Policy & Regulation

What You Need to Know About FATF’s Forthcoming Regulatory Guidance

Over the past couple of months, the Chainalysis policy team has spoken to customers, partners, and regulators all over the world to better understand what to expect when the Financial Action Task Force (FATF) publishes updated standards for virtual asset service providers (VASPs), including cryptocurrency exchanges, later this year. What we found is somewhat remarkable: FATF’s guidance, as it is currently drafted, would have profound implications for the cryptocurrency industry. But it seems like no one is talking about it.

If you are unfamiliar with FATF, or don’t have their regulatory guidance on your radar, you are not alone. Below, we discuss what FATF is, why it matters, how we’re responding, and what you can do to get involved.


FATF is an inter-governmental body that sets global standards relating to anti-money laundering and combating the financing of terrorism (AML/CFT). Last year, it announced that member states, which include over 180 countries, would have to start regulating their virtual asset markets and signaled that more precise guidance would come in June 2019.

This is a big deal. FATF’s size and scope is massive, and if a country is deemed deficient regarding AML/CFT, FATF will add the country to its list of non-cooperative countries, which would have a substantial effect on potential financial borrowing from institutions like the IMF and World Bank, lead to a downgrade in country ratings by the likes of Moody’s, S&P and Fitch, affect its bond market, and potentially lead to a loss of access to the Euro and/or USD.

In February, FATF published a draft of their proposed guidance, 15-7(b), with a request for private sector feedback. It states:

Countries should ensure that originating VASPs obtain and hold required and accurate originator information and required beneficiary information on virtual asset transfers, submit the above information to beneficiary VASPs and counterparts (if any), and make it available on request to appropriate authorities.

In other words, this would require VASPs not only to verify their customers’ identities, but also to identify the recipients of their customers’ transfers, and transfer that information. This would be applicable to all transactions above a 1,000 USD/EUR threshold.

You might be thinking, “that makes sense for traditional wire transfers, but that’s not how blockchains work.” Again, you are not alone.

Our take

We provided written feedback to FATF earlier this week. Our argument boils down to three main themes:

Technical challenges 

There are clear technical obstacles that prevent cryptocurrency businesses from being able to comply with these standards. Cryptocurrencies were originally designed as a peer-to-peer financial system that has no central authority and no intermediaries. In most circumstances, cryptocurrency exchanges are unable to tell if a beneficiary is using another exchange or a personal wallet. Therefore, requiring a transmission of information identifying the parties is not technically feasible.

Technical opportunities 

There are, however, technical characteristics of blockchains that can be harnessed to achieve FATF’s AML/CFT goals. Cryptocurrency exchanges can use the transparency of the shared ledger to form an effective risk-based approach. Exchanges should collect and store Know Your Customer (KYC) information on the identity of the originator. While the transactions themselves are public, exchanges should also link their customers with their specific transactions as this information is not available on the public ledger. Independent observers, including regulators, law enforcement, and banks, can then leverage blockchain analytics tools like Chainalysis to identify suspicious activity and work with exchanges performing this analysis to mitigate laundering, terrorism financing, and other illicit activity. This process works; Chainalysis has helped track billions of dollars of stolen funds and illicit activity.

Unintended Consequences 

There is no infrastructure to transmit information between cryptocurrency businesses today, and no one has the ability to change how cryptocurrency blockchains work. Forcing onerous investment and friction onto regulated businesses, who are critical allies to law enforcement, could reduce their prevalence, drive activity to decentralized and peer-to-peer exchanges, and lead to de-risking by financial institutions. Such measures would decrease the transparency that is currently available to law enforcement.

We also requested clarification from FATF on questions we heard from our customers and other stakeholders. Specifically: What is the definition of a VASP and should all VASPs be regulated in the same way, considering their various business models? How will this work with current and future privacy laws, and would a closed network with standards like SWIFT be required to transmit information?

Finally, we put forth several recommendations to FATF. Most notably, we suggested that FATF consider including the virtual asset industry in existing public/private working groups. The industry wants to be able to legally share information faster than current processes under the Mutual Legal Assistance Treaty (MLAT) and Egmont Group allow in order to weed out illicit activity and hacks in the space.

What you can do

Although we already submitted our written feedback to FATF, we are attending FATF’s private sector consultation session in Vienna on May 6-7, which will provide another critical venue for us to share questions and comments from our stakeholders.

If you have any questions or feedback you’d like us to share with FATF, please fill out this form.