FATF’s Take on Digital Assets: Updated Guidance and RecommendationsOverviewThe rise of cryptocurrency and other virtual assets has pushed regulatory and supervisory bodies responsible for anti-money-laundering rules around the world to develop new guidance and regulations for persons and businesses involved with such assets. The Financial Action Task Force (FATF)—the pre-eminent intergovernmental organization that addresses money laundering, terrorist financing, and the integrity of the global financial system—recently released a topical update to its Guidance for a Risk Based Approach to Virtual Assets and Virtual Asset Service Providers (Updated FATF Guidance) Among other things, the Updated FATF Guidance:
FATF member countries (including Canada and most other G20 nations) refer to FATF’s recommendations when drafting domestic law. Accordingly, persons in the virtual asset space should be aware of the Updated FATF Guidance, assess its potential implications for their business and consider what measures ought to be taken to ensure compliance, as these FATF Recommendations may become part of domestic law. BackgroundFollowing its creation in 1989, FATF introduced its original Recommendations, which were intended to provide countries a set of comprehensive actions to combat money laundering and, later, terrorist financing. The FATF Recommendations are consistently updated to address new money laundering and terrorist financing risks. For example, in 2018, FATF amended its recommendations to clarify that they apply to financial activities involving VAs and VASPs. FATF has recommended that VASPs be held to the same standard as financial institutions and designated non-financial businesses and professions in certain respects. FATF recommends that countries:
Updated GuidanceThe Updated FATF Guidance advocates for a risk-based approach to the definition of VAs and VASPs, and clarifies when VAs and VASPs will fall within the FATF Recommendations. It also specifically addresses stablecoins, NFTs and DeFi. Defining and Classifying VAsFATF defines a VA as “a digital representation of value that can be digitally traded or transferred and can be used for payment or investment purposes.” While this definition should be interpreted broadly, central bank digital currencies and “digital representations of fiat currencies, securities and other financial assets that are already covered elsewhere in the FATF Recommendations” are considered not to be VAs.
Stablecoins, such as Tether and DAI, have become increasingly popular among cryptocurrency users in recent years, and are less volatile than cryptocurrencies like Bitcoin and Ether as they derive their market value from some underlying external asset, such as gold or the U.S. dollar. According to the Updated FATF Guidance, stablecoins are either a security or a VA, and are therefore subject to the FATF Recommendations. According to FATF, stablecoins share many of the same money laundering and terrorist financing risks as other VAs “because of their potential for anonymity, global reach and use to layer illicit funds.” In the Updated FATF Guidance, FATF also notes that the various entities involved in stablecoin arrangements could be classified as VASPs, depending on their role and the terms of the particular arrangement.
FATF describes NFTs as “digital assets that are unique, rather than interchangeable, and that are in practice used as collectibles rather than as payment or investment instruments.” NFTs are generally considered not to be VAs. However, FATF cautions that the characterization of an NFT depends more on the nature and function of the NFT, rather than the terminology or marketing terms used to describe it. NFTs may be VAs in some cases, such as when they are used for payment or investment purposes. FATF therefore recommends that countries take a functional, case-by-case approach to determine whether an NFT (and any other similarly evolving digital asset) is in fact a VA. Defining and Classifying VASPsVASPs are defined by FATF as: “Any natural or legal person who is not covered elsewhere under the Recommendations, and as a business conducts one or more of the following activities or operations for or on behalf of another natural or legal person:
This definition excludes those who “merely provide ancillary infrastructure” such as cloud data storage providers. FATF says that whether something qualifies as a VASP will depend on the specific circumstances or context. DApps, and more specifically DeFi, are one such example. DApps are “software programs that operate on a blockchain or similar technology.” These applications may “support other protocols, applications, or digital assets and their transfer,” and can facilitate or support the transfer or exchange of VAs. The term DeFi is used to categorize a DApp that offers financial services. The Updated FATF Guidance says that DeFi software in itself is not a VASP. However, DeFi creators, owners, operators and others who maintain control or significant influence over DeFi arrangements may fall within the scope of the VASP definition. This could hold true even if other parties are involved or parts of the process are automated (such as through smart contracts). As with the other digital assets referenced, FATF recommends that countries take a functional approach to DeFi and any associated VASPS, and to be wary of terminology and marketing. Corresponding Measures for Regulators and VASPs to TakeIn addition to clarifying the definitions of VA and VASP, the Updated FATF Guidance outlines how the FATF Recommendations apply to regulators and VASPs. The Updated FATF Guidance recommends that VASPs comply with the preventive measures described in the FATF Recommendations and outlines corresponding obligations. FATF notes that VASPs and other entities involved in VA activities should apply all the preventive measures described in Recommendations 10 to 21. These Recommendations provide specific, practical guidance to VASPs, such as:
The Updated FATF Guidance also recommends that countries and regulators aim to understand and monitor the heightened risks associated with peer-to-peer (P2P) transactions, which are transfers of VAs “conducted without the use or involvement of a VASP or other obliged entity.” To assist in this goal, FATF lists specific P2P risk mitigation efforts for countries to consider implementing, depending on the level of money laundering and terrorist financing risk involved with P2P transfers in that specific country. Key Takeaways
If you have any questions about the information in this blog post or are in need of legal counsel regarding securities or economic crime related issues, please contact a member of the Bennett Jones Fraud Law Group or Financial Services Group. Authors
Please note that this publication presents an overview of notable legal trends and related updates. It is intended for informational purposes and not as a replacement for detailed legal advice. If you need guidance tailored to your specific circumstances, please contact one of the authors to explore how we can help you navigate your legal needs. For permission to republish this or any other publication, contact Amrita Kochhar at kochhara@bennettjones.com. |