Revised FATF Guidance: smart contracts developers and token holders subject to AML-CFT
- FATF has issued proposed Guidance for a risk-based approach to virtual assets and Virtual Asset Service Providers, which expands on previous definitions to include nearly every entity building in DeFi.
- At best, these revised guidelines would be impractical at worst, impossible to implement for smart contact developers or governance token owners, who have no point of contact with users.
- Adan responded to the FATFs public consultation with recommendations that allow the DeFi ecosystem to continue to grow while addressing risks proportionately.
In March of 2021, the Financial Action Task Force (FATF) issued proposed guidelines for virtual assets and Virtual Asset Service Providers (VASP) and opened a one-month public consultation allowing industry stakeholders to comment. They provide revised definitions and offers measures to prevent, to the most extent, possible money laundering and financing of terrorism-related risks.
The updated guidelines clarify the definition of VASPs and effectively expands its scope broadly. Effectively, under these new guidelines, nearly every entity building in decentralized finance (DeFi) becomes a VASP as revised definitions would potentially target any individual, developer or startup involved in the development, deployment, use or governance of a use case facilitating the transfer of virtual assets. The VASP status would mandate these actors to implement AML-CFT due diligence on users.
For example, any person developing or deploying a smart contract allowing the transfer of virtual assets may qualify, even if they give up control after launch – a common practice in the ecosystem. Furthermore, holders of decentralized application governance tokens may also be captured by the FATF’s guidance and required to perform due diligence on users as they may have “decision-making authority over structures that affect the inherent value of a virtual asset.” The FATF also expands the notion of control, notably qualifying all the participants to a multisignature scheme facilitating a transaction as VASP.
Adan strongly supports the development of appropriate and proportionate guidelines which mitigates criminal and other illicit use of virtual assets. However, these proposed guidelines are at best impractical, at worst, impossible to implement for individuals and DeFi startups which neither have the competence, know-how or resources to perform due diligence on users with whom they have no point of contact. Indeed developers or deployers of smart contracts which enable the transfer of assets – such as decentralized exchanges, decentralized stablecoins or any number of DeFi applications – have no practical means to identify users or their operations. This broad and vague definition of VASP creates legal uncertainty for virtual asset users and developers participating in the DeFi ecosystem.
While ML-FT risks in the virtual asset world exist, numerous studies have demonstrated that their use by criminals is overstated and likely to diminish as transactions are public and may be traced through network analysis. Indeed authorities rely on these techniques to identify criminal activities in targeted investigations. A 2021 report by blockchain analysis firm Chainalysis found that in 2020 only 0.34 % of virtual asset transactions were illicit, and a significant portion of criminal activity was in the form of consumer scams operating off-blockchain and for ransomware. Furthermore, in its “National Analysis of Money Laundering and Terrorist Financing Risks in France,” the French Treasury found that illicit use of virtual assets for ML-FT purposes was not a preferred option by criminals.
Adan voiced its concerns in response to the FATF’s public consultation and made concrete proposals to address the specific risk profile of innovative products in decentralised finance. Its proposals include:
- improving surveillance of criminal activity on public blockchain networks by national authorities;
- applying reporting requirements on a case-by-case basis when stakeholders have effective control on decentralized applications;
- creating industry standards and best practices;
- avoiding unnecessary customer due diligence for individuals, developers and startups, which carries risks to data privacy and identity protection;
- refining the FATF’s risk analysis on VASPs and so-called “peer to peer transfers” to better mirror the market reality and granularity in activities’ risk profiles.
Adan would be open and glad to discuss these issues with all interested parties.
Adan (Association for the Development of Digital Assets) is a non-profit bringing together and representing digital assets and blockchain professionals in France and Europe. Adan’s members cover a wide range of activities: digital asset markets, custody, payments, investment management, blockchain analysis tools, support for crypto/blockchain projects, IT security, etc. Adan’s mission is to promote the development of the crypto-assets industry in favour of a new digital economy.