red 
In March 2021, the Financial Action Task Force (FATF), the global anti-money laundering and countering the financing of terrorism (AML/CFT) standard setter, launched a private sector consultation on its guidelines for virtual assets.
As part of the consultation, the FATF sought input from the crypto industry on issues such as:
-
Enforcement of Decentralized Applications (DApps)
-
Financial crime risk management related to self hosted wallets and peer-to-peer (P2P) transactions
-
Ensuring successful implementation Travel rule
-
How regulators can supervise most effectively virtual asset service providers (VASPs).
Elliptic submitted a response to the consultation in which they expressed our views. We’ve summarized three key points from our response below – which you can read in full here.
1. The FATF guidance on applying the VASP definition to DApps is unclear and impractical.
Updates to FATF guidance include suggestions on how countries can apply FATF standards to DApps, such as decentralized exchanges (DEX).
This focus on DEXs is understandable. DEX trading volume has exploded during 2020-2021with some DEX trading volumes surpassing large centralized exchanges. Last year, the first course was held money laundering operations involving DEXand Elliptic’s own research suggests that approximately 40% of all Ethereum transactions now involve DEXs.
However, FATF’s proposal to apply its standards to DEXs is impractical.
According to the FATF, most DApp and DEX arrangements contain “a central party with some degree of involvement”. Countries should therefore treat “owners/operators” and those “conducting business development for DApps” as VASPs subject to AML/CFT requirements.
Unfortunately, this framing and these terms are unhelpfully vague. In practice, DEXs do not always have to have only one party that exercises control over the activities of a certain market or that has full insight into the activities of the participants.
We believe the guidance would benefit from removing the current references to “owners/operators” and persons “running business development for DApps”, as these references are unhelpfully vague and do not reflect the reality of how these platforms often operate.
Instead, the guidelines should provide a more detailed overview of the nature of DApp markets and platforms and should clarify which participants in those markets can reasonably be expected to implement specific AML/CFT measures.
2. The volume of illegal activities among P2P transactions in virtual assets is low, and references to disproportionate and impractical measures to address risks should be removed from the FATF guidelines.
The draft FATF guidelines discuss how countries should manage the risks associated with P2P transactions – which are transactions that occur between private wallets and without the involvement of a regulated entity.
The guidelines assume that P2P transactions pose high risks because they do not involve regulated counterparties. The data, however, tell a different story.
Most P2P transaction activity in Bitcoin is legitimate and does not involve interaction with illegal entities, such as dark web markets or cybercriminals, on a large scale.
Our research suggests that in 2020, only 0.6% of P2P Bitcoin transactions were sent or received by an illegal entity – as shown in the chart below.
Understanding this picture is key to good policy making. Outlining steps that countries can take to manage the risks of P2P transactions, the FATF guidelines indicate that countries can consider “refusing to license VASPs if they allow transactions to/from non-mandated entities (ie private / non-hosted wallets).”
We believe that the FATF should remove this proposed measure from its guidelines. The suggestion that countries can ban VASPs from dealing with self-hosted wallets is disproportionate to the real risk picture. Furthermore, banning VASPs from having any interactions with self-hosted wallets at all is unworkable.
Solutions such as blockchain analytics are sufficient to allow VASPs to assess the risks associated with transactions involving self-hosted wallets – and are preferable to impractical and disproportionate steps such as denying VASPs permissions.
3. The guidelines should provide more specifics on how countries can leverage blockchain analytics for risk management.
In describing how countries can respond to the risks of P2P transactions, the draft guidance notes that, “Countries should also consider how the risks of ML/TF transactions for some VAs can be mitigated through, for example, blockchain analytics, which can provide greater visibility through P2P transactions.”
While important and welcome, the guidelines should offer more concrete and concrete examples of how countries can take advantage of blockchain analytics. This may include:
-
requiring obligors to adopt block analysis solutions to comply with anti-money laundering and counter-terrorist financing and sanctions measures;
-
ensuring that financial intelligence units and law enforcement agencies have access to block analysis solutions to conduct proactive investigations of illegal activity involving P2P transactions where it occurs;
-
ensuring that supervisors use blockchain analytics to monitor the activities of ratepayers once they are registered or licensed.
Facing the challenge of addressing the FATF guidelines
The issues raised in the FATF guidelines will shape the direction of crypto regulation for years to come.
Elliptic is committed to working with the FATF, regulators and our partners across the crypto industry to address these issues to ensure that crypto innovation can continue to flourish while preventing crime.
Contact us today to arrange a demonstration and find out how we can help your business address FATF’s Virtual Asset Guidelines.
