It has been almost eight months since the Financial Action Task Force released its cryptography guidelines, creating traditional banking regulations in the cryptography industry. With the year-long adoption deadline fast approaching, how have global regulatory authorities responded to the directives so far?
The FATF – an intergovernmental organization responsible for combating money laundering – found itself at the center of controversy last June after having published its latest directives on cryptography. The directive merged the cryptocurrency industry into existing banking policy, forcing companies to comply with the same requirements as traditional financial institutions.
Among the most notable guidelines is the travel rule: a requirement for “virtual asset service providers” or VASP – including crypto exchanges and custodian wallet providers – to disclose information about customers when they facilitate an exchange of $ 1,000 or more. The requested information covers the name of the sender and recipient, the geographic address and the account details.
The guidelines stem from the FATF’s observation that the “threat of abuse by criminals and terrorists of virtual assets” could become a serious problem. In a public statement, the authority said it would give its 37 members 12 months to adopt the guidelines. So, with less than five months to go before the June FATF review, how do member countries adhere to the guidelines?
The United States: ahead of the curve
The United States is responsible for designing the FATF guidelines after having based the guidelines on the Bank Secrecy Act – the country’s main anti-money laundering law. In 2013, the Financial Crimes Enforcement Network, or FinCEN, determined that the BSA should apply to the cryptocurrency industry. As part of this recommendation, FinCEN also confirmed the application of the BSA travel rule, by publishing its own guidelines for VASP in May 2019.
FinCEN did not hesitate to enforce the control. In 2015, the agency slapped the Ripple cryptocurrency payment protocol with a $ 450,000 fine after the company “purposely violated” BSA rules.
Yet, according to FinCEN director Kenneth Blanco, the violation of the travel rule is one of the most frequently cited violations – and it often goes unpunished. Speaking to Cointelegraph, Thomas Maxon, US chief operating officer of blockchain solutions company CoolBitX, felt that a lighter touch could have been applied to foster innovation in the United States:
“This can be interpreted in two ways: either FinCEN has been forgiving and understanding towards the crypto industry, giving them time to create compliance solutions, or FinCEN realizing that coercive action too early would encourage many American entities to relocate their activities abroad in order to avoid regulatory oversight. The latter is more likely. “
Switzerland adopts travel rule
As recently reported by Cointelegraph, one of the last countries to apply the FATF guidelines is Switzerland. Last week, the Swiss Financial Market Supervisory Authority lowered the transaction threshold for unidentified crypto exchanges from $ 5,000 (CHF 5,000) to $ 1,000 (CHF 1,000). In accordance with the threshold of the FATF travel rules, the new law on financial services aims to combat the “increased risks of money laundering” within the cryptography market.
Of course, the FATF advice is just that – advice. Despite the worrying deadline of June, the directives are advisory and therefore not legally binding. It is plausible that Switzerland will simply comply with EU standardization, in particular following the recently imposed Fifth Money Laundering Directive, or 5AMLD.
EU interpretation of the FATF directives
The EU’s fifth anti-money laundering directive entered into force on January 10 and appears to be essentially in line with the FATF guidelines. With 27 Member States, including Germany, France and – until recently – the United Kingdom, the implementation by the EU of the FATF directives is of considerable importance. However, while an attempt to adopt the guidelines has clearly been made, 5AMLD is not as rigorous as the FATF guidelines.
The 5 providers of AMLD custodian portfolios and crypto-fiat exchanges to the list of entities subject to the directive. This introduced the requirement for crypto-fiat exchanges to keep a record of customer transactions, as well as to perform Know Your Customer and AML checks.
However, the distinction between this and the FATF guidelines lies in the semantics. Crypto-crypto exchanges, which fall under the FATF definition of a “VASP”, do not appear on the list of entities subject to EU obligations. This indicates that crypto-crypto companies are exempt from 5AMLD compliance.
The 5AMLD guidelines also take a lighter approach to client record keeping. The FATF guidelines recommend collecting recipient and sender data as well as liaising with other VASPs, while 5AMLD simply involves keeping records and submitting data to financial intelligence organizations upon request.
Interestingly, despite the UK’s recent departure from the European Union, the country’s financial sector has been forced to follow the 5AMLD guidelines, as they arrived before the January 31 Brexit deadline.
Therefore, in its role as the UK’s AML authority for cryptography, the Financial Conduct Authority announced a new compliance regime. In addition to standard AML practices, including those derived from 5AMLD, the FCA required all crypto companies to undertake “continuous monitoring of all clients” – a definitive sign of FATF compliance.
