In this article:
- What the Financial Action Task Force’s travel rule is all about
- Are concerns over decentralization and anonymity warranted?
- Which countries, aside from the U.S., are stepping up regulations
- How crime affects viability of merging asset class
- How well is the crypto industry complying?
Despite it being more than a decade since Bitcoin first entered the world stage, there’s still a long way to go before cryptocurrencies become common enough to replace fiat currencies in day-to-day financial transactions. But actions from regulators such as the Financial Action Task Force’s (FATF’s) “travel rule” guidelines may pave the way for greater adoption, and cryptocurrency companies are scrambling to comply ahead of a June 2020 review.
The FATF, a U.S. Treasury-led intergovernmental group, historically has focused on stymying the flow of money laundering and terrorism financing, but recently has turned its spotlight on cryptocurrency. Last year, FATF issued guidelines aiming at forcing the crypto sector into compliance with traditional banking regulations, announcing that it would review how countries and service providers implemented the new requirements over the past year.
The directive includes a “travel rule” for virtual asset service providers (VASPs) — such as cryptocurrency exchanges and wallet providers — to divulge the personal information of people using their services for transactions over $1,000. VASPs would be required to transmit the names, account details, and address of those sending and receiving the transaction.
But while various cryptocurrency institutions try to adopt the rule, the calls for greater regulation cast a shadow over the world of decentralized assets — the very essence of which, for some crypto enthusiasts and privacy-rights purists, is to allow users to be anonymous and free from government controls. Forkast.News interviewed a number of experts around the world to explain the ramifications of the travel rule on the crypto industry, the level of compliance, and what to expect in the year ahead.
Rules vs. decentralization
Some analysts believe that the FATF guidelines completely contradict the early cryptocurrency adopters’ core principles of decentralization and anonymity, where currencies could be exchanged without intermediaries. But trading a degree of independence from financial institutions might be the prescription necessary to achieve greater adoption.
“Now that cryptocurrency has become more mainstream, most users will not be upset; in fact, many might like knowing that the currency is being regulated,” said Jon Carrick, associate professor of management at Stetson University in Florida. “In fact, the regulation could give cryptocurrencies more credibility, which could make more people comfortable in using it.”
Cypherpunks and the libertarian ethos that drove the creation and development of crypto envisioned that anonymity could exist in this ecosystem unencumbered, said Jesse Spiro, global head of policy and regulatory affairs at New York-based blockchain analysis company Chainalysis. “Unfortunately, bad actors exploited this to the extent that it posed major global security risks. To improve financial integrity and global security, additional compliance and regulatory controls became increasingly vital to protecting the ecosystem and the world.”
Other analysts also believe that these regulatory actions could push cryptocurrencies to become mainstream by making it a less risky asset for financial institutions as well as the average consumer.
“There’s strong potential for mass adoption of digital assets,” said Ben El-Baz, head of ecosystems at Hong Kong-based fintech organization HashKey Group.
Once formalized, the travel rule would apply to a broad range of digital assets including digital payment tokens, stablecoins, security tokens and more.
“Without bringing in traditional and institutional players, we feel it will be challenging for the industry to grow. And in order for these players to feel comfortable, there needs to be close engagement with regulators,” El-Baz said. “So even though there’s short-term pain in implementation, we feel there will be a net long-term gain to the industry in terms of facilitating adoption.”
Moving forward, the travel rule could have a positive effect on people’s desire to use cryptocurrencies despite its curtailing of anonymity.
“It is important to understand that privacy does not mean anonymity. For example, bank details are private but my bank knows who I am,” said Malcolm Wright, chief compliance officer at Hong Kong-based fintech and blockchain solutions firm Diginex. “More importantly, the measures will help secure the financial system, preventing financial crime and other illicit activities such as sanctions evasion or even proliferation of nuclear weapons… FATF’s recommendation 16 does not affect the decentralized nature of cryptocurrencies”
Are crypto companies thumbing their noses at compliance?
A number of finance leaders have been pushing for countries who haven’t yet adopted the FATF guidelines to do so. In February, financial institution representatives of G20 nations acknowledged the need for greater coordination among jurisdictions around the world to mitigate potential risks arising from financial innovations, including consumer and investor protection, anti-money laundering (AML) and countering the financing of terrorism.
