- FATF held a plenary from June 21-25 and worked, among others, on its 2nd 12-month review of the implementation of the revised standards on VAs and VASPs.
- Compliance from public and private sectors is reported to have improved but remains insufficient.
- FATF’s revised guidance will be published later this year, in November.
FATF released its 2nd 12-month review of the implementation of the revised standards on VAs (virtual assets) and VASPs (virtual asset service providers) on July 5 which assesses the progress made by jurisdictions in this field. FATF gathered with members and observers from June 21 to 25 to finalize several works including reviewing the implementation of the revised standards.
The full review is available here.
Has the public sector progressed in the implementation of the revised standard?
Even though FATF recognized that the public sector made progress when it comes to the implementation of the revised standards, it also pointed out that the implementation of these standards is still pending in some jurisdictions.
FATF analyzed the progress made by 38 FATF members and 90 FSRB (FATF-Style Regional Bodies) members; 128 members in total. For example, FATF reports that only 58 out of 128 members have the necessary AML/CFT regimes for VASPs; 52 of them are permitting and regulating VASPs and 6 are prohibiting VASPs.
Then, the report states that, out of the 128 reporting jurisdictions:
- 26 are in the process of implementing the necessary legislation;
- 12 are to start the legislation process; and
- 32 are to decide how to regulate VASPs.
Source: FATF’s Second 12-Month Review of the Revised FATF Standards on Virtual Assets/VASPs, page 11
FATF concluded that there are still gaps in the level of implementation of the revised standards between FATF members and FSRB members. For instance, nearly a third of FSRBs members are yet to decide what approach to take for VASPs against 1 FATF member.
What is the state of Travel Rule and AML/CFT obligations implementation by the private sector?
On the Travel Rule implementation, FATF reported that:
- 11 jurisdictions were aware of Travel Rule compliant VASPs established in their jurisdiction;
- No jurisdiction was aware of a VASP which is fully compliant with the Travel Rule;
- 10 jurisdictions reported that they implemented and enforced Travel Rule requirements for VASPs;
- 14 jurisdictions only introduced Travel Rule requirements but they are not yet enforced;
The report also states that some VASPs are also using blockchain analytics to help them in their compliance journey.
FATF concluded that two years after the publication of the revised standards, most jurisdictions and VASPs are not yet complying with the Travel Rule requirements.
Moreover, FATF reports that VASPs are, overall, more compliant with AML/CFT obligations even though there are frequent issues with suspicious transactions reports (STRs), other transaction reporting, or transaction monitoring for example.
ML/TF risks in the VAs market
FATF’s report also analyzed the trends in ML/TF risks for the VA market. It states that even though VAs adoption by the traditional financial sector is increasing, ML/TF trends are still the same as reported in the previous 12-month review:
- ML/TF detected cases usually involve 1 type of VA but sometimes several types of VAs are used for layering/mixing;
- The most prevalent offenses involving VAs are related to narcotics or fraud (investment scams, blackmail/extortion);
- The value of ransomware-related VAs largely increased as well as the use of VAs to launder fraud proceedings;
- Illicit activities are often taking place at poorly regulated VASPs for ML/TF purposes (read more: Monitoring and mitigating jurisdiction related risks);
- Methods to increase anonymity have developed including for example the use of mixers, tumblers, anonymity-enhanced currency (AECs) or privacy coins, decentralized applications, DEXs, and atomic swapping exchanges.
P2P market metrics
FATF had previously identified P2P risks in its report “G20 Finance Ministers and Central Bank Governors on so-called stablecoins”1. In its 2nd 12-month review, FATF conducted a study aimed at better understanding P2P transactions using VAs. FATF developed these metrics with the help of 7 blockchain analytics companies including Scorechain.
FATF states that the purpose of this study is thus to understand:
- the extent to which VA transfers occur with or without a VASP;
- whether this has changed since FATF revised its Standards in June 2019; and
- the ML/TF risk associated with P2P transactions
Even though FATF states that the result provided by the blockchain analysis companies have discrepancies due to differences in methodology, the study reveals that a significant proportion of Bitcoin, Ether, and Tether transactions are P2P (without the intervention of a VASP). For P2P transactions using Bitcoin, the trend remains stable while for Ether and Tether, the trend seems to be towards more P2P transactions (which could be explained by the decentralized finance popularity).
Finally, the study reveals that when it comes to illicit transactions, Bitcoin is more used than Ether and Tether and that it occurs with a VASP, especially for Bitcoin (Download Scorechain’s analysis on Bitcoin transactions’ ML/TF risks).
FATF-identified issues regarding the revised standards
The first 12-month review identified the following issues:
- the definition of VA and VASP;
- P2P transactions and unhosted wallets;
- so-called stablecoins;
- licensing and registration of VASPs; and
- implementation of the travel rule.
To address these issues, FATF published an updated 2019 Guidance2 on VAs and VASPs. The watchdog consulted the industry’s stakeholders in March 2021 and is expected to finalize the revised Guidance by November 2021.
P2P transactions and AM/CFT intermediaries
VAs P2P transfers are not explicitly subject to AML/CFT obligations under the revised Standards. However, FATF will continue focusing on placing AML/CFT controls on intermediaries (such as VASPs) since some VAs are significantly transferred via P2P transactions and non-compliant VASPs which represent higher risks.
FATF will revise its standards when there will be clear evidence that ML/TF risks have changed. FATF further advises jurisdictions to identify and mitigate P2P risks in advance. The November 2021 revised guidance will provide guidance on P2P transactions and ML/TF risks mitigation.
To sum up, FATF recognized the progress made by jurisdictions and VASPs even though the level of compliance is not sufficient yet. VASPs should further prepare to comply with upcoming crypto AML/CFT regulations and FATF’s upcoming revised guidance.
You are operating a VASP and you need to comply with these regulations? Scorechain can help you in your compliance journey. Don’t hesitate to contact us to schedule a free demo: email@example.com
Scorechain is a Risk-AML software provider for cryptocurrencies and digital assets. As a leader in crypto compliance since 2015, the Luxembourgish company serves more than 100 customers in 36 countries, ranging from cryptocurrency businesses to financial institutions with crypto trading, custody branch, digital assets customers onboarding, audit and law firms and some LEAs.
Scorechain solution supports Bitcoin analytics with Lightning Network detection, Ethereum analytics with all ERC20 tokens and stablecoins, Litecoin, Bitcoin Cash, Dash, XRP Ledger and Tezos. The software can de-anonymize the Blockchain data and connect with sanction lists to provide a risk scoring on digital assets transactions, addresses and entities. The risk assessment methodology applied by Scorechain has been verified and can be fully customizable to fit all jurisdictions. 300+ risk-AML scenarios are provided to its customers with a wide range of risk indicators so businesses under the scope of the crypto regulation can report suspicious activity to authorities with enhanced due diligence.