15 Apr, 2021

ICYMI – FATF Issues Draft Guidance on a Risk-based Approach to Virtual Assets and VASPs

Category: Insight

TLDR – FATF issues draft guidance defining profit-oriented DeFi projects as VASPs. Should member governments adopt these guidelines, the market for DeFi will be fundamentally altered as existing and new projects will be required to abide by compliance rules like more traditional VASPs.

On 19 March 2021, the Financial Action Task Force (FATF), the inter-governmental global money laundering and terrorist financing watchdog, issued draft guidance on decentralized finance (DeFi) projects and non-fungible tokens (NFT) that some analysts believe pose an existential threat to the booming DeFi and NFT markets, as reported by Decrypt.

The FATF redefines money making – as opposed to non-profit – DeFi projects as Virtual Asset Service Providers (VASP), subject to the same KYC and AML provisions as other VASPs and other financial institutions. If the guidelines are adopted by member governments, DeFi projects will need to abide by the compliance requirements to combat financial crime, with enforcement of the new guidelines subject to individual member countries’ laws – whether existing or subject to future modification to allow for alignment with the new recommendations.

Given the peer-to-peer focus of DeFi, most projects have not established a mechanism for KYC and AML compliance as a core competency and retrofitting existing projects will undoubtedly prove challenging.

Under the proposed guidelines, most DeFi projects will need to implement standard FATF recommendations regarding customer onboarding (customer due diligence or KYC); PEPs (politically exposed persons); correspondent relationships; internal controls for the main governance project as well as any foreign subsidiary projects; and reporting requirements for suspicious transactions (STR) to the appropriate domestic FIU (Financial Intelligence Unit).

The key definition is found in paragraph 57 of the FATF document:

“[t]he owner/operator(s) of [a] DApp (Decentralized Application) likely fall under the definition of a VASP, as they are conducting the exchange or transfer of VAs (Virtual Assets) as a business on behalf of a customer. The owner/operator is likely to be a VASP, even if other parties play a role in the service or portions of the process are automated. Likewise, a person that conducts business development for a DApp may be a VASP when they engage as a business in facilitating or conducting the activities previously described on behalf of another natural or legal person. The decentralization of any individual element of operations does not eliminate VASP coverage if the elements of any part of the VASP definition remain in place.” [emphasis added]

 Paragraphs 74 and 75 should also be considered by DeFi projects, respectively quoted in part:

 “Some platforms and providers offer the ability to conduct VA transfers directly between individual users. For platforms and services offering VA transfers between individual users as for all other service providers, the broad reading of the definitions above will decide whether parties to providing such a service are VASPs on a functional basis, not on the basis of self-description or technology employed. Only entities that provide very limited functionality falling short of exchange, transfer, safekeeping, administration, control, and issuance will generally not be a VASP.”

“For self-described P2P platforms, jurisdictions should focus on the underlying activity, not the label or business model. Where the platform facilitates the exchange, transfer, safekeeping or other financial activity involving VAs . . . then the platform is necessarily a VASP conducting exchange and/or transfer activity as a business on behalf of its customers. Launching a service as a business that offers a qualifying function, such as transfer of assets, may qualify an entity as a VASP even if that entity gives up control after launching it . . . The FATF takes an expansive view of the definitions of VA and VASP and considers most arrangements currently in operation, even if they self-categorize as P2P platforms, may have at least some party involved at some stage of the product’s development and launch that constitutes a VASP. Automating a process that has been designed to provide covered services does not relieve the controlling party of obligations.”

Concern over the guidelines center over the FATF’s apparent lack of understanding when it comes to both the function of DeFi – “swapping” versus “transferring” – and the inherent unsupervised nature of P2P (peer-to-peer) transactions.

While NFTs (non-fungible tokens) were not directly addressed in the guidance document, FATF obliquely addressed the emerging market by expressing concern over VAs (virtual assets) that could potentially be used for money laundering and terrorist financing.

 In paragraph 18 of the document, the FATF notes:

 “[This] Guidance takes into account that just as illicit actors can abuse any institution that engages in financial activities, illicit actors can abuse VASPs engaging in VA activities, for ML, TF, sanctions evasion, fraud, and other nefarious purposes. The 2015 VC Guidance, the 2018 FATF Risk, Trends, and Methods Group papers relating to this topic, and FATF reports and statements relating to the ML/TF risks associated with VAs, VA activities, and/or VASPs, for example, highlight and provide further context regarding the ML/TF risks associated with VA activities. While VAs may provide another form of value for conducting ML and TF, and VA activities may serve as another mechanism for the illegal transfer of value or funds, countries should not necessarily categorize VASPs or VA activities as inherently high ML/TF risks. The cross-border nature of, potential enhanced-anonymity associated with, and non-face-to-face business relationships and transactions facilitated by VA activities should nevertheless inform a country’s assessment of risk. The extent and quality of a country’s regulatory and supervisory framework as well as the implementation of risk-based controls and mitigating measures by VASPs also influence the overall risks and threats associated with covered VA activities.”

 Ironically enough, well-known NFT projects address the collectibles and art markets, likely serving as a catalyst for FATF concern, given the problems the high value art market has had with money laundering.

The FATF is accepting comments on the draft guidance through April 2021.

 Decrypt article on the draft guidelines:

Anti-Money Laundering Rules Targeting DeFi, NFTs Could Be Fatal, Analysts Warn – Decrypt

Direct link to the FATF page featuring guidance document:

Documents – Financial Action Task Force (FATF) (fatf-gafi.org)



Related Articles