How is the FATF’s AML guidance being implemented around the world, and what is its impact on the crypto industry?
It’s been nearly eight months since the Financial Action Task Force issued its divisive crypto directives, establishing traditional banking regulations within the crypto sector. With the year-long adoption deadline fast approaching, how have the world’s regulatory authorities responded to the guidelines so far?
The FATF — an intergovernmental organization tasked with combating money laundering — found itself at the center of controversy last June after issuing its latest crypto guidance. The directive merged the cryptocurrency industry into existing banking policy, requiring firms to comply with the same requirements as traditional financial institutions.
Among the more notable directives is the travel rule: a requirement for “virtual asset service providers” or VASPs — including crypto exchanges and custodial wallet providers — to disclose customer information when facilitating a trade of $1,000 or higher. The requested information covers both the sender’s and recipient’s name, geographical address and account details.
The directives arose from the FATF’s observation that the “threat of criminal and terrorist misuse of virtual assets” had the potential to develop into a severe problem. In a public statement, the authority stated that it would give its 37 members 12 months to adopt the guidelines. So, with less than five months to go until the FATF’s June review, how are member countries adhering to the directives?
The United States: Ahead of the curve
The U.S. is charged with the conception of the FATF guidance after basing the directives on the Bank Secrecy Act — the country’s primary Anti-Money Laundering law. In 2013, the Financial Crimes Enforcement Network, or FinCEN, determined that the BSA should apply to the cryptocurrency industry. Within this recommendation, FinCEN also confirmed the application of the BSA travel rule, issuing its own guidance for VASPs in May 2019.
FinCEN has not been shy when it comes to enforcing control. In 2015, the agency slapped cryptocurrency payment protocol Ripple with a $450,000 fine after the firm “willfully violated” BSA rules.
Yet, according to FinCEN Director Kenneth Blanco, the breach of the travel rule is one of the most commonly cited violations — and it often goes unpunished. Speaking to Cointelegraph, Thomas Maxon, head of U.S. operations at blockchain solutions firm CoolBitX, reasoned that a lighter touch might have been exercised to foster U.S. innovation:
“This can be interpreted in two ways: either FinCEN has been lenient and understanding of the crypto industry, giving them time to build compliance solutions, or FinCEN realizing that an enforcement action too early would incentivize many U.S. entities to move their businesses offshore in order to avoid regulatory oversight. The latter is more likely.”
Switzerland takes on the travel rule
As recently reported by Cointelegraph, one of the latest countries to enforce FATF guidance is Switzerland. Last week, the Swiss Financial Market Supervisory Authority lowered the transaction threshold for unidentified crypto exchanges from $5,000 (5,000 CHF) to $1,000 (1,000 CHF). Falling in line with the FATF’s travel rule threshold, the new Financial Services Act aims to address the “heightened money-laundering risks” within the crypto market.
Of course, the FATF’s guidance is just that — guidance. Despite the foreboding June deadline, the directives are advisory and, therefore, not legally enforceable. It’s plausible that Switzerland is merely complying to EU standardization, especially in the wake of the recently imposed Fifth Money Laundering Directive, or 5AMLD.
The EU’s interpretation of FATF directives
The EU’s Fifth Anti-Money Laundering Directive came into force on Jan. 10 and seems to mostly correspond to the FATF guidance. With 27 member states, including Germany, France and — until recently — the United Kingdom, the EU’s implementation of the FATF directives is of enormous significance. However, while an attempt to adopt the directives has clearly been made, the 5AMLD is not as stringent as the FATF’s guidance.
The 5AMLD-attached custodian wallet providers and crypto-to-fiat exchanges to the directive’s list of obliged entities. This introduced the requirement for crypto-to-fiat exchanges to keep a record of customer dealings, as well as to conduct Know Your Customer and AML checks.
However, the distinction between this and the FATF’s guidance lies in the semantics. Crypto-to-crypto exchanges, which fall under the FATFs definition of a “VASP,” aren’t stated on the EU’s list of obliged entities. This indicates that crypto-to-crypto firms are exempt from 5AMLD compliance.
The 5AMLD directives also take a lighter approach to customer recordkeeping. FATF guidance recommends data-gathering on both the recipient and the sender as well as liaising with other VASPs, while the 5AMLD merely entails recordkeeping and the submission of data to financial intelligence organizations upon request.
Interestingly, despite the U.K.’s recent departure from the European Union, the country’s financial sector was compelled to follow the 5AMLD directives, as they came in before the Brexit deadline of Jan. 31.
Consequently, in its role as the U.K.’s AML authority for crypto business, the Financial Conduct Authority announced a new compliance regime. Alongside the standard AML practices, including those derived from 5AMLD, the FCA necessitated all crypto firms to undertake “ongoing monitoring of all customers” — a definitive nod to FATF compliance.
