Black Logo

Our site uses cookies to give you the best user experience and to collect and share information for analytics, advertising and personalization on this and other sites. Please select whether you consent to our use of cookies and related technologies (“Cookies”), as described in our Cookie Policy. You can return at any time from the same web browser to update your preferences. Please note that resetting your browser’s cookies will reset your preferences. You can control the use of some types of cookies through the Cookie Settings below, but note that if you choose to disable certain cookies, it may limit your use of certain features or functions on our services and websites.

Privacy Policy
Strictly Necessary Cookies

These cookies are required to enable core site functionality.

Functionality Cookies

Functionality cookies allow us to provide enhanced and more personalized content and features. In order to permit your connection our website, our servers receive and record information about your computer and browser, potentially including your IP address, browser type, and other software or hardware information. All of these features help us to improve your visit and assist in navigation of the sites’ features.

Analytics Cookies

We and our service providers may use analytics cookies, which are sometimes called performance cookies, to collect information about your use of our website, for instance, which pages you go to most. The information allows us to see the overall patterns of usage, help us record any difficulties users may have while using our website and can show us whether or not our advertising is effective.

Advertising And Targeting Cookies

We may use third party advertising and targeting cookies to correlate your use of our website to personal information obtained about you so that we may more clearly target the information we provide you to the specific items we think you will find interesting, based on your prior online activities and preferences. We also may use these cookies to deliver ads that we believe are relevant to you and your interests.

For more information, view our Cookie Policy


FATF guidance to affect cryptocurrency, anti-money laundering, & anti-terrorist financing compliance for financial institutions

Legility 07 / 17 / 19

Last month, the Financial Action Task Force (FATF), the inter-governmental body that sets global standards relating to anti-money laundering (AML) and combating the financing of terrorism (CFT), published its much anticipated guidance on how its 200+ member and observer states will have to start regulating virtual asset markets in their jurisdictions.

FATF detailed which types of virtual asset (VA) activities (a virtual asset is a representation of currency, rather than currency itself) must be regulated and the minimum requirements it expects from regulators, which far surpasses current efforts in most countries. The guidance can be used as an aid to implement existing FATF recommendations for other financial instruments.

What do the new FATF anti-money laundering regulations mean?

Long-term, this regulatory guidance will formalize AML/CFT best practices and help the cryptocurrency industry mature and achieve more mainstream adoption. In the short-term, regulators, financial institutions (FIs), and industry participants will need to further invest in mitigating the risk of money laundering in line with previous recommendations for other value transfer mechanisms. 

The requirement of originator and beneficiary information to accompany every transaction removes the anonymity of digital currency, thus effectively preventing the creation of secrecy havens.

Regulators should take into account proactive, risk-based approaches to compliance.



FATF's virtual asset guidance: Key takeaways

  • FATF guidance is technically non-binding, but is being treated as binding. “G-20 members have said they will apply the guidance directly. Secretary Mnuchin of the US Treasury stated recently at the FATF Plenary Session that the Interpretive Note adopted this week includes virtual asset standards that are “binding to all countries.”
  • Less FATF has instructed its 200+ member and observer countries to implement the guidance and will begin evaluations within a year. While FATF recommendations went into effect as of last week, countries won't be assessed on compliance until FATF adopts revised methodology for mutual evaluations. We expect that methodology to be drafted by October, and then assessed by FATF for adoption. After adoption, countries will be assessed on the new guidance in their next mutual evaluation. Additionally, third- and fifth-year follow up reports will also be assessed for virtual asset compliance, regardless of when their next evaluation will be executed.

