The FATF’s Travel Rule and Revised Standards for VASPs- The Next 12 Months

The 12-Month Review of the Revised FATF Standards and Travel Rule provides a clear roadmap until June 2021 for the cryptocurrency industry and virtual asset service providers (VASPs)

Table of Contents

Introduction

On July 7th 2020, the Financial Action Task Force (FATF) published its 12-Month Review of Revised FATF Standards – Virtual Assets and VASPs, following the FATF Plenary’s June consultation with its members, Virtual Asset Contact Group and the crypto industry. 

The comprehensive FATF review takes stock of the progress made by its jurisdictions and the virtual asset industry in response to the FATF’s June 2019 “Travel Rule” Recommendation 16 update.

The amended Recommendation 16 on Wire Transfers obligated its countries to ensure their virtual asset service providers (VASPs) share crypto user transmittal data with counterparties by June 2020.

Overall, the FATF’s 12-Month Travel Rule Review is complimentary of the efforts that the public and private sectors have made in establishing and implementing regulatory frameworks for crypto assets.

While these measures are helping countries comply with the FATF Standards, its anti-money laundering and combating terrorism financing (AML/CFT) bible, the review delivers some caveats, which we cover in this article. 

The G20 watchdog’s report took note of the dynamic and fast-changing nature of the virtual asset industry, and called for ongoing monitoring and collaboration between both the private and public sectors. Therefore, it will undertake certain actions over the next year. 

This article covers the 12-Month Review of the Revised FATF Standards, and discusses key takeaways and implementation issues with its virtual asset regulation such as the FATF Travel Rule.

Contents of the 12-Month Review of the Revised FATF Standards

The July 2020 FATF report is divided in 5 sections:

  • Section 1: the evolution of ML/TF threats and the VA market over the last 12 months
  • Section 2: how FATF’s member network has fared in implementing the updated Standards
  • Section 3: The private sector’s FATF Standards progress and development of FATF Travel Rule technical solutions. 
  • Section 4: Current issues with the revised Standards and guidance
  • Section 5: The FATF’s next steps for virtual asset regulation

FATF’s next regulatory actions until June 2021

The FATF will take the following regulatory actions related to virtual assets over the next 12 months:

  • No changes to FATF’s guidances for virtual assets and VASPs are deemed necessary at this point in time
  • A new 12-month review of the crypto industry’s implementation of the FATF Standards is set for June 2021
  • Update regulatory guidance will be issued later to AML concerns such as stablecoins, anonymous peer-to-peer (P2P) transactions and the Travel Rule’s implementation
  • Red flag indicators and supporting case studies will be published by October 2020 to foster a deeper understanding of the virtual asset industry’s associated ML/TF risks
  • Ongoing and enhanced engagement will take place with the private sector through its Virtual Assets Contact Group, in particular with technology providers, technical experts and academics. 
  • The FATF’s Policy Development Group will look at proposals on how to better connect VASP supervisors in October 2020 and will conduct a third meeting of the VASP Supervisors’ Forum by November 2020. 

5 Key Takeaways from the FATF’s 12-Month Travel Rule Review

1. Only a few countries have implemented the Travel Rule

The FATF’s research found that there is still a widespread lack of Travel Rule regulatory compliance in member countries. Only 35 members of its Global Network of 200 countries have reported a response to the amended Standards by June 2020. 

Of the 54 reporting jurisdictions (about ¼ of the FATF’s Global network), 35 of them (about two-thirds) reported that they implemented the revised Standards and 19 had not yet elevated it to national legislation. Of the 35, three members chose to ban VASPs in their domestic markets. 

2. Technical solutions have made progress, but…

The FATF noted that while the regulation of VASPs and their implementation of AML/CFT compliance measures were still nascent, there was “evidence of progress” in the work that technical solution providers (TSPs) have done to build compliant products. A few of the leading TSPs are Sygna Bridge (currently live), CipherTrace’s TRISA and Netki. This follows after the technology-agnostic FATF 

The FATF also concluded that at present, the crypto industry had yet to deliver a technical solution that could help VASPs comply in full with all aspects of the updated Recommendation 16 requirement. 

3. VASPs are struggling with the “Sunrise” issue 

The FATF has also taken stock of the geographical, political and cultural challenges such as the “sunrise issue” that is impeding a swift global rollout of Travel Rule compliance technology.

