FATF Issues Targeted Virtual Asset Update
On June 30, 2022, the Financial Action Task Force (“FATF”) issued its Targeted Update on Implementation of FATF’s Standards on VAs [virtual assets] and VASPs [virtual asset service providers] (the “Targeted Update”), updating its prior virtual asset guidance (the “FATF VA Guidance”).
The Targeted Update examines the current status of some of the items previously addressed in FATF VA Guidance (including travel rule implementation) and some current developments, further to surveys conducted by the FATF and recent consultations between the FATF and industry on these matters.
Travel Rule Implementation
The “travel rule” (“Travel Rule”) refers to the requirement under anti-money laundering legislation for an entity to include or obtain certain information in relation to transfers (in this context, transfers of virtual currency, although a similar rule applies to electronic fund transfers).
In Canada, entities have been required to comply with the Travel Rule with respect to virtual currency transfers since June 1, 2021. Financial entities, money services businesses (“MSBs”) and foreign MSBs must include Travel Rule information when they send virtual currency transfers, and must take reasonable measures to ensure that this information is included when they receive virtual currency transfers which require a virtual currency record to be kept. The required Travel Rule information consists of (a) the name, address and the account number or other reference number (if any) of the person or entity who requested the transfer (originator information); and (b) the name, address and the account number or other reference number (if any) of the beneficiary.
Status of Implementation
Based on a March 2022 FATF survey of 98 countries, only 29 of such countries (which would include Canada) have currently implemented Travel Rule legal requirements applicable to virtual assets (“VAs”) and virtual asset service providers (“VASPs”), and only 11 have started enforcement. A third of the jurisdictions had not yet started to implement the Travel Rule.
Countries have taken and are continuing to take different approaches to Travel Rule implementation, in particular with respect to de minimis thresholds, privacy issues and transactions with unlicensed counterparties and/or unhosted wallets. The Targeted Update notes the need for countries to coordinate on these issues and the need for industry to develop and standardize the necessary technological tools to assist with compliance across jurisdictions while complying with domestic nuances.
The Targeted Update also addresses the “sunrise issue”, which is the issue resulting from the fact that VASPs are interacting with counterparties operating in other jurisdictions that are at different stages of Travel Rule implementation. Since compliance with the Travel Rule involves some dependencies on counterparties, as it requires obtaining information from counterparties, the differing timelines and regimes across countries have created challenges for compliance.
To address this issue, the Targeted Update notes that countries have extended flexibility by way of phased approaches/grace periods and have allowed VASPs to implement risk-based measures when the necessary information cannot be obtained prior to or concurrently with the transaction (such as performing enhanced due diligence and/or submitting Travel Rule subsequently). The Targeted Update notes that accelerated Travel Rule implementation should diminish the scale of the sunrise issue going forward.
The Targeted Update states that “[a]s part of the sunrise issue, some jurisdictions have introduced requirements or guidance to clarify how their domestic VASPs should interact with foreign unlicensed/unregistered counterparts”, including “(i) whether domestic VASPs are permitted to make transactions with those VASPs; and (ii) whether domestic VASPs are required to send Travel Rule-related transactional and customer information to those VASPs.”
The Targeted Update notes that “approaches to unhosted wallets have emerged as a key topic of discussion in industry consultations” and “while many jurisdictions are still deciding what approach to take, most that have decided, will follow the approach outlined in the FATF’s Updated Guidance, by requiring VASPs to collect relevant beneficiary information on unhosted wallets from their own customer”. Some jurisdictions are also requiring risk mitigation measures wallets and/or the use of blockchain analytic services. The FATF indicates it will continue to monitor this issue.
De Minimis Thresholds
The FATF survey identified that 35 of the 98 surveyed countries have introduced de minimis thresholds, typically of 1,000 USD/ Euro, below which there are less onerous requirements, provided however that, even when below such thresholds, VASPs must still collect: a) the name of the originator and the beneficiary, and b) the VA wallet address for each or a unique transaction reference number for VA transfers. Canada has not introduced any such de minimis thresholds.
Industry participants have raised data privacy concerns in connection with Travel Rule implementation. Countries generally require compliance with data privacy legislation when dealing with Travel Rule information; some countries have also gone further and imposed additional data security requirements on VASPs in the process of registration/licensing approvals.
