Alerts

FATF Releases Anticipated Guidance for Virtual Assets and Virtual Asset Service Providers, Survey Results on Cross-Border Payments and Proposed Revisions to Beneficial Ownership Standard

November 30, 2021

On Oct. 21, 2021, the Financial Action Task Force (“FATF”), an intergovernmental body that sets international standards and recommendations to prevent money laundering and terrorist financing (“ML/TF”), concluded its October plenary meeting and issued three notable publications.[1] First, and most importantly, FATF released a much-anticipated updated version of its guidance on a risk-based approach to virtual assets (“VAs”) and virtual asset service providers (“VASPs”) (“Guidance”),[2] which revises and elaborates on FATF’s original guidance related to VAs and VASPs published in 2019.[3] In addition, FATF (1) finalized a report on survey results regarding implementation of the FATF standards on cross-border payments (“Survey Results”),[4] and (2) proposed revisions to its standards regarding beneficial ownership for legal persons (“Proposed UBO Revisions”).[5] Although FATF’s publications, including its standards and recommendations, are not binding on member countries, they are influential for government authorities and may affect laws and policy in local jurisdictions.

VASP Guidance

The Guidance revises FATF’s original guidance in the following ways: (1) clarification of the definitions of VA and VASP; (2) guidance on how FATF’s standards and recommendations apply to stablecoins; (3) additional guidance on money laundering and terrorist financing (“ML/TF”) risks for peer-to-peer (“P2P”) transactions and the resources available to countries to address them; (4) updated guidance on the licensing and registration of VASPs; (5) further clarification for the public and private sectors relating to implementation of the “Travel Rule”; and (6) guiding principles for information sharing and cooperation between supervisory authorities of VASPs.[6]

Below are our key takeaways.

1. Clarification of the Definitions of “VA” and “VASP”

FATF defines “VA” as a “digital representation of value that can be digitally traded or transferred and can be used for payment or investment purposes.”[7] The Guidance notes that member countries should interpret the definition broadly, “with jurisdictions relying on the fundamental concepts contained in it to take a functional approach that can accommodate technological advancements and innovative business models.”[8] FATF clarifies that VAs must be digital and must present themselves as digitally traded or transferred and “be capable of being used for payment or investment purposes,”[9] and that VAs cannot simply be digital representations of fiat currency, securities, or other financial assets elsewhere defined in FATF’s Standards and Recommendations.[10] The Guidance also notes that digital assets that are “used as collectibles rather than as payment or investment instruments,” such as non-fungible tokens or crypto-collectibles, are generally not considered to be VAs under FATF’s definition, but cautions authorities to examine the characteristics of such digital assets when making such determinations.[11]

FATF defines a “VASP” as:

any natural or legal person who is not covered elsewhere under the Recommendations and as a business conducts one or more of the following activities or operations for or on behalf of another natural or legal person: (i) Exchange between virtual assets and fiat currencies; (ii) Exchange between one or more forms of virtual assets; (iii) Transfer of virtual assets; (iv) Safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; and (v) Participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.[12]

The Guidance similarly stresses that this definition should be interpreted broadly but does not apply to entities covered elsewhere under the Recommendations, such as financial institutions and designated non-financial businesses and professions (e.g., casinos, real estate agents, precious metal/precious stone dealers, lawyers, notaries, and other independent professionals, such as accountants and trust company service providers).[13] Notably, the Guidance clarifies that a decentralized finance (“DeFi”) application (i.e., applications used to exchange virtual currency that operates outside of a central service) is not considered a “VASP” under FATF’s Standards because DeFi applications are software or technology and the FATF Standards do not apply to underlying software or technology. DeFi creators, owners, operators, and other persons who maintain control or influence in DeFi arrangements, however, “may fall under the FATF definition of a VASP where they are providing or actively facilitating VASP services.”[14] With respect to the regulatory treatment of DeFi projects, the Guidance urges member countries to “evaluate the facts and circumstances of each individual situation to determine whether there is an identifiable person(s), whether legal or natural, providing a covered service [under the FATF Standards].”[15]

