How digital assets service providers can prepare for approaching regulations

24 February 2022
The world of blockchain and digital assets (BDA) is expanding exponentially and transforming the financial landscape.

A recently launched Bitcoin ETF topped US$1 billion in assets in just two days, quickly becoming the most successful ETF in history. Globally, total market capitalisation of cryptocurrency has reached a record high of US$2.6 trillion. BDA service providers, such as crypto exchanges, are capitalising on the trend and enjoying what the Financial Times describes as a “rapid rate of growth and juicy profits”.

Singapore-based crypto exchange Bybit is one provider benefiting from the BDA boom. It recorded its busiest day ever in the summer of 2021, with US$76 billion of digital assets changing hands in just 24 hours. These volumes were 20 times higher than it experienced in 2019, according to the exchange’s chief executive Ben Zhou.

An evolving regulatory landscape

The rapid growth of BDA has been matched by an increase in regulation as jurisdictions struggle to keep pace with anti-money laundering (AML) risks and rules around combating the financing of terrorism (CFT). Many jurisdictions have implemented their own regulations, giving rise to a patchwork quilt of compliance requirements. This creates a complex global landscape for service providers to navigate when expanding into multiple markets.

Fast-growing BDA service providers with little international regulatory expertise in-house are finding themselves ill-equipped to deal with this challenging environment. But the bottom line is that companies that don’t comply with existing regulations can’t trade, and they could lose a golden opportunity to expand into lucrative new markets.

Standardised regulation could be on the way, providing a clearer path forward for BDA service providers. New rules for crypto exchanges, custodians and other BDA service providers, drawn up by the G7’s Financial Action Task Force (FATF) in 2019 are coming into force. Service providers will need to comply if they wish to trade in the lucrative BDA sector within participating jurisdictions. The FATF’s rules could introduce a new level of harmonisation within the industry, as more than 100 countries and territories are poised to adopt them.

The new rules mirror existing requirements in some jurisdictions, compelling authorities to increase their scrutiny of service providers by introducing AML/CFT checks as well as requiring trading licenses. Preventative measures are also being introduced, such as customer due diligence, recordkeeping and suspicious transaction reporting. Jurisdictions will be tasked with enforcing sanctions and other penalties as needed.

In a bid to achieve greater clarity, the FATF rules also provide a standardised definition of “virtual asset provider,” which includes any organisation that acts as a fiat-to-crypto exchange, a crypto-to-crypto exchange, provides a crypto custodian service or participates in or provides financial services related to an offer or sale of a virtual asset.

Fifty-eight jurisdictions out of a possible 128 introduced legislation to implement the new FATF rules by June 2021. Early adopters include Hong Kong, the EU, the US, Cayman Islands, UAE and Singapore. Christopher Hui, secretary for financial services and the treasury in Hong Kong, publicly stated that in addition to ensuring FATF compliance, the licensing regime for BDA service providers could provide the industry with a level of certainty and security that would attract overseas investment.

Understanding and preparing for the new regulation

BDA service providers will have to carry out the following steps to ensure they comply with the new FATF rules. They must:

  • Create customer due diligence (CDD) processes designed to monitor AML/CFT risk. The rules state customer due diligence should be part of an ongoing client relationship and should be triggered for one-off transactions with non-customers if the amount exceeds €1,000. In both cases, the customer’s identity must be verified using reliable independent information, and the reason for the transaction should be determined. In high-risk situations, more information may need to be collected.
  • Collect, verify and store key information about the originator and beneficiary involved in a BDA transaction (such as name, physical address, digital wallet address and date of birth) and then share this information with the next financial institution as part of a long-established requirement known as the Travel Rule
  • Screen the originator and beneficiary information and alert the authorities if AML/CFT risks are identified.

Achieving these three steps can be a daunting prospect for any BDA service provider new to the AML/CFT space. However, compliance is necessary, particularly for BDA service providers hoping to expand into new markets.

Tips to ensure compliance

Some BDA service providers are choosing to mitigate risk by employing third-party advisers or administrators. Providers tackling this task in-house, however, should ensure their internal AML/CFT processes are fit for purpose. This involves first identifying specific team members who are legally responsible for AML/CFT and sanctions matters. Then, organisations should assess whether the existing AML/CFT framework is effective, future-proofed and fully compliant. A similar process and framework should also be in place to satisfy Travel Rule requirements. 

Once the requirements have been fulfilled, service providers can then appoint a BDA-experienced lawyer to help finalise their BDA trading license application. They will also need to satisfy requirements around company and customer accounting and reporting. In addition, they must have an open bank account and the requisite types of local employees to have substance in the country of operation.

The regulatory landscape for BDA service providers is far from settled. Not all FATF signatories have passed the necessary legislation, and jurisdiction-specific rules and requirements remain in play. It’s likely that additional regulatory frameworks on digital assets will be put forth in the coming years, and it will be important for BDA service providers to keep a close eye on legislation to ensure continued compliance. However, the FATF regulation offers BDA service providers a level of operational certainty and clarity as they expand into new jurisdictions and build on the industry’s momentum.

Georg Oehme, associate director at Vistra, contributed to this article.