FATF Sunrise issue
Travel Rule Sunrise issue

At present, less than 50% of the FATF’s official 39 members have rolled out related AML obligations for their crypto asset service providers and the discrepancy may even be bigger with the Global Network.

As such, there is no global compliance network at present and the sunrise problem will only be resolved once all jurisdictions are onboard. 

4. Technical solutions and messaging standards should be interoperable

The FATF acknowledged the crypto market’s desire for more than one technical Travel Rule solution and as such, prioritised the importance of common standards that would help establish interoperability between these solutions. 

The FATF likely alluded to the Joint Working Group’s recently unveiled InterVASP Messaging Standards (IVMS101), which is now supported by Sygna Bridge 2.0, CoolBitX’s Travel Rule solution for VASPs.

“The FATF is aware of an international industry-wide initiative that has been established to set global technical standards for travel rule solutions to use. They have developed a first messaging standard which sets a common universal language for the communication of the required originator and beneficiary information between VASPs. The FATF is aware that this initiative may now be undertaking work on further messaging standards and the maintenance of this standard. “

5. June 2021’s extension is not an extension

The FATF report makes it clear the task force considers the June 2021 review to be a courtesy to jurisdictions and the VASP sector. It is not an extension for VASPs to delay the upgrading of their AML programs to accommodate the Travel Rule.

Countries will by June 2021 “have had two years to transpose the revised FATF Standards on VASPs into law and the VASP sector will have had time to implement travel rule solutions globally.”

Instead, the extra year will help the private sector refine technical solutions and messaging standards, which must become interoperable and widely adopted as countries gradually surmount the “sunrise” issue. 

The further 12 months also gives the FATF time to further convene with the crypto industry, FATF supervisors and its Virtual Asset Contact Group ( a working group created to engage with the crypto industry), after much of the scheduled discourse was scuppered by the worldwide pandemic in 2020.  

Revised FATF Standards: 8 Virtual Asset and VASP Issues

While the FATF report declares any issue that necessitates a revision of the Standards at this time, there are certain gray areas on which countries and VASPs have asked for enhanced and sustained guidance, for example when dealing with low-capacity countries. Here are some of the most salient ones:

1) How should “traditional” financial assets that operate as virtual assets be treated?

So-called stablecoins and central bank digital currencies (CBDCs) are digital assets pegged to fiat currencies like the U.S. Dollar at a fixed rate. As these stable assets proliferate over the coming year, the FATF will create more guidance on them.

“For example, this issue has particularly arisen in the context of so-called stablecoins and whether jurisdictions should be treating them as traditional financial assets / financial institutions or virtual assets / VASPs if these are regulated under two separate AML/CFT regimes”. 

The FATF published its G20 Report on So-Called Stablecoins on the same day as its 12-Month Review to act as a supplementary guidance.

2) Greater clarity on VASP-determining activities

Some parties have further asked that VASP definitions be more consistently constructed.In particular:

  •  ‘safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets’, 
  • ‘participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset’ 
  • and the activities covered by ‘transfer of virtual assets’ that are not covered by the other limbs of the definition. 

3) Peer-to-peer transactions and private / non-custodial wallets

While the FATF is aware that jurisdictions are concerned with the rapid growth in illicit activity conducted through private wallets, it at present sees no need to amend the Standards. 

This could change in the future, therefore further research by the VASP industry, academics and technology experts and engineers could be done to better grasp the size of the unregulated peer-to-peer sector. 

Countries are advised to use blockchain analytical tools at their disposal to help mitigate against ML/TF risks at present.

4) Stablecoin regulation 

The FATF report admits that future stablecoins can be mass adopted on an unprecedented scale (while it doesn’t name drop Libra, the implication is clear), either as a virtual asset or traditional financial asset such as a central bank digital currency (CBDC). 

The FATF found that its current Standards still offer sufficient protection where countries have implemented it fully. However, this area must be closely monitored, as there are “residual risks relating to anonymous peer-to-peer transactions via unhosted wallets, jurisdictions with weak or non-existent AML/CFT regulation and so-called stablecoins with decentralised governance.” 

5) Registration and licensing of domestic vs overseas-based VASPs

Different countries have taken noticeably different approaches as to which VASPs their AML frameworks should extend to. While the FATF’s landmark 2019 guidance for a Risk-Based Approach to Virtual Assets and VASPs requires countries to only regulate VASPs registered (“created”) in their jurisdiction, they may also cover foreign VASPs servicing their citizens or operating in their jurisdiction.