In addition, the Guidance confirms that the “VASP” definition covers activities related to initial coin offerings (“ICOs”).[16] The Guidance stresses that, when authorities are determining how the VASP definition applies to entities in an ICO, the “facts and circumstances underlying an asset, activity or service” should determine its categorization, “rather than any labels or terminology used by market participants.”[17]

Finally, the Guidance clarifies that FATF “does not seek to regulate, as VASPs, natural or legal persons that provide ancillary services or products to a VA network, to the extent that they do not provide or actively facilitate as a business any covered VA activities or operations on behalf of their customers.”[18]

2. Guidance on How FATF’s Standards Apply to Stablecoins

Addressing the larger topic of the scope of the FATF’s Standards’ application, the Guidance sets forth additional guidance on how FATF members should treat stablecoins in the ML/TF context. Noting that the features of a stablecoin “will also impact the extent to which ML/TF risks materiali[z]e,” the Guidance warns that certain design choices of stablecoins—namely whether they are centralized or decentralized—can have implications for ML/TF risks.[19] Accordingly, the Guidance advises FATF countries, VASPs, and other “obliged entities” to “identify and assess ML/TF risks relating to stablecoins before launch and in an ongoing and forward-looking manner, and take appropriate measures to manage and mitigate the risks before launch.”[20] The Guidance lists a variety of considerations in determining whether a stablecoin, or any service providers associated with its development and management, is a VA or VASP subject to FATF Standards,[21] as well as providing a hypothetical case study of a stablecoin arrangement and the application of the FATF Standards.[22]

In the United States, the President’s Working Group[23] on Financial Markets, the Federal Deposit Insurance Corporation (“FDIC”) and the Office of the Comptroller of the Currency (“OCC”) recently released an interagency report (“Report”)[24] concerning “payment stablecoins,” which the Report defined as “stablecoins that are designed to maintain a stable value relative to a fiat currency and, therefore, have the potential to be used as a widespread means of payment.”[25] The Report focused on the risks stablecoins pose to the safety and efficiency of the financial market, along with three recommended actions that Congress, as well as the Agencies, could take to address those risks:[26] (1) require stablecoin issuers be insured depository institutions; (2) subject digital wallet providers to appropriate federal oversight; and (3) require affiliation and user data restrictions.

With regard to the Guidance, the Report noted that the U.S. Department of the Treasury is continuing to lead efforts at the organization to ensure stablecoins are not facilitating money laundering and terrorism financing, and that such efforts are especially important due to the potential rapid increase in cross-border stablecoin payments, which could amplify risks of money laundering and terrorism financing as governments unevenly implement suggested FATF standards.[27] The Report further made two interim recommendations: (1) existing federal agencies, including the Securities and Exchange Commission (“SEC”), the Commodity Futures Trading Commission (“CFTC”), and the Financial Crimes Enforcement Network (“FinCEN”), should use their oversight power to exercise regulatory authority over stablecoins, where appropriate;[28] and (2) in the absence of congressional action, the Financial Stability Oversight Council (“FSOC”) should designate certain activities conducted within stablecoin arrangements as, or as likely to become, systemically important payment, clearing, and settlement (“PCS”) activities.[29]

3. Additional Guidance on the Risks and Resources Available to Countries to Address ML/TF Risks for P2P transactions

Although the Guidance notes that P2P transactions are “not explicitly subject to AML/CFT controls under the FATF Standards ... because the Standards generally place obligations on intermediaries, rather than on individuals,” it warns that P2P transactions could be used for illicit activity by avoiding the FATF Standards’ AML/CFT controls.[30] FATF members and VASPs should therefore “seek to understand what types of P2P transactions pose higher or lower risk and understand drivers of P2P transactions and their different risk profiles.”[31] The Guidance outlines several factors that could affect the extent to which users engage in P2P transactions, including “the VA’s accessibility and protocols that control the VA’s privacy, transparency, security and associated transaction fees.”[32]