The Targeted Update reiterates the prior recommendation in the FATF VA Guidance that VASPs “take into account the robustness of the counterparty’s data security controls when deciding whether to send Travel Rule and other similar data.” The FATF will continue to monitor data privacy challenges to help ensure they do not impede Travel Rule implementation.
Private Sector Implementation
The Targeted Update notes the progress of private sector industry implementation including the emergence of various technological tools. However, the FATF notes that there remains a lack of global interoperability and scaleability. Accordingly, the FATF “calls on industry to accelerate efforts to strengthen solutions that are global, and can accommodate nuances in requirements across jurisdictions.” The Targeted Update includes guiding questions developed by two jurisdictions for Travel Rule technological solution providers, which address interoperability, timing and scope of data submission and capabilities with respect to recordkeeping and transaction monitoring.
Decentralized Finance (“DeFi”), Non-Fungible Tokens (“NFTs”) and Stablecoins
The Targeted Update notes that DeFi, NFT and stablecoin markets and uses continue to expand and states the following:
- The FATF will continue to focus on the substance of a transaction rather than terminology. In this respect the Targeted Update notes that “FATF’s recent outreach with industry suggests that “decentralised” currently can be a marketing term rather than a technical description, and that even in so-called decentralized arrangements, often there continues to be persons and centralized aspects that may be subject to AML/CFT obligations.”
- With respect to DeFi, the Targeted Update notes that the “FATF will continue to monitor developments in DeFi, particularly the emergence of truly decentralized DeFi entities, and to facilitate dialogue on common AML/CFT implementation challenges, risk assessment, and good practices.”
- With respect to NFTs, the Targeted Update reiterates the view from the prior guidance that “NFTs that are unique, and used in practice as collectibles rather than as payment or investment instruments, are not VAs generally speaking for the purpose of the FATF Standards. Nevertheless, jurisdictions should apply the FATF Standards on VAs to NFTs in cases they perform the same function as VAs (used for payment or investment purpose). Given the rapid development of NFT markets and their functions/forms, FATF will continue to monitor this issue and discuss any new implementation issues and country approaches.”
- With respect to stablecoins, the Targeted Update notes that “[s]imilarly, FATF remains vigilant to shifts in market developments for stablecoins. As the liquidity of stablecoins increases in parallel with the growth of DeFi markets, FATF will continue to facilitate discussion between jurisdictions and other standard setting bodies on implementation issues.”
Increased Involvement of Traditional Financial Institutions
The FATF also noted the “increased involvement in some jurisdictions of traditional financial institutions in VA markets”, and the need to monitor such trends to ensure AML risks are properly addressed.
The FATF highlighted the continued use of virtual assets (together with the use of mixers or tumblers and privacy coins) by bad actors seeking to receive and launder proceeds from ransomware attacks. The FATF also noted that there has been successful use by law enforcement and industry of blockchain analytics to help trace such activity. The Targeted Update reiterated the importance of implementation of the FATF standards including the Travel Rule to help detect such activity.
The Targeted Update identified the following as next steps:
- FATF Recommendation 15 (New Technologies) – Member countries should continue to accelerate compliance with this recommendation, with a focus on virtual assets, by updating legislation and engaging in enforcement.
- Travel Rule – Member countries should introduce and implement Travel Rule legislation as soon as possible to the extent they have not yet done so. They should also promote cross-border implementation and engage in information sharing with respect to challenges and practices respecting Travel Rule implementation. Countries should also foster interoperability across Travel Rule technological solutions.
- Current Developments - The FATF should continue to monitor current developments and trends, including in respect of DeFi and NFTs. The FATF will also work with its members over the next year to help further educate them in respect of the use of virtual assets for ransomware payments.
The FATF will conduct a further review on these matters by June 2023.
From a Canadian perspective, as a FATF member country, FATF determinations and guidance on these matters will likely be highly influential to the approaches and interpretations taken by our policy makers and regulators, including with respect to global Travel Rule implementation solutions and with respect to views on current developments, particularly those which have not yet been specifically addressed in guidance by Canadian AML regulators (notably DeFi, NFTs and stablecoins).
For more information about our firm’s Fintech expertise, please see our Fintech group’s page.
 The FATF is an intergovernmental policy-making body that was established in 1989. The FATF sets standards and promotes the implementation of legal, regulatory, and operational measures to combat threats to the integrity of the international financial system, including money laundering and financing terrorism.