It is no longer the case that Bitcoin and other virtual currencies (VCs) live in a legal / regulatory vacuum. Many will be familiar with the regulations outlining the New York State “Bitlicensing Regime” and closer to home, the AML regulations expected as a result of the response by the UK Treasury on its Digital Currencies “Call for Information”.
One of the latest reviews outlining an applicable regulatory framework to VCs is the FATF Guidance for a Risk-Based Approach: Virtual Currencies – issued in June 2015 (the FATF VC Guidance).
What is the FATF VC Guidance?
The FATF VC Guidance is published by the Financial Action Task Force (FATF) – an international inter-governmental body that sets the policy framework for global anti-money laundering and counter-terrorist financing standards.
The guidance’s focus and scope includes:
The FATF VC Guidance considers the money laundering / terrorist financing (ML/TF) risks associated with Virtual Currency Payment Products and Services (referred to in the guidance as “VCPPS“).
It is important to bear in mind that it relates to VCs as a means of payment. Expressly outside its scope is the use of VC for other purposes (such as investment or derivative products). For such matters, you may be interested in the European Securities and Markets Authority’s Call for Evidence Paper published in April.
Key concepts & terminology
The FATF VC Guidance uses very specific language to describe its approach. Of key importance are what are known as “Convertible VCs” (sometimes also known as “Open VCs“) – these are virtual currencies that have an equivalent value in real currency and can be exchanged back and forth for fiat. This includes Bitcoin.
The reason why Convertible VCs are targeted in the guidance is because these VCs present higher ML/TF risks by being the points of intersection / gateways to the regulated financial system.
Also, the guidance distinguishes VCPPSs as being either:
- Decentralised VCPPS (aka ‘crypto-currencies’ such as Bitcoin, LiteCoin and Ripple): meaning those VCPPSs that are distributed, open source, math based peer to peer virtual currencies that have no central administrating authority, and also no central monitoring / oversight, or
- Centralised VCPPS: VCs that have a single administrating authority that issues the currency, sets the operating rules for its use, maintains the payment ledger and has authority to redeem the currency. Examples include PerfectMoney and WebMoney “WM units”.
The guidance applies to both of the above.
FATF outlines the guidance’s purpose to include:
- an explanation of the application of the risk-based approach to AML/CTF measures in the VC context
- an identification of the entities involved in VCPPS, and
- clarity on the application of relevant FATF Recommendations to convertible VC exchangers.
It also provides details on how national authorities should consider and frame its regulatory response to the ML/TF risks of VCPPSs (see infographic below).
What is the status of the FATF VC Guidance?
The guidance is not legally binding on national authorities, but given the role that FATF plays in setting and auditing a national authority’s compliance with AML laws, it is highly persuasive and indicative on how national regulators will develop and implement local requirements.
Application of Risk-Based Approach (RBA)
The FATF VC Guidance makes it clear that a risk-based approach is to be applied to VCPPSs under certain circumstances and that convertible VC exchangers should, (also in certain situations), be subject to AML/CTF requirements covered by international standards.
This basically means that certain operators in the VC space should be regulated for ML/TF risks in much the same way that traditional banks and financial service companies are today.
VC operators will (hopefully) be encouraged by the FATF interpretation of the RBA to regulated firms which does not imply the automatic or holistic denial of services to VCPPS without an adequate risk assessment. This suggests a somewhat more open approach than as set out in the EBA opinion on Virtual Currencies. The EBA Opinion indicated that authorised payment institutions, e-money issuers and credit institutions be discouraged from buying, holding or selling virtual currencies. Having said that, FATF does not go further and encourage more access / innovation of services by and between the institutions – and depending on the outcome of a risk-based approach by traditional players, a perceived lock-out of certain VC operators may remain.
In order to further progress the development of the industry it can only be hoped that traditional banks and financial institutions will be progressive in their thinking when it comes to carrying out risk assessments – and not take a completely risk adverse position. It will also be interesting to see if authorities such as the UK Payment Systems Regulator will take up the access issue under its remit.
Application of FATF Recommendations
The following infographic summarises how specific FATF Recommendations apply to both:
- countries and competent authorities – as related to VCPPPs, and
- covered entities – with respect to “convertible VC exchanges” and “other types of entities that act as nodes where convertible VC activities intersect with the regulated fiat currency financial system”.
Country examples of AML laws potentially applying to VCPPSs
It is noted in the guidance that there are indeed challenges for AML compliance, highlighting in particular, the issues of carrying out KYC on users of decentralised convertible VCPPSs.
FATF suggests that participants in the space should develop technology based solutions to help improve compliance. One possible solution offered is that third party identity systems may be developed to assist in AML/CTF compliance. FATF further suggests that these ‘third party identity custodians’ would themselves need to be regulated.
While it is somewhat encouraging that FATF has offered up conceptual solutions, one can be left with the impression that they are expected to be neatly developed and implemented by industry – and in the case of the above ‘identity custodian’ remedy, it appears to dilute the structure of a decentralised system by importing a centrally administered I.D. gate-keeper.
Not everyone in the industry will be caught out by such requirements as there is evidence of UK and other VC operators already carrying out voluntary AML compliance (even where it is not clear that the local law currently requires) and such systems and controls are being developed and tailored to the VC space.
The FATF VC Guidance is a very useful document. It provides:
- Clear guidance on the scope and focus on global AML virtual currency regulation and what requirements are likely to become standardised on an international basis going forward – of interest to regulators, VC operators and traditionally regulated firms that are looking to engage with VCs.
- Examples of the current AML laws already in place and the various approaches taken by national regulators – see infographic above.
- Some compliance challenges and possible solutions.
- For those new to the subject matter – detailed terminology and examples of different types of VCs, as well as a useful and easy to read guide on how a decentralised convertible virtual currency works as a payment mechanism.
(Note: the above is a high level summary of the FATF VC Guidance. It is not exhaustive nor complete. It is not to be relied upon in any definitive manner nor as legal and/or regulatory advice).