A powerful intergovernmental organization devoted to combating money laundering and terrorism financing has finalized its recommendations on regulating cryptocurrencies for its 37 member countries.
As expected, the Financial Action Task Force (FATF) standards released Friday include a controversial requirement that “virtual asset service providers” (VASPs), including crypto exchanges, pass information about their customers to one another when transferring funds between firms.
“… obtain and hold required and accurate originator [sender] information and required beneficiary [receipient] information and submit the information to beneficiary institutions … if any. Further, countries should ensure that beneficiary institutions … obtain and hold required (not necessarily accurate) originator information and required and accurate beneficiary information …”
Under the new guidance published, the required information for each transfer includes:
- (i) originator’s name (i.e., the sending customer);
- (ii) originator’s account number where such an account is used to process the transaction (e.g., the VA wallet);
- (iii) originator’s physical (geographical) address, or national identity number, or customer identification number (i.e., not a transaction number) that uniquely identifies the originator to the ordering institution, or date and place of birth;
- (iv) beneficiary’s name; and
- (v) beneficiary account number where such an account is used to process the transaction (e.g., the VA wallet).
Calling the “threat of criminal and terrorist misuse of virtual assets” a “serious and urgent” issue, FATF said in a public statement that it will give countries 12 months to abide by the guidelines, with a review set for June 2020.
The so-called travel rule is a longstanding requirement for international banks when sending each other money on customers’ behalf. But blockchain industry advocates argued it would be onerous if not impossible to put into practice with crypto, harmful to user privacy, and counter-productive to law enforcement goals.
As it applies to digital assets, FATF explains that “in cases where the VASP is a natural person, it should be required to be licensed or registered in the jurisdiction where its place of business is located—the determination of which may include several factors for consideration by countries.”
FATF is also giving countries the option of requiring any VASPs that provide products or services within their jurisdiction to register with the appropriate authorities.
“Competent authorities should take the necessary legal or regulatory measures to prevent criminals or their associates from holding, or being the beneficial owner of, a significant or controlling interest, or holding a management function in, a VASP,” the guidance states elsewhere.
“Such measures should include requiring VASPs to seek authorities’ prior approval for substantive changes in shareholders, business operations, and structures,” it says.
For enforcement purposes, FATF recommends that countries consider using open-source information and web-scraping tools to identify unregistered or unlicensed operations advertising their services.
Authorities should also consider public feedback, information from reporting institutions and “non-publically available information,” such as intelligence or law enforcement reports.
The guidance even addresses services designed to obfuscate the origin of crypto transfers, saying nations should make sure that providers can either manage or mitigate the risks of transfers that use mixers, tumblers or other similar tools.
“If the VASP cannot manage and mitigate the risks posed by engaging in such activities, then the VASP should not be permitted to engage in such activities,” the document reads.
VASPs should also be able to freeze or prohibit transactions with sanctioned individuals.
Data analytics company Chainalysis, for example, has warned that instead of more transparency, the rule would spur services to shut down or drop off the radar.
But despite hearing such concerns at a private-sector consultation meeting in Vienna last month, which drew 300 attendees, the FATF, led by the United States, pressed ahead.
In remarks to the plenary session, U.S. Treasury Secretary Steven Mnuchin said that “by adopting the standards and guidelines agreed to this week, the FATF will make sure that virtual asset service providers do not operate in the dark shadows.”
This will help the fintech sector “stay one-step ahead of rogue regimes and sympathizers of illicit causes,” he said, adding:
“We will not allow cryptocurrency to become the equivalent of secret numbered accounts [and] we will allow for proper use, but we will not tolerate the continued use for illicit activities.”
To be clear: FATF’s recommendations for anti-money-laundering policies are not binding; member countries adopt them by passing legislation or writing regulations. However, countries that fall egregiously out of compliance with FATF standards get put on a blacklist, making them radioactive to foreign investment.
The crypto guidelines come a week ahead of the annual Group of 20 (G20) summit in Osaka, Japan, on June 28-29. The G20, comprised of 19 countries and the European Union, has been pushing for international harmonization of crypto regulations.
The guidelines also come just before the United States’ one-year presidency of the FATF ends on June 30. Marshall Billingslea, the U.S. Treasury official who holds the rotating post, had listed applying FATF standards to virtual currency among his top priorities.