News

National anti-money laundering regulators should hold the managers of decentralized cryptocurrency exchanges to the same expectations as their conventional counterparts, especially when they generate proceeds for themselves, an international regulatory group said Thursday.

The group, known as the Financial Action Task Force, also suggested that cryptocurrency exchanges that do not comply with the group’s recommended travel rule—which requires financial institutions to share limited details of their clients with each other when processing their transactions—should face restrictions when dealing with more-cooperative exchanges.

Decentralized finance platforms, or “Defi,” allow users to exchange cryptocurrency directly and entirely through software, without the intermediation or monitoring of a third party. The sector has exploded in popularity within the last two years, with the combined value of cryptocurrency linked to decentralized platforms climbing from $6 billion in July 2020 to $148 billion as of Thursday, according to CoinGecko, a cryptocurrency tracking website.

That total is still dwarfed by the estimated $2.7 trillion market value of all cryptocurrencies, but federal investigators expect criminals to increasingly rely on Defi platforms to move and launder funds in the years ahead.

The Treasury Department’s Financial Crimes Enforcement Network, or FinCEN, clarified in May 2019 that decentralized software programs, or “DApps,” fall under the same requirements of the Bank Secrecy Act that apply to centralized exchanges, and regulators have recently warned that the sector has yet to implement basic AML protocols.

FATF used similar language Thursday in advising regulators around the world to hold the creators of decentralized exchanges accountable if they collect fees from customers, but the group stopped short of directly urging regulation and supervision of the software that enables such transactions.

“A Defi application (i.e. the software program) is not a VASP under the FATF standards,” the group advised, using the acronym for virtual asset service provider. “However, creators, owners and operators or some other persons who maintain control or sufficient influence … may fall under the FATF definition of a VASP.”

Cryptocurrency exchanges and other companies that qualify as VASPs must build AML programs, conduct due diligence on customers and screen transactions for signs of illicit finance.

The group also warned that many platforms claim to operate on a decentralized basis when in fact a person or company manages their day-to-day operations. Regulators, FATF advised, must therefore not rely on a platform’s own attestations in lieu of interpreting and applying the group’s principles broadly and generally.

FATF’s debut of the “owner/operator” framework for gauging whether a company should fall under regulation makes the guidance noteworthy, Ari Redbord, a former federal prosecutor and senior adviser for the Treasury Department, told ACAMS moneylaundering.com.

The guidance constitutes an attempt by the group to “regulate this space in real time” by adapting its original expectations for centralized cryptocurrency exchanges and extending those same principles into new areas of the industry.

“The owner/operator test is a hard test to pass,” said Redbord, now head of legal and government affairs at TRM Labs. “A lot of Defi projects could very well be covered by this.”

FATF advised national regulators Thursday to apply many of those same principles to stablecoins, a form of cryptocurrency whose value is based on that of a commodity, government-issued currency or other cryptocurrency.

According to the guidance, if a stablecoin has an operator or issuer, then that entity likely qualifies as a VASP as well. Exchanges may also need to limit their dealings with any cryptocurrency platform, decentralized or otherwise, that has not implemented FATF’s recommendations against illicit finance, including those that have yet to adopt the travel rule or build a strong compliance program overall.

“FATF expects countries to implement [the travel rule] as soon as possible,” the group advised. “Countries may wish to take a staged approach to enforcement of travel rule requirements to ensure that their VASPs have sufficient time to implement the necessary systems.”

The group suggested Thursday that any platforms that comply with the travel rule could restrict transactions to and from suspicious exchanges up to a certain monetary threshold, or alternatively process transactions from them only after verifying the identities of both the originator and beneficiary.

Without those restrictions, “the VASP may face a tough decision in whether to deal with VASPs based in a country with weak or non-existent implementation,” FATF warned. FATF also advised the industry to scrutinize unhosted wallets, a category of digital addresses for storing cryptocurrency outside of conventional exchanges and with less oversight.

Regulators should consider using “blockchain analytics” to track transactions involving unhosted wallets, or requiring cryptocurrency companies to shun them altogether, the group recommended.

Contact Daniel Bethencourt at dbethencourt@acams.org