Travel Rule and Beneficiary Information Continues to Challenge Virtual Asset Service Providers

In late October, the Financial Action Task Force issued its long-awaited updated guidance on Virtual Assets and Virtual Asset Service Providers (“FATF Guidance”), an extremely lengthy and detailed document setting forth how virtual asset service providers (“VASPs”) and related virtual asset activities fall within the scope of FATF standards for anti-money laundering (“AML”) and countering the financing of terrorism (“CFT”).  The FATF Guidance is important to VASPs worldwide, as well as the more traditional financial institutions (“FIs”) doing business with them.  Because of its great breadth, we focus here only on its comments regarding implementation of the so-called “Travel Rule” for virtual assets.  This portion of the FATF Guidance is particularly relevant to the U.S. because, as we have blogged, the Financial Crimes Enforcement Network (“FinCEN”) proposed regulations in 2020 – still pending – which would change the Travel Rule by lowering the monetary threshold for FIs from $3,000 to $250 for collecting, retaining, and transmitting information related to international funds transfers, and explicitly would make the Travel Rule apply to transfers involving convertible virtual currencies.

The FATF Guidance has additional relevance to U.S. VASPs and FIs because, this month, the U.S. President’s Working Group on Financial Markets (“PWG”), the Federal Deposit Insurance Corporation (“FDIC”), and the Office of the Comptroller (“OCC”) (together, “the U.S. Agencies”) issued a Report on Stablecoins (the “Report”).  Stablecoins are digital assets designed to maintain stable value as related to other reference assets, such as the U.S. Dollar.  In the Report, the U.S. Agencies delineate perceived risks associated with the increased use of stablecoins and highlight three types of concerns: risks to rules governing AML compliance, risks to market integrity, and general prudential risks.  We of course will focus here on the Report’s discussion of AML risks, particularly because it repeatedly invokes the FATF Guidance, thereby illustrating the increasing efforts by governments to seek a global and relatively coordinated approach to addressing AML/CFT concerns regarding virtual assets.

The FATF Guidance and the Travel Rule

The FATF Guidance observes that FATF’s “Recommendation 16” defines “wire transfers” as any transaction carried out on behalf of an originator through an FI by electronic means to make funds available to a beneficiary person at a beneficiary FI, regardless of whether the originator and the beneficiary are the same person.  Recommendation 16 also provides that countries should ensure that FIs include required and accurate originator information, and required beneficiary information, on wire transfers and related messages.  The FATF Guidance states that Recommendation 16, in conjunction with Recommendation 15 (requiring countries to identify and assess AML risks relating to the development of new products and business practices, including VASPs and virtual assets), should apply to VASPs and virtual asset transfers.  The information to be obtained includes the name, account number, and physical address of the beneficiary, in order to determine:  who exactly is sending the funds, and who is receiving them?

In the U.S., the Travel Rule has required covered FIs to pass on certain customer and transaction information to the next financial institution. The rule has applied for a long time to transfers of conventional “fiat” currency (see here). In June 2019, the FATF extended the rule to virtual currency transfers valued at $1,000 or more. In October 2020, FinCEN proposed regulations – still pending – which would change the Travel Rule by lowering the applicable monetary threshold from $3,000 to only $250 for collecting, retaining, and transmitting information related to international (but not domestic) funds transfers. The proposed FinCEN regulations also would make clear that the Travel Rule applies to transactions involving convertible virtual currencies, as well as transactions involving digital assets with legal tender status, by clarifying the meaning of “money” as used in certain defined terms.  This proposal, if accepted, would greatly expand the breadth of the Travel Rule.  Generally speaking, industry has objected to this proposal by FinCEN, stressing the lack of readily available technology that would enable real-world compliance: although the long-established SWIFT system allows FIs to obtain beneficiary information for international fund transfers, there is no current similar system for virtual assets.

Condensed, the FATF Guidance suggests in part that originating VASPs should try to comply with the Travel Rule by: (1) conducting due diligence to identify counterparty VASPs, although the FATF Report also concedes that there is no “technically proven means of identifying the VASP that manages the beneficiary wallet exhaustively, precisely, and accurately in all circumstances and from the VA address alone” — thereby echoing the industry objections to FinCEN’s proposed rule; and (2) obtaining from counterparty VASPs information on their own ownership information and, potentially, information on the counterparty VASPs’ own AML/CFT systems.  The second recommendation goes well beyond the basic requirements of the Travel Rule, which in theory seeks to obtain basic identifying information regarding fund recipients, as opposed to substantive information regarding the functioning of counterparties’ own compliance programs.  Specifically, the FATF Guidance states that a “VASP would need to assess the counterparty VASP’s AML/CFT controls to avoid submitting their customer information to illicit actors or sanctioned entities and should also consider whether there is a reasonable basis to believe the VASP can adequately protect sensitive information.”  This is a whole new layer of due diligence.

