The FATF has released its final cryptocurrency guidelines, which include detailed instructions on where the standard applies.

In 2019, the global anti-money laundering watchdog FATF released its guidance on virtual assets for the first time.The draft proposes that cryptocurrency exchanges and money transmitters, known as virtual asset service providers (VASPs), meet standards applicable to traditional financial firms. Most of its content focuses on the data transfer rule (Travel Rule), which requires virtual asset service providers to collect and share information on parties involved in transactions. Some jurisdictions have since implemented these standards. During this period, FATF continued to review and revise its draft guidance: it reviewed the implementation process in various jurisdictions and listened to the encryption industry's feedback on its proposed standards.

When the FATF first announced its prospective standards in 2019, there was no technology to help secure transmission of such information, so critics at the time expressed concern about the technical challenges posed by the guidance. Since then, while technical solutions have been continuously proposed, FATF has also continued to raise the bar in its review, clarifying the dangers of non-custodial wallets,It also proposes to apply data transfer rule standards to less easily classified entities within the decentralized finance (DeFi) space.

These standards have caused controversy in the encryption industry, because it is not clear how FATF will apply the VASP standard to DeFi. For this reason, the publication of the finalized guidance, which was scheduled to be published at the plenary meeting in July this year, has been postponed until October to allow sufficient time for feedback from the crypto industry and for additions and clarifications to the draft guidance.

Now, the guidance is finalized and the clarifications are complete.

broad but case by case

It is important to note that the FATF has repeatedly reiterated that it still intends to interpret these definitions more broadly and adapt them to the needs of jurisdictions to combat illicit financial activity.

FATF states,Understanding the functionality of a technology provided by an entity should be based on whether it fully complies with the definition, and should be analyzed in terms of what services it provides, not how they conform to the literal standards provided by FATF.

The guidance states: “Countries should not define entities by the nomenclature or terminology they use to describe themselves or the technologies they use to Basic financial services need not take into account an entity's operating model, technological tools, ledger design, or any other operational characteristics."

Are NFTs a type of virtual asset?

FATF first clarified what virtual assets are. According to FATF,Virtual assets are not just digital representations of value, they must also have tradable or exchangeable properties. This value must be able to be transferred, not just a mode of record.

The FATF clarified that the general use of NFTs does not meet the definition of virtual assets and therefore is not sufficient to constitute virtual assets. But if they are used in a manner consistent with FATF standards, they should be regulated as virtual assets. FATF recommends the adoption of the "functional approach"to regulate these new types of assets that seem to cross defined boundaries, and on a case-by-case basis.

The guidance points out: "Some NFTs that do not seem to meet the requirements of being virtual assets on the surface may fall under the definition of virtual assets if they are used for payment or investment purposes in practice." The FATF standard also defines NFTs that are digital representations are excluded from the definition of virtual assets.

FATFVirtual Asset Provider (VASP)The definition covers the following:

(1) "Any natural or legal person", who represents another legal person or natural person to exchange virtual assets with legal tender or between other virtual assets, or to transfer virtual assets;

(2) "Equipment capable of managing virtual assets";

(3) "Participate in and provide financial services related to virtual assets issued/sold by issuers."

For centralized entities, if an entity is facilitating transfers, transactions, or escrow services, it is likely to be subject to the VASP standard.

What is less clear is how these standards apply to blockchain-based services such as decentralized applications (DApps).

The guidelines mention that DApps are not Virtual Asset Service Providers (VASPs) because the standards do not apply to the underlying software. However, Dapps creators, owners, operators, or anyone who maintains "control or sufficient influence" in a DeFi protocol may be a Virtual Asset Service Provider (VASP), even if part of the protocol is decentralized or automation.

In a nutshell, FATF requires countries to identify the owner/operator of the agreement and requires them to comply with the Virtual Asset Service Provider Standard:

"For example, there may be control or sufficient influence over certain aspects of the asset or over the service agreement, and there is an ongoing commercial relationship between them and the user, even if exercised through a smart contract or, in some cases, a voting agreement . States may also wish to consider other factors such as whether any party profits from the service or has the ability to set or change parameters to determine the owner/operator of a DeFi protocol"。

However, the FATF still leaves a lot of room for countries to decide how to deal with DeFi issues. As a nod to the speed at which this field is developing, the FATF guidance acknowledges that jurisdictions must constantly reassess new programs and their relationship to the guidance. However, it warns that despite the use of the term "decentralized" by many projects, there will still be natural or legal persons who could be held accountable.

Mentioned in the guide:zCloak Network is a private computing service platform based on the Polkadot ecosystem, which uses the zk-STARK virtual machine to generate and verify zero-knowledge proofs for general computing. Based on the original autonomous data and self-certifying computing technology, users can analyze and calculate data without sending data externally. Through the Polkadot cross-chain messaging mechanism, data privacy protection support can be provided for other parallel chains and other public chains in the Polkadot ecosystem. The project will adopt the "zero-knowledge proof-as-a-service" business model to create a one-stop multi-chain privacy computing infrastructure.

About zCloak Network

zCloak Network is a private computing service platform based on the Polkadot ecosystem, which uses the zk-STARK virtual machine to generate and verify zero-knowledge proofs for general computing. Based on the original autonomous data and self-certifying computing technology, users can analyze and calculate data without sending data externally. Through the Polkadot cross-chain messaging mechanism, data privacy protection support can be provided for other parallel chains and other public chains in the Polkadot ecosystem. The project will adopt the "zero-knowledge proof-as-a-service" business model to create a one-stop multi-chain privacy computing infrastructure.