4. Updated Guidance on the Licensing and Registration of VASPs

Under the Guidance, FATF member countries have flexibility in applying licensing or registration to VASPs.[33] FATF encourages member countries to “take action to identify natural or legal persons that carry out VA activities or operations without the requisite license or registration and apply appropriate sanctions, including in the context of traditional obliged entities that may engage in VA activities or operations (e.g., a bank that provides VAs to its customers).”[34] In addition, VASPs that are licensed or registered in a given jurisdiction “should be required to meet appropriate licensing and registration criteria set by relevant authorities,” and authorities processing applications for VASP licensure and registration should be prepared to take appropriate legal and regulatory measures to prevent bad actors from holding such a license.[35] Further, the Guidance requires VASPs to implement AML/CFT compliance prior to launching a new product or service.[36]

The United States already has an established framework for requiring the licensing and registration of VASPs. For example, FinCEN requires all “exchangers” and “administrators” of convertible virtual currency (“CVC”) to register as money services business (“MSB”) and, as such, comply with the Bank Secrecy Act (“BSA”), its implementing regulations, and additional anti-money laundering laws applicable to MSBs.[37] Such entities may also have licensing and registration requirements imposed by various states depending on where the entity is located or where the entity’s consumers are located.[38] Additionally, as reinforced in the Report, the SEC and CFTC can exercise regulatory authority over the relevant VASPs to the extent that the VAs they deal in, develop or administer function as securities, commodities, or derivatives.[39]

5. Further Guidance for the Public and Private Sectors on the Implementation of the “Travel Rule”

The Guidance sets forth several recommendations for how the Travel Rule would specifically apply to transmittals of VAs or transmittals between VASPs. Specifically, FATF recommends that the Travel Rule ensure that originating VASPs “obtain and hold required and accurate originator information and required beneficiary information on virtual asset transfers.”[40] The Guidance includes a table (replicated in the attached PDF) detailing the specific information originating and beneficiary institutions should obtain, hold, send to each other, and submit before or simultaneously with the transfer[41].

The Guidance also clarifies that a VA transfer’s transaction fees (i.e., the amounts of VA that may be collected by a miner who includes the transaction in a block) are not within the scope of the Travel Rule.[42] Moreover, automatic refunds would also not be within the scope of the Travel Rule.[43]

In the United States, FinCEN has already issued guidance applying the U.S. recordkeeping and travel rules to CVC transactions.[44] In addition, the Board of Governors of the Federal Reserve System and FinCEN recently issued a proposed rule to more clearly delineate the requirements of the U.S. recordkeeping and travel rules to certain CVC transactions. If this rule is finalized as proposed, transactions involving CVCs would explicitly be subject to U.S. travel rules.[45]

In addition, the Guidance recommends that member countries require VASPs to conduct proper due diligence on a counterparty VASP before engaging in their first transaction with that counterparty in order to avoid dealing with illicit actors and fraudulent schemes.[46] When a VASP is receiving or transferring a customer’s VA to an unhosted wallet, the VASP does not need to send the required information to the unhosted wallet, but the VASP still needs to collect the required originator and beneficiary information from its customer.[47]

In the United States, a notice of proposed rulemaking issued by FinCEN late last year would, if adopted as proposed, similarly require banks and money services businesses (“MSBs”) to (1) submit reports for transactions exceeding $10,000 USD involving CVCs or digital assets with legal tender status (“LTDA”); (2) maintain records of customers’ CVC and LTDA transactions exceeding $3,000 USD; and (3) verify the identity of those customers engaging in CVC or LTDA transactions exceeding $3,000 USD with counterparties using wallets that are either (i) not hosted by a financial institution, i.e., unhosted or self-hosted wallets, or (ii) hosted by a financial institution, but located in a jurisdiction listed on FinCEN’s Foreign Jurisdictions List, which FinCEN is proposing to establish.[48]

6. Guiding Principles for Information Sharing and Cooperation Between Supervisors of VASPs

The Guidance urges member countries to designate at least one “competent authority” (e.g., tax authorities, securities authorities, or a specially designated VASP supervisor) to supervise VASPs within their jurisdiction and encourages supervisors to share certain information with supervisors in other jurisdictions.[49] FATF also suggests that supervisors create mechanisms to ensure cooperation among themselves, including entering into Memoranda of Understanding and potentially designating one supervisor as the focal point of information on a given VASP if that VASP conducts most of its activity within that supervisor’s jurisdiction.[50]

