Share page
FATF: Overview of recommendations and community response – COIN360
July 12  |  12 min read

New FATF Guidelines: Overview and Community Response

The COIN360 Editorial Team

The Financial Action Task Force (FATF), an intergovernmental organization that develops policies and recommendations to combat terrorism financing and money laundering, issued an interpretive note on June 21 to clarify a set of changes that were made to its international standards on virtual currencies back in October. Most notably, the updated guidelines issued by the FATF include recommendations for service providers to enforce customer due diligence (CDD) measures and collect personal information about customers and recipients of funds. These recommendations have been dubbed by the media as the biggest regulatory hurdle that the crypto industry has faced so far, and it is expected to play a prominent role in the regulatory landscape of cryptocurrencies.

In this article, we will provide an overview of the new FATF guidelines, along with the response from both the community and members of the crypto industry.

Behind the Guidelines: the FATF

FATF logo and plenary in session – COIN360

FATF Plenary in session.

The entity responsible for the regulations, the Financial Action Task Force, is a Paris-based international watchdog that was founded in 1989 as an initiative of the G7 to combat problems related to money laundering, and soon included terrorism financing within its purview following the terrorist attacks of 9/11.

Even though it started as an initiative from only seven of the world’s most famous countries, the number of jurisdictions that are members of the FATF at press time is up to 39. Additionally, two of these 39 members are regional organizations, namely the Gulf Cooperation Council and the European Commission, further increasing the number of states that have a FATF membership. According to the FATF, the list of members is a representation of “most major financial centers in all parts of the globe.”

Before delving into the details of the FATF recommendations, it is important to stress that they’re just that: recommendations. In this case, to strengthen AML and KYC procedures for crypto services such as exchanges. The recommendations are not legally binding, so countries don’t have to adopt them verbatim. Instead, the guidelines state that each country should react in accordance with their policies and regulatory approach, and that any measures taken should “reflect the broader context of financial sector policy objectives that the country is pursuing, including financial inclusion, financial stability, financial integrity, and financial consumer protection goals.” According to the FATF, the guidelines should be taken as flexible enough so that it is possible for compliant countries to apply them to existing and emerging technologies.

That being said, the fact that the list of FATF members is practically a who’s who of the world’s biggest and most influential economies means that FATF recommendations carry a lot of weight with other jurisdictions that may not necessarily be members of the FATF themselves—as Bloomberg reports, guidelines from the FATF are followed by as many as 200 countries. What’s more, countries that behave uncooperatively with the recommendations might end up in the Non-Cooperative Countries or Territories list, also known as the FATF blacklist. The blacklist is a list of countries that do not cooperate in the fight against money laundering and terrorism financing, and are thus deemed to pose a threat to the international financial system. Naturally, it is much more convenient for countries to comply with the FATF recommendations than be added into the blacklist, which is why the recommendations are likely to have a worldwide impact.

The FATF Recommendations

FATF recommendations on combating money laundering and terrorism financing – COIN360

Title page of the FATF’s recommendations on combating money landering and terrorism financing.

The interpretive note on recommendation 15, which was issued and adopted on June 21, is intended to provide clarification and further describe how countries and other obliged entities have to comply with the relevant recommendations to prevent the use of virtual assets or new or developing technologies for nefarious reasons such as money laundering and terrorism financing, something that was first added in October of 2018.

The interpretive note on recommendation 15 emphasizes one of the main points that is found throughout the guidelines: countries should apply a risk-based approach, one that allows them to not only properly identify and understand any possible money laundering or terrorism financing risks, but also allows countries to make sure that the proper measures are taken to mitigate or tackle any identified risks.

The guidelines state that all VASPs (virtual asset service providers) should be registered at least in the jurisdiction where they were originally created, while also suggesting that they could also need to be registered in additional jurisdictions if VASPs provide services in or conduct its business from another jurisdiction. VASPs are also supposed to be supervised by competent national authorities, with no possibility of a self-regulatory body supervising the VASP. Additionally, countries are urged to identify and sanction any VASP that conducts business without being properly registered. Of note is the fact that, under the FATF regulations, a natural person could be considered a VASP if they conduct their activities as a business on behalf of another person.