“We urge countries to implement the recently adopted FATF standards on virtual assets and related providers,” reads a communique published after the summit, adding that “global stablecoins” and other cryptocurrencies’ financial risks need to be evaluated and appropriately addressed before they commence operation.
The United States has been one of the strongest proponents of anti-money laundering policies and implementation, with the Financial Crimes Enforcement Network (FinCEN) applying the country’s AML law — the Bank Secrecy Act (BSA) — to the cryptocurrency industry in 2013. In a 2019 guidance, FinCEN also reminded VASPs that they are also subject to the BSA.
But according to CoolBitX CEO Michael Ou, violations abound in the U.S. and not a single major crypto business has actually been compliant with the travel rule despite its applicability since 2013.
“This can be interpreted in two ways: either FinCEN has been lenient and understanding of the crypto industry, giving them time to build compliance solutions, or FinCEN realized that an enforcement action too early would incentivize many U.S. entities to move their businesses offshore in order to avoid regulatory oversight,” Ou said “The latter is more likely.”
The tactic may have been used to expand the reach of FATF to other countries over time, creating a more uniform playing field, which would ultimately limit the potential for regulatory arbitrage.
“The U.S. was the only other country alongside Switzerland to volunteer for an assessment of its compliance to FATF’s virtual asset guidance,” Ou said. “For those who think they can get away with violations, it’s only a matter of time until the New York Department of Financial Services brings down the hammer on the crypto industry in a major way.”
FinCEN has also been vocal about strictly enforcing FATF’s travel rule, a warning to U.S. crypto businesses that enforcement is waiting in the wings should they avoid compliance. At a conference hosted by Chainalysis, FinCEN director Kenneth Blanco said, “[The travel rule] applies to CVC (convertible virtual currencies), and we expect you to comply, period.”
Theft puts a damper on viability
As cryptocurrencies seek to become more widely used, regulators are also seeing an increase in crime.
Cryptocurrency theft and fraud resulted in losses reaching $4.4 billion in the first nine months of 2019 compared to $1.7 billion in 2018, according to blockchain forensics company CipherTrace. CipherTrace’s report also pointed out that 65% of top 120 global crypto exchanges have KYC measures in place.
Moreover, in February, DeFi project bZx saw nearly a million dollars stolen in “flash loan” attacks which targeted exploits in the system.
Although Know Your Customer (KYC) and AML procedures may reduce criminality and the risk of loss, proponents of decentralized finance and cryptocurrencies might not find such measures and growing resemblance to traditional banking standards to be palatable. Making cash transactions above a certain threshold traceable and identifiable would certainly be a blow to user privacy and anonymity. Nonetheless, analysts argue that crypto-related enterprises should follow through with regulations such as the travel rule to boost their viability in the long term.
“[With the travel rule,] in theory, this type of hack would then be traceable back to its source,” Ou said. “While hackers and criminals will always look for ways to scam or avoid the system, the ability to easily identify the originator is a great first step to help deter such activities.”
Cyber crime and a general lack of security pose a threat to crypto-related enterprises as well as regular consumers looking to get into cryptocurrencies. But regulators are increasingly stepping in to reduce criminal activity by adding more stringent requirements around security and storage as well as crypto business registration and licensing.
“We are starting to see much more due diligence and focus on both exchanges and the way the exchanges are being constructed — the way we consider security and privacy by design as well as custody solutions,” said Wright, adding that Diginex’s digital asset custody provider Digivault is designed to include security and privacy in its operations. “But, when we start to look at the large institutions coming in, they will actually demand those higher standards for their institutional and corporate customers. That in turn also drives a better outcome for retail users as well.”
“If cryptocurrency businesses take a proactive approach to compliance, they will be better equipped to face challenges such as this,” said Spiro, of Chainalysis.
Cross border fragmentation?
Another challenge to implementing the travel rule: cryptocurrencies, the companies that deal with them and regulatory jurisdictions make up a fragmented landscape.
Moreover, some countries may be purposely lax regarding regulation, perhaps to lure more companies into shifting operations to their shores. But countries that choose not to adopt FATF’s recommendations also risk ending up on a blacklist, which could disrupt their global trade and investment relations.
“Fragmentation presents a risk of regulatory arbitrage, with entities relocating to more lenient jurisdictions in order to avoid regulatory oversight,” Ou said. “The FATF will need to begin imposing sanctions to discourage arbitrage.
