Since late 2018, one global organization has been dominating the crypto regulatory landscape and driving the rollout of legislation worldwide. The Financial Action Task Force (FATF) is the world's official anti-money laundering and counter-terrorism-financing (AML/CFT) regulator, created by the G7 in 1989 to combat money laundering, and after the 9/11 attacks, terrorism funding.
This intergovernmental watchdog manages global AML/CFT standards through its 40+9 Recommendations, which its global network of 39 official member countries and 200+ associated jurisdictions must implement domestically in order to be compliant with the FATF Standards. Countries that do not meet the FATF Standards are subjected to higher monitoring and eventually economic sanctions, like Iran and North Korea in recent years.
In late 2018, the FATF finally began to officially focus its attention on crypto by adding the terms "virtual asset" and "virtual asset service provider" (VASP), a collective term for most crypto custodial businesses, to its FATF Standards Glossary.
This was a sign of things to come. In June 2019, the FATF laid the foundation for comprehensive crypto regulation by officially adopting a February 2019 amendment to its Recommendation 16 on Wire Transfers. This new update, referred to as the so-called FATF Travel Rule due to its U.S. origins, requires VASPs to share specific user information with other VASPs for transactions that exceed 1,000 USD in value, much like traditional financial institutions do.
The FATF, under the leadership of its then American president Marshall Billingslea, adopted this new data-sharing requirement from the States' Bank Secrecy Act (BSA) which obligates all financial institutions in the U.S. (apart from banks) to comply with its original version of the Travel Rule (1996), extending to financial transactions over $3,000.
FATF member countries need to ensure they take appropriate action by June 2021 to ensure that VASPs in their jurisdiction comply with the FATF Travel Rule and take a risk-based approach (RBA) to their AML/CFT obligations relating to virtual assets.
As a result, countries have been in a race since 2018 to first study and understand the evolving world of cryptocurrency, its challenges and distill their interpretations into local regulatory and legislative frameworks that also fulfill their AML/CFT obligations with FATF.
To meet the FATF Standards, most countries are now in various stages of rolling out regulations that require VASPs, also called crypto asset service providers (CASPs), to first register with their national financial regulators, and then secondly, receive an official license to operate.
These regulatory obligations differ vastly from country to country, and are too wide to cover in this article. However some commonalities can be found.
Registering as a crypto asset service provider is normally a simple process, meant to create a national database of crypto companies; however, getting licensed is a different story, with each country requiring different and often very stringent obligations for its crypto companies to meet, depending on the type of crypto services they offer, and the scale at which they operate.
These obligations range from ensuring that VASPs create solid AML systems, conduct accurate KYC information from new users, perform adequate customer due diligence (CDD), monitor and report suspicious activity and transactions and offer reputable virtual assets only, to appointing competent compliance staff and meeting certain capital, custody requirements and specific management structures.
How Are Different Countries Regulating Crypto?
Each country regulator puts their own spin on it. In Asia, Singapore and Japan announced progressive crypto regulatory reforms in their Payment Services Acts (PSA), while other countries such as South Korea, Hong Kong, South Africa and the United Kingdom have put forward FATF-aligning proposals that will reform their virtual asset regulations in 2021.
In Europe, the recent Digital Finance Package and Markets in Crypto-Asset (MiCA) are set to create an overarching digital framework to tightly regulate all digital assets before 2024.
In the U.S, certain crypto companies are required to register as a money service business (MSB) with FinCEN, and then further apply for licensing on state-level as a money transmitter, a complex and expensive process depending on which states you operate in.
There is no hiding place for VASPs anymore, as BitMEX found recently to their cost, when the U.S.'s Department of Justice and CFTC charged them with several AML violations for servicing American customers.
What Are the Challenges in Following the FATF Travel Rule?
The FATF Travel Rule though remains the biggest pain point for both countries and VASPs at present. When it was announced in 2019, there was no technology available to facilitate its requirements.
Since then however, several technical solution providers (TSPs) have entered the market, such as CoolBitX's Sygna Bridge, CipherTrace's TRISA, NetKI and Shyft. The two biggest challenges facing both VASPs and TSPs right now, however, are:
1) ensuring interoperability between solutions (so that standardized data can be shared between exchanges using different solutions); and
2) navigating the "sunrise issue," which is the gradual rollout of Travel Rule legislation in different jurisdictions. For example, a VASP A might need to comply under local laws with the Travel Rule while VASP B, located in a different country, doesn't need to yet.
The FATF will reconvene in June 2021 and conduct their second 12-month review on countries’ responses to their Travel Rule requirement. As the date approaches, we can expect to see most FATF members implement their regulatory frameworks to ensure they’re fully compliant.