However, one of the most controversial points brought up in the guidelines is a preventive measure first mentioned in recommendation 10, also known as the “travel rule”. This recommendation stipulates that everyday transactions conducted in VASPs or that involve virtual assets should be subjected to customer due diligence (CDD) measures if they are over 1,000 USD/EUR. The FATF doubles down on this recommendation by stating that, given the risks and dangers of cryptocurrencies, countries could even go one step further and require CDD for all transactions, even if they’re below the aforementioned threshold.

Initial CDD measures, as the document states, involve things such as identifying the customer and verifying his or her identity on a risk basis. Likewise, according to recommendation 16 (also known as interpretive note 7(b)), countries are expected to make sure that VASPs obtain and hold information about the originator and beneficiary of such transactions, which will have to be subsequently submitted to the beneficiary VASP or financial institution (if there is one) in an immediate and secure way. The required information for such transactions includes:

  1. the originator’s name (the sender of the transaction).
  2. the originator’s account number.
  3. the originator’s physical address, national identity number, or customer identification number.
  4. the beneficiary’s name.
  5. the beneficiary’s account number.

The document also proposed enhanced due diligence (EDD) measures that can be applied in countries which have higher risks related to cryptocurrencies in order to mitigate them. Some of these measures, which are more invasive in nature, include:

  1. Obtaining additional information on the customer’s source of funds.
  2. Obtaining information about the purported reasons behind past or future transactions.
  3. Corroborating the customer’s identity through a national identity number or through information from third-party databases or other sources.
  4. Tracing the customer’s IP address.
  5. Searching the internet with the aim of confirming that the customer’s activity information is consistent with the customer’s transaction profile.
  6. Other information such as geolocation data, wallet addresses, and transaction hashes.

According to the recommendations, VASPs should be required to keep the collected data up-to-date by reviewing records and conducting ongoing due diligence measures, which include obtaining the identification information of relevant parties, public keys, dates of transactions, amounts transferred, and the addresses or accounts involved in transactions. Additionally, VASPs should maintain all transaction records for at least five years in order to be able to reconstruct individual transactions.

In addition to all the data collection, countries are also urged to cooperate with one another through mutual assistance or by helping each other in the process of identifying and confiscating assets that could be at the center of a cryptocurrency-related crime. Similarly, all competent authorities or jurisdictions should be able to have access to all necessary documentation or data.

The FATF will conduct a review of how these recommendations have been implemented in different countries in the June of 2020.

Aftermath and Community Reaction

The FATF recommendations had been sending shockwaves through the cryptocurrency industry even before the release of the interpretive note. Back in April, blockchain analysis firm Chainanalysis wrote a letter (in response to the FATF’s invite to private sector entities to address paragraph 7(b) of the interpretive note) addressing their concerns regarding the recommendations. In their extensive response, the firm stated that one of the main concerns is that these recommendations might drive people away from regulated platforms, adding how financial transactions on the blockchain can, in fact, be traced to real world entities without the need for VASPs to share personally identifiable information on end users. They also asked for clarification regarding recommendations in the 7(b) section, such as a definition of what constitutes a VASP and whether different rules should apply to different business models. They also mentioned the technical limitations involved, since VASPs can’t tell if a BTC address belongs to another service provider or to an individual. As reported by Cointelegraph, Jesse Spiro, one of the writers of the letter, also echoed the voices of many by noting that the recommendations greatly surpassed the technical limitations that current blockchain technology has. However, he also noted that the recommendations will help the cryptocurrency industry in the long term, and will help it achieve more mainstream adoption.

Likewise, Dutch Bitcoin broker Bitonic published their own response voicing their concerns regarding the privacy of EU citizens. In their statement, they mentioned how proposal 7(b) would “unnecessarily violate the privacy of EU-citizens” and argued that the current European model, in which users’ information regarding their crypto transactions is made available to authorities if there’s a “specific request or observed risk”, works for all control measures, which means that the FATF recommendations are unnecessary. The Chamber of Digital Commerce also took the opportunity to write their suggestions and asked the FATF to extend the comment period and solicit further input from the private sector. In their response, the Chamber recognizes the need for AML laws and supports effective regulatory action. However, in line with the previous firms, the Chamber agrees with the definitions of “virtual asset” and “VASP” being too broad in a way that could potentially harm other businesses, and suggested that the FATF make more changes to recommendation 15, emphasizing section 7(b).

