Why you must rethink FATF now
This is a guest contribution by Dave Mullen-Muhr of Unbounded Capital. If you would like to submit a contribution please contact Bill Beatty for submission details. Thank you.
The Financial Action Task Force on Money Laundering, or FATF, is a G7 organized intergovernmental organization of 37 jurisdictions with the purpose of setting international standards and advisory to combat money laundering and terrorist financing. After learning more about the organization, its history, and its plans for the near future, I propose that if you are an investor with any significant investment in the crypto currency market you NEED to better understand FATF. The sooner the better.
What is the new FATF guidance?
This past June, FATF issued their recommendations to virtual asset service providers (VASPs) regarding their anti-money laundering, know-your-customer, and coutner terrorism financing (AML/KYC/CTF) guidelines. FATF defines VASPs as businesses that,
i) exchange between virtual assets and fiat currencies;
ii) exchange between one or more forms of virtual assets;
iii) transfer of virtual assets;
iv) safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; and
v) participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.
Because this definition clearly, perhaps explicitly, covers cryptocurrency exchanges, we saw headlines like “All Global Crypto Exchanges Must Now Share Customer Data, FATF Rules”, which is likely what initially brought FATF into most crypto currency investors’ consciousness.
The guidance recommends that exchanges “obtain and hold required and accurate originator [sender] information and required beneficiary [recipient] information and submit the information to beneficiary institutions” on all transfers valued over $1,000 USD.
Outside of the previously lightly regulated cryptocurrency ecosystem, this guidance is nothing out of the ordinary and is essentially the application of FATF’s operative guidance called the “travel rule” for traditional financial institutions towards cryptocurrency businesses.
Now that we have a sense of what guidance was issued, let’s take a look at the common misconceptions stemming from it.
Misconception 1: FATF is only issuing guidance and recommendations, they are not legally binding. They aren’t part of any governmental body with teeth.
This seems to be the predominant takeaway within the crypto ecosystem after the FATF announcement last June. It’s a perfect example of when the facts are true but the news is fake. Yes, FATF is “issuing guidance and recommendations” and no, FATF itself doesn’t have legal jurisdiction for enforcement as an offshoot of the G7. BUT, this does not mean that what they issue is not important.
On the recommendation spectrum this isn’t an “I recommend you watch this movie on Netflix” from a friend, but instead is closer to an “I recommend you step out of the car sir” from a frustrated police officer. As with an upset driver ignoring the recommendation of the latter, when a nation is not compliant with FATF recommendations they face negative consequences. Without voluntary compliance, those in charge of enforcement will opt to “do it the hard way.” With FATF the “hard way” is adding non-compliant nations to a list of “non-cooperative nations”, also known as the FATF grey and black lists.
Once added, the subsequent economic consequences for these nations can be severe. For example, in 2018 Pakistan was grey listed over concerns surrounding its inability to properly address terrorist financing. Subsequent FATF discussions over whether Pakistan should be black listed threatened them with “downgrading…by multilateral lenders like IMF, World Bank, ADB, EU and also a reduction in risk rating by Moodys, S&P and Fitch.” Countries currently grey and black listed include Pakistan, Yemen, Syria, North Korea, and Iran (among others).
While FATF recommendations are not directly related to U.S. or E.U. economic sanctions, they often coincide. FATF advises that additional counter-measures are implemented for routinely non-compliant countries such as Iran and North Korea with “serious, longstanding strategic deficiencies that have still failed to make progress after the FATF calls for enhanced due diligence,” stating that “counter-measures range from specific elements of enhanced due diligence and systematic reporting of transactions…to a limitation or prohibition of financial transactions with the jurisdiction.”
Okay, fine. Maybe being on FATF’s naughty list is bad after all. But North Korea? Isn’t that somewhat hyperbolic? It’s just cryptocurrency.
Misconception 2: Cryptocurrency represents a tiny fraction of the global financial system. We’re small fish. It won’t be a top priority.
To address this misconception you don’t need to rely on the speculation of a paranoid crypto holder or antagonistic no-coiner. FATF is very clear that cryptocurrency and virtual asset compliance is a top priority of the organization. Since FATF is an intergovernmental body, it has a rotating annual presidency between its member nations. The current (2019-2020) presiding nation is China which was preceded by the United States (2018-2019). At the onset of each leadership, the new president issues a short paper outlining their priorities and the objectives for FATF that year. Two of the four priorities outlined during the U.S. presidency’s FATF objectives directly involved crypto currency and FinTech. The section titled “Virtual Currency” reads as follows,
The U.S. Presidency will prioritise clarifying how the FATF standards apply to virtual currency providers and related businesses. Virtual currencies are increasingly being used to launder the proceeds of crime, but are not explicitly acknowledged in the FATF Recommendations…. During the U.S. Presidency, the FATF will also embark on a new project that focuses on investigative best practices on virtual currency to support law enforcement.
