FATF Regulations Knocking for Their Pound of Crypto-Exchange Flesh

I've, Viktor Kochetov, CEO at Kyrrex, a digital wallet and professional cryptocurrency trading platform, discussed new rules issued by FATF and their implications for  players in the crypto industry.

The Financial Action Force (FATF) has a mission of setting standards, providing and implementing a regulatory framework in order to combat illegal activities such as terrorist financing, money laundering, and other issues. Digital currency has gained momentum and lots of attention over the last decade.

It has become the source of vast opportunities, and at the same time — a powerful tool for criminals due to its decentralized nature, anonymity and sporadic regulation. 

Supposedly, those participating in the industry must clap their hands, as it is yet another step towards increased security.

However, the perception and acceptance of the new requirements are ambiguous. The controversy pertains to both philosophical and technological areas. 

What do these changes really mean? Are they a path to a crystal clear crypto environment, or on the contrary —  an end to anonymity? There’s definitely something to think about. 

New rules for crypto exchanges: what they demand 

An imperative note was added to Recommendation 15 in June 2019. The addition aims to provide clarity in regards to the application of FATF requirements to cryptocurrency as well as to VASP — virtual assets service providers.

The guidelines affect over 200 territories and countries via membership in FATF and regional bodies.

The new rules apply to a currency other than digital representation of fiat money and refer to businesses that carry out operations such as fiat-to-crypto exchange, crypto-to-crypto exchange, virtual asset management and providing financial services in the context of cryptocurrency sales. 

In order to understand whether the new rules apply to you, PwC has provided a scheme which reflects the dependency of compliance on certain characteristics:

Source: PwC

Basically, FATF issued a thorough framework for both regulators and market players, determining types of activities and expected responses from them on regulatory bodies.

From now on, VASPs are required to develop control mechanisms for AML/CFT compliance. 

So, the requirements for VASPs are as follows:

Customer Due Diligence. The process of CDD must be carried out with regards to transactions that are occasional, refer to people that are not customers of VASPs, and that exceed 1,000 USD or EUR in value. 

When performing a transaction, VASPs are obliged to take the following actions: 

Collect originator data. This information includes name, wallet address, physical address, and other personal data which is to be verified. 

Collect beneficiary data. Analogical set of information as in the previous paragraph. 

Transfer the collected data. The two types of information ‘travel” to VASPs and undergo a further screening process. This is done to make sure the parties of the transaction are identified. This procedure is also known as the Travel Rule, which traditional financial institutions are familiar with. 

What it means for  business 

In a nutshell, the travel rule equates a crypto exchange with a financial entity in common sense — both have to disclose user information to prevent  the possibility of fraud. At the moment, the crypto industry is literally black and white: there are regulated exchanges that operate under specific jurisdictions and those who do not.

So, the travel rule might ensure a level playing field. There is much hope that unregulated crypto exchanges will switch sides. 

FATF will come back to VASPs and jurisdictions in June 2020 to carry out a comprehensive review and check the progress. Developing  a solution to the travel rule, and finding the appropriate method to comply, will take a while, as it encompasses an array of steps. 

• First, you have to allocate a team responsible for AML governance and start evaluating the state of existing AML practices.
• It is essential to have a clear idea of the desirable AML mechanism and juxtapose it with the present one. Thus, it helps to highlight blind spots and deficiencies. 
• AML policies and procedures should be tweaked in accordance with FATF requirements, as well as local regulations.
• After the update, address the gaps.
• The next step is to start assessing the available travel rule solutions — what the options are. 
• Note: the most appropriate option is the one that is in line with your business values, objective, identity. Seek for synergy, and when you find it, start the implementation. 
• Get prepared for licensing. If need be, consider legal assistance and consultancy. 

Theoretically, the procedure sounds logical, consistent and sound. However, the introduction of new rules has sparked severe criticism and debates within the community. In other words, can a crypto-related business comply with these requirements with no compromise? To what extent is everything above doable in practice?

Controversy and criticism 

On the one hand, the crypto industry is getting closer to the law — there’s possibly no other way to put it. What we should expect is a detox of the environment. That means, crypto exchanges with no information about the origin, such a team will fade away because, according to FATF, an operating exchange must have a license and registration. It will no longer be a matter of choice.

Yes, crypto exchanges will face complexity to comply, but this will reduce the ratio of the platforms that prefer to stay anonymous. 

Speaking of anonymity. The opponents of the travel rule claim it runs counter to the nature of crypto itself — decentralization, data privacy, and of course anonymity.

In reality, exchanges and other VASPs were left with a huge hurdle to deal with.

First of all, obviously, there can’t be a one-size-fits-all solution to be used by the entire industry.

Second of all,  time constraints can actually be a negative thing: the fact that businesses are given a 12-month time frame to implement the first finished solution.

But is this solution the best one? Not necessarily.  

There’s more to it. The crypto market can be full of solutions that have serious problems with governance and organization, yet have a robust marketing team and good relationships with big players.

In other words, commercial benefits can become criteria that may have a devastating impact on the industry. 

In theory, customer information must be shared between crypto exchanges, or seamlessly ‘travel’ between them. Today, the crypto industry simply does not have the infrastructure to enable this data circulation. There is no communication protocol to allow for this interaction. In order to comply with the travel rule, exchanges must reach a consensus. The question is how to exercise this technically. 

But seriously: is there a way to comply? 

As proponents of the regulated crypto world, Kyrrex team is quite optimistic about current developments offered by FATF. Over the past ten years the environment has become full of random people as there were no deterrents, no limiting factors — the unregulated industry has become a welcoming place for fraud of all kinds.

How can you possibly filter a chaotic market led by enthusiasts? Crypto demands professionalization, and we believe this is yet another step in this direction. 

Technical solutions need a proper governance framework and standardisation. Now the challenge is to allow these solutions to ripen, determine the best ones in terms of safety, cost and effectiveness, and to also shield the industry from undesirable ones.