“Although not every world nation is a member of the FATF, being black-listed has significant consequences that countries will want to avoid,” Ou added. “We can expect a cascade of regulation being issued across the globe in 2020 and ultimately this will help [reduce] fragmentation of the industry — VASPs will either be compliant or not.”.
Since the FATF promulgated its new regulatory framework, some countries are stepping into line.
In South Korea, the National Assembly recently amended the “Act on Reporting and Using Specified Financial Transaction Information,” framework for regulating VASPs, which now have to comply with the stricter guidelines.
The Monetary Authority of Singapore also announced updates to its regulatory framework in January, which are aligned with FATF’s rules, requiring companies using cryptocurrencies to register and become licensed before operating in the area.
In Europe, the Fifth Anti-Money Laundering Directive became effective in January, too, setting in place AML and KYC directives that recommend measures similar to FATF’s travel rule.
“In wider Asia (Japan, Hong Kong, and Singapore), we are seeing most of the license-focused digital asset companies and self-regulatory bodies as the first-movers,” said HashKey’s El-Baz. “Even though the VASP industry is fragmented, we still see a strong free market effect; that is, if regulators adopt something and it creates competitive advantages for those that comply, market forces should be strong enough to encourage subsequent adoption by more companies.”.
However, there may still be obstacles to achieving compliance throughout FATF’s 37 members, considering the 2,957 cryptocurrencies that were being traded with a total market capitalization of $221 billion in 2019.
“The regulators cannot overcome the fragmentation. It will be nearly impossible for the regulators to enforce regulations because of the sheer number of cryptocurrencies available and because of the level of anonymity that technology provides to cryptocurrency communities,” said Carrick, the professor. “Furthermore, as the regulators attempt to clamp down on specific cryptocurrencies, more will just come online.”
To put things in perspective, banks still have to deal with issues of fragmented regulations, as some elements of capital regulation have become more lax since the 2008 global financial crisis according to a World Bank report of banking regulations published last year. Moreover, banks are still still subject to national level policies and legislation, which may not be completely aligned with global guidelines such as FATF’s.
“For VASPs it is the same although the fragmentation is more acute; either there is no regulation yet, or the regulation is fragmented from country-to-country,” Wright said. “It is also more challenging as [VASPs] do not have the economies of scale of a bank, although they do benefit from having more integrated systems that can allow for a more efficient compliance program.”
Obstacles to compliance
On top of the myriad of different challenges, the process in which VASPs transmit the data required for compliance with the travel rule and similar regulations still needs to be solved, though a variety of companies are vying to act as a bridge to share the information.
“Many cryptocurrency businesses are already complying with two-thirds of what is asked by the Travel Rule and FATF’s global regulatory guidance right now,” Spiro said. ”The final third can be achieved with a simple, lightweight procedural and technical framework that the industry can leverage immediately, either on their own or with the help of partners.”
CoolBitX’s messaging service, Sygna Bridge, has stepped into the ring with that goal in mind, as has CipherTrace’s Travel Rule Information Sharing Architecture (TRISA), which applies public key infrastructure to identify and verify VASPs.
HashKey Pro, a digital asset trading platform part of HashKey Group is also a founding member of TRISA.
“The difficult part is fitting a new technology into the highly complex governance of digital asset transfers globally, at a time when regulation evolves every year in every country,” Ou said. “Future-proofing the framework even more so.”
The cryptocurrency industry, experts say, could be better served through a simple framework and set of resources that all VASPs can use — to set a path toward compliance according to their own needs as well as requirements from local jurisdictions.
“We are starting to see industry progress in this regard, with initiatives such as the InterVASP Messaging Standard, a coordinated effort between industry bodies U.S. Digital Chamber, Global Digital Finance, and IDAXA to provide uniform messaging standards for the transmission of said data,” Spiro said.
FATF will review the industry’s adoption of the guidelines in June, assessing the impact and future steps to be taken to reign in criminal activity in cryptocurrency industries. Countries whose regulators are not as up to date as others in this field may seek to align themselves with those that are, experts say. In the meantime, all are expecting that more countries will announce regulations soon, to follow suit with the travel rule.
“The more we can harmonize regulation, the easier implementation will be for the industry,” Ou said. “This should be the next step ahead of producing new regulation.