On 19th October 2018, Financial Action Task Force (FATF) issued a statement clarifying the urgency for a consistent global regulatory approach on virtual assets (Statement on Regulation of Virtual Assets). The FATF 40 Recommendations and its Glossary have also been updated to reflect the new technology categorisation and definition.
This is a crucial and timely regulatory development for activities relating to virtual assets globally which we believe will resonate across close to 200 jurisdictions currently committed to abide by FATF standards.
Participants in the traditional banking and financial services sector are very accustomed to the pronouncements by FATF as the global standards for anti-money laundering (AML) and countering terrorism financing (CTF). These include taking a risk-based approach, conducting customer due diligence, on-going monitoring, record keeping and reporting of suspicious transactions.
On the other hand, virtual assets participants may be more divided when faced with this new regulation. This is because in one sense, the birth of virtual assets, in particular Bitcoin, was primarily driven by the desire to remove central authority in the financial system as well as to preserve absolute anonymity. In my view, the ultimate achievement of these objectives may be in direct conflict with the concept of what AML and CTF seek to address such as drilling down to the ultimate beneficial owner of financial transactions including source of wealth and source of funds.
Over the last couple of years, with the boom of virtual assets including Initial Coin Offering (ICO) and the growth of ancillary products and services for virtual assets, the complexity of traditional and pseudo financial transactions have grown tremendously. Hence, the urgency for a respected global body, such as FATF, to take the lead in setting high level principles and guidance is very much welcomed.
If this is not done in a timely manner, it may create huge regulatory arbitrage where people will shop around for “regulatory-friendly” jurisdictions to launch their virtual assets businesses. The knock-on effects of a regulatory divergence for virtual assets on crimes such as tax evasion and other serious offences can be quite daunting.
What Has Changed?
FATF has amended its Recommendation 15 on New Technologies by adding the following paragraph:
"To manage and mitigate the risks emerging from virtual assets, countries should ensure that virtual asset service providers are regulated for AML/CFT purposes, and licensed or registered and subject to effective systems for monitoring and ensuring compliance with the relevant measures called for in the FATF Recommendations."
FATF has also updated its Glossary to include 2 key definitions as follow:
Virtual Asset - A virtual asset is a digital representation of value that can be digitally traded, or transferred, and can be used for payment or investment purposes. Virtual assets do not include digital representations of fiat currencies, securities and other financial assets that are already covered elsewhere in the FATF Recommendations.
Virtual Asset Service Provider - Virtual asset service provider means any natural or legal person who is not covered elsewhere under the Recommendations, and as a business conducts one or more of the following activities or operations for or on behalf of another natural or legal person:
exchange between virtual assets and fiat currencies;
exchange between one or more forms of virtual assets;
transfer of virtual assets;
safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; and
participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.
Essentially, this mirrors how existing financial services providers are regulated in the world. Unfortunately, it may appear as a broad-brush approach and some may even say that this is a lazy regulatory stance towards a new sector which will likely inhibit innovation and growth. However, I am of the view that FATF as an international standard-setting body have to approach this topic at a holistic level. It cannot implement standards on a piecemeal basis and must cater for as much eventualities, growth and potential developments in the future yet provide sufficient flexibility for each jurisdiction to manage their respective risk in this area.
Our view is that in general, regulations should never be on the technology itself but on the activities surrounding the technology and in this case, the outcome of technology – virtual assets. It is what people do with virtual assets that matters more.
FATF calls for all jurisdictions to ensure that virtual asset service providers are subject to AML and CTF regulations and should be licensed or registered and subject to monitoring to ensure compliance. In other words, given the broad definition of virtual asset service provider, what used to be “good-to-have” Know-Your-Customer (KYC) practices will become a “must-have” now.
Another interesting point that FATF made in its statement on regulation of virtual assets is that FATF emphasised that jurisdictions have flexibility to decide under which AML/CTF category of regulated activities virtual asset service providers should be regulated, eg. as financial institutions, DNFBPs or as another distinctive category.
I think this is a good practical outcome as different jurisdictions may be at different level of maturity in its financial services sector. To label all virtual asset service providers as financial institutions may require jurisdictions to first ensure that the underlying instrument – virtual asset, is captured somewhere in its legislations. Allowing for a possible categorisation under DNFBPs or a distinct category provides for the much-needed flexibility for each jurisdiction to make its own determination. In short, it is not whether to regulate or not to regulate. It is how and in what form it will be regulated.
