Decentralized finance (DeFi) and Cryptocurrency are the most rapidly growing trends in today’s financial world. The overall market capitalization of cryptocurrencies surges from 758 billion in 2020 to all-time high of $3 trillion in November 2021.
In the light of the potential growth, there is no doubt that the rise in cryptocurrency not only attracts attention from investors, but also money launderers and financial criminals. A report from Chainalysis reveals that losses from crypto-related crime hit 14 billion in 2021, rose 79% from a year earlier.
AML/CFT requirements for Virtual Asset Service Providers by the FATF
At G20 Finance Minister and Central Bank Governors Meeting in Fukuoka (Japan) in 2019, the Financial Action Task Force (FATF) expressed their concern about the increasing potential risks in the cryptocurrency and financial industry. “The threat of criminal and terrorist misuse of virtual assets is serious and urgent, and the FATF expects all countries to take prompt action to implement the FATF Recommendations in the context of virtual asset activities and service providers.”
To tackle illicit activities under the fast-evolving financial landscape and technology, in June 2019, the FATF first issued “Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers” (Recommendations) and subsequently released a public consultation for its updated in March 2021. The guidance addresses the Risk-Based Approach (RBA) to Anti-Money Laundering and Counter-Financing of Terrorism (AML/CFT) measures for Virtual Asset and Virtual Asset Service Providers.
Definition of “Virtual asset” (VA) and “Virtual asset service provider” (VASP)
In the updated Recommendations, the FATF defines “Virtual asset” (VA) as “a digital representation of value that can be digitally traded or transferred and can be used for payment or investment purposes”, and refers “Virtual asset service provider” (VASP) to the business which conducts the following activities:
- Exchange between virtual assets and fiat currencies;
- Exchange between one or more forms of VA;
- Transfer of VA;
- Safekeeping and/or administration of virtual assets or instruments enabling control over VA;
- Participation in and provision of financial services related to an issuer’s offer and/or sale of a VA.
Click to see the full definition of “Virtual asset” and “Virtual asset service provider”
Under new measures, VASPs, including exchanges, decentralized platforms and apps, wallet providers, etc, are obligated and required to implement the same AML/CFT requirements as traditional financial institutions, and hereby all case should be covered by the FATF standards.
The exact timing of the local regulatory enforcement may vary from jurisdiction, but a number of countries worldwide are amending existing laws or setting up a new system to meet the FATF standards.
Hong Kong introduces licensing regime and enhances AML/CFT regulation for Virtual Asset Services Providers (VASPs)
Securities and Futures Commission (“SFC”) has issued a Position Paper on the regulation of virtual asset trading platform operators under an opt-in scheme. The regulatory framework in the Paper emphasizes that “Adequate and appropriate anti-money-laundering/countering financing of terrorism policies, procedures and controls must be implemented”.
In November 2020, Hong Kong makes a step further by starting a public consultation on its proposed introduction of the licensing regime for VASPs and amendments to the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (AMLO). The amendments have been introduced into the Legislative Council (LegCo) for the first reading on 6 July 2022 and are proposed to come into effect on 1 March 2023.
Singapore is strengthening AML/CFT Controls of VASPs
In Singapore, following the existing Notice PSN02 (Guidelines to PSN02) and Payment Services Act (PSA) for regulating VASPs, in 2021, Monetary Authority of Singapore (MAS) has published a new infographic setting out supervisory expectations on AML/CFT controls for the Digital Payment Token (DPT) sector. The document outlines guidance on the requirements that VASPs are expected to comply, such as conducting risk assessments, CDD and enhanced CDD for Politically Exposed Person (PEPs)/ higher risk customers, ongoing monitoring of business relations and transactions, etc. It is also reported that MAS surveillance has identified and taken action against several VASPs that have not complied the licensing requirement.
How do Virtual Asset Service Providers Prepare for AML/CFT regulations?
- Perform Customer Due Diligence (CDD) (FATF Recommendation 10)
VASPs should perform Customer Due Diligence (CDD) to verify the customer’s identity, identify the beneficial owner and assess AML/CFT risks associated with covered Virtual Asset activities.
Whenever there is higher-risk situation, VASPs should obtain further information or perform enhanced CDD. When the appropriate level of CDD is unable to apply, terminating the transaction or business relationship should be considered.
- Carry out Ongoing Monitoring (OM)
Ongoing due diligence must be carried out on a continuous and regular basis or in specific transactions when necessary in order to scrutinize transactions, identify changes to customer profile and mitigate risks.
- Conduct Travel Rule (FATF Recommendation 16)
VASPs are required to obtain, screen and exchange accurate identifying information of originators and beneficiaries, including customer name, address, date of birth, etc., between counterparties when transferring Virtual Assets.
- STR reporting (FATF Recommendation 20)
When there is suspicion of illicit activity, reporting with STR requirements to Financial Intelligence Units (FIU) in a timely manner is required.
According to the FATF, “reliable, independent source documents, data or information” should be used for the customer screening and risk assessment. One such AML screening tool would be SentroWeb-DJ, backed by reputable Dow Jones’s AML databases, which provides over 33,000 accurate sources for AML checks and automated ongoing monitoring to protect your business from risks.
Click for more information on the best AML solutions SentroWeb-DJ.
Tightening AML/CFT regulation and enforcement to DeFi and Cryptocurrency Industry is an inevitable general trend. The sooner the Virtual Asset Service Providers adopt measures to comply with the expected inaugural AML/CFT regulations, the better and more well-prepared they will be for the compliance procedures and controls.
It is not a matter of whether it would happen, but when it would happen. VASPs would want to keep running and growing your business smoothly, the day the regulations finally come live.
- Click to see the FATF’s “Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers”
- Click to see “Public consultation on FATF draft guidance on a risk-based approach to virtual assets and virtual asset service providers”
- Click to see Notice PSN02 and Guidelines to Notice PSN02 in Singapore
- Click to see Payment Services Act in Singapore
- Click to see the Infographic of “Strengthening AML/CFT Controls of Digital Payment Token Service Providers” in Singapore
- Click the Position Paper issued by Securities and Futures Commission in Hong Kong
- To learn more, please click to see the Terms and Conditions for Virtual Asset Trading Platform Operators issued by Securities and Futures Commission
- Click to see Hong Kong Government’s announcement on the consultation on legislative proposals of AML/CFT regulation
- Latest Updates on Hong Kong Anti-Money Laundering Regulations
- Ensuring the New Anti-Money Laundering and Terrorism Financing Compliance: A Step-by-Step Guide for Developers in Singapore
- Guide for HK DPMS: Registration Process, How to Do AML and Useful AML Tools (With Tips on Waiver of Registration Fee)