Blockchain for Europe responds to the FATF consultation on the Guidance for a risk-based approach to virtual assets and VASPs

On 20 April, Blockchain for Europe (BC4EU) submitted its response to the Financial Action Task Force’s (FATF’s) consultation on the Guidance for a risk-based approach to virtual assets and VASPs, which also includes key references to Decentralised Finance (DeFi). BC4EU welcomes the FATF’s objective of updating its pre-existing Guidance to ensure a common understanding and smooth application of FATF standards in the context of VA/VASPs, in line with existing standards applicable to financial institutions and other AML/CFT-obliged entities. Equally, BC4EU welcomes the FATF’s initiative to gather feedback on these DeFi applications as a first step towards providing greater clarity for the industry and consumers. We believe that the development of policies in this area will be a critical component of its economic success in the coming decades. Therefore, please find below the summary of our position. We hope that the key takeaways therein will be helping global policymakers and other stakeholders to conceptualize several of the important legal and regulatory analytical issues linked to the current approach towards DeFi.

Key takeaways

Executive summary

Blockchain for Europe (“BC4EU”) welcomes the FATF’s objective of updating its pre-existing Guidance to ensure a common understanding and smooth application of FATF standards in the context of VA/VASPs, in line with existing standards applicable to financial institutions and other AML/CFT-obliged entities. Whilst the current rights and obligation remain unchanged, this draft interpretive guidance should level the playing field for VASPs’ provision of financial services, by minimising the opportunity for regulatory arbitrage between sectors and countries.

However, if it remains unchanged and unclarified, the draft Guidance risks creating a novel regulatory framework which could potentially reach far beyond the FATF’s traditional AML/CFT remit. Among others, the draft Guidance’s expansive definition of what constitutes a VASP, which would now include Decentralised Finance (“DeFi”) projects too, is highly problematic. Indeed, in contrast to the 2019 guidance, and despite the stated intention to exclude it, the proposed expansion of AML/CTF regulations to the virtual-assets industry, would effectively regulate many areas of ordinary commerce including the creation and distribution of software that supports such activities. This ultimately creates disincentives for responsible innovation and proves ineffective or even counterproductive to fighting illicit financial activity. Instead of overregulation pushing activities underground, the draft guidance should leverage the inherent transparency that blockchain technology enables.

In other words, imposing the contemplated rules on the teams behind DeFi projects would likely jeopardise the projects and the whole ecosystems around them, which thrives on openness and accessibility. Accordingly, FATF should take a step back to properly understand this fast-growing space and carry out a thorough impact assessment beforehand. Considering the novelty of DeFi projects, FATF’s position on this phenomenon should best be formulated in a separate guidance and/or at a subsequent date.

In addition, the draft guidance raises serious privacy concerns, notably with regards to the envisaged application of the so-called “Travel Rule” (“TR”), which is ill-adapted to the VASP market and VA activities. It would effectively result in a disproportionate amount of personal identifiable information (“PII”) being collected (or potentially falling into the wrong hands), far beyond what is actually done in the traditional banking and financial markets (e.g., real-time balances and whole transaction and counterparty histories available with VA wallet addresses in the former case, versus only single transaction information in the latter case).

BC4EU, therefore, invites FATF to (a) consult with privacy regulators on the envisaged application of the TR, (b) clarify that the TR, if implemented, must be consistent with the application of international and national privacy laws, and (c) explore alternatives to address its AML/CTF concerns, such as through the adoption of fast-growing blockchain technology analytical tools, which can increasingly effectively and transparently track and trace criminal activity through the use of various methods.

Similarly, the draft guidance categorically designates unhosted wallets as high-risk without a factual basis for doing so -- an approach which runs counter to the FATF’s general guidance on adopting a risk-based approach. There too, FATF should explore realistic alternatives to address its AML/CTF concerns, such as blockchain technology analytical tools (e.g., wallet scan services) and requests to users on Source of Funds (“SoF”) whenever they send crypto funds back to their VASP account and/or convert back to fiat.

Finally, BC4EU would like to underline the key importance of: (i) training supervisors and law enforcement with regards to crypto matters for them to properly understand and constructively regulate this space, (ii) ensuring that fit & proper requirements for VASPs are subject to strict and objective criteria - binding both on regulators and potential applicants - so as to avoid arbitrary and unsubstantiated assessments, and (iii) highlighting that the formulation of the draft Guidance constantly uses the term “should”, which could wrongly be perceived as denoting obligations instead of clarifications.