On June 25, the Financial Action Task Force (FATF) wrapped up its fourth virtual plenary under the German presidency and finalized regulatory reports and guidance on several different aspects of financial crime. Of particular note is FATF’s recent 12-month review of the implementation of its revised “Standards on Virtual Assets and VASPs.”
This is the second annual review since FATF revised its standards and called on countries to officially classify virtual asset service providers (VASPs) as regulated entities under their AML/CFT regimes in June 2019. Fully implementing the standards involves ensuring VASPs are licensed or registered and are subject to customer due diligence (CDD), screening, and reporting requirements — including the “travel rule,” which requires VASPs to share information on the sender and beneficiary of any transaction over EUR/USD 1,000.
It’s this recommendation, in particular, that has proven challenging due to the relative anonymity that crypto users enjoy. If enforced, any VASP that facilitates the movement of assets from one person’s wallet to another’s would be governed like an MSB. That is, they would have to conduct payment screening when funds move to or from a person’s wallet that they have not previously onboarded and screened.
At the plenary, FATF confirmed progress continues to be made in updating AML/CFT regimes to include VASPs and shared its high-level findings of where its member jurisdictions stand. It found that not quite half (58 out of 128) reporting jurisdictions have implemented FATF’s standards — either by regulating them (52 jurisdictions) or opting to ban them entirely (6 jurisdictions). The intergovernmental agency urged jurisdictions to implement the standards quickly. It stressed that delays provide bad actors with opportunities to conduct jurisdictional arbitrage and exploit VASPs to launder money and finance terrorism.
FATF’s official report detailing its review won’t be published until July 5, and a final version of its guidance on virtual assets and VASPs has been delayed and will now be released in October. Even so, FATF’s comments at the plenary signal that the proposed laws around enforcing the travel rule for crypto and other virtual assets will be pushed forward — regardless of the inherent challenges.
Fortunately, recent private-sector efforts to overcome those challenges seem to have had tangible results.
In an announcement perfectly timed to align with FATF’s plenary, engineers from BitGo, Coinbase, Gemini, Kraken and Fidelity said they have developed a solution that’s compliant with the Bank Secrecy Act (BSA) and FinCEN’s travel rule.
While still in the testing stage, the solution would enable VASPs to identify counterparties in a travel rule-qualified transaction and securely relay personally identifiable information (PII) between the sending and receiving VASP. There are still wrinkles to iron out — including how to include proof of address ownership — but the US Travel Rule Working Group (USTRWG) said it plans to start using the solution on real customer transactions (starting with those involving Bitcoin and Ethereum) later this year.
The work is promising, and while FATF didn’t acknowledge any specific endeavor by name, it did applaud private sector efforts to develop “technological solutions to enable the implementation of the ‘travel rule.” USTRWG’s solution may help to inspire further developments and speed implementation across all FATF’s member jurisdictions.