Today the global Financial Action Task Force (FATF), an independent inter-governmental body developing and promoting global financial regulations, released its finalized version of the Updated Guidance for a Risk-Based Approach for Virtual Assets and Virtual Asset Providers report. The updated guidance significantly changes the earlier March 2021 draft, including clarifications on DeFi protocols, CBDCs, stablecoins, and NFTs.
FATF Recommends Broad, Functional Approach to Crypto Regulation
The FATF has released revised and finalized crypto guidance, clarifying which crypto entities fall under its recommended requirements.
Today the global AML watchdog issued its revised and finalized guidance on virtual asset regulation, covering many of crypto’s most pressing topics, including decentralized financial applications, NFTs, stablecoins, unhosted or non-custodial wallets, and peer-to-peer transactions.
While the original standards contained in the draft guidance from March this year have remained unchanged, after 6-months of public and private sector consultations, FATF decided to update the original guidance with clarifications on the application of those standards to virtual assets (VAs) and virtual asset service providers (VASPs).
The Financial Action Task Force is a supranational body that develops and promotes global standards concerning financial regulation and which exerts great influence over related policies within local governments. FATF’s recommendations are dubbed “the standard” for anti-money laundering and counter-terrorist financing regulations worldwide.
Over the years, the global financial watchdog has provided and clarified two critical definitions on VAs and VASPs that it believes governments should interpret broadly and apply according to a “functional approach” with regards to implementation. To this end, FATF defines virtual assets as “a digital representation of value that can be digitally traded or transferred and can be used for payment or investment purposes.” This doesn’t include digital representations of fiat currencies, securities, and other assets already covered elsewhere in the FATF recommendations.
Here the watchdog clarifies that governments should apply the recommendations based on “the basic characteristics of the asset and the service, not the technology it employs,” similar to how the U.S. Securities and Exchange Commission applies the Howey test to determine whether certain assets are securities or not.
The guidance further clarifies that NFTs or crypto-collectibles are generally not considered VAs under FATF’s definition. The watchdog, however, reiterates the point that regulators should consider the nature and practical function of NFTs above the underlying technology or the marketing terms used, meaning that NFTs used for payment or investment purposes should fall under the definition of VAs.
Are DEXs and NFT Marketplaces VASPs?
To understand why the above clarifications matter we need to look at how the FATF defines virtual asset service providers. According to the guidelines, a VASP is:
“Any natural or legal person who as a business conducts one or more of the following activities or operations for or on behalf of another natural or legal person: 1. Exchange between virtual assets and fiat currencies; 2. Exchange between one or more forms of virtual assets; 3. Transfer of virtual assets; and 4. Safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; 5. Participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.”
Again, the watchdog asks that countries take a functional approach by determining whether a person or an entity conducts these activities “as a business,” which it defines as VASP activities undertaken for “commercial reasons” and on “a sufficiently regular basis.” To put that in perspective, FATF further recommends that creators, owners, and operators of DeFi protocols that “maintain control or sufficient influence in the DeFi arrangements” in a proactive manner—even when some of these processes are automated—may fall under the FATF definition of a VASP.
Regarding identifying which DeFi protocols fall under VASP requirements, the watchdog says countries should consider multiple factors, including whether any party profits from the service or can set or change parameters. “If they meet the definition of VASPs,” the guidelines read, “owners/operators should undertake ML/TF risk assessments prior to the launch or use of the software or platform and take appropriate measures to manage and mitigate these risks in an ongoing and forward-looking manner.”
This could potentially mean that DeFi protocols like OpenSea or decentralized exchange dYdX, in which developers arguably have sufficient influence over the platforms and operate as a business (earn profits through the platform’s operations), could fall under FATF’s recommendations and therefore be required to implement KYC procedures and adhere to AML/CFT reporting requirements.
When it comes to persons holding governance tokens of protocols deemed VASPs, FATF lets retail investors off the hook, maintaining that responsibilities for satisfying AML/CFT requirements should fall on the VASP. In other words, FATF does not appear to recommend these requirements for those who do not “exercise control or sufficient influence over the VASP activities undertaken as a business on behalf of others,” which could potentially cover large investors and VCs in certain circumstances.
FATF’s updated guidelines provide countries with a long list of recommendations for dealing with virtual assets and virtual asset service providers, including outright bans, licensing, reporting and record-keeping requirements, transaction monitoring, and supervision of VASPs operations.
In conclusion, FATF leaves countries much room to independently decide how to deal with DeFi and cryptocurrencies in general. Some may take a more lenient approach, while others may try to exert overbearing control over the industry. Whatever it may be, it will likely take countries months or even years to implement its recommendations within their legal systems. Even then, it remains to be seen whether the new regulations will have a measurable effect on the industry.