FATF impact around the world
Japan, South Korea and Singapore have been exceptionally receptive to FATF directives. At the end of January, Singapore announced its Payment Services Act 2019. Unlike the EU’s ambiguous 5AMLD definition, the PSA requires “digital payment token” services — which encompasses both crypto businesses and exchanges — to comply with FATF-ready AML rules. In line with FATF guidance, Singapore set its travel rule threshold at around $1000 (SG $1,500).
Meanwhile, Japan has always been a keen observer of cryptocurrency regulation. As early as 2017, the government started acknowledging Bitcoin and its crypto derivatives as property within Japan’s Payment Services Act. Moreover, the document calls for domestic crypto firms to comply with AML regulations and register with a competent local finance bureau.
South Korea has also heeded the FATF’s advice, passing a bill back in November 2019 that established a legal structure for cryptocurrencies. The bill introduced an AML framework requiring all crypto-related businesses in South Korea to follow FATF compliance to the letter.
What action is being taken by crypto platforms?
Judging by the sheer volume of travel rule violations, it seems few crypto firms have actually heeded FATF guidance, regardless of the jurisdictional implementation. Maxon — whose company CoolBitX is attempting to ease KYC procedures — takes this one step further, asserting that crypto company compliance in the U.S. is nonexistent: “Not a single major crypto business has actually been compliant on the travel rule despite the applicability of the rule since 2013.”
Nevertheless, over the past few months, there has been an abundance of firms offering compliance solutions, including CipherTrace’s TRISA, Bitcoin Suisse’s OpenVASP, Chainalysis, Elliptic and Netki, among others.
For many, the FATF’s guidance is akin to squeezing a square peg in a round hole. Bob Morris, global chief of compliance for Apifiny — a distributed trading network — believes that the splintered nature of the crypto industry isn’t conducive to existing FATF policy. Speaking to Cointelegraph, Morris opined:
“In the traditional banking industry, the travel rule is feasible because everyone is collaborating across one system. But in the fragmented world of cryptocurrency exchanges, the challenge of devising a successful unified framework is too onerous to succeed — right now, exchanges don’t have a clue as to how to implement it.”
Taking the opposite stance, Reuben Yap, chief operations officer at Zcoin, told Cointelegraph that conventional banking rules could further legitimize the crypto industry, adding:
“It will also help shake the perception that cryptocurrency is used to facilitate illegal activity given that it will be now subject to the same rules as fiat.”
However, Yap cautioned that additional compliance costs may sound the death knell for smaller firms. Thomas Glucksmann, vice president of global development at blockchain analytic firm Merkle Science, shared a similar opinion to Yap’s, suggesting that faith from governments and regulators will eventually foster industry growth:
“Over the long term better information sharing between institutions provides more trust and confidence in the industry’s ability to combat money laundering and other criminal activity, which hopefully results in better relationships with banks and regulators to facilitate wider adoption of cryptocurrency.”
In the same vein, CipherTrace chief financial analyst John Jefferies claims that added scrutiny will help mature the cryptocurrency asset class, even though in the short-term, “VASPs will likely incur additional expenses as they seek to comply with the Travel Rule.” He went on to add:
“Some VASPs may cease to exist or others such as Deribit may move to unregulated countries such as Panama. It will be good for the industry in the mid and long term because the Travel Rule will help virtual assets grow into an asset class that is safe for investors.”
The (not-so-massive) impact on privacy coins
Still, one crucial question remains: Do the FATF directives pose a risk to privacy coins? Following the FATF guidance, exchanges such as Coinbase and OKEx started booting privacy coins in an effort to comply. This, Yap says, arises from a “misunderstanding” of the travel rule. According to him, privacy coins face the same trials as any other cryptocurrency, as travel rule compliance occurs off-chain:
“Whether a coin has privacy features or not does not affect its compliance with the Travel Rule since a VASP can always give information of its transactions with other VASPs since it already has the customer’s identity and KYC.”
Indeed, developers of privacy coins contend that their protocols are still able to submit to FATF directives. For instance, the crew behind Beam — a cryptocurrency based on the confidential transaction protocol MimbleWimble — have already taken steps to offer a transaction auditability feature.
Glucksmann explained that protocols such as these allow for privacy coins to continue unimpeded, “Exchanges and other cryptocurrency businesses can support these privacy coins while still complying with regulatory requirements.” However, Jefferies noted that additional privacy layers in major cryptocurrencies may add to compliance difficulties:
“Major tokens including Bitcoin and Ethereum are adding privacy layers so VASPs and regulators need to understand and mitigate the compliance risks. As central bank cryptocurrencies are introduced, privacy will play a critical role in their acceptance in countries that value privacy.”
For better or worse, the FATF guidance has at least prompted several member nations to advance cryptocurrency regulation. Arguably — even at its worst — regulation adds assurances that can help bolster industry legitimacy. While a few remain diametrically opposed to what they consider ill-fitting guidance, the positive impact on the industry could conceivably outweigh the short-term drawbacks.