The impact of the FATF in the world
Japan, South Korea and Singapore have been exceptionally receptive to the FATF directives. At the end of January, Singapore announced its 2019 payment services law. Contrary to the ambiguous definition of 5AMLD in the EU, the PSA requires that “digital payment token” services – which include both crypto companies and exchanges – to comply with the FAT’s AML rules. In accordance with FATF guidelines, Singapore has set its travel rule threshold at around $ 1,000 ($ 1,500 SG).
Related: Singapore’s AML Framework May Attract Crypto Firms, Not Chase It
Meanwhile, Japan has always been an attentive observer of the regulation of cryptocurrencies. As early as 2017, the government started to recognize Bitcoin and its cryptographic derivatives as a property under the Japanese payment services law. In addition, the document calls on national crypto companies to comply with AML regulations and to register with a competent local finance office.
South Korea has also followed the advice of the FATF, in November 2019 adopting a bill establishing a legal structure for cryptocurrencies. The bill introduced an AML framework requiring all crypto-related companies in South Korea to adhere to the FATF’s compliance to the letter.
What measures are taken by encryption platforms?
Judging by the sheer volume of travel rule violations, it seems that few crypto companies have actually taken FATF guidelines into account, regardless of jurisdictional implementation. Maxon – whose company CoolBitX is trying to streamline KYC procedures – goes even further, saying that there is no compliance by crypto companies in the United States: “No major crypto company has complied with the travel rule despite the applicability of the rule since 2013. “
However, in recent months, many companies have offered compliance solutions, including TRISA from CipherTrace, OpenVASP from Bitcoin Switzerland, Chainalysis, Elliptic and Netki, among others.
For many, FATF advice is akin to tightening a square peg in a round hole. Bob Morris, global chief compliance officer for Apifiny – a distributed business network – believes the fragmented nature of the crypto industry is not conducive to existing FATF policy. Speaking to Cointelegraph, Morris said:
“In the traditional banking sector, the travel rule is possible because everyone collaborates on a single system. But in the fragmented world of cryptocurrency exchanges, the challenge of designing a successful unified framework is too expensive to succeed – at the moment, exchanges have no idea how to implement it. “
In an opposite position, Reuben Yap, director of operations at Zcoin, told Cointelegraph that conventional banking rules could further legitimize the crypto industry, adding:
“It will also help shake up the perception that cryptocurrency is used to facilitate illegal activity since it will now be subject to the same rules as trusts.”
However, Yap warned that additional compliance costs could spell the end for small businesses. Thomas Glucksmann, vice president of global development for blockchain analytics company Merkle Science, shared an opinion similar to that of Yap, suggesting that the confidence of governments and regulators will ultimately drive industry growth :
“In the long run, better information sharing between institutions builds confidence in the industry’s ability to combat money laundering and other criminal activity, which hopefully translates into better relationships with banks and regulators to facilitate wider adoption of cryptocurrency. ”
Likewise, CipherTrace chief financial analyst John Jefferies says further review will help mature the cryptocurrency asset class, even if in the short term, “the VASPs will commit likely additional expenses when they seek to comply with the travel rule. ” He added:
“Some VASPs may cease to exist or others such as Deribit may move to unregulated countries like Panama. It will be good for the industry in the medium and long term as the travel rule will help virtual assets to become a safe asset class for investors. “
The (not so massive) impact on confidentiality documents
Yet a crucial question remains: do the FATF guidelines pose a risk to private coins? In accordance with FATF directives, stock exchanges such as Coinbase and OKEx have started to launch the confidentiality coins in order to comply. This, says Yap, stems from a “misunderstanding” of the travel rule. According to him, confidentiality coins face the same tests as any other cryptocurrency, because compliance with travel rules occurs outside the chain:
“Whether or not a room has privacy features does not affect its compliance with the travel rule, as a VASP can always provide information about its transactions with other VASPs, since it already has the identity and the client’s KYC. “
Indeed, private coin developers maintain that their protocols are still able to comply with the FATF guidelines. For example, the team behind Beam – a cryptocurrency based on the confidential MimbleWimble transaction protocol – has already taken steps to provide transaction auditability functionality.
Glucksmann explained that protocols such as these allow privacy coins to continue unhindered, “Exchanges and other cryptocurrency firms can support these privacy coins while meeting regulatory requirements.” However, Jefferies noted that additional layers of privacy in major cryptocurrencies can add compliance challenges:
“Major tokens, including Bitcoin and Ethereum, add layers of privacy, so VASPs and regulators need to understand and mitigate compliance risks. As central bank cryptocurrencies are introduced, confidentiality will play a critical role in their acceptance in countries that value confidentiality. “
For better or worse, the FATF guidelines have at least prompted several member countries to advance the regulation of cryptocurrencies. It can be argued – even at worst – that the regulations add assurances that can help strengthen the legitimacy of the industry. While some remain diametrically opposed to what they see as ill-suited directions, the positive impact on the industry could in theory outweigh the short-term disadvantages.