‘Not Everyone Is Happy but We Have to Move on,’ Some Challenges to the FATF’s New Guidance
“Travel rule” was a term frequently heard at the V-20 Summit, which took place in parallel with the G-20 meeting in Osaka, Japan from June 28 to 29. Regulators and Virtual Asset Service Providers (VASPs) — such as exchanges from different countries — met in Osaka for two days and discussed how to implement the Financial Action Task Force’s (FATF) latest guidance on how to prevent cryptocurrencies being used for money laundering.
The travel rule requires VASPs to collect and transfer customer information during transactions.
While its objective is to protect consumers, it is controversial from both technological and philosophical points of view. Some members at the V-20 question why this guidance has taken its current form, which traditional banks are required to comply with. Is it going to be good for the crypto industry as a whole? Cointelegraph asked the FATF Secretariat and different VASPs at the V-20 about their thoughts on the new rule.
Travel rule
The travel rule refers to section 7(b) in the Interpretative Note to Recommendation 15 in the FATF guideline, which requires VASPs to collect and transfer customer information during transactions.
More specifically, it requires “originating VASPs” to “obtain and hold required and accurate originator information and required beneficiary information” and submit the information to “the beneficiary VASP.” On the other hand, it asks “beneficiary VASPs” to “obtain and hold required originator information and required and accurate beneficiary information on virtual asset transfers, and make it available on request to appropriate authorities.”
It is a rule only applicable to VASPs, not individuals.
The FATF guidance is not legally binding but can be very effective, as a nation that does not comply with it may be excluded from the global financial network. Also, as Contelegraph reported, the G-20 declared that it will rely on the FATF when it comes to regulating cryptocurrency’s Anti-Money Laundering (AML)/Combating the Financing of Terrorism (CFT) compliance.
The FATF has said that local authorities and VASPs have one year to come up with country-specific rules based on the travel rule. As reported, the V-20 is seeking to establish an association to provide global representation for VASPs and facilitate compliance among them.
At this stage, the rule has already been determined, and the conversation has shifted to how to implement it.
In an interview with Cointelegraph, FATF Secretariat Tom Neylan, said that “there are still pieces of work to be done by the private sector to develop a technical system that is capable of implementing this rule.” He continued:
“I don’t think there is a hole. [...] We didn’t want FATF to sit down and tell technical details of exactly how companies should comply with it because that would quickly become out of date.”
Yet, speaking of the FATF’s new guidance, Jesse Spiro, the head of policy at Chainalysis was surprised that it “includes more detail than we are anticipating.” In an email to Cointelegraph, he said:
“The FATF laid out a very detailed regime for both industry and regional regulators, including comprehensive definitions of the type of activity that falls under these recommendations and the response that it expects from regulators, which far surpasses current efforts in many countries.”
Spiro thinks that, in the long term, the guidance “will help the cryptocurrency industry mature and achieve more mainstream adoption,” but in the short term, “the industry needs to develop technical solutions in order to comply, which will require significant investment.”
Technical challenges
There are at least three challenges brought about by the travel rule that various VASPs at the V-20 mentioned to Cointelegraph.
— How do you know the counterparty is a VASP?
“Sitting here right now I can create a new address that has never been used before,” Steve Christie, Global Head of Compliance at Kraken said. The blockchain has “no attribution” to identify whether it is an individual or a VASP institution. So, there is no way to verify that it is an address that requires the transfer of the information based on the travel rule.
— How do you transfer information?
VASPs can’t just send customer information via email, for example, to counterparties because of security concerns. A new infrastructure that is trustworthy and capable of sending customer information among VASPs securely has to be introduced first. Other questions raised include whether there is a deadline for the transfer or what would happen if different VASPs in the world were unable to comply with the same rule at the same time.
— What if different names of the same person are registered?
There may be a case in which two different names are registered with two different VASPs although both represent a person. In this case, how do they confirm the information with each other? Erald Ghoos, chief operating officer of crypto wallet maker Crypto.com, pointed out: “What is typical in China or Hong Kong is they have English names.”
Can crypto startups survive?
At the moment, no technical solution has been brought forward to implement the new rule. But obviously, it will require “significant investment” and a lot of technical knowledge. The question, then, is: Do crypto startups have the capabilities and the resources to comply with the rule?
“If we don’t find something that is accessible to all of the service providers, we could actually force some of them out of their business,” Christie said. He continued:
“We are still at a startup phase for the industry. We need as much contributions from as many different sources as we can.”
Some are also concerned that, as a result of the strict rule, the number of person-to-person transactions, which often are not regulated, will increase.