  • Virtual Asset Service Provider definition remains broad and technology-neutral. With technology still evolving, guidance is based on the activity rather than industry terms. If you are involved in transferring value in the “chain of transactions,” you will likely fall under the definition of Virtual Asset Service Provider (VASP). It applies equally to natural persons involved in conducting this activity on behalf of others.
  • Automated transaction monitoring and customer risk scoring are essential components of an effective AML program.FATF acknowledges that automation is the only realistic way to monitor fiat currency (government-issued currency without intrinsic value that is not representative) and VA transactions at scale.
  • Fewer bottlenecks. When teams work on multiple projects, the results are wasted time and inefficiency. A key part of Kanban is to limit the amount of work-in-progress (WIP) items at any given time. Work-in-progress limits highlight bottlenecks and backups in the team's process due to lack of focus, people, or skill sets.
  • Recommendation 16 (formerly INR 15-7(b)), which mirrors the "Travel Rule" in the U.S., requires VASPs to send originator and beneficiary information to other VASPs or FIs party to transactions over 1,000 EUR/USD.There is a substantial technical obstacle to implement the “secure” and “immediate” transfer of information to other obliged entities.
  • Countries need to regulate and monitor VA activity.A competent authority needs to register / license VASPs. Financial Intelligence Units (FIUs) need to modernize their Suspicious Transaction Report (STR) forms, have competency to do further investigations, and have a regime to freeze and seize accounts when necessary.
  • Financial institutions must not de-risk VASPs or customers active in VA activities.Financial institutions, including retail and corporate banks, should instead apply the risk-based approach and find ways to mitigate risks associated to VA activities.
  • VASPs need to have customer due diligence (CDD) and enhanced due diligence (EDD) procedures in place, and include that information in their reporting. Regulators must be able to receive and investigate Suspicious Activity Reports generated from FIs and VASPs from their compliance efforts.
  • Anti-money laundering compliance needs to be consistent with local privacy laws.  When teams work on multiple projects, the results are wasted time and inefficiency. A key part of Kanban is to limit the amount of work-in-progress (WIP) items at any given time. Work-in-progress limits highlight bottlenecks and backups in the team's process due to lack of focus, people, or skill sets.
  • Anonymity enhancing cryptocurrencies (AECs) were highlighted for higher AML risk. Expect greater attention from both regulators and financial institutions on AECs. VASPs that “cannot mitigate the risk for AECs should not list them.”
  • Not all decentralized exchanges (DEXs), and decentralized applications (DApps) are equal. Guidance leaves room for truly decentralized exchanges and applications with no natural person connected to them to be excluded. However, many will not meet this bar.
  • International information sharing is a major factor in mitigating risk of money laundering.International coordination efforts to reduce regulatory arbitrage and speed up information sharing on suspicious activity is necessary to mitigate risk when payments move across borders seamlessly and instantaneously.

What's next in digital currency regulation?

Regulation by jurisdiction

Each of FATF’s member and observer states will now leverage its guidance as a framework for developing or augmenting their own regulations for their individual jurisdictions.

In some jurisdictions, like the United States, where regulations are already well-established and similar to FATF’s guidance, we expect to see stricter enforcement. 

In fact, FinCEN recently issued interpretive guidance that builds on their 2013 guidance to clarify the application of existing regulations to the sector. 

Countries like South Africa and Chile, where cryptocurrency regulation has not been formally rolled out, may issue new regulations before FATF conducts its mutual evaluations of those countries in the coming months.

Financial system compliance and FATF's mutual evaluations:

FATF conducts peer reviews of each member on an ongoing basis to assess levels of implementation of the FATF Recommendations, providing an in-depth description and analysis of each country’s system for preventing criminal abuse of the financial system. 

The first evaluation will be conducted in October in Japan. Japan will likely not be measured on this guidance in their next evaluation, but countries should take a proactive approach in modifying or introducing their cryptocurrency regulations prior to their onsite evaluations.

Following Japan, the Slovak Republic, Vietnam, Georgia, Chile, New Zealand, and Egypt will be evaluated in the near future. 

What VASPs should do now

Despite current technical challenges to complying with Recommendation 16, regulators take into account proactive, risk-based approaches to compliance. If they aren’t already, exchanges should:

  • Develop risk-based programs tailored for your organization’s particular business, even if the details in your local jurisdiction will be determined in coming months
  • Implement know your customer (KYC) and enhanced due diligence processes.
  • Implement a transaction monitoring solution and customer risk scoring
  • Implement dynamic systems to ensure compliance with sanctions laws
  • Establish clear communication with customers about prohibited activities
  • File detailed suspicious transaction reports (STRs) where possible with your local financial intelligence unit (FIU)
  • Explore options to implement information sharing as per Recommendation 16

Read our other recent pieces covering anti-money laundering.

About the author


Legility, a leading provider of technology-enabled legal services, provides consulting, technology, managed solutions, and flexible legal talent to corporations and law firms. The company has more than 1,000 lawyers, engineers, consultants, technology and data specialists, and operational experts serving more than one-third of the Fortune 100 and one-quarter of the Am Law 200. Legility helps its clients improve operational efficiency. By combining people, processes, and technology, Legility offers innovative and bundled solutions that align with how the legal market is increasingly looking to engage.

Subscribe to Insights

Your one-stop shop for the Legility logo & more.

Your one-stop shop for the Legility logo, brand guidelines, photography assets, and more.

Subscribe to insights