The recommendations quickly garnered responses from several individual people within the crypto industry as well. Steve Christie, the Global Head of Compliance at crypto exchange Kraken, highlighted several technical limitations as well, pointing at the fact that a new infrastructure was needed. He noted: “If we don’t find something that is accessible to all of the service providers, we could actually force some of them out of their business”, highlighting that the crypto industry is still “at a startup phase”, and that contributions from multiple businesses were needed.

Unsurprisingly, the U.S. Secretary of the Treasury, Steven Mnuchin, had positive words for the recommendations, highlighting the fact that VASPs will have to deal with AML and terrorism financing issues just like traditional institutions like banks do. In a statement released the same day as the interpretive note, Mnuchin stated that adopting these guidelines would “make sure that virtual asset service providers do not operate in the dark shadows.”

Secretary of the Treasury Steven Mnuchin – COIN360

Secretary of the Treasury Steven Mnuchin was in favor of enforcing Bank regulations on VASPs, though others argued exactly the opposite.

These words were in direct opposition to those of Roger Wilkins, an ex-president of the FATF. As per a Cointelegraph Japan report, Wilkins was quoted as saying that the recommendations “may have the opposite effect to which they were intended, effectively forcing crypto transactions off the controlled platforms, which are currently one of the best avenues we have in gaining visibility over financial crime”. He also stated the importance of identifying a balanced solution that takes into account the recommendations but also the crypto businesses. In a similar vein, Jeff Horowitz, Chief Compliance Officer of Coinbase, stated that applying bank regulations to the crypto industry could drive people from regulated platforms to other alternatives such as p2p trading platforms.

Other members of the crypto community also took to social media to discuss the recommendations. Editor-in-chief of Adamant Research, Tuur Demeester, also had an opinion regarding the recommendations. In May, he tweeted about the FATF recommendation draft published on Feb. 22, calling the draft “draconian” and asking people what the odds were for the FATF to soften the rules.

Tuur Demeester expresses his opinion on the FATF recommendations – COIN360

Tuur Demeester asks people the possibilities of FATF being flexible about the recommendations.

Nischal Shetty, founder and CEO of Indian exchange WasirX, tweeted positive comments regarding the FATF recommendations, stating that with the guidelines, the Indian government will have a more extensive understanding of crypto, and might adopt these new regulations rather than following through with the long-rumoured ban on cryptocurrency.

Indian exchange WasirX CEO Nischal Shetty gives his opinion on the FATF recommendations – COIN360

Nischal Wazir tweets about Blockchain and cryptocurrency regulation in India.

Final Thoughts

The impact of the FATF recommendations cannot be understated, and its effects could be seen instantly: several Asian VASPs are looking to establish an international association that would serve as the global representative that would deal with governments and the FATF itself. Its status as the international standard for legislation of virtual currencies is backed up by the fact that all of the world’s powerful economies are among its members or at least follow its guidelines, which makes it much more convenient for other countries to comply with the recommendations rather than risk being put on the FATF blacklist.

However, the recommendations are controversial by nature. The evident lack of infrastructure could effectively mean the end for many cryptocurrency startups and developing businesses if their corresponding jurisdiction takes a more strict approach in following the recommendations. Additionally, a reduced number of crypto startups would not only mean that the industry and the community would have to deal with the loss of a business, but it would also mean that already-existing companies and businesses would become more powerful. This points towards a centralization of the crypto industry, which goes against its very ethos. Some people focus on the positive aspect of this move, which would greatly reduce money laundering and other nefarious practices that have tainted the name of Bitcoin and other cryptocurrencies. Others are outraged, as this signifies that exchanges and other crypto businesses would be regulated just like banks, which goes against its raison d'être.

At the end of the day, it’s up to the governments to decide how or whether these recommendations will be implemented. Perhaps these recommendations will help Libra flourish given the amount of information that it could potentially have on its users, or perhaps governments will end up adopting a more lax approach. At this point, the only thing for certain is that only time will tell how these recommendations affect the crypto landscape.

Thank you for reading,
The COIN360 Editorial Team