Blue-ribbon panel discusses how crypto rules clash with real-world concerns.

On March 7, payment processor Worldpay from FIS and its newly announced blockchain compliance partner Shyft Network hosted their Spring Into FATF Compliance event at The Shard in London.

The discussion, moderated by Worldpay Head of Crypto and Emerging Business Nabil Manji, delved into the impact of the new Financial Action Task Force’s (FATF) guidance on virtual asset service providers (VASPs). A VASP is, broadly, any person or firm who exchanges virtual assets for either fiat currencies or other virtual assets, engages in safekeeping or administration of virtual assets, or participates in the provision of financial services related to an issuer’s offer or sale of virtual assets (such as an administrator or underwriter). The FATF is known to be “the global money laundering and terrorist financing watchdog.” Its members include 37 nations, the European Union and the Gulf Cooperation Council.

Of central focus was the application of a regulation popularly known as the travel rule, which requires all financial institutions to pass on certain customer information to the next financial institution in the transfer chain. All G7 nations have a closely harmonized version of the travel rule, which long predates cryptocurrencies. Financial firms domiciled in any country that relies on G7 members for capital – effectively the entire world – are adopting travel rule provisions at their own individual paces. In many instances, those paces have picked up in the past few weeks.

“The basic crux of the travel rule is to identify crypto assets in their transfer or exchange,” explained Sophie Lessar, a panelist and partner at DLA Piper. “The requirement is that the originator and beneficiary of an asset that’s exchanged or traded is identifiable, and that identification stays with that asset throughout its journey.”

FATF travel rule: We are ‘seeing it now, live’

In the wake of its invasion of Ukraine, Russia is facing mounting economic sanctions from a world nearly unanimous in condemnation of the action, yet reluctant to join the conflict. Sanctions, though, are only enforceable if their violations can be traced. This sudden realignment of priorities might have given new incentives to VASPs reluctant to adhere to the travel rule as well as countries slow to enforce it. This has led to a rush to adopt and embrace the regulation among parties who had not made much progress to date. That rush has caused a great deal of uncertainty.

“We’re seeing it now, live. We don’t know what to expect. We’re having not only financial institutions but [also] crypto companies figuring this out as we all go along and see what’s coming out from regulators,” said Worldpay’s Senior Regulatory Crypto Counsel Liz Eber. “We’ve never been more globally aligned with respect to sanctions.” Calling the FATF “the most influential global body you’ve never heard of,” David Lewis described how the organization neither proposes nor enforces laws. Rather, it makes recommendations to sovereign governments as to what broad policies they should put in place. With the backing of all the world’s wealthiest nations, though, its recommendations carry immense weight. It is at the supranational level that FATF makes its assessments known, and it is then up to each nation’s banking regulator to ensure compliance.

“Those [countries] that do very badly will be named and shamed. This can have a negative impact on capital inflows for whole countries which the [International Monetary Fund] estimates to be ~7-8 percent of GDP,” according to Lewis who, in recent weeks, has moved from being the former executive secretary of FATF to a new role at advisory firm Kroll.

The “call for action”– the FATF’s internal name for its blacklist – has not been updated since before the COVID-19 pandemic. For the past two years, it has been frozen at two names: North Korea and Iran. There are 23 other nations that are monitored on a “grey list,” of which Russia (a FATF member) was not among. In a statement released in the week preceding the Worldpay-Shyft event, the FATF expressed “deep sorrow” and “grave concern,” and noted that it “is reviewing Russia’s role at the FATF and will consider what future steps are necessary to uphold [its] core values.”

A question of time and place

Because the travel rule was written for legacy financial institutions, there are some practical considerations when applying it to VASPs. A document produced by the FATF the week before the panel lists 40 separate recommendations plus 75 pages of interpretive notes, yet still manages to be deliberately vague, according to a consensus of the speakers. To start with, the rule applies only to service providers that are namely intermediaries. Still, exchanges are not the only firms that could be considered VASPs. Everyone from wallet providers to NFT minters could fall into this category, depending on how an individual nation’s laws are read, no less written.

Ultimately, each country determines its own path to compliance with FATF standards and even the precise wording of its version of the travel rule. “Canada has gone into effect; South Korea at the end of March will be in full implementation. Some others don’t happen for another year or more,” according to Shyft co-founder Joseph Weinberg. “You need systems that can eliminate the ‘sunrise problem’ such that it doesn’t matter where you are, you’re able to comply today, tomorrow but also simultaneously in the past.” He notes that blockchains and smart contracts are promising tools for ensuring backward reconciliation. Even so, balancing the concerns of regulators with those of the more libertarian-spirited population of the crypto space remains a practice fraught with both compliance risk and customer retention risk. “There’s always going to be friction,” acknowledged Joe Anzures, head of Crypto.com North America. “We’re listening a lot to our customers. I think they understand what we’re asking.”

Nabil Manji asked, “Because you’re going in an order, you’re going to be out of compliance for a period of time in certain lower priority or smaller jurisdictions. Is that a potential reality?” Sameer Dubey, chief operating officer of the cryptocurrency exchange Bitstamp responded, “Some regulators might be more amenable to you taking a phased approach, in which case you can demonstrate your other policies are good enough to achieve the same outcomes. This is a reality that you will have to meet with proper prioritization and trade-offs between customer and regulatory outcomes.”

When policies clash …

The panel addressed one more issue with the travel rule: its conflict with privacy statutes. The same data cannot be both private by law – as the General Data Protection Regulation (GDPR) demands – and a matter of public record by law – as the travel rule demands. While the GDPR has the force of law only within the EU, it has effectively become an international standard, much as the travel rule. It may have just been a matter of time before the conflict became a hot issue, but between the rise of crypto and the call for sanctions against Russia, the moment has come.

Britain, which recently seceded from the EU, has unique experience with harmonizing its laws with that of its neighbor and leading trading partner. “I can speak to how the U.K.’s proposed [travel rule version] is trying to deal with some of that tension,” Arvin Abraham, partner at the law firm McDermott Will & Emery. “As a VASP, you have to store that data for five years then, after the five years – because of GDPR in part – you get rid of it.”

The fact remains that the data exists. Crypto was never as anonymous as its early proponents hoped it would be, and regulators’ tracking tools are getting better. Lewis takes heart in this. “The regulation is driving business growth,” the Kroll consultant said. “It’s not hindering.”



Read more about

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.