After two years of back and forth with the industry, the global anti-money laundering watchdog has finalized its guidelines for cryptocurrencies.

While the final version offers welcome clarifications on some controversial definitions, industry insiders warn that key details are in the process of implementation.

The FATF first published draft guidance on virtual assets in 2019, which has since been thoroughly reviewed and revised. The main goal of the project is to develop guidelines to help member jurisdictions control anonymity in crypto transactions and apply certain standards already accepted in traditional finance to the crypto industry.

Chief among these proposed standards is the so-called Travel Rule. The rules will require crypto exchanges and money transmitters (what FATF calls “virtual asset service providers” or VASPs) to share the identities of both parties to a transaction.

During the two-year review process, industry sources complained that parts of the guidance were unclear, with two issues standing out: First, who exactly counts as a VASP? The original definition appeared to include software agreements, and it is unclear what those criteria are How it applies to smart contracts for transfers. Second, how will VASPs efficiently and securely transmit the necessary information?

To address these concerns, the working group delayed the finalization of the guidelines. The final version added additional sections breaking down the main elements of these definitions and clarifying how the regulator proposes to apply them to areas that are less easily categorized, such as decentralized finance (DeFi).

It is now the responsibility of FATF members to implement these guidelines. Things will certainly be different around the world, as despite the clarifications, guidance remains open, especially for the DeFi space.

secondary title

what is written in the guide

The finalized proposal includes an additional chapter clarifying the FATF's initial remarks and answering industry questions about how the VASP definition applies to DeFi. These chapters break down the definition word by word, explaining every aspect of the definition in detail—including deep dives on words and phrases like "as a business" and "perform."

But the most important clarification is in the DeFi section, which explains what "exchange and transfer" means. Here, FATF has grasped the core issue of DeFi: FAFT hopes that no matter how decentralized an entity is, those who obtain commercial benefits on the platform and have certain control over platform operations must comply with anti-money laundering regulations. Regulations are responsible.

The guidance states: “A DeFi project may claim to be decentralized, but can actually be swayed by a person who has control over it or has enough influence. In this case, the jurisdictional entity uses the definition of VASP The self-description of the project party should not be considered when

Many in the DeFi community complained about an earlier version of the guidance, arguing that the definition of VASP appeared to include certain smart contracts. They say the policy is rigid or even impossible. Language clarifications in the updated version attempt to address this issue.

Joseph Weinberg, co-founder of Shyft, which makes software that helps exchanges comply with data transfer rules, thinks the FATF's approach is smart. He said: FAFT's policy shifts the focus from smart contracts to the people behind them, which leaves a lot of room for policy tweaks, while still making it clear that projects need to be held accountable. “In their initial draft, what they want to talk about is not smart contracts, but people who control or are responsible for running funds through smart contracts. These people may include creators, core team, DAO key signers.” Weinberg said.

According to the guidance, local regulators should be able to identify and hold accountable those with sufficient influence.

However, it is up to each jurisdiction to discern for themselves how they should conduct their work and which operations they consider to be a money laundering risk. According to these interpretations, this could be anyone but the user. "Essentially, any new project they do is essentially a VASP in my opinion," Weinberg said.

This is because a project cannot start out decentralized, it has to be built by someone and migrate over time to a more decentralized entity. According to Weinberg, the process of building an open source project appears to be the process of designating creators as VASPs.

secondary title

How FATF Views Enforcement

FATF’s guidance leaves open-ended conclusions for each clarified case, and often reminds jurisdictions to consider DeFi “on a case-by-case basis.”

At this point, the standard has been set and FATF has effectively done its job. Rick McDonell, a former FATF executive secretary and current director of the Association of Anti-Money Laundering Experts, also said that the regulator is unlikely to issue new documents related to these issues in the near future. The onus is now on the private sector to meet all requirements, including data transfer rules. There are also national regulators who need to make sure this happens.

However, the FATF will continue its assessment of the work of countries, which means that relevant jurisdictions will have to show that they are taking seriously the money laundering risks identified by the FATF in the field of digital assets.

Jurisdictions that fail to meet FATF's standards may be graylisted with recommendations for "enhanced regulation".

zCloak Network is a private computing service platform based on the Polkadot ecosystem, which uses the zk-STARK virtual machine to generate and verify zero-knowledge proofs for general computing. Based on the original autonomous data and self-certifying computing technology, users can analyze and calculate data without sending data externally. Through the Polkadot cross-chain messaging mechanism, data privacy protection support can be provided for other parallel chains and other public chains in the Polkadot ecosystem. The project will adopt the "zero-knowledge proof-as-a-service" business model to create a one-stop multi-chain privacy computing infrastructure.

About zCloak Network

zCloak Network is a private computing service platform based on the Polkadot ecosystem, which uses the zk-STARK virtual machine to generate and verify zero-knowledge proofs for general computing. Based on the original autonomous data and self-certifying computing technology, users can analyze and calculate data without sending data externally. Through the Polkadot cross-chain messaging mechanism, data privacy protection support can be provided for other parallel chains and other public chains in the Polkadot ecosystem. The project will adopt the "zero-knowledge proof-as-a-service" business model to create a one-stop multi-chain privacy computing infrastructure.