skip to Main Content

Revised FATF Standards on Virtual Assets 12-Month Review

Jurisdictions Race to Implement Regulation Regimes for Virtual Asset Service Providers while Industry Develops Travel Rule Solutions

On June 24, 2020, the Financial Action Task Force met, albeit virtually, for the third and final Plenary meeting under President Xiangmin Liu, of the People’s Republic of China, to review progress towards implementing new anti-money laundering guidance for virtual assets and virtual asset service providers (VASPs). Details of the session released in FATF’s 12-Month Review of the Revised FATF Standards on Virtual Assets and Virtual Asset Service Providers offered a hopeful outlook for VASPs and the greater cryptocurrency community.

The scope of the review highlights three main assessment areas: emerging market trends and money laundering risks, public sector implementation and enforcement of the revised Standards, and private sector development and adoption of a Travel Rule compliance mechanism.

Impressed with the public and private sector’s response, FATF recognized the strides that have been taken to implement FATF guidance related to virtual assets and VASPs globally. Commending VASPs for their extensive efforts over the past year in developing a technological solution that supports Travel Rule compliance but reaffirmed the importance of the swift development of a compliance mechanism.

FATF decided to not revise previous recommendations related to virtual assets or VASPs but has documented the need for future continued direction.  Reassessment of progress towards a Travel Rule solution and further guidance is slated for June 2021 at the next 12-month review under the incoming German President, Marcus Pleyer.

Market Trends and Money Laundering Typologies: A Privacy Coin Quandary

In line with previous assessments, the volume of criminal activity involving virtual assets is low. Involving primarily one type of virtual asset, a wide variety of crimes were reported, with narcotics-related crime and fraud such as investment scams, blackmail, and extortion being most common

The risk landscape is defined by two major vulnerabilities: VASPs operating in unregulated jurisdictions, and tools to anonymize transactions.  FATF notes the use of DNS registers that suppress or redact the true owners of domain names, tumblers, mixers, and privacy coins present continued money laundering and terrorism financing concerns. Anonymity coupled with the instantaneous and cross-border nature of virtual assets has piqued the interest of professional money laundering networks, using virtual assets to layer illicit funds and obscure their origins.  Specially, they raised concerns about “VASPs failing to implement adequate controls to mitigate risks involved with anonymity-enhanced virtual assets.”

Jurisdictions with established regulatory regimes for virtual assets and VASPs have noted an up-tick in regulatory offenses such as unlicensed financial services, and record-keeping and reporting violations.  However, as FATF relies on voluntary implementation and enforcement of its Standards, the allotted 12-month period was too short to assess any new trends driven by emerging regulatory frameworks.

Public Sector: Government Implementation of Crypto AML/CFT Regulations

Determined by voluntary, self-assessment, the public sector shows clear direction towards adopting and implementing FATF’s revised Standards.  Out of the 54 responding FATF and FATF-Style Regional Body (FSRM) member jurisdictions, 32 jurisdictions reported having existing AML/CFT regulations for Virtual Asset Service Providers, 13 jurisdictions reported having regulations in development, and 5 jurisdictions indicated the prohibition or potential near future prohibition of VASPs.

The report further notes that of 32 jurisdictions with established virtual asset service provider AML/CTF regimes, 30 have established  either licensing or registration regimes, with 18 jurisdictions advising that their regulations extend to VASPs incorporated overseas that offer products or services to customers in their jurisdictions.  Within jurisdictions that have begun licensing and registration procedures for VASPs, most reported less than ten registered VASPs, while a small minority of jurisdictions reporting over 100 VASPs. Over 1000 registered or licensed VASPs were reported from 20 jurisdictions alone.

45 Jurisdictions Have Already Developed AML/CFT Regulations for VASPs

Concerns related to decentralized exchanges and regulatory responsibility have prompted a need for further guidance to determine the extent of AML/CFT requirements for VASPs within their respective jurisdictions.