Likewise, China’s FATF objectives for the current year reiterate this priority in the section titled “Mitigating the Risks and Exploiting the Opportunities of New Technologies”. It reads,
Under the Chinese Presidency, the FATF will develop the methodology for countries to be assessed against the standard for virtual assets, and it will start assessing FATF members for effective compliance with it….
It’s worth mentioning that these documents outline only four priorities each, thus the respective virtual asset sections make up a significant portion of the FATF directives for that year. (If you read the extended quote from the original source you will note the optimistic tone of the potential benefits enabled via this new technology. We will expand on this optimism in part II.)
Add to this the emphasis from the United States Treasury Department (even including tweets from President Trump) again reiterating the high priority of regulating the crypto currency ecosystem. The Treasury’s Financial Crimes Enforcement Network, or FinCEN issued its own guidance this past May specifically pertaining to “business models involving convertible virtual currencies”. Shortly after its release, Sigal Mandelker, the U.S. Treasury’s Under Secretary for Terrorism and Financial Intelligence, issued remarks addressed cryptocurrency professionals at a conference stating,
…FinCEN issued guidance directly addressing areas of interest gleaned from ongoing industry engagement about how our regulations apply to different business models…I encourage you all to read it closely.
The gist of the FinCEN guidance mirrors much of what FATF issued later in June. Treasury Secretary Steve Mnuchin was quoted saying,
This (FinCEN and FATF guidance) will enable the emerging FinTech sector to stay one-step ahead of rogue regimes and sympathizers of illicit causes searching for avenues to raise and transfer funds without detection. We will not allow cryptocurrency to become the equivalent of secret numbered accounts. We will allow for proper use, but we will not tolerate the continued use for illicit activities.
Unless you think both of these organizations are bluffing, it is clear that regulating cryptocurrency businesses is a top priority for each. But how will this enforcement work in practice?
Misconception 3: Even if they wanted to enforce this stuff, they wouldn’t be able to. Cryptocurrency is decentralized.
And now we address perhaps the biggest cryptocurrency misconception of them all: “but it’s decentralized.” History has empirically demonstrated that decentralization isn’t the panacea many optimistic techno-utopians in cryptocurrency believe it to be. To explain why, we can briefly review one history (among several) of an intergovernmental take-down of an effectively decentralized virtual currency.
Liberty Reserve was a virtual currency in use from 2001 until it was shut down in 2013. It focused heavily on anonymity as it allowed users to send and receive funds with only names, email addresses, and birth dates, all of which could be blatantly faked without ever being cross checked. At its height, Liberty Reserve is estimated to have had over five million users worldwide conducting transactions worth more than US$16 billion. Although it was technically centralized in that it had founders who were eventually sentenced to prison, its network was effectively decentralized across the world via its fiat on-ramp/off-ramp “exchangers”. A New Yorker article contemporaneous to Liberty Reserve’s closure describes exchangers as,
…typically unlicensed moneymen in countries like Malaysia, Nigeria, and Vietnam, who bought Liberty Reserves in bulk from Liberty Reserve. You would pay them dollars (or whatever currency) for a certain sum of Liberty Reserves, which they would then deposit into your account.
I don’t see a substantive difference between the description of these unlicensed moneymen and the unlicensed KYC/AML-less cryptocurrency exchanges that exist today, except that the latter are far easier to locate via Google searches.
Because of its multinational and decentralized nature, Liberty Reserve was possibly more onerous to shut down than a centralized entity, but that did not stop it from happening. The United Nations’ SHERLOC database summarizes the methods by which the U.S. Federal Executive and Judiciary branches used FinCEN authorities under Section 311 of the U.S. Patriot Act to seize all known domains and assets of Liberty Reserve’s operators. Additional court documents (see: exhibit B, page 7) outline how the U.S. worked in conjunction with several other nations and “obtained seizure warrants for 28 bank accounts controlled by the Defendants, located in eight countries” as well as “issued more than 30 (legal action) requests…to more than a dozen countries.”
The language regarding the threshold required for granting authority to the U.S. Secretary of the Treasury under Section 311 of the U.S. Patriot Act would seemingly already be met by the crypto currency industry given both FinCEN and FATF’s recent statements. Section 311 “grants the Director of FinCEN the authority, upon finding that reasonable grounds exist for concluding that a foreign jurisdiction, foreign financial institution, class of transactions, or type of account is of ‘primary money laundering concern’, to require domestic financial institutions and financial agencies to take certain ‘special measures’ to address the primary money laundering concern”. These special measures include imposing “additional recordkeeping, information collection, and information reporting requirements on covered U.S. financial institutions,” similar to those outlined by FATF’s travel rule.
