The Latest FATF Targeted Update Summarised - Part 1

Since the Financial Action Task Force (FATF) extended its global standards on anti-money laundering and counter-terrorist financing (AML/CFT) to cover virtual assets and virtual asset service providers (VASPs) four years ago, some significant virtual asset markets have implemented or are in the process of implementing AML/CFT regulations. 

However, the pace at which this is happening is concerning. To date, 75% of the assessed jurisdictions are only partially or non-compliant with the FATF's requirements. While VASPs have started to adhere to regulations and private sector players are collaborating to improve Travel Rule compliance tools, there are still shortcomings. 

The FATF’s 2023 Targeted Update on Implementation of the FATF Standards on Virtual Assets/VASPs consists of 5 sections; 

1. Jurisdictions’ implementation of FATF standards on virtual assets and VASPs

2. Implementation of FATF’s Travel Rule

3. Market developments and emerging risks

4. Recommendations for the public and private sectors 

5. Next steps for the FATF and VACG

Below we will dive into sections 1 and 2, discussing the FATF’s findings, including the implementation status of the FATF’s Travel Rule, the sunrise issue, VASP counterparty due diligence (CDD), and common issues with Travel Rule compliance tools. Sections 3 - 5 will be covered in a second blog. 

The Latest FATF Targeted Update Summarised

Jurisdictions’ Implementation of FATF Standards for Virtual Assets and VASPs 

This section focuses on the overall adoption of Recommendation 15 (R.15). Ninety-eight jurisdictions were assessed. Similar to 2022’s findings - there has been limited implementation of R.15. To date, 73 of the 98 jurisdictions are still not wholly compliant with the FATF’s requirements.

R.15 requires countries to apply a risk-based AML/CFT approach to monitor, supervise and regulate VASPs and other financial institutions. VASPs must perform CDD checks and politically exposed person (PEP) screening. 

Like the FATF’s findings in 2022, VASPs still do not have a grasp on the fundamental requirements of R.15, for example, how to conduct a risk assessment. Moreover, many VASPs are still uncertain about where to start when regulating virtual assets and implementing the Travel Rule.

The FATF and VACG have responded to this by developing guidelines and outreach projects to aid jurisdictions in adopting R.15. On top of this, jurisdictions that have a firm grasp of the recommendation have offered support to the regions that are having difficulties in the process. 

Implementation of FATF’s Travel Rule 

The FATF conducted the same research last year with very similar findings: there has been little improvement in implementing the Travel Rule. Of the 135 survey respondents, 73 have yet to take action in implementing the Travel Rule in any form. 

Based on 2023’s survey of 135 jurisdictions, 26% have passed legislation, 20% are in the process of passing legislation, 21% have done neither, and 33% have not decided on the approach. 

With the recent approval of the European Union’s Transfer of Funds Regulation (TFR), there was a significant leap in numbers within the EU. However, the global Travel Rule status is still below par, and the FATF is pushing for mass adoption. Unless there is a speedier international adoption, the effectiveness of the Travel Rule is diminished.

Fourteen jurisdictions have passed legislation implementing the FATF’s Travel Rule, with another 14 currently passing legislation. Six jurisdictions have not started the process, and 2 have not decided on the approach to be taken. 

Read: The Latest FATF Targeted Update Explained for VASPs for 2022’s findings. 

The Sunrise Issue 

VASPs face challenges due to differences in Travel Rule requirements. While most jurisdictions have similar requirements regarding the information collected and submitted by ordering and beneficiary VASPs (such as name and physical address), variations exist regarding beneficiary information and additional risk mitigation measures. 

The FATF allows for some variation as long as minimum requirements are met. For example, jurisdictions may choose their desired threshold (based on 62 jurisdictions, 4 implemented a threshold less than EUR 1000, 21 implemented EUR 1000, 5 implemented higher than EUR 1000 and 32 applied the Travel Rule to all values).  

Considering the differences in national frameworks, risk profiles, and approaches, harmonisation across jurisdictions is encouraged. Delays in implementation and enforcement timelines create the sunrise issue, posing difficulties for the private sector dealing with virtual assets that transcend borders. 

Compliance with the Travel Rule needs customer information collection, transmission, and protection, but not all VASPs have implemented these obligations uniformly. Jurisdictions take different approaches to address the sunrise issue, such as phased implementation, grace periods, and measures to regulate interactions between domestic and foreign VASPs. Widespread implementation of the FATF Standards, including the Travel Rule, is crucial to resolving the sunrise issue, and the FATF urges jurisdictions to expedite its enactment and enforcement.

VASP Counterparty Due Diligence

To comply with the Travel Rule, VASPs must identify and conduct due diligence on their counterparties, whether VASPs or financial institutions. However, it is difficult for VASPs to effectively conduct due diligence on unlicensed/unregistered counterparties or those in countries with weak compliance levels. 

In practice, VASPs struggle to identify counterparties and obtain necessary information about them, including their ability to securely hold Travel Rule information, potential ties to illicit actors or sanctioned persons, and their AML/CFT compliance level. 

Some challenges arise from the lack of public information on licensed/registered VASPs and limitations of Travel Rule compliance tools, which often can only identify counterparties subscribed to the same tool. Jurisdictions are encouraged by the FATF  to maintain and publicise information on licensed/registered VASPs to facilitate counterparty due diligence.

Issues with Travel Rule Compliance Tools 

When the Travel Rule was introduced for VASPs in 2019, there was a lack of technological tools to facilitate compliance with it. In response to the FATF Standards, the virtual asset industry has created various potential solutions that enable VASPs to gather information about the sender and receiver of a transaction and share this information with their counterparty. However, these compliance tools encounter two main challenges: compliance with Travel Rule-specific requirements and addressing the friction caused by the absence of interoperability between different Travel Rule compliance tools.

The FATF has compiled a list of Travel Rule solution shortcomings in Travel Rule solutions that VASPs should consider. Read Deficiencies in Travel Rule Solutions to view these shortcomings.

On top of the shortcomings, the FATF issued guidelines for VASPs when choosing a Travel Rule solution provider. Our previous blog, Guidelines for Choosing Travel Rule Technological Solution, discussed these guidelines. In the same blog, we provide further guidelines for VASPs and solutions to the issues. 

To learn more about what makes a complete and compliant Travel Rule solution, consider talking to one of our experts or scheduling a demo of 21 Travel Rule.