One of the main discussions that I have seen in Web3 is about regulations and what impact they may have in the future. Currently regulation in crypto is light touch, but that is expected to change as governments and regulatory bodies across the globe have started to lay out and implement laws and regulations that will impact crypto and Web3.
The best source to understand and get a glimpse what the regulatory landscape holds for the future, is “The Financial Action Task Force (FATF)”. FATF, based on their site, is “the global money laundering and terrorist financing watchdog. The inter-governmental body sets international standards that aim to prevent these illegal activities and the harm they cause to society. As a policy-making body, the FATF works to generate the necessary political will to bring about national legislative and regulatory reforms in these areas. With more than 200 countries and jurisdictions committed to implementing them”.
FAFT is also advising G-20 in relation to crypto regulations and as such its recommendations, the majority if not all, are expected to become law in the most countries. You can find the FATF site here: https://www.fatf-gafi.org/ and the full document with the FATF recommendations document titled “Updated for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers” here: https://www.fatfgafi.org/publications/fatfrecommendations/documents/guidance-rba-virtual-assets-2021.html
The FATF document is quite comprehensive it covers a range of issues and policies re crypto bur in this post I will be discussing the most significant FATF recommendations that impact mostly retail users. I am not a lawyer or a legal professional and in this post I will share my personal thoughts on this matter.
Key takeaways
· Stablecoins are the assets that will be impacted the most by regulations
· NFTs – no significant impact as long as they are art and collectibles and not used for investment purposes
· Virtual Assets Services Providers (VASP) – Teams managing/controlling Defi protocols/Dapps could be classified as VASP and as such subject to AML reporting
· Peer to Peer (P2P) transactions – Unhosted wallets transactions to be monitored and restrictions may be introduced
Stablecoins
Stablecoins are the assets that are expected to be impacted the most and the quickest by regulations. The reason for this is that this assets class than can lead to crypto mass adoption due to the fact that it provides the benefits of the technology innovation without the volatility which is inherent in the crypto space. This combination could be very appealing to people who would not be interested in crypto but would realize that they can transfer USD/fiat linked stablecoins instantaneously and with a fraction of the cost compared to bank remittances. In addition there are worldwide 1,5 billion unbanked people and 1 billion of them own a mobile phone and 450 million have access to internet connection. Stablecoin could be adopted massively among these people as they do not have access to traditional financial institutions. The liquidity and transferability of a decentralized, permissionless stablecoin makes regulators nervous for AML/TF. The market cap for USDC, USDT, DAI, BUSD is approx. $ 150 B and the daily volume of transactions is approx. $ 69B, the fact these payment/transaction are outside the traditional financial infrastructure makes regulators and Central Banks uncomfortable. In the near future we may see in some jurisdictions requirements that will oblige stablecoin issuers to register with local financial authorities before the issuance of a stablecoin and follow traditional financial institution (FI) requirements.
NFT
NFTs are the assets that could be not impacted by FATF recommendations as they are not considered Virtual Assets (VA) as long as are art and collectibles. In case thought NFTs are used as investments purposes, then these assets may fall in the VA category and as such the FATF recommendations will apply.
VASP
Virtual Assets Services Providers (VASP) is a very broad definition that will cover many participants in the Web3 space. VASP can be any physical or legal person and as a business conducts one or more of the following activities or operations for or on behalf of another natural or legal person:
i. Exchange between virtual assets and fiat currencies
ii. Exchange between one or more forms of virtual assets
iii. Transfer of virtual assets;
iv. Safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets;
v. Participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset
The recommendations clarify that *“A DeFi application (i.e. the software program) is not a VASP under the FATF standards, as the Standards do not apply to underlying software or technology. However, creators, owners and operators or some other persons who maintain control or sufficient influence in the DeFi arrangements, even if those arrangements seem decentralized, may fall under the FATF definition of a VASP”.* That means that the regulators will be assessing which persons, physical or legal have sufficient influence in the Defi software and will classify them as VASPs which will result to be subject to “ML/TF risk assessments prior to the launch or use of the software or platform”. As example of persons with sufficient influence FTF considers owners of the admin keys, or the multi-sig that manages the protocols could be deemed as VASP. FATF recognizes that in a decentralized environment it may be challenging to assess which are the persons who maintain control or sufficient influence and recommends to the regulators to assess “these would be who profits from the use of the service or asset, who established and can change the rules, who can make decisions affecting operations, who generated and drove the creation and launch of a product or service, who maintains an ongoing business relationship with a contracting party or another person who possesses and controls the data on its operations, and who could shut down the product or service” .I believe that this recommendation will make very difficult for teams that are managing DeFi and other protocols that facilitate that exchange, transfer and safekeeping of VA to claim that do not maintain control or influence in the protocols.
Peer to Peer (P2P) transactions
With regards to the P2P transactions, FATF recommendations are focused on the unhosted wallet and high-risk transactions. As high risks transactions are identified “ VASPs located in jurisdictions with weak or non-existent AML/CFT frameworks (which have not properly implemented AML/CFT preventive measures) and VAs with decentralised governance structures”. FATF expects that not all jurisdictions will rigorously implement its recommendations and proposes that VASP located in such jurisdictions to be subject to additional reporting requirements and/or restrictions.
It is also recommended that VASP should conduct Customer Due Diligence (CDD) on transactions exceeding the threshold of USD/EUR 1,000. In addition, the wire transfer rules apply to VASPs and VA transfers in a modified form (the ‘travel rule’) which states that “obligations to obtain, hold, and transmit required originator and beneficiary information in order to identify and report suspicious transactions, monitor the availability of information, take freezing actions, and prohibit transactions with designated persons and entities.”
With regards to the unhosted wallets transaction FATF suggests that “ VASPs sending or receiving a VA transfer to/from an entity that is not a VASP or other obliged entity (e.g., from an individual VA user to an unhosted wallet), should obtain the required originator and beneficiary information from their customer.” What that means that if a user sends cryptocurrencies from its hosted wallet in a Central exchange (CEX) to an unhosted wallet, the user should have the obligation to provide the counterparty’s details to the CEX. It goes further recommending that “A VASP may choose to impose additional limitations, controls, or prohibitions on transactions with unhosted wallets in line with their risk analysis.” We should not be surprised in the future if some or all VASPs will prohibit transactions with unhosted wallet to minimize the high risks transactions and the burden of the additional reporting.