The financial action task force (FATF) is an international body who contribute to the global discourse and set guidelines for member countries. With help from financial intelligence units (FIUs) and regulatory organisations, member countries adopt the updated FATF guidelines and take a risk-based approach to fight money laundering and terrorist financing.
While it is up to the national regulator, for example, AUSTRAC, to adopt the updated guidelines for their jurisdiction, as identified in the guidance document, many virtual assets (VAs) and virtual currency service providers (VASPs) are global by design. Therefore understanding the risk-based approach shared by FATF and then adopting policies and procedures to national legislation would be an effective way to manage your AML/CTF regulatory risk internationally.
This blog post will start by summarising the FATF document: “Guidance for a Risk-Based Approach to Virtual Currencies”. Comprehending and executing on the FATF guidelines interpreted and passed down to each national regulator can be tricky, but is of the utmost priority for any business providing a financial service.
What are VAs and VASPs?
The FATF definition of virtual assets and virtual asset service providers is intentionally broad and technology neutral.
A virtual asset is a digital representation of value that can be digitally traded, or transferred, and can be used for payment or investment purposes. Virtual assets do not include digital representations of fiat currencies, securities and other financial assets that are already covered elsewhere in the FATF Recommendations.
Virtual asset service provider means any natural or legal person who is not covered elsewhere under the Recommendations, and as a business conducts one or more of the following activities or operations for or on behalf of another natural or legal person:
- exchange between virtual assets and fiat currencies
- exchange between one or more forms of virtual assets
- the transfer of virtual assets
- safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets
- participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset
FATF guidance takes time to be enforced in every member country.
Building a sustainable compliance system and audit trail with these recommendations in mind is a fantastic signal to the regulator.
Regulation is often about playing catch-up within emerging sectors and virtual assets are no different. Many of the 200+ FATF member and observer countries will have between 1-5 years to both adopt in preparation for their next mutual evaluation.
Considering that the Australian AML/CTF regime is still lagging on implementing Tranche 2, the FATF recommendations with regards to VA and VAPs can be an opportunity for Australia to show more regulatory agility.
FATF Guidance when taking a Risk-Based Approach to Virtual Currencies
Section I: Introduction
When understanding the information provided by FATF it is important to recognise the different audiences they are addressing to avoid confusing your obligations with those of the regulator.
The different audiences FATF addresses are naturally split into the document sections and include the countries and competent authorities such as national regulators, enforcement agencies and financial intelligence units, for example, AUSTRAC. As well as the virtual currency services providers and other obliged entities working with virtual currencies more generally.
As the virtual assets sector evolves it is important for regulation to keep up and protect the industry from any risks of money laundering and terrorist financing.
The guidance provides specific examples of ML/TF risk indicators that should be specifically considered in a VA context, with an emphasis on factors that would further obfuscate transactions or inhibit a VASPs’ ability to identify customers.
Section II and Section III are predominantly for the FATF member countries, their FIUs and enforcement agencies.
Section IV is to help VA and VASPs understand what their obligations may look like in a global context.
Section II: Scope of FATF Standards
Section II discusses the applicability of the risk-based approach to VA activities and VASPs and explains how these activities and providers should be subject to AML/CFT requirements under international standards.
The initial risk assessment is performed by a national regulatory authority to determine the risk a specific financial sector poses to facilitating money laundering and terrorist financing. The FATF standards identify and provide guidance on sectors that may be vulnerable to ML and TF; however, the overall risk should be determined through an assessment of the sector at a national level. It is therefore important for a VASP with intentions of expanding internationally to learn, navigate and understand the international standards and then apply each specific risk assessment in the relevant jurisdiction they operate.
Section III: Application fo FATF Standard to Countries and Competent Authorities
Section III is the most comprehensive of the guidance document and focuses on helping countries and national regulators. Informing legislators of what to look out for when performing the initial risk assessment. By providing a global framework for a countrywide risk-based approach, AML/CTF regulation standards become interoperable across national borders, a necessary aspect if regulation is to keep up with global businesses, of which many VASPs are.
An understanding of how FATF communications recommendations with its member countries can provide VASPs and entities who interact with VAs with a global perspective when taking their own risk-based approach to ML/TF.
By expanding on each of the relevant FATF Recommendations to include, guidance for a risk-based approach to virtual assets and virtual asset service providers.
We can expect a more nuanced approach to the regulation of virtual assets and virtual asset service providers to emerge in national legislation.
Section IV: Application of FATF Standards to VASPs and other obliged entities that Engage in or Provide Covered VA Activities
Section IV provides additional guidance specific to VASPs and other obliged entities that may engage in covered VA activities.
As a virtual asset service provider, what actions can you take today to get ahead of compliance?
- Develop or reassess your risk-based programs, policies and procedures to include the new recommendations.
- AML compliance needs to be consistent with local privacy laws, understand the laws of the jurisdictions you do business in.
- Enrol with and define processes for reporting to the national regulator and/or financial intelligence unit.
- Perform an AML Risk Assessment which includes answering questions included in the FATF recommendations.
- Implement a customer risk-based approach including KYC, customer risk assessments, enhanced due diligence and ongoing due diligence policy and procedures.
- Include the identification and verification of beneficial ownership in your compliance procedures.
- Include VA-related indicators and statistics that facilitate investigations and financial analysis in any STRs (Suspicious Matter Reports SMRs) sent to your FIU.
- Have dynamic and regularly checked PEPs and Sanction screening system.
- Implement training programs to assist your employees with understanding the way VAs VASPs comply with AML/CTF regulation.
- Maintain informed and strong senior management leadership and oversight who prioritise AML/CTF compliance.
- Sign up to the bronID Portal and enjoy an end to end solution for compliance, simplifying all of the steps in one place.
How bronID can help
bronID can help VASPs and VAs perform best AML/CTF compliance practices.
The bronID AML/CTF toolkit can be the glue between national regulators and virtual currency service providers.
The bronID team have a technical understanding of virtual asset technology as well as AML/CTF governance, by combining this knowledge bronID offers an ideal value proposition to help assist you with the sector transition into regulatory compliance.
bronID is designed to make Recommendation 16 with regards to information sharing easy and secure. By acting as the go-to place for compliance officers to perform all of their AML/CTF obligations, the bronID portal acts as a medium for data exchange between the public, private and government sector globally. International information sharing will be a major force in mitigating the risk of money laundering and terrorist financing.
International coordination also reduces the risk of regulatory arbitrage.
By developing bronID with global scope, turning AML/CTF governance guidance, recommendations and obligations into software, we aim to lift the standards of AML/CTF compliance internationally.
Stay tuned to the bronID Portal AML/CTF Toolkit as we will continually add compliance and identity tools to help you cover your AML/CTF obligations.