FinCEN serves as the United States’ financial intelligence unit and has taken a lead role in coordinating information-sharing and cooperation activity relating to the virtual currency and digital asset industry. Broadly, as mandated under the USA PATRIOT Act, FinCEN has adopted regulations and issued guidance encouraging information sharing among financial institutions and with law enforcement.[51] More recently, FinCEN has participated in several intergovernmental working groups focused on the risks posed by digital currencies, and has established a Chief Digital Currency Advisor position that will “work[] across internal and external partners toward strategic and innovative solutions to prevent and mitigate illicit financial practices and exploitation.”[52]

Cross-Border Payment Survey Results

Alongside the Guidance, FATF also released Survey Results, which detail the findings of an industry survey to “identify areas where divergent AML/CFT rules or their implementation cause friction for cross-border payments.”[53] Among other conclusions, the Survey Results note that the “lack of risk-based approach and inconsistent implementation of the AML/CFT requirements increases cost, reduces speed, limits access and reduces transparency.”[54] Accordingly, FATF notes that it will take a “holistic view on the challenges identified” and stresses that any solution should “result in meaningful improvements in efficiency and effectiveness of national measures, processes, procedures and practices, without compromising AML/CFT safeguards.”[55]

Beneficial Ownership Standards Proposed Revisions

Finally, FATF released for public comment the Proposed UBO Revisions to Recommendation 24, its beneficial ownership standard. Notably, the Proposed UBO Revisions would amend the Recommendation to require member countries to retain beneficial ownership information in a particular mechanism (e.g., “either a register ... or an alternative mechanism”).[56] In addition, the Proposed UBO Revisions would clarify that beneficial ownership information should be “adequate, accurate, and up-to-date”[57]; FATF indicates that such information would have to be “sufficient to identify the natural person(s) who are the beneficial owner(s),” verifiable to confirm the identity and status of the beneficial owner using “reliable, independent source documents, data or information,” and as current as possible.[58] FATF notes that the Proposed UBO Revisions are designed to “reinforce the Recommendation to ensure greater transparency about the beneficial ownership of legal persons, and take action to mitigate the [associated] risks.”[59]

In the United States, under the Corporate Transparency Act enacted last year, certain companies created or registered to do business in the United States must report identifying information, including their beneficial ownership information of 25% or more, as well as certain control persons, to FinCEN.[60] The reporting requirements of the bill will only become effective once FinCEN finalizes a regulation to implement these statutory requirements, which FinCEN must do by Jan. 1, 2022. In April 2021, FinCEN issued an advance notice of proposed rulemaking (“ANPRM”), commencing the rulemaking process to implement these statutory requirements.[61] The ANPRM would require covered entities to disclose information regarding (1) its beneficial owners and control persons, (2) individuals who register the entity or file the application necessary for the entity to do business in the United States, and (3) other identifying information of the entity itself.[62]

Conclusion

As mentioned above, although FATF’s Standards and Recommendations are not binding on member countries, they are influential in setting regulatory requirements and policy. As such, FATF’s Guidance may be influential on future U.S. regulation affecting the virtual currency and digital asset industry. In its release accompanying the Guidance, FATF notes that it will “closely monitor the virtual assets and VASPs sector for any material changes that necessitate further revision or clarification of the FATF Standards,” including changes relating to stablecoins, P2P transactions, non-fungible tokens, and DeFi.[63] As this statement appears to indicate, we have likely not heard the last of FATF’s influence in the VA regulatory space. Entities affected by the Guidance should be aware of and understand the implications of FATF’s recommendations in order to prepare for any future requirements that may align with the FATF Standards.

