On 21 June 2019, the Financial Action Task Force (FATF) published an updated version of its recommendations on international standards on combating money laundering and the financing of terrorism and proliferation (Recommendations), to include an interpretative note, clarifying the application of the Recommendations with regards to virtual assets and Virtual Asset Service Providers (VASPs) (Interpretative Note).
On the same day, the FATF also published guidance for a risk-based approach to virtual assets and VASPs, to explain how the Recommendations apply in the virtual assets space. In addition, this guidance clarifies how financial institutions, such as banks, should apply the Recommendations when they engage with virtual assets or VASPs.
The FATF introduced its proposed amendments to Recommendation 15 in October 2018. The final text is a product of dialogue with the private sector, following a public consultation. The new measures aim to “establish a more level playing field across the virtual asset ecosystem.” At the same time, according to FATF, there is an “urgent” need to prevent misuse of virtual assets for Money Laundering and Terrorist Financing (ML/TF) purposes.
The new rules
The Interpretative Note relates to Recommendation 15, which deals with new technologies. The relevant rules cover both virtual assets and VASPs. VASPs are widely defined to include all persons who, as a business, conduct one of the following activities:
- exchange between virtual assets and fiat currencies;
- exchange between one or more forms of virtual assets;
- transfer of virtual assets;
- safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; and
- participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.
The effect of the new rules is that virtual assets and VASPs are required to comply with the same set of AML/CTF standards that apply to financial institutions in general. Among other things, the Interpretative Note clarifies that:
- VASPs should assess and mitigate ML/TF risks and comply with the full range of required preventative measures, such as: customer due diligence (subject to a USD/EUR1,000 threshold), record-keeping, suspicious transaction reporting and compliance with applicable sanctions, if any.
- VASPs should securely submit originator/beneficiary information when conducting virtual asset transfers.
- VASPs should be licensed or registered in the jurisdiction where they are “created,” at a minimum, and potentially in other jurisdictions where they offer their services and products.
- VASPs should be subject to effective supervision by a national competent authority and not a self-regulatory body.
- Countries should identify, assess, and understand the ML/TF threats stemming from the above activities and apply a risk-based approach to supervision.
- Countries should establish effective and proportionate sanctions for breaches of rules, which should capture not only VASPs, but also their directors and senior management.
The FATF expects countries to implement the updated Recommendations promptly and will be carrying out a relevant review in June 2020. However, it is noted that countries may choose to adopt a stricter approach or ban the relevant activities altogether in their respective jurisdictions.