Founded in 1989, the Financial Action Task Force (FATF) is an independent inter-governmental body that develops and promotes policies to protect the global financial system against money laundering, terrorist financing and the financing of proliferation of weapons of mass destruction. The FATF Recommendations are recognized as the global anti-money laundering (AML) and counter-terrorist financing (CFT) standard. Not only does FATF set recommendations, but it also evaluates countries based on their performance.
In October 2018, the FATF added two new definitions for a virtual asset (VA) and virtual asset service provider (What is a Virtual Asset Service Provider (VASP)? A Virtual A... More) to its glossary. In 2019, the FATF released its VA guidance and has continued to review and update this guidance based on feedback from the industry. The guidance was last updated in October 2021, and is intended to help national authorities, VASPs, financial institutions and other entities involved in virtual asset activities understand their AML/CFT obligations and how they can effectively comply with these requirements.
FATFs definition of a VA
A virtual asset [VA] is a digital representation of value that can be digitally traded, or transferred, and can be used for payment or investment purposes. Virtual assets do not include digital representations of fiat currencies, securities and other financial assets that are already covered elsewhere in the FATF Recommendations. Source: Glossary of the FATF Recommendations
So…What would and what wouldn’t be a VA?
|What ARE examples of VAs||What ARE NOT examples of VAs|
FATFs definition of a VASP?
Virtual asset service provider [VASP] means any natural or legal person who is not covered elsewhere under the Recommendations, and as a business conducts one or more of the following activities or operations for or on behalf of another natural or legal person:
- exchange between virtual assets and fiat currencies;
- exchange between one or more forms of virtual assets;
- transfer of virtual assets (moves a VA from one virtual asset address or account to another);
- safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; and
- participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset. Source: Glossary of the FATF Recommendations
So…What would and what wouldn’t be a VASP?
|Businesses or Services that ARE a VASP||Businesses or Services that ARE NOT a VASP|
Why is it so important to correctly define a VASP?
Once an entity is classified as a VASP, thus falling within the scope of the FATF standards, this triggers a wide range of regulatory requirements:
- Must be licensed or registered at minimum in the jurisdiction(s) where they are created. Some jurisdictions have additional requirements at local levels;
- Requires countries to ensure that VASPs develop, assess, and mitigate AML/CFT preventive program(s) to identify and verify customer identity, set policies, procedures, record keeping, training, reporting, internal controls, compliance officers and independent review;
- Introduces the “Travel Rule” (Recommendation 16). It requires regulated entities to conduct customer due diligence (Recommendation 10) and ensure that certain information about the parties to a transaction over EUR 1,000 “travel” with the transaction to the receiving entity including: (i) the name of the originator, address or national ID, (ii) the name of the beneficiary; and (iii) an account number for each, where used to process the transaction, or a unique transaction reference number. The Travel Rule should apply to VA transfers between two obliged entities (e.g., two VASPs or a VASP and a traditional financial institution), but will not necessarily applyto transactions between a VASP and an In their Interpretive Letter #1172, the Office of the Comptr... More (a crypto-wallet that is not held with or managed by a third-party financial institution or other regulated entity);
- Report suspicious transactions under the Bank Secrecy Act or other regulation.
Closing, FATF recommends that VA activities be analyzed based on the services provided rather than whether they fit into the specific wording of the definitions. The guidance notes “countries should not apply their definition based on the nomenclature or terminology which the entity adopts to describe itself or the technology it employs for its activities. The obligations in the FATF standards stem from the underlying financial services offered without regard to an entity’s operational model, technological tools, ledger design or any other operating feature.”
FATF updated guidance Oct 2021: https://www.fatf-gafi.org/media/fatf/documents/recommendations/Updated-Guidance-VA-VASP.pdf
FATF’s Easy Guide to FATF Standards and Methodology: https://www.fatf-gafi.org/media/fatf/documents/bulletin/FATF-Booklet_VA.pdf
Relevant CipherTrace blog post (08 Jan 2021): https://ciphertrace.com/what-exactly-is-a-