Virtual assets and related providers - FATF recommendations

FATF has adopted international standards that would “level the playing field” for virtual asset service providers, including cryptocurrency providers, and traditional financial institutions if implemented across its member countries, including the United States.

Key points

• In response to heightened risks related to virtual assets, the FATF amended its Recommendation 15 – New Technologies to clarify that the FATF Anti-Money Laundering (AML)/Counter Terrorist Financing (CFT) Standards apply to virtual asset activities and virtual asset service providers (VASPs), including cryptocurrency providers.
• With continued development of virtual assets-related products and services, new types of providers, and an increase in anonymous transactions, FATF has now adopted:
  • An Interpretive Note to Recommendation 15 (INR 15), which further clarifies the FATF requirements that apply to virtual assets and VASPs.  They include establishing a risk-based program based on offered products and services; supervision or monitoring of VASPs for AML/CFT purposes; licensing or registration of VASPs; preventive measures such as Know Your Customer (KYC) and due diligence, recordkeeping, and suspicious activity reporting; sanctions and other enforcement measures; and international cooperation.
  • Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers (VASP Guidance), which complements FATF Recommendation 15 and INR 15 and explains how the FATF Recommendations apply to virtual asset activities and VASPs on a Recommendation-by-Recommendation basis.
• The FATF AML/CFT obligations for virtual assets, virtual asset activities, and VASPs are the same as the AML/CFT obligations the FATF applies to traditional financial institutions, including banks and securities broker-dealers, also engaged in virtual asset activities.
  

The FATF adopted both INR 15 and the VASP Guidance at its Plenary meeting on June 21. The two have been published together, with INR 15 included as an Appendix to the VASP Guidance.

The FATF states that it considers the threat of criminal and terrorist misuse of virtual assets to be serious and urgent, and therefore sets forth an expectation that its member countries will implement the “binding” FATF Recommendations adopted by this inter-governmental body in the context of virtual asset activities and service providers. Further, the FATF indicates it will monitor implementation of the new requirements by member countries and VASPs and conduct a 12-month review in June 2020.

INR 15

FATF Recommendation 15, as amended, defines virtual assets and VASPs for consistent application of those terms by member countries and national authorities.

INR 15 clarifies the application of the FATF requirements to virtual assets and VASPs:

• Member countries should:
  • Consider virtual assets as “property,” “proceeds,” “funds,” “funds or other assets,” or other “corresponding value” and apply the relevant measures under the FATF Recommendations to virtual assets and VASPs.
  • Identify, assess, and understand the emerging money laundering and terrorist financing risks from virtual asset activities and the activities or operations of VASPs, and apply a risk-based approach to ensure that AML/CFT measures are commensurate with the identified risks.
  • Require VASPs to be licensed or registered. Separate licensing or registration is not recommended for already licensed or registered financial institutions that perform VASP activities.
  • Subject VASPs to adequate regulation and supervision of AML/CFT and effective implementation of the relevant FATF Recommendations by a “competent authority” (no self-regulatory bodies) with the power to impose a range of disciplinary and financial sanctions on VASPs and their directors and senior management.
  • Exchange information promptly and constructively with their foreign counterparts.
  • Coordinate with relevant authorities to ensure compatibility of the AML/CFT requirements with data protection and privacy rules and similar provisions.
• Member countries should require VASPs (and other entities involved in virtual asset activities) to:
  • Identify, assess, and take effective action to mitigate their money laundering and terrorist financing risks.
  • Implement the full range of AML/CFT preventive measures under the FATF. Recommendations, including KYC and due diligence, record-keeping, suspicious transaction reporting, and screening for sanctions compliance.

VASP Guidance

The VASP Guidance updates the FATF’s 2015 Guidance for a Risk-Based Approach to Virtual Currencies and explains the application of a risk-based approach to AML/CFT standards for virtual assets. It is intended to complement Recommendation 15 and INR 15 and is focused, following a Recommendation-by-Recommendation approach, primarily on how the full range FATF Recommendations applies to virtual assets, virtual asset activities and VASPs in order to help member countries better design and implement a relevant risk-based AML/CFT regulatory and supervisory framework.

FATF states that “almost all” of the FATF Recommendations are directly relevant to address money laundering and terrorist financing risks associated with virtual assets and VASPs and others that are less directly or explicitly linked are still relevant and applicable.  As such, VASPs have the same full set of obligations as financial institutions or designated non-financial businesses and professions (DNFBPs). The VASP Guidance includes discussions of specific risk indicators, the types of activities that are in scope, licensing considerations, and examples of approaches in several jurisdictions.

U.S. perspective

In remarks before the FATF Plenary Session, U.S. Treasury Secretary Steven Mnuchin commended the efforts of the FATF to “address the growing misuse of cryptocurrencies and other virtual assets by money launderers, terrorist financiers, and other illicit actors” by setting standards that would “level the playing field” for “virtual asset service providers, including cryptocurrency providers, and traditional financial institutions” across the world. He further commented that the FATF’s initiatives will “enable the emerging FinTech sector to stay one-step ahead of rogue regimes and sympathizers of illicit causes searching for avenues to raise and transfer funds without detection.”

While the United States and several State regulatory bodies currently have in place an AML/CFT framework for regulating, supervising, and taking enforcement actions, including applications for virtual currency and other digital asset products, Secretary Mnunchin encouraged FATF member countries to take similar actions in their countries and urged them to “work together to ensure that virtual assets are no longer a safe haven for illicit actors to end-run around established AML/CFT safeguards.”

KPMG perspective

The FATF’s adoption of INR 15 and the release of the VASP Guidance portend potentially significant expansion of the level of regulation over the virtual assets space across the globe, as member countries consider whether and how to apply the FATF Recommendations within their regulatory and supervisory frameworks.

Please refer to KPMG’s recently published Point of View paper, The new frontier, for additional perspectives on AML compliance obligations in the United States for virtual asset providers. Developed by the Financial Crimes team within KPMG’s Forensics Practice, the paper discusses key AML risks in the cryptocurrency product offering and the need to move beyond traditional AML compliance when implementing program processes and controls.