Playing Gotcha With Regulators, or What Do FATF Recommendations Mean for Crypto Industry

News and Analysis

On June 21st 2019, the FATF presented the finalized version of governing provisions for the crypto industry. The document obligates bitcoin exchanges and other “virtual asset service providers” to comply with AML and CFT procedures similarly to traditional financial companies.

At the G20 summit in Osaka, member states endorsed those recommendations, thus formally starting the process of development of regulatory frameworks that agree with them.

While most proponents of cryptocurrencies were all for introducing proper regulation, it seemed that they should have been more careful with what they wished for. When the final recommendations have been released, it came as a shock to lots of people in the industry.

Terms and Definitions

In October 2018, FATF introduced amendments to Recommendation 15 that clearly stated they cover virtual currencies. They also added “virtual asset” and “virtual asset service provider” into the FATF vocabulary. The amendments define a virtual asset as a “digital representation of value that can be digitally traded, or transferred, and can be used for payment or investment purposes.” At the same time, it does not include “digital representations of fiat currencies, securities and other financial assets that are already covered elsewhere in the FATF Recommendations.”

A virtual asset service provider, according to the Recommendations, is  “any natural or legal person who is not covered elsewhere under the Recommendations, and as a business conducts one or more of the following activities or operations for or on behalf of another natural or legal person:  

  1. exchange between virtual assets and fiat currencies;
  2. exchange between one or more forms of virtual assets;
  3. transfer of virtual assets;
  4. safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; and
  5. participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.”

Transfer, the Recommendations go on to explain, is a “transaction on behalf of another natural or legal person that moves a virtual asset from one virtual asset address or account to another.”

What’s the Deal

New FATF rules suggest that member countries have to require that virtual asset service providers comply with Recommendation 16 aka Travel Rule if they want to operate with aforesaid principles.

The provision covers cashless remittances and obliges governments to require that financial institutions include mandatory data on senders and receivers, and to take action if said data is absent. Notably, this set of data includes the sender’s address and their ID number linking them to the company, or date and place of birth. Those requirements have to be enforced if the transaction amount exceeds $1,000 or €1,000

Lots of experts and analysts tried to persuade the FATF that the blockchain industry will find it hard or even impossible to comply with banking requirements. They also warned the organization that the cryptocurrency business may “go in the shadows” at least in part, while the efficiency of law enforcement and user privacy may suffer.

Nonetheless, the new recommendations are now accepted and approved by the G20 nations. Governments and businesses have 12 months as of the approval date to implement them. New standards cover organizations that work with cryptocurrencies and tokens, such as exchanges and hedge funds.

What Regulators Say

Like it or not, criminals do use cryptocurrencies for illicit purposes. Even though it’s not even remotely the most popular use case of bitcoin, the industry’s reputation suffers considerable losses because of that. Regulators believe that adopting new standards would legitimize cryptocurrencies in general, and will help their mass adoption while ensuring security of transactions.

This position is very well pronounced in the speech by U.S. Treasury Secretary Steven Mnuchin that he gave during the FATF plenary session last June. 

“By adopting the standards and guidelines agreed to this week, the FATF will make sure that virtual asset service providers do not operate in the dark shadows. This will enable the emerging FinTech sector to stay one-step ahead of rogue regimes and sympathizers of illicit causes searching for avenues to raise and transfer funds without detection,” he said.

FATF recommendations are not mandatory, at least formally. Member states have to implement them on the national level if they want. Still, if they fail to do so, they will make it to a certain blacklist, which means that certain penalties will be levied, including limitations on foreign investment. For that reason, it is very unlikely that G20 nations will not implement said recommendations.

What Industry Actors Say

Notwithstanding the regulators’ optimism, the cryptocurrency industry players are mostly critical of the FATF recommendations. The summary of their opinions is that those regulations will be hard to implement and take a toll on the bigger part of the industry, first and foremost on the custodial services providers.

“Their recommendation could have a much larger impact than the SEC or any other regulator has had to date,” Eric Turner, director of research at crypto research firm Messari, told Bloomberg.

He also noted that the interpretation of said recommendations in different countries will be of utmost importance.

Others expect that the strictness of the FATF will not promote greater transparency. On the contrary, they believe, many companies will have to enter the black market.

“Applying bank regulations to this industry could drive more people to conduct person-to-person transactions, which would result in less transparency for law enforcement,” said Coinbase’s CCO Jeff Horowitz.

Bittrex CCO John Roth notes that while collecting data may seem easy on paper, it may be technically impossible to identify a person who owns a particular wallet.

