During May 6-10, 2019, the FATF (Financial Action Task Force) held a private sector consultation on new AML policies related to “virtual assets” and “virtual asset service providers.” Representatives including regulators, financial intelligence units, financial institutions, and even a few blockchain companies provided both regulatory and industry insights on the proposed changes. As a regtech firm for fintechs, the iComply team provided a unique voice at the plenary, advocating on behalf of our clients and users. 

The FATF is the global oversight body for AML regulators around the world. In short, they regulate the regulators. The new FATF recommendations (specifically, 15 and 16) will impact how regulators define virtual assets, regulate virtual asset service providers, and enforce transaction-level audit trails. 

While the new FATF recommendations cover a much broader set of regulations, there are three key areas that will have the greatest impact on blockchain or cryptocurrency powered fintechs.

• The definition of “Virtual Assets” casts the net widely, covering nearly all fungible, purchasable, and tradable digital assets. The regulations of virtual assets will be viewed in the same way cash is today. Non-fungible assets, such as ERC721 tokens, in certain use cases, may present opportunities to avoid being caught under the virtual assets definition.
• The definition of “Virtual Asset Service Providers” (VASPs) encompasses any individual or corporation that holds virtual assets or the private keys to virtual assets on behalf of another party. Entities operating within the scope of a VASP today will need to review their core activities, such as promotion, distribution, custody, transfer, exchange, etc., for new reporting obligations. Interestingly, these new regulations may also drive the industry towards fully non-custodial Dex technology which was excluded from the policy discussions.
• Recommendation 15.7(b) was by far the most controversial and highly contested policy discussed at the event. While the requirements of R.15.7(b) may be easily solved with a wide variety of technologies, adopting any standard will require global industry collaboration; the primary solutions presented during the meetings present massive risk and liability in the areas of privacy and identity regulations ─ in addition to questions of power, control, privacy, and the use of personal information.

R.15.7(b) attempts to “copy and paste” funds-transfer regulation onto the transfers of digital assets. This would require any virtual asset service provider to report the beneficiary and originator of any virtual asset transfer—regardless of size or jurisdiction—through a database or data framework shared between the regulators and the market.

Aside from the new regulatory proposals, the plenary’s discussion focused on a much larger conversation: who determines the balance among privacy, digital identity, and market integrity regulations?

Some countries, such as the United States and Japan, showcased their own solutions for a centralized global data repository as presented by Verasign and Softbank, respectively. Here is a screenshot from one proposed solution, an “Equifax for virtual asset transactions”.

Big Data, Privacy, and Market Surveillance

Technically speaking, the ability to create a single, globally-centralized database housing the name, account number, home address, all wallet addresses, and the transaction number of every virtual transaction ever created is not difficult…until you get into the specifics of who has the power to control and access this data. 

More challenging than simply creating a global data repository is gaining market adoption. The virtual asset (a.k.a. cryptocurrency) industry has had difficulty with this to date. Threats of blockchain forks, or competitions over which chain best reflects the original vision of Satoshi Nakamoto, have created a fledgling industry full of tribal feudalism. 

Furthermore, establishing policies, best practices, or open source standards for maintaining the records of beneficial ownership and source of wealth for every cryptocurrency transaction opens a Pandora’s Box of questions regarding privacy, consent, GDPR, PIPA, and geopolitical power struggles. 

From cybersecurity, privacy, and data protection perspectives, handing over the power and control of both the identity and transactions of all public blockchains to a small handful of major corporations seems flawed from the start. While these honeypots of data are easy to create, they pose significant threats and potential harm to the trust and integrity of decentralized financial markets globally. 

Shared Standards and Interoperability

Luckily decentralized technology such as blockchain also presents viable solutions ─ many of which are already in use in the market today. Applied correctly, public blockchain technology can do a significantly better job of protecting the rights and privacy of a user while meeting AML obligations ─ provided the blockchain industry can agree on and implement a shared standard in time.

Simply using a public blockchain doesn’t prevent the ultimate aggregation of power and control if it is not done in an open, transparent, and decentralized manner. Solutions such as iComply’s Wallet Ownership Verification already address one part of the problem. Decentralized or self-sovereign identity solutions could solve other pieces, but they still leave significant gaps to fill.

All in all, the viability of public blockchains in regulated finance will come down to whether the industry can agree to establish and adopt standards for consent, privacy, and data sharing. As a leading regtech provider, and the only digital identity or asset tokenization solution invited to the FATF plenary, we at iComply considered it our duty to help raise awareness of the need for balanced regulations and enforcement policies that take a more holistic view of compliance; for example, how do we balance the requirements of R.15.7(b) with the requirements of MIFID, GDPR, or PIPA? 

Despite the challenges they present, these shifts in the regulatory fabric of global digital finance also present a number of exciting opportunities for the industry.

• Early Adopters who successfully implement the new requirements stand to gain market share and increased scalability, while their late-to-the-game competitors struggle to catch up. Since the dawn of the computer, advancements in technology have created new regulatory problems to tackle; and adopting a shared standard for interoperability has proven highly effective. Stock exchanges globally run on the FIX protocol, identity standards are benchmarked against the FIDO protocol, and the first 200 correspondent banks to adopt SWIFT set the global standard. While there remains much debate whether these new regulations are over-reaching, it is unlikely that this will reverse these new changes before the industry implements solutions.

     If you are interested in contributing to this conversation, contact us.

• Payment Services and Virtual Asset Exchanges will see several major changes to how they operate, with significant variations in reporting requirements or regulatory oversight by jurisdiction. This gets even more complex where an exchange is engaged in the issuance of utility or security tokens. The silver lining to these businesses is that compliance with these new regulatory requirements is one of the final technological hurdles for blockchain-powered exchanges and payments businesses to enter into the more lucrative institutional markets. 