Yet, there may be a positive aspect of the travel rule for startups. Ghoos from Crypto.com, which was established in 2016, noted that, as a result of the new rule, it may make it easier to work with traditional banks:
“Crypto.com sometimes has difficulty in getting bank accounts in order to process client’s funds. But once this kind of regulation is in place, we can show to the regulator, and to the financial industry that “listen, we are here to comply with all those rules.”
Isn’t it against the spirit of financial privacy?
The rule that requires collecting and transferring more customer information than ever has inevitably invited criticism from privacy advocates in the industry. The idea of having full control over one’s own funds without relying on governments or large institutions — i.e., autonomy — is crucial to the existence of Bitcoin and other cryptocurrencies.
Christie acknowledged the idea of financial privacy and noted that the new rule will invite “some fundamental challenges that the entire industry is going to face from a philosophical standpoint.” At the same time, he said we are “responsible organizations,” continuing by stating:
“We understand that there are certain rules that we will have to comply in order to help the transition from the traditional financial service industry to the new economy. We have to find a way to find a common ground. If you are a core believer and if you want to get to that utopia, you need to find ways of getting there.”
Could it have been made differently?
The FATF’s new guidance is not something fixable and it may be true that the only thing VASPs can do now is to think about how to implement it. Yet, some people in the industry can’t help but think that the rules could have been made differently.
According to a person who participated in one of the closed sessions at V-20, a crypto industry member suggested that the FATF use public data already available on the blockchain to have AML, thus creating a system in which the travel rule doesn’t have to be applied.
FATF’s answer to the suggestion was that “it is going to be the second phase.” Yet, what can be changed in the “second phase” remains unclear.
“I think given more time, collaboration between the FATF and the industry may have produced a different result,” Christie said. While working to meet the FATF’s objectives and protect customers, he thinks “smart and measured rules” are best for the industry.
For him, the travel rule is the same rule adopted in traditional finance industries in the 20th century. He stated:
“The travel rule is taking the rule that was designed for wire transactions, technologies from mid-1900. […] The objectives are good objectives, you know protecting people, and AML/CTF. But the rules should conform to the same technologies of the day.”
Christie added that what VASPs are dealing with is peer-to-peer permissionless networks. It is not as if these are wire transactions going over the SWIFT network.
The banking industry may be pressuring FATF to make rules in favor of them, one of the participants at the V-20 suspected:
“I think these rules are really just designs to protect banks. Because what they do is to take the same rule that applied to banks and to apply to us. And who has the capability and resources to do that? Only Banks.”
This participant thinks “one year is not enough as it requires all the member countries to pass the related laws,” and he concluded:
“It is not going to happen. They are just going to drive all the businesses out of the top 20 countries and all the businesses they really want to regulate will go somewhere else like Caribbean.”
For some, it may be for big financial institutions to take over. Roger Wilkins, the former president of FATF, apparently thinks large companies like Amazon and Google have done a lot for innovation because they fund startups and buy them. In an interview with Cointelegraph, he stated:
“There needs to be a rationalization. So there will be consolidation. I don’t think that necessarily kills innovation.”
Why now?
FATF published the latest guidance on June 21. But why did it publish it on that date? At a dinner party on the first day of V-20, there was an interesting remark from Wilkins, who said that it took 12 months to come up with the guidance. Previously, it was said that it took FATF five years to make the rule.
In an interview with Cointelegraph, Neylan from the FATF acknowledged that the crypto sector is “new to the regulation with first supervisory body and first standard setting body to be applying rules” and therefore they thought “they needed more explanation.” But he didn’t clearly say why it had to publish it in the last month.
Christie thinks “it was a bit out of FATF’s hand” and said “it would have been nicer if FATF was given more time from G-20 and UN.”
Yet, the participant at V-20 previously quoted thinks FATF’s internal dynamics might affect the rush. The current president of the FATF, Marshall Billingslea, is American who finished his term on June 30. After him, a Chinese representative took over the position. The participant opined the following possibility:
“The rules they are applying are the US rules. That is why the wanted to pass in a rush. Historically, there is a gentleman’s agreement that the next guy won’t change the rule.”
Another participant of the V-20 told Cointelegraph, “Not everyone likes the new rule but we have to move on.” Protecting customers is a great objective, of course, but the rule should make sure that crypto entrepreneurs can stay in business. It should also respect the principle of financial privacy, one of the core spirits for Bitcoin and cryptocurrencies. Otherwise, it will be counterproductive for the crypto ecosystem as a whole.