“It’s either going to require a complete and fundamental restructuring of blockchain technology, or it’s going to require a global parallel system to be sort of constructed among the 200 or so exchanges in the world. You can imagine difficulties in trying to build something like that,” he said.

General counsel for Kraken Mary Beth Buchanan agrees with this point of view.

“Without enhanced technology systems, this is a case of trying to apply 20th-century rules to 21st-century technology, There’s not a technological solution that would allow us to fully comply,” she told Bloomberg.

Serhii Mokhniev, regulatory affairs counsel at expressed a similar opinion. According to him, the problem is that most blockchains are architecturally incompatible with the FATF requirements. In other words, the requirements are futile at best, and impossible to comply with at worst.

He also references Jarek Jakubcek, Europol’s strategic analyst, who told him that trying to make businesses do what can’t be done is like practicing at useless things. According to Jakubcek, identifying transaction parties is possible when tracking instruments work properly, however, it leads to limitations on privacy and enables companies to exchange personal data of their customers. The question is, what for?

“The majority of exchange-to-exchange transactions are related to trading activities that are naturally not criminal, so reallocating compliance resources at a high number of relatively low-risk transactions will move the emphasis away from flagging criminal transactions to focusing on low-risk transactions, which will naturally hurt crime prevention,” Jakubcek said.

The only profit for exchanges here is to report that regulatory requirements are observed. Most transactions meanwhile will migrate to the grey area leaving financial intelligence and law enforcement high and dry.

Mixing Services and p2p Platforms

Notably, the FATF recommendations mention mixing services. It seems that they too will have to collect user information, yet it is not clear how to do it in reality. CoinJoin, the tech behind such services, is aimed at exactly opposite things: to make users anonymous and make money untraceable. On top of that, they don’t keep user funds.

In his exclusive comment to ForkLog, chief developer at Wasabi Wallet Adam Fichor also expressed his lack of understanding how mixer operators should act now.

“Custodial services should be regulated because they keep user funds. Their users are vulnerable even now, and the requirement to collect personal data only makes things worse and gives companies more leverage to impact users. Those recommendations are completely insane. As far as I understand, though, they have nothing to do with Wasabi,” he stated.

The new rules can indeed cause lots of users to leave centralized exchanges. In his exclusive comment to ForkLog, Max Kaydun, CEO of p2p exchange HodlHodl said:

“This decision will take a toll on the industry. Once again we see that regulators use traditional norms with cryptobusinesses. Instead of doing their job and studying the market they are going to regulate, they just copy-paste the existing archaic provisions and expect innovative businesses that emerged in the 21st century to comply. Small exchanges with 10 to 20 employees will have to follow the same rules as big banks. At the same time, big institutions always tend to bypass the rules and comply with them only partially, for example by agreeing to pay penalty fees.” 

He believes that major exchanges will cope with the new situation as they have been cooperating with regulators for a while now and have a developed infrastructure. This will inflict new financial losses for them, though. Companies registered outside FATF or G20 those consequences may be negligible, he noted. Still, many companies will find themselves in the grey area, Mr. Kaydun believes.

New Reality

It seems pretty clear that the cryptocurrency industry is entering a new phase. Some governments and companies have already started creating the terrain for new working conditions.

Thus, the Canadian government has stated that as of 1 June 2020 cryptocurrency exchanges, both foreign and domestic, will be classified as money remittance service providers. As such, they will have to register at FinTRAC, duly identify users, and report transactions over CAD 10,000. Up until then, complying with said regulations was non-mandatory.

Analytic company CipherTrace and user identification solutions provider Shyft have partnered to come up with a solution to help exchanges protect their users’ identification data while complying with regulations. The companies’ spokespersons claim that this will become possible thanks to smart contracts and cryptographic control for access to personal data.

“With cryptographically controlled privacy mechanisms, it is possible to have both anonymity and responsible disclosure of the source of funds for legitimate purposes such as criminal or terrorist investigations and AML compliance,” says CipherTrace CEO Dave Jevans.

While some may find consolation in those words, there is very little doubt that libertarian bitcoin enthusiasts will keep seeing new FATF standards as a monstrous machine of government control that completely contradicts bitcoin’s philosophy and the vision outlined by Satoshi Nakamoto.

Practically speaking, new rules may become a burden for centralized custodial exchanges. Smaller players who will see the expenses for legalization as too high are likely to form alliances in order to survive.

At the same time, developers could accelerate the creation of non-custodial trading platforms and other tools enabling end users to transact person to person without regulated intermediaries. This would mean that playing gotcha with regulators is likely to continue in the new decade.

By Andrew Asmakov

Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

Found a typo? Highlight text and press CTRL+ENTER

Subscribe to our Newsletter


Related posts