Specifically, the FATF Guidance states that a “VASP would need to assess the counterparty VASP’s AML/CFT controls to avoid submitting their customer information to illicit actors or sanctioned entities and should also consider whether there is a reasonable basis to believe the VASP can adequately protect sensitive information.”  This is a whole new layer of due diligence.

As a practical matter, real-world compliance with these standards — either by the FATF or FinCEN — cannot occur until there is a reliable and broadly-accepted technology that enables the easy identification of third-party VASPs.  This step, although in the works, has not yet occurred.

U.S. Agencies’ Report: AML Risks

On the heels of the FATF Guidance, the U.S Agencies issued their Report, which repeatedly references the FATF Guidance.  According to the Report, in order to mitigate the AML/CFT risks presented by stablecoins, the Treasury plans to continue its efforts to work with the FATF to encourage other countries to implement AML/CFT standards at an international level.  Indeed, the Report states that “[a] critical factor for illicit finance risk mitigation, regardless of the features of a stablecoin’s design, is that international standards for the regulation and supervision of service providers associated with stablecoins and other digital assets are effectively implemented worldwide.”  The Report claims that although the U.S. regulates and enforces AML/CFT obligations for covered service providers, most other countries fail to do so.

Interestingly, the Report suggests that selected technologies could improve AML/CFT compliance: although “mass-adopted stablecoins or other digital assets may be attractive to illicit actors,” the “mass adoption of a well-regulated and supervised stablecoin with strong AML/CFT protections built into the [architecture of] the stablecoin could provide greater transparency into illicit financial activity and could mitigate [money laundering and terrorist financing] risks, especially if the stablecoin takes market share away from riskier alternatives.” (emphasis added).

In an apparent reference to the Travel Rule and U.S. Treasury’s position that the Rule already applies to virtual currency financial service providers, the Report states that “current BSA regulations require the transfer of certain specific information well beyond what can be inferred from the blockchain[,]” thereby resulting in BSA non-compliance.  The Report emphasizes that the IRS, which is the designated BSA examiner for money services businesses and therefore virtual currency financial service providers, have been conducting compliance examinations since 2014, which has produced some major enforcement actions (see here and here).

According to the Report, the Treasury will continue to assess the illicit financing risks to the U.S. associated with stablecoins and other digital assets.  This will occur in part through the upcoming National Money Laundering and Terrorist Financing Risk Assessment, which the U.S. Treasury will report to Congress in January 2022.

U.S. Agencies’ Report: Market Integrity and Prudential Risks

Also according to the Report, digital asset trading via stablecoins poses risks to market integrity and investor protection, such as possible fraud, misconduct, market manipulation, insider trading, and lack of trading or price transparency.  Moreover, according to the Report, digital asset trading platforms are vital to providing access to stablecoins in general.

The Report further raises prudential concerns associated with the increased use of stablecoins.  For example, if stablecoin issuers do not honor a request to redeem a stablecoin, the Report predicts that “runs on the arrangement” could occur that may result in harm to the broader financial system.  Additionally, if stablecoins are more broadly used to facilitate payments, disruptions to the payment chain that actually allows stablecoins to be transferred between users may lead to a “loss of payments efficiency,” which could “undermine the functioning of the broader economy.”  The Report notes that “key gaps” in prudential authority exist over stablecoins used for payments purposes, and makes recommendations for addressing these gaps.  The recommendations apply to “payment stablecoins,” which are stablecoins that are designed to maintain a stable value relative to a fiat currency (and, therefore, have potential as a widespread payment method).  To address these prudential concerns, the U.S. Agencies recommend “that Congress act promptly to enact legislation to ensure that payment stablecoins and payment stablecoin arrangements are subject to a federal prudential framework on a consistent and comprehensive basis.”  Any potential legislation should provide regulators the flexibility to respond to any future developments and address risks across many organizational structures.  The practical consequences of such legislation, as proposed by the Report, would be to require any issuer of a payment stablecoin to be, in effect, an FDIC-insured bank.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. To learn more about Ballard Spahr’s Anti-Money Laundering Team, please click here.