On October 28, the Financial Action Task Force (FATF) released a final version of the updates to its 2019 Guidance for a Risk-Based Approach for Virtual Assets and Virtual Asset Service Providers (VASPs), which bear on anti-money laundering (AML), information gathering, reporting and other obligations. See our earlier post here. These updates, originally scheduled for release in June 2021, were postponed to allow additional time to consider and incorporate feedback from the virtual asset industry based on draft guidance released in March 2021. Although the updated guidance is contained in a densely packed 111 pages, there are several notable points that are readily apparent:
- In describing the parties which qualify as VASPs and, consequently, should have AML, information and reporting obligations, the updated guidance focuses on parties that provide “control of virtual assets.” References made in previous drafts to “facilitating” or “governing” transfers of virtual assets are no longer included in the description of VASPs. These adjustments indicate that the FATF acknowledged input from the virtual asset industry that terms like “facilitating” or “governing” were ambiguous could unintentionally encompass parties that were not in a position to fulfill the obligations set forth in the guidance. Notably, though, other portions of the guidance still rely on terms such as “actively facilitates” and “may qualify,” which will likely receive criticism for ambiguity.
Similarly, draft U.S. federal legislation about information and reporting obligations for digital asset transactions that relies on the phrase “effectuating transfers of digital assets” within the definition of “Broker” sparked significant criticism for being ambiguous and over inclusive.
- The updated guidance also goes further to confirm types of parties that should not have information gathering and reporting obligations. Persons who “merely provide ancillary infrastructure,” such as “verifying the accuracy of signatures,” will not ordinarily fall within the definition of a VASP. The updated guidance also deleted explicit reference within descriptions of VASPs to parties who launch a software-based decentralized exchange tool but “give up control after launching it.” The deletion of this example suggests that the FATF is now less inclined to consider these types of parties subject to the various obligations described in the guidance.
- The updated guidance also confirms that the “full requirements” of the travel rule—which is the nickname given to the obligation of financial institutions to record and exchange identifying customer information during financial asset transfers—does not apply when a VASP transfers virtual assets to parties that are not considered VASPs. Presumably, the FATF recognized that VASPs are not positioned to reliably and efficiently comply with the travel rule during transfers involving parties such as “unhosted wallets”—meaning wallets that are not controlled by regulated entities. However, the confirmation is qualified that the “full requirements” of the travel rule do not apply, leaving some uncertainty about what portion of the obligations still apply during these types of transfers.
It is important to remember that the standards contained in FATF guidance are not law nor are they binding on their roughly 40 member countries. The member countries must enact corresponding legislation or rules to give the standards legal effect. Nonetheless, the standards often indicate the types of laws or rules that countries home to some of the largest financial systems in the world will adopt. In fact, member countries may adopt laws even stricter than the standards set forth in FATF guidance. Switzerland, for example, issued guidance in 2020 that applies the full requirements of the travel rule for digital asset transfers between a regulated entity and a non-regulated entity (e.g., an unhosted wallet)—creating an obligation on the regulated entity to obtain identifying information about the owner of the unhosted wallet. As noted above, the updated guidance from the FATF confirms that the “full requirements” of the travel rule should not apply to these transfers.
Feedback from the virtual asset industry on these points and more aspects of the updated guidance should be expected after there has been time to digest the extensive document and compare it to previous drafts.