‘Virtual Assets’ and related AML/CFT notions under the FATF Recommendations

As updated in October 2018, Recommendation 15 now reads:

“Countries and financial institutions should identify and assess the money laundering or terrorist financing risks that may arise in relation to (a) the development of new products and new business practices, including new delivery mechanisms, and (b) the use of new or developing technologies for both new and pre-existing products. In the case of financial institutions, such a risk assessment should take place prior to the launch of the new products, business practices or the use of new or developing technologies. They should take appropriate measures to manage and mitigate those risks.

To manage and mitigate the risks emerging from virtual assets, countries should ensure that virtual asset service providers are regulated for AML/CFT purposes, and licensed or registered and subject to effective systems for monitoring and ensuring compliance with the relevant measures called for in the FATF Recommendations”.

The FATF had urged all jurisdiction to take steps to ensure that virtual assets are not misused by criminals, money launderers or terrorists, and in order to clarify how AML/CFT requirements apply in the context of virtual assets, the FATF had also provided initial guidance by defining the terms ‘virtual assets’ and ‘virtual asset service provider’ (“VASPs”). While ‘virtual assets’ is defined as digital representation of value that can be digitally traded, or transferred, and can be used for payment or investment purposes, ‘virtual asset service providers’ is defined as any legal or natural persons, not covered elsewhere under the Recommendations, offering services for the exchange of virtual assets and currencies, services for the exchange of one or more forms of virtual assets, safekeeping or administration of virtual assets, and certain services related to an issuer’s offer or sale of virtual assets.

Similarly, to Maltese law (vide ‘Virtual Financial Assets Act, Chapter 590 of the Laws of Malta), these definitions attempt to define a virtual asset not by reference to the specific features and characteristics of that asset, but by way of excluding virtual representations of other forms of monetary or financial assets. For instance, a Maltese ‘virtual asset’ (technically referred to as a ‘Virtual Financial Asset’) is a digital representation of an asset that is not electronic money or a financial instrument (such as, security). Similarly, the definition of ‘virtual asset’ in the Recommendations specifically state the ‘Virtual assets do not include digital representations of fiat currencies and other financial assets that are already covered elsewhere in the FATF Recommendations’.

The purpose of the updated Recommendation 15 (and the Interpretive Note that will become part and parcel of the Recommendations as of next June) is to ensure that VASPs identify, assess and take effective action to mitigate risks of ML/FT connected to their services by applying a risk-based approach commensurate to the complexity of their operations. The specific guidelines contained in the Interpretive Note are briefly explored below:

1. ‘Virtual assets’ should be considered as ‘property’, ‘proceeds’, or ‘funds.’
2. Countries should identify the risks connected to activities involving virtual assets and should implement a risk-based approach to counter such risks. VASPs should be required to identify, assess and take action to mitigate identified risks.
3. VASPs should be required to be licensed or registered. Criminals should not be involved in the legal corporate structures of VASPs. Sanctions ought to be in place in the event of a breach.
4. If a VASP is already subject to obligations under the Recommendations in terms of an existing licence or registration as a ‘financial institution’, then it is not necessary to impose a separate licence or registration system.
5. VASPs should be subject to adequate AML/CFT regulation and supervision. Supervisors should have adequate powers to supervise, monitor and take action where compliance is lacking.
6. There should be an adequate system of criminal and civil sanctions in the event of non-compliance.
7. VASPs should implement preventive measures in relation to customer due-diligence, politically exposed persons, and reporting of suspicious transactions, among other preventive measures listed in the Recommendations.
8. Countries should participate in ‘international cooperation’ when it comes to combating ML/FT.

Currently, the FIAU is in the process of finalising the ‘Revised version of the FIAU Implementing Procedures Part I’ and the new document ‘Application of AML/CFT Obligations to the VFA Sector’, draft versions of which were published in October 2018.