How Cynopsis Gain Relevance?
Since its inception in 2014, Cynopsis has been promoting Regulatory Inclusion by making it easier and more efficient for clients to comply with regulatory requirements. We service the underserved by combining our deep regulatory knowledge with functional technologies to automate the manual and digitise the analogue for small and medium sized corporations including FinTech and blockchain start-ups around the world. As a world leading RegTech company, Cynopsis specialises in the domain of KYC, AML and CTF for its clients.
In September 2018, I was invited by FATF to speak at its 3rd FATF FinTech and RegTech Forum in Hangzhou, China. It was a privileged experience where I shared my thoughts about the current virtual assets landscape and the desired regulatory outcomes globally.
Several points that I raised during my presentation to the public and private sector delegates include the following:
Focus on principle-based 40 Recommendations
Global consistency on classification and definition of activities
Extension of current KYC/AML/CTF regulatory framework
National Digital ID Initiatives
How RegTech can help in the regulatory processes
In order to provide a meaningful and reliable service to our customers, we recognise the importance of understanding fundamentals of regulatory requirements. We believe this is what sets us apart from competition because we built our KYC/AML/CTF Software-as-a-Service (SaaS) products ground up to align and comply with FATF standards instead of trying to fit technologies into siloed verticals.
I am glad that most of FATF statements in virtual assets released are in-line with our expectation. In fact, this is exactly what Cynopsis has been prepping its clients involved in virtual assets for over a year now.
Decentralization of KYC
Earlier this year, Cynopsis launched traceto.io, a decentralized KYC network dedicated to the participants of virtual assets globally. traceto.io seeks to explore different approaches on KYC by utilising new technologies, including blockchain and artificial intelligence.
At the heart of what it does, traceto.io seeks to create a network effect where KYC does not need to be performed multiple times for the virtual asset community and yet allowing virtual asset service providers to rely on a self-sustaining KYC network where participants are incentivised to play their respective roles in maintaining updated profiles for example. It does not intend to re-invent wheels that have been designed and created by Cynopsis.
Utilising blockchain, we can ensure that while preserving certain level of data privacy on the public chain, essential record keeping obligations are not compromised. Decentralized storage facility will also be used in order to address centralized storage security risks and fallacies.
We believe that decentralization should not be limited to technological aspects only. It can take the form of better utilisation of community (human capital) to perform some tasks for the network. In this case, some level of public social verification.
Conclusion and What’s Next?
In recent years, compliance with AML/CTF regulations in the banking and financial services sector is largely driven by a heavy-handed “stick” model approach where non-compliance is met with huge regulatory fines and sanctions. Has it been effective? What we are seeing is that fines get bigger and bigger, but we are unsure if the desired outcomes of combating money laundering and terrorism financing are effectively achieved.
In regulating a new sector of activities involving virtual assets, I think getting the fundamentals right is important. This is exactly what FATF have done – that is to drive and set standards globally. It is now up to the 200-odd jurisdictions that have committed to implement FATF 40 Recommendations to do their part in addressing the relevant AML/CTF risks involved with virtual assets operators.
In its statement, FATF also made a clear articulation of its mandate – monitoring and supervising for the purpose of AML/CTF only. It explicitly states that other aspects of regulations such as consumer/investor protection safeguards and financial stability are excluded from its purview. As complexity of products and services offered in the virtual asset space increases, these are unavoidable aspects of regulations which in our view should come in hand-in-hand with those relating to AML/CTF. Perhaps, this is something to be dealt with by regulators in each jurisdiction.
For virtual assets service providers thinking that they can continue to go on a regulatory-shopping spree will soon find themselves in an arbitrage-neutral position – you can run but you can’t hide (forever). For those who truly believe in the future viability and value proposition of virtual assets ecosystem and are building businesses around it should take the latest FATF statement on virtual assets seriously. Starting to level up your Compliance standards using technology early is never a bad thing. It will reward you in the future.
For those who are in this space for a quick buck, you will realise that the window is closing fast. For scammers, this space is now closely watched. Lastly, for money launderers and terrorist financiers, you know the global AML/CTF Watchdog is always there and is now moving a lot faster than before.