• Wallet Providers will be significantly more complex, with factors such as whether the wallet is “hosted” or “non-hosted”. Within hours of moving the FATF regulations forward, FinCEN—the United States FIU (Financial Intelligence Unit)—published their guidance on the “Application of FinCEN’s Regulations to Certain Business Models Involving Convertible Virtual Currencies“. FinCEN’s guidance is closely tied to the new FATF definitions, and wallet providers can expect most of the regulators in the G20 to follow suit.

• OTC Brokers and Trading Desks, including individuals facilitating OTC transactions, will be impacted significantly by the new compliance requirements these regulations will have on daily operations. However, in our conversations with iComply clients and partners who operate in the OTC market, the adoption of technology to meet regulatory requirements presents a larger opportunity, as the disclosure of beneficiary and originator data on an OTC transaction will remove significant instances of fraud, lost deals, and shady OTC agents throughout the industry as a whole. 
  

While the new regulations will see some variations as each jurisdiction begins implementing these AML requirements, iComply is dedicated to supporting our clients and partners as we navigate these changes.

Many fintech businesses now have questions about how these new regulations may impact their compliance program, competitive position, or ability to scale their business in the face of these new requirements. 

Click here to speak with an iComply representative if your business is interested in joining the discussion of virtual asset regulation, or if you have questions on how your business can best position itself to achieve compliance in an evolving regulatory landscape.

About iComply Investor Services Inc.
iComply Investor Services Inc. (iComply) is Regtech for Fintech, an award-winning software company focused on reducing regulatory friction in the digital finance. With powerful data, verification, tokenization solutions, iComply helps companies overcome the cost, complexity, and risks of multi-jurisdictional compliance in order to effectively access new markets. Learn more: iComplyIS.com

Recently the U.S. SEC’s Division of Corporation Finance, Division of Investment Management and Division of Trading and Markets released a statement following the enforcement actions against companies Airfox, Paragon, CryptoAsset Management, TokenLot, and the founder of EtherDelta.

The statement began with a clause emphasizing that while it encourages such advancements, these individuals and companies must still adhere to the federal securities laws that govern the nation when they are applicable.

The issues touched on in the statement fall into the below categories:

• Initial offers and sales of digital asset securities
• Those who advise others about investing in digital asset securities
• Investment vehicles investing in digital asset securities
• Secondary market trading of digital asset securities
• Reporting standards for issuers of digital assets

Here are five key takeaways from the Commission’s statement:

1. Read, Repeat and Remember these Two Questions

When is a digital asset a security for purposes of the federal securities laws?
If a digital asset is a security, what commission registration requirements apply?

Under the first category, Initial Offers and Sales of Digital Asset Securities, the Commission states all of their actions to date have focused on these two questions, and both AirFox and Paragon received settled orders from the Commission due to lack of compliance with federal securities laws relating to these questions.

The Result? Their unregistered offerings of tokens have resulted in both companies:

• Paying penalties
• Receiving requirements to register the tokens as securities under Section 12(g) of the Securities Exchange Act of 1934
• Being required to file periodic reports to the Commission
• Being required to compensate investors who purchased tokens if they choose to make a claim
  

2. The Crypto Asset Management Order

The Crypto Asset Management order was given to a hedge fund manager for failing to comply with federal securities law. Not only did the hedge fund manager fail to properly register the fund as an investment company but also knowingly made misleading statements to investors in the fund, violating anti-fraud provisions of the Investment Advisers Act of 1940.

The statement moves on to address the facilitation of electronic trading due to the advancements in blockchain and distributed ledger technology.

3. Exchanges

“Any platform that promotes trading of digital asset securities between two parties” is an “exchange” and must register with the Commission as a national securities exchange or be exempt from registration.

EtherDelta’s founder received an order for failing to register the platform as an exchange. In the Commission’s eyes, EtherDelta served as a hub (or marketplace) for buyers and sellers of digital asset securities.

In this case, the Commission stated this was a CLEAR violation. EtherDelta’s choice to represent themselves through distributed ledger technology does not eliminate the fact that they essentially operate as an exchange.

4. Even Though You May Not Be an Exchange, Broker-Dealer Registrations Are Still Required

The Commission’s order to TokenLot stated that the company was a self-described “ICO Superstore” which legally exemplifies as a broker-dealer relationship. Though not necessarily an exchange, TokenLot facilitates transactions in digital asset securities and under the Exchange Act is required to register as such.

5. Legal Counsel Concerning the Application of Federal Securities Laws is Recommended

The statement concludes with encouraging words to the community about their support of innovation but also highly recommends that any entity employing new technologies seek legal counsel around the area of federal securities laws, and contact Commission staff, as necessary, for assistance.

Ultimately, what can be gained from this statement is that the U.S. SEC has taken proactive steps toward correcting the current Token landscape to ensure that Tokens are functioning legally and ensuring investor protection. Security token offerings (STOs), exchanges, broker-dealer relationship platforms and investment vehicles investing in digital asset securities should make registration and compliance a priority to avoid strong penalties similar to those faced by Airfox, Paragon, CryptoAsset Management, TokenLot, and the founder of EtherDelta.

Learn how iComply can help you adhere to global compliance, securities, AML, and privacy regulations in over 150 countries.

About iComply Investor Services Inc.
iComply Investor Services Inc. (iComply) is an award-winning software company focused on reducing regulatory friction in the capital markets. With powerful data, verification, tokenization solutions, iComply helps companies overcome the cost and complexity of multi-jurisdictional compliance to effectively access new markets. Learn more: iComplyIS.com