Skip to main content

FATF on crypto and AML: Crackdown or capitulation?

The need for a standardised global regulatory framework to prevent criminal activity through virtual asset transactions is more urgent than ever, but are the Financial Action Task Force's latest...

The Financial Action Task Force (FATF), the international organisation tasked with combating money laundering (ML), recently released revised global standards for cryptocurrency transactions in its "Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Providers".

In its guidance, FATF urges countries and obliged entities to comply with its recommendations to prevent misuse of virtual assets (VAs) for ML and terrorist financing (TF).

It also clarifies the application of its standards to VAs and virtual asset providers (VASPs), by amending Recommendation 15 on "new technologies".

The Interpretive Note to Recommendation 15 outlines binding measures for both countries and VASPs and is supported by the UN Security Council, as well as G20 finance ministers and central bank governors.

The guidance purports to be a significant step towards enforcing an international regulatory framework for supervising anti-money laundering (AML) and counter terrorist financing (CTF).

However, the recommendations will only be as effective as their application – which is likely to prove tricky, given the speed with which VAs such as cryptocurrencies are evolving as tools of both legitimate and criminal business on a global scale.

The recommendations

FATF's guidance envisages globally enforceable rules to reduce and eventually eliminate ML conducted through cryptocurrencies.

The main recommendation is a call for world leaders to implement and adopt AML measures in their cryptocurrency markets through national cooperation.

The treatment of VAs has been amended to take account of criminal uses of cryptocurrencies and the guidance recommends subjecting crypto-service providers to supervision and monitoring by competent national authorities, without relying on self-regulatory bodies (such as individual VASPs).

It also imposes an obligation on countries to assess and mitigate risks associated with VAs and VASPs, and those connected with AML and CTF, which should be circumvented through preventative measures, such as customer due diligence, record keeping and suspicious transaction recording.

Sanctions and other enforcement measures for non-compliance are also to be applied to VASPs.

While domestic enforcement in this area is helpful in backing up AML and CFT efforts, international cooperation is essential to create a level-playing field in the treatment of VASPs to avoid jurisdictional arbitrage.


Given the borderless global reach of cryptocurrencies, there are questions over how a body like FATF can realistically police the VA industry.

FATF currently encompasses just 39 members, 37 jurisdictions and two regional organisations (the Gulf Cooperation Council and the European Commission).

For AML measures to be adequately implemented, jurisdictions around the world must commit to complying with them. Therefore, the guidelines must be reiterated globally through international cooperation in order to achieve a more comprehensive network of compliance.

Blockchain technology, which facilitates cryptocurrency transactions through distributed ledgers that record the transfer of "funds" between users, is inherently double edged.

On the one hand, it provides an impenetrable network for information transactions and on the other, a conduit for untraceable criminal activity.

Several characteristics of blockchain have contributed to increased ML activity and helped create barriers to effective regulation of cryptocurrency transactions.

A fundamental issue is the inability to identify users and sources of funds in cryptocurrency transactions, which has made blockchain transfers more susceptible to criminal activity.

This also hinders data collection on ML activity, which inevitably leads to uncertainties about how to implement an international regulatory framework.

The lack of a central authority responsible for monitoring the blockchain network is also problematic when it comes to ensuring the technology is not used for criminal purposes, as there is no single body in charge of approving users and validating transactions before they are engaged.

As it stands, blockchain's decentralised network structure leads to an absence of Know Your Customer (KYC) checks, which allows users to use conduct criminal activity with little fear of being identified and prosecuted.

It should be noted that not all cryptocurrencies run on permissionless, public networks.

For example, Ripple requires users to be validated before they are able to engage in any sort of transaction on its network.

However, FATF has suggested that governments should delegate powers to central authorities to monitor and assess users and transactions, instead of self-regulatory bodies like Ripple.

In the absence of regulatory bodies that monitor such transactions, financial markets will continue to be vulnerable to the effects of illegal transactions in pursuit of laundering profits obtained from criminal acts.


What next?

As things stand, there is no standard practice that has been implemented internationally, and the existing domestic or supranational EU rules are not being adequately complied with.

The UK, for instance, has become a hub for ML activities, especially in the real estate sector, as enforcement of AML rules have been less than satisfactory, allowing money to be laundered via property transactions.

The European Commission has previously assessed the implementation of a framework imposing a voluntary registration of users of cryptocurrency, however this is far from an obligation and would not satisfactorily address the severity of the issue in any event.

Furthermore, the cross-border nature of cryptocurrency transactions dictates that the implementation of a framework at a European level will not be sufficient, but must be internationally agreed and upheld.

Any system must be based on sanctions that include penalties for private entities and states that fail to comply with the framework.

Concerns about anonymity also need to be addressed to ensure that users are faced with serious legal repercussions if they fail to observe their obligations.

It is likely that, to accomplish this, mandatory registration for all users will be required, or at the very least for those whose cumulative transaction value triggers an obligation for KYC checks.

Intermediaries should be tasked with enforcing compliance, to ensure all parts of the value chain are accountable for the legality of any activity.

Ultimately, it is naïve to expect immediate compliance from FATF states, especially those who claim to be "ignorant of cryptocurrencies".

Nonetheless, the urgent need to implement the framework cannot be stressed enough.

By the time a meaningful consensus is reached, new technologies and backdoors will have been discovered, increasing the scale of the task for ensuring all forms of VA and VASPs are used solely for legitimate purposes.

Kyle Phillips is a corporate crime specialist at European law firm, Fieldfisher.

Sign up to our email digest

Click to subscribe or manage your email preferences.