the virtual currency business, FAFT’s mandate that countries ensure VASPS are in “compliance with the relevant measures called for in the FAFT Recommendations” means enforcing VASP’s compliance with FAFT Recommendation 16 – the “Travel Rule.” FAFT Recommendation 16 pertains to “wire transfers” and provides that “[c]ountries should ensure that financial institutions include required and accurate originator information, and required beneficial information, on wire transfers and related messages, and that the information remains with the wire transfer or related message throughout the payment chain. Countries should ensure that financial institutions monitor wire transfers for the purpose of detecting those which lack required originator and/or beneficial information, and take appropriate measures.”
Prior to issuance of the Guidance, virtual currency industry insiders strongly advocated against application of Recommendation 16 to virtual currency, arguing that placing such a requirement on the industry “would be pointless at best – when not impossible to follow.” The industry further argued that not only would implementing this requirement be near impossible, it would produce the opposite of its intended effect – driving virtual currency users to unregulated and anonymous platforms. In the face of such criticism, however, FAFT held firm declaring in the Guidance that “the requirements relating to wire transfers and related messages under Recommendation 16 apply to all providers of such services, including VASPs that provide services or engage in activities, such as VA transfers, that are functionally analogous to wire transfers.”
Thus, “all of the requirements set forth in Recommendation 16 apply to VASPs or other entities that engage in VA transfers, including the obligation to obtain, hold, and transmit required originator and beneficiary information in order to identify and report suspicious transactions, monitor the availability of information, take freezing actions, and prohibit transactions with designated persons and entities.” Accordingly, with any VA transfer, VASPS are required to include “(i) originator’s name (i.e. sending customer); (ii) originator’s account number where such an account is used to process the transaction (e.g. the VA wallet); (iii) originator’s physical (geographical) address, or national identity number, or customer identification number (i.e., not a transaction number) that uniquely identifies the originator to the ordering institution, or date and place of birth; (iv) beneficiary’s name; and (v) beneficiary account number where such an account is used to process the transaction (e.g. the VA wallet).”
Furthermore, FAFT reinforced that such information transfer must occur contemporaneously with the VA transfer, explaining “[i]t is vital that countries ensure that providers of VA transfers – whether VASPs or other obliged entities – transmit the required originator and beneficiary information immediately and securely, particularly given the rapid and cross-border nature of VA transfers and in line with the objectives of Recommendation 16.” However, perhaps acknowledging the unique difficulties appending such information to a VA transfer would entail, and the anonymity interests inherent in virtual currency use, FAFT explained that “the required information need not be communicated as part of (or incorporated into) the transfer on the blockchain or other distributed ledger platform itself. Submitting information to the beneficiary VASP could be an entirely distinct process from that of the blockchain or other distributed ledger VA transfer.”
Imposing the Travel Rule on virtual currency transfers elicited immediate doomsday prognostications that Recommendation 16 will send virtual currency “back to the dark age,” exposing confidential user data to the public and undermining the basic purposes and benefits of virtual currency.
However, as the smoke has cleared, innovation is wasting no time rising to the challenge. At least one company has already announced its intention to launch a solution that would allow platforms to transfer know-your-customer (“KYC”) data without exposing personal information and data to the public. In this respect, and as we have noted in a prior blog post, FinCEN reminded those in the virtual currency market in May 2019 that the FinCEN Travel Rule – requiring financial institutions to transmit to each other user data in certain transactions – applies to virtual currency transactions. Thus, virtual currency operators in the United States subject to FinCEN oversight have already been grappling with the issues presented in Recommendation 16. That is, although Recommendation 16 will produce real and significant regulations imposing real and significant burdens, it is likely the compliance roadmap is being charted already.