Supervisory regimes have been implemented in 31 of the 32 jurisdictions with established regulatory frameworks, taking the form of central banks, tax authorities, or specialized organizations.  Fifteen jurisdictions reported that their respective supervisory regimes have begun conducting on- and off-site inspections, with eight jurisdictions reportedly already imposing penalties for AML/CFT violations.

Travel Rule Review

Adoption and enforcement of the Travel Rule across FATF jurisdictions have been limited, with jurisdictions citing a lack of scalable technology solutions that encompass all compliance requirements for VASPs.  While FATF endorses a technologically neutral stance, the policymaking-body acknowledged evidence of multiple up-and-coming solutions—drawing attention to an industry initiative attempt to standardize messaging systems within the VASP community.

Despite optimism, FATF recognizes the major barriers to implementation, such as identifying counterparty VASPs, broader compliance for private and unhosted wallets conducting transactions with VASP customers, batch processing of data, interoperability challenges, and the sunrise problem.  Offering few immediate solutions, FATF’s Virtual Asset Contact Group—a working group designed to monitor and engage the virtual asset sector—reaffirmed commitment to partnership with the industry to identify and promote solutions to current and future obstacles as both VASPs and regulators push forward towards Travel Rule implementation. Calling upon the community to further diversity and redouble their efforts to engage reluctant VASPs and identify remaining issues, FATF expects significant progress towards a deployable Travel Rule solution throughout the next 12-months.

In the race to find a Travel Rule compliance mechanism, industry collaboration is key—with open-source initiatives proving to be frontrunners that target integration and usability across VASP protocols while safeguarding security and privacy values.

Promising solutions include The Travel Rule Information Sharing Alliance (TRISA), which has already implemented interVASP IVMS101 message standard and is collaborating with PayID, OpenVASP, Shyft and BIP75.

Continued open dialogue and cooperation between VASPs and regulatory oversight will be essential as both the private and public sectors wade through uncharted territory towards a safer, more secure, and accessible digital payment system worldwide.

Future Risk Mitigation Strategies for Virtual Assets and Virtual Asset Service Providers

The report pointed to concerns with user and transaction volume associated with stablecoins and the lack of private and public sector AML/CFT infrastructure to deal with an influx of such activity.

Further exasperated by the lack of AML controls placed on activities outside of VASPs-to-VASP transfers, the FATF suggested risk mitigation strategies such as:

  • transaction or volume limits on peer-to-peer transactions
  • requiring transactions utilize an intermediary VASP or financial institution,
  • or the most severe—banning or denying the use of unhosted wallet transfers.

Over the next 12-month review period, the ongoing assessment will continue to understand the changing risk landscape and provide further guidance to limit money laundering and terrorist financing opportunities that unhosted wallets offer.  FATF encourages the industry to be proactive when adopting new products, services, and technologies to ensure continued commitment to AML/CFT obligations and prepare for future regulatory constraints.

FATF Next Steps for Crypto AML/CFT Compliance Under the German Presidency

This meeting was the third and final under the presidency of Xiangmin Liu of China. The organization will next be led by Germany’s Marcus Pleyer. Germany promises to push for more rigorous anti-money laundering and laid out five focus areas for their Presidency:

  • Digital Transformation of AML/CFT
  • Financing of ethnically or racially motivated terrorism
  • Money laundering and migrant smuggling
  • Environmental crime
  • Illicit arms trafficking

Under the German Presidency, the FATF will continue to build on the virtual asset standards that have already been introduced. Part of Germany’s plan for the digital transformation of AML/CFT is to launch an initiative to monitor virtual asset risks. Unlike previous presidency’s, this one will last two years not just one. This initiative will include two studies on opportunities and challenges for VASPs/VAs to implement AML/CFT more efficiently, and a take stock of  current VASP/VA data pooling and analysis for AML/CFT.


FATF’s full report can be accessed here:

Back To Top