Schulte Roth & Zabel’s lawyers are available to assist you in addressing any questions you may have regarding these developments. Please contact the Schulte Roth & Zabel lawyer with whom you usually work, or any of the following attorneys:

Donald J. Mosher – New York (+1 212.756.2187, donald.mosher@srz.com)

Betty Santangelo – New York (+1 212.756.2587, betty.santangelo@srz.com)

Kara A. Kuchar – New York (+1 212.756.2734, kara.kuchar@srz.com)

Jessica Sklute – New York (+1 212.756.2180, jessica.sklute@srz.com)

Melissa G.R. Goldstein – Washington, DC (+1 202.729.7471, melissa.goldstein@srz.com)

Adam J. Barazani – New York (+1 212.756.2519, adam.barazani@srz.com)

Jessica Romano – New York (+1 212.756.2205, jessica.romano@srz.com)

Hadas A. Jacobi – New York (+1 212.756.2055, hadas.jacobi@srz.com)

Steven T. Cummings – New York (+1 212.756.2251, steven.cummings@srz.com)

[1] FATF is an international standard-setting body with more than 200 member countries and jurisdictions that develops certain Standards and Recommendations to “ensure a co-ordinated global response to prevent organised crime, corruption and terrorism.” Financial Action Task Force, Who We Are, available here.

[2] Financial Action Task Force, Updated Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers (Oct. 2021) [hereinafter Guidance], available here. See also Financial Action Task Force, In Brief, Guidance for a Risk-Based Approach for Virtual Assets and Virtual Asset Service Providers (Oct. 2021) [hereinafter In Brief], available here (providing a high-level overview of the Guidance).

[3] Financial Action Task Force, Guidance for a Risk-Based Approach, Virtual Assets and Virtual Asset Service Providers (June 2019), available here.

[4] Financial Action Task Force, Cross-Border Payments: Survey Results on Implementation of the FATF Standards (Oct. 2021) [hereinafter Survey Results], available here.

[5] Financial Action Task Force, Revisions to Recommendation 24 and Its Interpretive Note – Public Consultation [hereinafter Proposed UBO Revisions], available here.

[6] Guidance, supra note 2, at 5.

[7] Id. at 21–22.

[8] Id.

[9] Id. at 23.

[10] Id.

[11] Id. at 24.

[12] Id. at 22.

[13] Id. at 25.

[14] Id.

[15] Id.

[16] Id. at 30.

[17] Id. at 31.

[18] In Brief, supra note 2.

[19] Guidance, supra note 2, at 17.

[20] Id. at 18.

[21] Id. at 33.

[22] Id. at 34.

[23] The President’s Working Group is chaired by the Secretary of the Treasury and consists of the chairs of the Board of Governors of the Federal Reserve, the Securities and Exchange Commission (“SEC”) and the Commodity Futures Trading Commission (“CFTC”).

[24] President’s Working Group on Financial Markets, Federal Deposit Insurance Agency & Office of the Comptroller of the Currency, Report on Stablecoins (Nov. 2021) [hereinafter Report], available here. For more information about the Report, please see our prior Alert, “President’s Working Group Issues Interagency Risk Assessment of Stablecoins.”

[25] See Report, supra note 23, at 2.

[26] See id.

[27] See id. at 19.

[28] See id. at 11.

[29] See Report, supra note 23, at 18.

[30] Guidance, supra note 2, at 18.

[31] Id. at 19.

[32] Id.

[33] Id. at 43.

[34] Id. at 44.

[35] Id. at 45.

[36] Id. at 46.

[37] See FinCEN’s Rule for Money Services Businesses, 31 C.F.R. Part 1022. FinCEN defines CVC as a “type of virtual currency [that] either has an equivalent value in real currency, or acts as a substitute for real currency.” FinCEN, FIN-2013-G001, “Application of FinCEN’s Regulations to Persons Administering, Exchanging, or Using Virtual Currencies” (March 18, 2013), available here.

[38] For example, the New York State Department of Financial Services (DFS), for example, issued its virtual currency regulation in 2015 under the New York Financial Services Law, known as a “BitLicense.” 23 NYCRR Part 200. Under the regulation, engaging in any “Virtual Currency Business Activity” in New York without a DFS license is prohibited. 23 NYCRR 200.3(a).

