Fourth and Final Post in a Series on the FATF Plenary Outcomes
As we have previously blogged (here, here and here), the Financial Action Task Force (“FATF”) held its fourth Plenary on June 21-25, inviting delegates from around the world to meet (virtually) and discuss a wide range of global financial crimes and ongoing risk areas. Following the Plenary, FATF issued reports to detail their findings on specific topics. This post highlights three takeaways from the report entitled Second 12-Month Review of the Revised FATF Standards on Virtual Assets (“Report”).
In June 2019, the FATF issued guidance instructing its 180 international member governments to demand that virtual asset service providers (“VASPs), such as cryptocurrency exchanges and digital wallet providers, collect “accurate originator information and required beneficiary information” on transactions totaling $1,000 or more (see here for our detailed blog post on this subject).
The FATF also agreed to undertake a yearlong review documenting the progress that its member countries have made towards implementing its guidance on regulation of VASPs. It released the findings of that review in July 2020 and committed to a second 12-month review by June 2021. The Report, based on the findings of a self-assessment questionnaire provided to 128 jurisdictions, sets out the findings of the second 12-month review.
Three Primary Takeaways
Many countries are failing to implement FATF guidance for virtual assets, which undermines international anti-money laundering (“AML”) and combating the financing of terrorism (“CFT”) efforts.
The FATF reports a doubling in the number of countries implementing its standards on virtual assets over the past year (58 at present, up from 33 countries in July 2020), and an increase in the number of countries taking enforcement action against companies that violate rules (18 today, up from 8 countries in July 2020). Nevertheless, as the table below illustrates, most jurisdictions have failed to implement comprehensive AML/CFT requirements for virtual assets.
Source: Second 12-Month Review of the Revised FATF Standards on Virtual Assets
In other words, while the total number of jurisdictions registering/licensing VASPs is on the rise, there has not been widespread implementation of such standards. Criminals are exploiting these regulatory gaps, and as detailed in the Report, greater and more expedient implementation will be the FATF’s top priority over the coming year.
Travel Rule compliance remains fragmented and uneven across the private sector, as many governments around the world have yet to make the rule a formal requirement.
The Travel Rule requires covered financial institutions to pass on certain customer and transaction information to the next financial institution, and has long applied to transfers of conventional “fiat” currency (see here). In June 2019, the FATF extended the rule to virtual currency transfers valued at $1,000 or more.
The Report emphasizes that adoption and enforcement of the Travel Rule across FATF jurisdictions has been limited. This finding is reinforced by the following data, cited to in the Report:
- Only eleven jurisdictions reported that they were aware of VASPs in their jurisdiction complying with some travel rule requirements.
- Only ten jurisdictions reported that they had implemented travel rule requirements for VASPs and that these requirements were being enforced.
- Fourteen jurisdictions reported that they had introduced travel rule requirements but these were not yet being enforced.
In other words, two years after the FATF extended the rule to virtual currency transfers, most jurisdictions (and most VASPs) are not in compliance with the travel rule. As detailed in the Report, this lack of implementation acts “as a major obstacle to effective global AML/CFT mitigation and undermines the effectiveness and impact of the revised FATF Standards.” Essentially, in the absence of national legislation to enforce the Travel Rule, there is little incentive for companies to invest in the necessary technology and compliance infrastructure. (It is worth noting that following the FATF’s fourth Plenary, policymakers at the European Commission announced draft legislation that, if approved, would apply the Travel Rule to virtual assets.)
In October 2020, the Financial Crimes Enforcement Network (FinCEN) proposed regulations – still pending – which would change the Travel Rule by lowering the applicable monetary threshold from $3,000 to $250 for collecting, retaining, and transmitting information related to international (but not domestic) funds transfers. Relevant to the FATF Report, the proposed regulations also would make clear that both the Travel Rule and the Recordkeeping Rule apply to transactions involving convertible virtual currencies, as well as transactions involving digital assets with legal tender status, by clarifying the meaning of “money” as used in certain defined terms. Generally speaking, industry has objected to this proposal by FinCEN, stressing the lack of available technology which would enable real-world compliance. The Report alludes to this “chicken or the egg” issue, observing that “the lack of implementation and the lack of globally available, comprehensive travel rule solutions . . . appear to have created a self-reinforcing conundrum. The lack of national implementation reduces the incentive for technical progress, and the lack of technical progress is used to justify lack of national implementation.”
The use of virtual assets for money laundering is on the rise and likely to grow in 2021.
The Report outlines several additional trends associated with virtual assets that are of interest:
- There has been a large increase in the use of virtual assets as a means of collecting ransomware payments. The Report notes that “the pace and sophistication of ransomware attacks continued to increase in 2021 rapidly, victimizing, notably, governments, schools, hospitals, and other critical infrastructure providers all over the world.” The Report also notes that the proceeds of such ransomware attacks are often moved via unhosted or privacy wallets and/or other anonymity-enhancing tools and methods to VASPs, where they are exchanged for other virtual assets or fiat currency.
- While ransomware is undoubtedly on the rise, the most prevalent types of offenses involving virtual assets continue to be narcotics-related and fraud offenses, including investment scams, blackmail, and extortion.
- Tools and methods to increase anonymity in virtual asset transfers are continuing to be used and developed. The Report notes “a wide range of techniques,” including the use of proxies to register domain names, the use of DNS registrars that conceal the true owners of the domain names, and the use of tumblers or mixers.
That said, the Report observed that the known value of virtual assets involved in illicit activity remains small, at least when compared to cases using more traditional financial services and products.