The United States’ FinCEN isn’t alone on explicitly confirming and extending FATF’s guidelines enforceable within their own jurisdiction. In famously banking friendly Switzerland, the Swiss Financial Market Supervisory Authority (FINMA) has issued similar guidance. FINMA’s August 2019 report, explicitly referencing FATF’s guidance, lays out how the Swiss government will be regulating crypto currency businesses within their borders to comply with new international standards. They write,
…blockchain-based business models cannot be allowed to circumvent the existing regulatory framework. This applies particularly to the rules for combating money laundering and terrorist financing, where the inherent anonymity of the blockchain presents increased risks.
Concurrent with this guidance, FINMA also announced the issuance of banking and securities licenses to two blockchain service providers, the first in Switzerland. While excitement stemming from the announcement of “institutional” blockchain players entering the Swiss market made headlines on various cryptocurrency publications, the key disclaimer that they would be held compliant to FATF’s and FINMA’s standards as part of this licensing was often underplayed.
The severe negative consequences faced by the operators of Liberty Reserve are the same types of “do it the hard way” consequences major cryptocurrency exchanges will want to avoid going forward by opting to be compliant with all the recent national and international guidance. Although the technical architecture of blockchain makes it arguably more robust than a series of registered domain names and grassroots exchangers, currently profitable and compliant businesses will not rely on that suggestion for peace of mind. Leaving the likelihood that virtually all major existing exchanges will aim to remain legally compliant with international standards like those recommended by FATF aside, how many cryptocurrency investors would want to deal with these potential legal ramifications? If a strong majority of the market is spooked, what will happen to the value of the assets?
Misconception 4: This won’t take effect for years to come and it will be implemented in each individual country differently. Not very time sensitive.
The legal reality of the precedent of successful enforcement stemming from the guidance of organizations like FATF and the U.S. Executive branch virtually ensures that companies operating within compliant jurisdictions (all non black/grey listed) will want to stay ahead of the law. To imagine that a company within a FATF compliant nation will ignore the provided guidance is woefully naive. To do so would recklessly open their business up to the threat of crippling exclusion from all existing major financial institutions as well as jail time for the individuals who operate the business. Individuals are not decentralized. Furthermore, to imagine that an otherwise compliant jurisdiction would ignore enforcement of the FATF recommendations in order to allow non-compliant crypto currency businesses to operate within their borders is even more naive. This would open up the entire country to the threat of nation state level sanctions as well as the aforementioned exclusion from existing financial institutions. This is not remotely realistic.
FATF’s June 2019 guidance stated that “the threat of criminal and terrorist misuse of virtual assets is serious and urgent, and the FATF expects all countries to take prompt action to implement the FATF Recommendations in the context of virtual asset activities and service providers.” Accordingly, they will “monitor implementation of the new requirements by countries and service providers and conduct a 12-month review in June 2020.”
Given this time sensitivity, it’s not surprising that several cryptocurrency exchanges have already responded with changes. A few weeks after the FATF guidance was released Korean exchange OKEx announced they were dropping five anonymity focused “privacy coins” within 30 days. A few days later, Korean exchange Upbit followed suit, also delisting privacy coins. Upbit cited the “decision to end trading support for the crypto-asset was also made to block the possibility of money laundering and inflow from external networks.” Continuing, “Upbit will continue to consider crypto-assets that represent anonymity functions as candidates for designation of ‘investment warning crypto-assets.’”
Preempting the most recent FATF updates, in May 2018 the Japanese cryptocurrency exchange industry group “Japan Virtual Currency Exchange Association” voluntarily agreed to delist popular privacy coins. This impacted exchanges like Coincheck which opted to comply and removed their privacy coins. Coinbase U.K. also announced this past August that they were delisting privacy focused “ZCash” for U.K. customer, though without publicly citing their reason. Surprisingly Coinbase maintained Zcash service in other jurisdictions.
While anonymity focused privacy coins are the obvious low hanging fruit, it’s a worthwhile exercise to think through how the broader industry will respond. Likewise, it’s worth deeply exploring which cryptocurrency’s technical roadmaps are heavily invested in the feature of anonymity. What about market dominance leader BTC and their layer two Lightning Network?
What does this mean?
From my vantage point, the apparent legal naivety of the broader cryptocurrency market is a cognitive bubble that must pop. The integration of this relevant legal guidance and its consequences into any cryptocurrency investor’s landscape analysis is essential, no matter how unsettling it may be at first glance. That being said, I encourage investors to refrain from interpreting the presence of robust legal regulation as a negative signal. All of the aforementioned guidance explicitly leaves room for what regulators see as the positive consequences of a compliant market. In part II, I will argue for the attractiveness of these positive consequences for both regulators and end users alike, with Bitcoin (BSV) as the original design envisioned by Satoshi Nakamoto, positioned as the perfect tool for this compliance. Bitcoin’s inherent legal compliance is not an accident. But more on that later.
Stay tuned for part II.
Dave Mullen-Muhr is an investor, entrepreneur, writer, and ever-curious learner. A principal at Unbounded Capital, Dave is focused on leveraging Bitcoin to integrate the wisdom of the past with the technology of the present to innovate the future.