On October 19, 2018, the Financial Action Task Force ("FATF"), adopted changes to its global anti-money laundering (“AML”) standards to address cryptocurrencies. The announcement came right before the ten-year anniversary of Bitcoin’s introduction to the world, October 31, 2018. Bitcoin is now traded on more than 200 exchanges, worth more than $6,000 each, used in hundreds of thousands of transactions daily, and has paved the way for the development of more than 2,000 other digital currencies.

But, as Bitcoin spread, criminals increasingly turned to cryptocurrencies to facilitate money laundering. As a result, regulatory authorities, like the FATF, are supplementing AML efforts to directly target cryptocurrencies. Anyone conducting business with cryptocurrencies should understand these new standards.

What are Cryptocurrencies?

Cryptocurrencies are digital mediums of exchange, usually broken down into units called coins or tokens that can be exchanged between peers without an intermediary. Cryptocurrencies are typically tied to digital, anonymous addresses, rather than specific people or email addresses, which facilitates a high degree of privacy. Owners access and transact with their cryptocurrency using public and private keys known only to the owner; these transactions are recorded in a public ledger known as the blockchain.

Blockchain is an open, distributed ledger verified by each and every node (or computer) running the blockchain, meaning “each network node verifies and stores its own copy of the blockchain.” When a transaction occurs, it is sent to the network and verified, then added to the node’s copy of the blockchain (ledger). The node then forwards the transaction record to other nodes, which verify and add it to their copies of the blockchain, and so on. In the case of cryptocurrencies, this network relies on cryptography (very complex codes) to secure and verify transactions before adding them to the blockchain.

Cryptocurrency is attractive to those who would commit financial crimes such as tax evasion, terrorist financing, and money laundering because of its “anonymity, cross-borders nature, and quick transferability.”

The FATF Applies AML Standards to Cryptocurrencies

The FATF is an intergovernmental body that promotes the implementation of legal and regulatory measures to combat money laundering. The FATF has 37 member states, including the United States and other major financial centers.

The FATF’s recent changes to its AML standards are “largely compatible” with existing regulatory requirements, but target the “misuse of virtual assets.” The changes include:

  • Recommending that jurisdictions ensure that virtual asset service providers are licensed or registered, monitored by the government, and subject to anti-money-laundering regulations including due diligence, reporting, and record keeping; and
  • Recommending that jurisdictions assess and understand the risks associated with virtual assets and identify effective systems to conduct risk-based monitoring or supervision of virtual asset service providers.

For the first time, FATF defined “virtual asset provider,” and did so in very sweeping terms. The definition includes “any natural or legal person who is not covered elsewhere” in the FATF’s recommendations who, “as a business conducts one or more of the following activities or operations” on behalf of another entity:

  • exchange between virtual assets and fiat currencies;
  • exchange between one or more forms of virtual assets;
  • transfer of virtual assets;
  • safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; and
  • participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset (Initial Coin Offerings).

The FATF plans to provide more detailed guidance on these changes in the near future.

Other Compliance Developments

The FATF’s changes come in the wake of the Council of the European Union adopting its Sixth Directive on Combating Money Laundering by Criminal Law, in which the Council noted that “[t]he use of virtual currencies presents new risks and challenges from the perspective of combating money laundering” and that “Member States should ensure that those risks are addressed appropriately.”

The United States government has also launched AML initiatives directed at cryptocurrencies. In just the last few months:

  • The president established a Task Force on Market Integrity and Consumer Fraud, which will “provide guidance for the investigation and prosecution of cases involving fraud … with particular attention to fraud affecting the general public; digital currency fraud; money laundering … and other financial crimes.”
  • The Treasury Inspector General for Tax Administration issued a scathing report on the effectiveness of the IRS’s Bank Secrecy Act (“BSA”) enforcement program, particularly noting the IRS’s failure to adopt a recommendation that the IRS develop a comprehensive strategy to include criminal BSA enforcement for cryptocurrencies.
  • The House of Representatives passed the FinCEN Improvement Act of 2018 with bipartisan support, which would amend FinCEN’s anti-money-laundering oversight authority to explicitly include cryptocurrencies.14 It is unclear whether the bill will pass the Senate, but FinCen has already been using its existing authority to oversee cryptocurrencies.

What You Need to Know

The FATF guidance reflects the government’s effort to disrupt key features of cryptocurrency transactions—decentralization and lack of regulation. From a market standpoint, companies should consider how future regulation (and application of existing regulation) could impact their businesses. Licensing, due diligence, reporting requirements, and record-keeping requirements add additional, perhaps unforeseen, transaction costs to cryptocurrency users and providers.

Companies should also make sure they understand the technology and regulatory requirements before transacting in cryptocurrencies or with cryptocurrency-related entities. Companies should review their existing “know your customer” protocols and understand that governments are targeting cryptocurrency transactions for further review.