In 2014 and 2015, the FATF began expressing concerns that the potential benefits of cryptocurrency platforms and services — such as faster transfers and settlement, global reach and increased anonymity — appeal to criminals, rogue regimes and terrorists. Consequently, FATF endeavoured to establish international standards for regulating what it refers to as virtual asset service providers (VASPs).
South Africa, as a member of the FATF, is expected to comply with any recommendations they make. In January 2019, the Intergovernmental FinTech Working Group (IFWG) published a consultation paper on policy proposals for crypto assets, where it stated that given the risks in crypto assets, South Africa ought to align with regulations around anti-money laundering and combating the financing of terrorism, in accordance with the FATF recommendations. As crypto asset providers fall within the FATF's definition of "virtual asset service providers", the IFWG proposed that South African virtual asset service providers register and be subject to monitoring, to ensure compliance with the requirements.
These recommendations are not new, and elaborate on the FATF's previous recommendations (under recommendation 15) that virtual asset providers obtain a license with effective systems for monitoring and ensuring compliance. From a South African perspective, regulators will be under pressure to align with the proposals that FATF intends on adopting in June 2019. These proposals are yet to be ironed out, but the IFWG will undoubtedly consider them when developing its framework to regulating crypto assets in South Africa. It is clear that the intention of regulators is to combat money laundering and the financing of terrorism, by regulating and supervising activities in the crypto asset space. The practical implementation on virtual asset service providers is yet to be seen.
While FATF’s standards are non-binding and its members must enact corresponding legislation or rules to give the standards legal effect, FATF’s 36 member nations, such as the US, the UK, Germany and Japan, include some of the largest financial systems in the world. The formal adoption of the standards by even a few member countries results in a global shift in how international financial institutions must conduct business. Countries that do not follow suit risk being placed on a graylist or a blacklist based on the degree of deviation from the FATF standards. Blacklist status effectively restricts the access of financial institutions operating within those countries to the global financial system.
The standards are expected to focus on regulation of cryptocurrency exchanges and custodial-type wallets. More specifically, the standards will likely contain requirements for these VASPs to not only monitor and record information about its customers but also share that information during a transfer with another VASP. The identification of the source and recipient of the funds is considered crucial in combatting money laundering and terrorism finance. Indeed, the recording and sharing of identifying customer information during transfers, the so-called “travel-rule” is common practice in the traditional banking system.
For example, the US Financial Crimes Enforcement Network (FinCEN) issued guidance on 9 May 2019 that adopts the travel-rule for cryptocurrency transmission subject to the US Bank Secrecy Act. The US is currently serving its term as president of FATF. Thus, the recent guidance from the US’s FinCEN likely foreshadows the standard to be set forth by FATF.
The travel-rule, set forth under regulations and Guidance adopted by FinCEN, requires the transferring and receiving financial institutions to exchange and maintain records relating to a transfer, such as the account numbers and addresses of the parties involved. These regulations do not necessarily require immediate disclosure to governmental authorities but maintaining these records ensures sufficient information would be available to investigators if the need arises.
Commentators have been vocal about how the intrinsic nature of cryptocurrency transfers will make compliance with the travel-rule overly burdensome, if not impossible. For example, traditional IBAN numbers indicate key characteristics about the transferring or receiving accounts, such as the country in which the institution is located, bank code, branch code, and the actual account number. Whereas, cryptocurrency transactions involve an address that was a randomly generated series of characters intended to be pseudo-anonymous. Consequently, commentators assert that there is no reasonable means for a VASP involved in a transfer to independently verify the identity of the other party.
Regardless of the challenges, cryptocurrency-based exchanges and custodial wallets will not be able to ignore the standards set forth by FATF. The current global trend has been to implement rules that largely treat the cryptocurrency industry similarly to the traditional financial industry — such as the previously noted guidance issued by the US FinCEN. FATF member countries will likely follow this trend. Failure to follow such standard implemented by FATF member countries could result in public condemnation and loss of access to global markets. Consequently, cryptocurrency-based exchanges and custodial wallets should consider a proactive strategy now to prepare so as to maintain a competitive advantage over those that wait to react.