[39] See Report, supra note 23, at 11.

[40] Guidance, supra note 2, at 57.

[41] This table appears in Guidance, supra note 2, at 59.

[42] Id. at 56, n.43.

[43] Id.

[44] See FIN-2019-G001, Application of FinCEN’s Regulations to Certain Business Models Involving Convertible Virtual Currencies (May 9, 2019), available here (“Because a transmittal order involving CVC is an instruction to pay ‘a determinable amount of money,’ transactions involving CVC qualify as transmittal of funds, and thus may fall within the Funds Travel Rule [(“FTR”)]. Under the [FTR], a transmittal of funds of $3,000 or more (or its equivalent in CVC) may trigger certain requirements on a money transmitter acting as either the financial institution for the transmittor or recipient, or as an intermediary financial institution. The money transmitter must obtain or provide the required regulatory information either before or at the time of the transmittal of value, regardless of how a money transmitter sets up their system for clearing and settling transactions, including those involving CVC.”)

[45] See Joint Notice of Proposed Rulemaking, Threshold for the Requirement To Collect, Retain, and Transmit Information on Funds Transfers and Transmittals of Funds That Begin or End Outside the United States, and Clarification of the Requirement to Collect, Retain, and Transmit Information on Transactions Involving Convertible Virtual Currencies and Digital Assets with Legal Tender Status, 85 Fed. Reg. 68005 (Oct. 27, 2020), available here.

[46] Guidance, supra note 2, at 62.

[47] Id. at 65.

[48] Notice of Proposed Rulemaking, Requirements for Certain Transactions Involving Convertible Virtual Currency or Digital Assets, 86 Fed. Reg. 3,897 (Jan. 15, 2021), available here. For more information about FinCEN’s proposed rule on unhosted and high-risk jurisdiction wallets and the advance notice of proposed rulemaking, please see our prior Alert, “FinCEN Releases Notice of Proposed Rulemaking and FAQs Concerning Convertible Virtual Currency and Legal Tender Digital Asset Transactions.”

[49] Guidance, supra note 2, at 102.

[50] Id. at 105.

[51] USA PATRIOT Act, Pub. L. 107-56 § 314(a)–(b) (2001). See also 31 C.F.R. pt. 1010.520 (implementing FinCEN’s 314a Program; U.S. Dep’t of Treasury, Financial Crimes Enforcement Network, Section 314(b) Fact Sheet (Dec. 2020), available here.

[52] Press Release, U.S. Dep’t of Treasury, Financial Crimes Enforcement Network, FinCEN Welcomes First-Ever Chief Digital Currency Advisor and First Director of Strategic Communications (July 6, 2021), available here.

[53] Press Release, Financial Action Task Force, Cross Border Payments – Survey Results on Implementation of the FATF Standards (Oct. 22, 2021), available here.

[54] Id.

[55] Survey Results, supra note 3, at 5.

[56] Proposed UBO Revision, supra note 4, at 3.

[57] Id. at 7.

[58] Id.

[59] Press Release, Financial Action Task Force, Revisions to Recommendation 24 and Its Interpretive Note – Public Consultation (Oct. 2021), available here.

[60] National Defense Authorization Act for Fiscal Year 2021 (Corporate Transparency Act §§ 6401–03), available here.

[61] Advance Notice of Proposed Rulemaking, Beneficial Ownership Information Reporting Requirements, 86 Fed. Reg. 17,557 (Apr. 5, 2021), available here.

[62] Id. For more information about the Corporate Transparency Act and FinCEN’s advance notice of proposed rulemaking, please see our prior Alert, “FinCEN Commences Rulemaking Process for Implementation of Corporate Transparency Act Requiring Disclosure of Beneficial Ownership Information.”

[63] Press Release, Financial Action Task Force, Updated Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers (Oct. 2021), available here.

This communication is issued by Schulte Roth & Zabel LLP for informational purposes only and does not constitute legal advice or establish an attorney-client relationship. In some jurisdictions, this publication may be considered attorney advertising. ©2021 Schulte Roth & Zabel LLP.