If there was ever a phenomenon that mirrored the situation of going down the rabbit’s hole (think Alice in Wonderland), it is cryptocurrency! Long considered with suspicion by global regulators, finance professionals and money laundering watchdogs, the cryptocurrency phenomenon while unmapped is increasingly becoming mainstream.

While most countries are yet to declare cryptocurrency as legal tender, or even regulate crypto businesses, it cannot be denied that crypto is fast emerging as a part of the global financial system. This has prompted many jurisdictions like Australia, Singapore, UK, USA and Japan, to establish taxation norms and requirements for engaging in any form of crypto activity.

As FATF took a slow and measured pace to form any conclusive guidelines, it fell upon individual countries to take some concrete steps towards regulating crypto activities. Australia (AUSTRAC) and the EU are some of the regimes to have included crypto businesses in the framework of “regulated entities” for AML/CTF compliance.

Why does cryptocurrency conjure up fear amongst regulators?

The key to tackling financial crime and terror financing and fraud is the ability to trace the beneficial ownership and touchpoints of financial transactions. Every day the world witnesses billions and billions of dollars transferred across geographies for the purpose of financing regional and global terrorism. Drugs, gambling, illicit activities and financial crime occur every day both in the open economy and in connivance with shadow banking and the dark web. Just as the Vancouver model in Canada has created a phenomenal rise in drug crimes and deaths together with an abnormal spike in real estate prices, other countries too with uncontrolled money laundering mechanisms have witnessed a spurt in terrorist financing and financial crime.

Governments are the custodians of the citizen wealth. They are reposed with the responsibility of maintaining internal security and a stable financial system, both props of a stable economy. This makes it incumbent upon every government to frame AML/CTF regulations that attempt at tackling money laundering activities.

The anonymity aspect of the cryptocurrency is the very bane of its functionality. Despite the many benefits of crypto, it cannot be ignored that cryptocurrency has a vast potential of being used to launder dirty money and finance crime. The ownership of cryptocurrency and its money trails cannot be traced, which is the very backbone of the money laundering and terror financing mechanism.

An AML/KYC Approach to Cryptocurrency Regulations is considered the ultimate solution of a tech-driven virtual currency that is fast emerging a part of money remittance systems.

The FATF solution – from declaring crypto as a “virtual asset” to setting out requirements

The FATF finally comes clear on the risks of cryptocurrency businesses. In its February 22 Plenary, the FATF issued a Draft Interpretive Note to FATF Recommendation 15 that sets the tone for the final Regulatory Guidance scheduled for release in June 2019. This Draft takes the October 2018 FATF Recommendation 15 of crypto as a “virtual asset” a step further. 

In October 2018, FATF had declared clearly that while “Virtual assets and related financial services have the potential to spur financial innovation and efficiency and improve financial inclusion, but they also create new opportunities for criminals and terrorists to launder their proceeds or finance their illicit activities.” FATF gave a clarion call for “an urgent need for all countries to take coordinated action to prevent the use of virtual assets for crime and terrorism.” Following this, FATF has now set out detailed implementation requirements for the regulation and monitoring of virtual asset service providers (VASPs) or cryptocurrency businesses.

What does the latest FATF Draft convey?

The latest rollout by FATF, which become part of the June Final Guideline, details the compliance requirements of crypto businesses.

  • VASPs will be required to be licensed or registered in the jurisdiction(s) where they are created.
  • Competent authorities in the jurisdiction are required to implement the necessary legal and regulatory measures to prevent criminals or their associates from being a beneficial owner, holding controlling interest, or a management function, in a VASP.
  • VASPs are subject to regulation and monitoring for AML/CFT compliance and relevant FATF Recommendations. The objective is to mitigate money laundering and terrorist financing risks from virtual assets.
  • A range of sanctions, whether criminal, civil or administrative, will be available with the “competent authorities” to deal with VASPs that fail to comply with AML/CFT requirements.

Sanctions are applicable not only to VASPs, but also to their directors and senior management. 

  • VASPs must comply with FATF Recommendations 10-22, for transactions with a threshold above USD/EUR 1000. In such cases, the VASPs must obtain information on both, the sender and the beneficiary. The VASP is also required to share this information with the beneficiary VASP, thus removing anonymity from the “virtual asset”.

This also means having in place a system of KYC, Customer Due Diligence, PEP Screening, and Sanctions Checks against high-risk third countries/business activities, and reporting such suspicious activity to the “competent authority”.

  • The “competent authority” must monitor the submission of such information, and take necessary freezing action and/or prohibiting transactions with designated persons and entities, and use such other instruments of risk-based regulatory compliance.

What does this mean for you as a cryptocurrency business or a legal and financial professional in cryptosphere?

Whether a virtual currency exchange platform or a custodian wallet provider, any crypto business will:

  • Need to be registered in a country where it is permitted.
  • Registration must be as a “virtual asset provider”.
  • The crypto business must ensure that any trustee, beneficial owner, or management, does not hold a criminal record.
  • The business must comply with the AML/CTF laws in that jurisdiction, and fulfil the requirements of a “regulated entity” or “obliged entity”.
  • Compliance includes obtaining and sharing information of the sender and receiver in a transaction exceeding USD/EUR 1000, and ensuring a compliance mechanism of CDD, PEP Screening, and other Checks.
  • Use third party services for KYC, PEP, and Sanctions Checks, and Watchlist Screening.
  • Compliance and cooperation with the relevant “competent authority” and other legal and criminal systems in the jurisdiction where it is registered.