Insights from FATF's Second 12 Month Review
The FATF just published the second 12 month review of its revised Standards on virtual assets and virtual asset service providers (VASPs), based primarily on two sources:
- A survey of the members of the FATF and its Global Network conducted between March and April 2021. It is important to note that the questionnaire did not assess individual jurisdiction’s compliance with the revised FATF Standards. Merkle Science is a proud participant in and contributor to the survey, providing the FATF with insights and current snapshot of the use of virtual assets in illicit activity.
- A review of the completed mutual evaluation reports (MERs) and follow-up reports (FURs) by the FATF and its Global Network.
Below we have summarised the notable points for global crypto asset businesses and regulators, many of which were predicted by the panellists in our recent FATF webinar featuring speakers from CryptoUK, Notabene, Xreg Consulting and Merkle Science. Our team will be providing a deeper analysis on this 12-month review in the coming days.
The Implementation Gap is Closing
The FATF finds that many jurisdictions, and the VASPs that operate within them, have continued to make progress in implementing the revised FATF Standards, but implementation is still far from sufficient, with particular work remaining among FATF-Style Regional Bodies (FSRBs) jurisdictions.
Out of the 128 FATF jurisdictions, 58 jurisdictions (28 FATF members and 30 FSRB members) self-reported that they had introduced the necessary legislation to implement the revised FATF Standards. 52 of these jurisdictions advised that they had a regulatory regime permitting VASPs, while 6 of these jurisdictions advised that they had prohibited VASPs.
Compliance as an Innovation Catalyst and Competitive Advantage
Evidence has shown that greater regulatory certainty and strong AML/CFT controls at the international level can act as a facilitator to business development and public adoption.
This is in line with Merkle Science’s observations in jurisdictions such as Singapore and Switzerland where clear regulation of crypto assets has led to increased investment in crypto R&D and the development of new products and services such as DBS’s $15 million digital bond STO.
The Trouble with the ‘Travel Rule’
Two years after the FATF revised its Standards, problems surrounding the ‘Travel Rule’ compliance for VASPs appear to have created a conundrum, undermining the effectiveness and impact of the FATF Standards. Two major issues continue to plague this feature of the FATF’s guidance:
- Lack of implementation - most jurisdictions and VASPs are not currently compliant with the ‘Travel Rule’.
- Insufficient holistic and scalable technological solutions available for global ‘Travel Rule’ implementation - progress appears to have slowed in the last 12 months. Only 17 jurisdictions considered that there are sufficient technological solutions to encourage the efficient and effective implementation of the ‘Travel Rule’ in their jurisdiction.
These factors have created a self-perpetuating problem. Lack of implementation reduces the incentive for technical progress; “slow” technical progress is used to justify the lack of national implementation. Currently, only 23 jurisdictions reported that they have introduced ‘Travel Rule’ requirements, of which only 10 reported that they were enforcing these requirements
The Scale of Peer-to-peer (P2P)
The report also includes the first market metrics on P2P virtual assets transactions, using data from seven blockchain analytics companies including Merkle Science. It is worth noting that there was some divergence in the contributor’s data, highlighting that collaborations between vendors could give rise to clearer understanding and more uniform standards.
Metrics indicate that a significant amount of certain virtual assets are transferred on a P2P basis. The proportion of illicit transactions also appears higher for P2P compared with inter-VASP transactions, at least in terms of direct transactions.
Response To Recommendation 15 (R. 15)
The review cites lack of regulatory action by jurisdictions as the key reason why the requirements set out in Recommendation 15 (R. 15) aren’t being met. The recommendation states that countries should apply a risk-based AML/CFT approach to those assets, regulate, monitor, and supervise Virtual Asset Service Providers (VASPs), and facilitate information sharing between authorities.
A third of jurisdictions with FURs/MERs assessing R.15 have taken no or minimal action to implement the requirements. The other two thirds have taken action, but have not implemented the requirements fully. In some cases, it is due to a lack of action specific to virtual assets/VASPs. For example; insufficient risk assessments, the definition of VASP does not cover all five limbs, lack of CDD threshold specific to VA transactions, lack of travel rule implementation and lack of guidance for VASPs.
A minority of jurisdictions have conducted examinations and still, fewer have imposed any enforcement actions.
Further Clarity on DeFi is Called For
More extensive and clearer guidance on decentralized projects is needed from the FATF. Whilst the FATF’s 2019 Guidance set out how the definition of VASP could apply to DApps, the feedback received from the public consultation in March 2021 indicated that many members of the private sector were unaware of this pre-existing guidance. The FATF notes that its Guidance needs to better-articulate its definitions and guidance on DApps and decentralized governance systems, in particular, which activities do and do not fall within the scope of the definition of a VASP.
Feedback from the public consultation highlighted that many projects do not have a central counterparty and that the developers of such protocols should not be considered VASPs. The traceability of public blockchains underpinning DeFi projects was also highlighted, as well as potential blockchain native solutions to support AML/CFT in DeFi projects.
Accordingly, the FATF should further review its draft Guidance to ensure it is providing a clear message on how to apply the standards to decentralized structures, including the definition of a VASP, taking into account the risks, limitations and size of this sector.