Monday, December 9, 2024
banner


Why VASP Due Diligence is essential following recent FATF guidance

On 28 October 2021, the Financial Action Task Force (FATF) – the global anti-money laundering and countering the financing of terrorism (AML/CFT) standard setter – published updates to its guidance on virtual assets with far-reaching consequences, which we summarized in our recent report on the FATF Virtual Assets Guidelines: What you need to know.

Above all, the FATF guidelines reveal a specific goal of policymakers: to shoehorn the virtual asset industry into decades-old regulatory frameworks and force virtual asset service providers (VASPs) to behave like banks.

The guidance makes clear that VASPs will have to adhere to the same set of comprehensive regulatory compliance standards that banks already do.

One important requirement set out in the FATF guidance that will align AML/CFT compliance practices in the virtual asset space with those in the banking world is the introduction of VASP due diligence of other parties. In setting this standard, the FATF is directing the virtual asset sector to adopt long-standing practices from the world of correspondent banking.

Why is it important to know your VASP?

VASPs, such as virtual asset exchanges, Bitcoin ATMs and custodial wallet providers provide essential services to users of cryptoassets and act as gatekeepers where AML/CFT measures can be applied. Often, clients in a VASP can send funds to cryptoasset wallets held in another VASP. When transactions involving VASPs occur, certain risks may exist.

For example, if Alice wants to send funds from her account at VASP #1 to Bob’s account at VASP #2, VASP #1 needs to understand whether VASP #2 presents high risk factors.

This may include research into:

  • Is VASP #2 registered in a high risk jurisdiction or sanctioned country?

  • Does VASP #2 allow users to access its platform without providing know-your-customer (KYC) information?

  • Does VASP #2 allow its customers access to high-risk products and services?

  • Does VASP #2 enable large amounts of activity with illegal or sanctioned entities?

If the answer to any of these questions is “Yes”, then VASP #1 could be exposed to significant financial crime risks if he allows his clients to send funds to VASP #2.

To mitigate these risks, according to the FATF, VASPs – as well as other regulated businesses (such as banks) dealing with VASPs – must perform due diligence on those VASPs with which their customers transact. The FATF does not expect this information to be collected for every single virtual asset transfer, but that a VASP – or other regulated entity – should perform due diligence on a VASP before first transacting with it and periodically thereafter.

Information to be collected as part of VASP counterparty due diligence includes, but is not limited to:

  • proof that VASP is regulated;

  • negative media, including whether VASP is subject to any regulatory action; and

  • evidence of the sufficiency of VASP’s AML/CFT compliance framework (eg whether it performs KYC checks and has a BPPN/CFT policy, or facilitates transactions with high-risk counterparties).

VASP Due Diligence Counterparty Challenges

The FATF guidelines do not specify how to collect this information. Instead, it suggests that a combination of publicly available information and information collected directly from VASP is sufficient to meet this obligation.

According to the FATF, the VASP or other regulated entity should use this data to decide whether to transact with the other VASP party, as well as the degree of compliance control to be applied to the relationship. As stated by the FATF

“VASP and FI [financial institutions] should take into account the level of Money Laundering and Terrorist Financing (ML/TF) risk of each individual VASP customer/counterparty and any applicable risk mitigation measures implemented by the VASP counterparty/customer.”

Business compliance practitioners from the banking sector will recognize this approach. It closely mirrors the application of correspondent banking due diligence – or the process banks use to check each other before establishing a relationship. Correspondent banking due diligence is a long-standing practice, contained in FATF Recommendation 13 – which defines the types of information that countries should require banks to request from each other. Compliance with the due diligence requirements of correspondent banking is facilitated by the application of detailed operational standards developed by the Wolfsberg Group.

A collective of the world’s largest banks dedicated to establishing common AML/CFT compliance standards, the Wolfsberg Group has developed the Correspondent Banking Due Diligence Questionnaire (CBDDQ). The CBDDQ contains more than 100 questions designed to help a bank determine whether its correspondents have sufficient AML/CFT controls – an extremely rigorous exercise. Efforts are already underway across the virtual asset industry to adopt similar standardized questionnaires for conducting VASP due diligence.

VASPs will certainly face challenges in conducting due diligence on their VASPs. In particular, obtaining and evaluating the required data from their partners will add new layers to the compliance process for VASPs – creating new demands on time, processes, systems and resources. A key challenge for VASPs will be ensuring they can meet this expectation while avoiding friction during the customer experience.

But for banks that interact with VASPs, the process will seem familiar. Indeed, the requirement to carry out VASP due diligence can act as a confidence booster for banks, who will welcome clarification on how they can engage with VASPs in a compliant manner.

Putting VASP Due Diligence into practice

Fortunately, solutions already exist that allow VASPs and financial institutions to perform comprehensive due diligence on their VASP partners.

Elliptic Discovery is the leading dataset of risk indicators used by VASPs and banks to assess counterparty VASP risk. Information on more than 1,000 VASPs is contained in Elliptic Discovery, which includes an objective risk assessment for each VASP, allowing you to make confident and informed judgments about your VASP partners.

Elliptic Discovery contains comprehensive information drawn from our leading dataset, including, for each VASP profile:

  • Jurisdiction of work

  • Regulated status

  • SPN/FT control quality

  • Privacy Coin Offerings

  • Volume of transactions and volume of interactions with unauthorized and sanctioned entities.

Integrating data-driven insights from Elliptic Discovery into your compliance workflow enables your business to efficiently obtain this information, saving you valuable time during the other party’s VASP due diligence process.

As regulatory standards around virtual assets continue to tighten, it will be critical for VASPs and financial institutions to demonstrate that they can perform VASP counterparty due diligence in a robust and reliable manner. Get in touch with our team here to see how Elliptic Discovery can help your business standardize your VASP due diligence.

To learn more about FATF’s VASP Due Diligence requirements and how to put them into practice, watch our webinar: Do you know your VASP? VASP Due Diligence Counterparty Following FATF Guidelines, Today!

“VASP and FI [financial institutions] should take into account the level of money laundering and terrorist financing (ML/TF) risk of each individual VASP client/counterparty and any applicable risk mitigation measures implemented by the other VASP client/client.”


Do you find this interesting? Share on your network.



banner
crypto & nft lover

Johnathan DoeCoin

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar.

Follow Me

Top Selling Multipurpose WP Theme

Newsletter

banner

Leave a Comment

crypto & nft lover

John DoeCoin

Learn all about cryptocurrency and NFT, we publish news and interesting fauths from the world of crypto.

@2022 u2013 All Right Reserved. Designed and Developed by Evegal.com