This is an option that have been exercised by leading regulators such as Japan’s Financial Services Agency and the Monetary Authority of Singapore (MAS). You can read our Singapore licensing guide here.

This has been a problem for some countries, who don’t know how to deal with the latter non-domiciled VASP. Who is considered the VASP supervisor in such a scenario, especially if a domicile can not be determined for the foreign VASP in question? Therefore it is important that VASP supervisors should cooperate with each other. 


FATF Travel Rule: 8 Implementation Issues

FATF Travel Rule implementation issues
FATF Travel Rule implementation issues

The FATF has identified 8 issues that are still encumbering a smooth global implementation rollout of the FATF travel rule.

However, the FATF does not consider the issues raised in the reports to be fundamental barriers to the continued development of technological solutions created to implement the travel rule.

Rather, the  FATF specifically states in the report that:

 “There was not, however, technological solution(s) that enabled VASPs to comply with all aspects of the travel rule in a holistic, instantaneous and secure manner. “

1. Identifying counterparty VASPs

The FATF Review acknowledged that doing VASP counterparty due diligence quickly and securely remains a two-fold challenge.

Not only must VASPs be able to identify whether they are transacting with another VASP rather than a private wallet, but they will also need to confirm whether their VASP counterparty is register or licensed in its jurisdiction and has sufficient AML/CFT supervision. 

2. A global list of VASPs

The private sector has proposed a solution to this discovery challenge- the creation of a global VASP list, much like SWIFT does in traditional finance. While many in the crypto industry prefer a peer-to-peer solution that adheres to the ethos of blockchain, the FATF is agnostic to whether a centralized or decentralized technical approach is taken.

This global list would comprise the the collection of each jurisdiction’s licensed and registered virtual asset service providers and accessed via 

  1.  to a centralized database for access or 
  2. API / smart contracts which connect to each jurisdiction’s list (in a decentralized fashion)

(Sygna Bridge utilizes a hybrid approach that combines both decentralized and centralized features)

The FATF further highlights certain challenges that technical solutions must figure out:

  • How to ensure the accuracy and security of the information?
  • Who is responsible for collecting and maintaining the information (governance)?
  • Who would supervise the bod(ies) responsible for collecting their information?
  • Who would have access to this information and could this list of VASPs potentially result in de-risking (closing) of accounts?

The FATF defines de-risking as the “phenomenon of financial institutions terminating or restricting business relationships with clients or categories of clients to avoid, rather than managing risk in line with the agency’s guidelines.”

This may result in driving financial transactions underground to less regulated channels, potentially creating unintentional gray markets.

3. Peer-to-peer transactions via private /non-custodial wallets

At present, the P2P transfers of virtual assets via private wallets, conducted without VASP or financial institution intermediaries, are not covered by the FATF Standards, and the FATF found that there was no compelling evidence to change the status quo at present. 

Challenges:

  1. Should blockchain analytics tools be used (and how) to foster travel rule compliance? 
  2. Should VASPs be allowed to transact with private wallets? 
  3. Will cumbersome AML/CFT compliance requirements drive more users to use unregulated P2P transmittals on non-custodial wallets, thereby in fact making it harder to mitigate ML/TF risk? 

The FATF understands that VASPs may have different best practice standards (e.g. to screen sanctions) to comply with AML/CFT measures that are different from traditional finance, therefore further clarifications from FATF and governments will help in this regard.

While it is unclear what this could entail, if one were to speculate, the FATF could possibly impose limits on transaction volume and amounts and stablecoin transmittals between VASPs and private wallets.

4. Batch and post facto submission and past transfers

The FATF has received requests from certain VASPs to find out to what extent batched data submission travel rule data is allowed under the new Standards. Specifically of interest to VASPs are whether originator and beneficiary data can be submitted on the post-facto basis (end of business day or a certain number of days after) rather than an immediate transmittal data submission, as well as the onus on data collection from past transfers. 

5. Interoperability of systems

The FATF underscores the need for various technical solutions to be interoperable, with sufficient control mechanisms to take care of data sharing, storage and security. This is needed to ensure a smooth global rollout, lower VASPs compliance bills and stop the VASP industry from “fragmenting into different systems”. 

According to CoolBitX’s International General Manager Elsa Madrolle, “it does appear that the market believes there will not be a global ‘one size fits all’ solution that can cater to every jurisdiction’s regulations all at once that work for all VASPs.” In this situation, the question of interoperability comes front and center.”

