Last week, the Financial Action Task Force (FATF), a global AML body, released a public consultation for its updated Draft Guidance on a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers.  Some of the key clarifications that will likely expand the regulatory scope of what constitutes a virtual asset or virtual asset service include:

  • Decentralized exchanges (DEX) or peer-to-peer (P2P) inclusion:  These exchanges refer to smart contract/software-driven applications (called a decentralized application or a DApp) where users can exchange virtual assets without a central exchange serving as an intermediary for the transaction.  The latest guidance considers DEXs to be Virtual Asset Service Providers (VASPs).  More specifically, while the smart contract or software program is not a VASP under the FATF standards, the owner/operator(s) of the DApp does likely fall under the definition of a VASP, as they are conducting the exchange or transfer of VAs as a business on behalf of a customer.
  • Other exchange services may also include:  escrow services, brokerage services, order-book exchanges, and other advanced trading services that permit the transfer of virtual assets.
  • Non-fungible tokens are virtual assets: refer to unique digital representations of real world assets (like property rights) or digital assets (like art).  The guidance specifies that these constitute virtual assets since they act as a store of value and may enable the transfer or exchange of value or facilitate money laundering or terrorist financing. 
  • “Travel” rule clarification: The "travel rule" requires virtual asset service providers to obtain, hold, and transmit required originator and beneficiary information, immediately and securely, when conducting virtual asset transfers.  The latest guidance:
    • Considers VASPs that haven't implemented the travel rule as higher risk
    • Recommends denying licensing of VASPs if they allow transactions to/from non-obliged entities (i.e., private / unhosted wallets) 
    • Screening to confirm the beneficiary is not a sanctioned name


As a result of the above expansion, service providers will increasingly need to be prepared to maintain up-to-date customer due diligence documents, and data, especially for higher-risk customers or categories of virtual asset products or services.