A first step in this interoperability process is to create global messaging standards, which may be fragmented by different jurisdictional rules for data privacy and protection (such as the EU’s problematic GDPR legislation), online security and AML/CFT requirements (for example, should “purpose of transaction” be a mandatory inclusion?)

These messaging standards should be flexible enough to meet these varying jurisdictional requirements, and will require close collaboration “with and within” the private sectors and amongst jurisdictions as they create their AML/CFT frameworks and supervisory systems. 

6. The Travel Rule’s “Sunrise” Problem

In paragraph 67, the FATF addresses the so-called “Sunrise” issue, which has been a hot topic for the crypto industry in recent months. 

The FATF Travel Rule’s Sunrise issue stems from the difference in the times that various jurisdictions are expected to develop and roll out their virtual asset regulatory frameworks that comply with the Travel Rule. For example, while countries like Japan and Singapore, each with their own Payment Services Act (PSA) are pioneering this new virtual asset regulation, many smaller jurisdictions with lesser financial systems and weaker AML controls are expected to take a lot longer to respond, as explained by the JWG’s Sian Jones. 

By June 2020, only 35 countries have reported their introduction of travel rule requirements for VASPs, which proves that there is still no worldwide framework for compliance. 

VASPs are particularly concerned on how they should deal with counterparties that operate from jurisdictions without the Recommendation 16’s travel rule. 

The FATF concurred that the sunrise issue will remain a problem until all jurisdictions are compliant. 

7. Dealing with VASPs in jurisdictions without Travel Rule requirements

Certain VASPs have asked for more clarification on how to deal with VASPs from jurisdictions lacking travel rule legislation. They’re in the dark as to whether they may transact with them, which transmittal data they should collect, and some have proposed that these VASPs remain exempt from the Travel Rule while their jurisdictions develop their regulatory frameworks to register and license them.

 8. Specific wording issues

A number of wording issues in the FATF’s guidance Recommendation 16’s VASPs were, such as the Legal Entity Identifier, ‘account number’ and the address of an originator. 

Conclusion

The new June 2021 review date was expected by many industry leaders and experts due to its frequent engagement with virtual industry think tanks to the slow response from member countries as they wrestle with other challenges like the COVID-19 pandemic.

The FATF admits that the COVID-19 pandemic had curtailed its efforts to gain broad industry feedback on their responses to the revised Standards and that its findings could therefore not be reflective of the entire crypto industry’s actions (paragraph 37). 

For example, its Private Sector Consultative Forum (PSCF) has been postponed to October 2020. Instead, the FATF was forced to rely on the results of a questionnaire, its Virtual Assets Contact Group‘s deliberations with selected VASPs and TSPs and the results of the Financial Services Agency of Japan’s March 2020 roundtable. 

The additional 12 months will allow the FATF and its Global Network more time to complete mutual evaluation and follow-up reports, covering progress by the public and private sectors and considering issues such as:

  • travel rule implementation
  • anonymous peer-to-peer virtual asset transactions via unhosted, non-custodial wallets
  • enhanced market metrics on virtual assets, “especially on the volume and proportion of peer-to-peer virtual asset transactions.

Ultimately, the FATF’s 12-Month Review of its revised Standards offers few surprises and no real shocks to a crypto industry that has reluctantly fallen in line with its new AML/CFT regulations since June 2019. 

With a clear roadmap now until June 2021’s final review, the virtual asset industry and its service providers have their work cut out. Even more so, the onus now lies on technical solution providers to further iterate on their “regtech” and seek interoperability with each other.

Written by Werner Vermaak


About CoolBitX and Sygna Bridge

CoolBitX’s Sygna Bridge is a first-to-market travel rule solution and alliance network that is live and being used by our VASP partners to share compliant originator and beneficiary transmittal information.

Sygna Bridge completed a successful production test report (Big 4 audited) earlier this year, which was presented to the FATF Contact Group in May 2020. Sygna Bridge now also supports the IVMS101 messaging standard.

CoolBitX has signed MoUs with 18 VASPs worldwide and recently joined forces with Elliptic in a combined quest to help crypto companies comply with the FATF Standards.

For enquiries on the FATF Travel Rule and our Sygna Bridge solution for VASPs, please contact us at info@sygna.io.

Bridging Crypto Regulation: Sygna's First 12 Months and 2020 Roadmap

Crypto, the Beloved Country: South Africa Proposes New CASP Regulations for Exchanges