FATF: Crypto Exchanges Must Share Customer Data Within 12 Months

by Rachel McIntosh
  • The Financial Action Task Force' new recommendations have been decried as too much for regulated crypto exchanges to bear.
FATF: Crypto Exchanges Must Share Customer Data Within 12 Months
Crypto Regulations
Join our Crypto Telegram channel

The Financial Action Task Force (FATF), an intergovernmental organization formed in 1989 to combat money-laundering, finalized a set of recommended regulations for virtual asset service providers (VASPS), including cryptocurrency exchanges, in its 37 member countries on Friday, June 21st. The public statement that included the recommendations said they should be adopted within 12 months.

While the FATF's recommendations are not a law in and of themselves, countries that do not comply with the FATF’s wishes can also be put on a graylist–or even a blacklist–that will prevent other countries from doing business with them.

The recommendations included a provision saying that VASPs must share information about their customers with one another when a customer sends money from one firm to another.

Specifically, VASPs should “… obtain and hold required and accurate originator [sender] information and required beneficiary [recipient] information and submit the information to beneficiary institutions … if any. Further, countries should ensure that beneficiary institutions … obtain and hold required (not necessarily accurate) originator information and required and accurate beneficiary information …”

In other words, if customer Jim sends funds from Exchange X to Wallet Provider Y, Exchange X should send identity information about Jim to Wallet Provider Y, and about the receiver of the transaction.

Stringent Identity Requirements Are Not in the Nature of Cryptocurrency Transactions

Per FATF’s decision, the information should include:

  • “(i) originator’s name (i.e., the sending customer);
  • (ii) originator’s account number where such an account is used to process the transaction (e.g., the VA wallet);
  • (iii) originator’s physical (geographical) address, or national identity number, or customer identification number (i.e., not a transaction number) that uniquely identifies the originator to the ordering institution, or date and place of birth;
  • (iv) beneficiary’s name;
  • (v) beneficiary account number where such an account is used to process the transaction (e.g., the VA wallet).”

As Finance Magnates reported earlier this month, the information that the FATF recommends VASPs share with one another closely resembles the information that banks share with one another under the so-called “travel rule.”

However, London-based trade group Global Digital Finance explained in a letter to the FATF this April the codes that international bank transactions are sent with had been designed to include much of the information that the rule requires, while cryptocurrency transactions are designed to be anonymous.

As such, forcing VASPs to share this much customer data has been condemned as a nearly impossible task--one that could result in the shutdown of a number of virtual currency service providers.

“Virtual Assets are designed to provide a way to move value without the need to identify the participants in a transaction,” Chainalysis COO Jonathan Levin and global head of policy Jesse Spiro wrote in a letter to the FATF earlier this year.

They warned that placing the heavy identity requirements on the VASPs could ultimately be counterproductive. “Forcing onerous investment and friction onto regulated VASPs, who are critical allies to law enforcement, could reduce their prevalence, drive activity to decentralized and peer-to-peer exchanges, and lead to further de-risking by financial institutions. Such measures would decrease the transparency that is currently available to law enforcement.”

Nonetheless, the FATF seems sure of its decision.

“By adopting the standards and guidelines agreed to this week, the FATF will make sure that virtual asset service providers do not operate in the dark shadows,” said U.S. Secretary of the Treasury Steven Mnuchin at the FATF Plenary Session in Orlando, Florida.

“This will enable the emerging Fintech sector to stay one-step ahead of rogue regimes and sympathizers of illicit causes searching for avenues to raise and transfer funds without detection.”

The Financial Action Task Force (FATF), an intergovernmental organization formed in 1989 to combat money-laundering, finalized a set of recommended regulations for virtual asset service providers (VASPS), including cryptocurrency exchanges, in its 37 member countries on Friday, June 21st. The public statement that included the recommendations said they should be adopted within 12 months.

While the FATF's recommendations are not a law in and of themselves, countries that do not comply with the FATF’s wishes can also be put on a graylist–or even a blacklist–that will prevent other countries from doing business with them.

The recommendations included a provision saying that VASPs must share information about their customers with one another when a customer sends money from one firm to another.

Specifically, VASPs should “… obtain and hold required and accurate originator [sender] information and required beneficiary [recipient] information and submit the information to beneficiary institutions … if any. Further, countries should ensure that beneficiary institutions … obtain and hold required (not necessarily accurate) originator information and required and accurate beneficiary information …”

In other words, if customer Jim sends funds from Exchange X to Wallet Provider Y, Exchange X should send identity information about Jim to Wallet Provider Y, and about the receiver of the transaction.

Stringent Identity Requirements Are Not in the Nature of Cryptocurrency Transactions

Per FATF’s decision, the information should include:

  • “(i) originator’s name (i.e., the sending customer);
  • (ii) originator’s account number where such an account is used to process the transaction (e.g., the VA wallet);
  • (iii) originator’s physical (geographical) address, or national identity number, or customer identification number (i.e., not a transaction number) that uniquely identifies the originator to the ordering institution, or date and place of birth;
  • (iv) beneficiary’s name;
  • (v) beneficiary account number where such an account is used to process the transaction (e.g., the VA wallet).”

As Finance Magnates reported earlier this month, the information that the FATF recommends VASPs share with one another closely resembles the information that banks share with one another under the so-called “travel rule.”

However, London-based trade group Global Digital Finance explained in a letter to the FATF this April the codes that international bank transactions are sent with had been designed to include much of the information that the rule requires, while cryptocurrency transactions are designed to be anonymous.

As such, forcing VASPs to share this much customer data has been condemned as a nearly impossible task--one that could result in the shutdown of a number of virtual currency service providers.

“Virtual Assets are designed to provide a way to move value without the need to identify the participants in a transaction,” Chainalysis COO Jonathan Levin and global head of policy Jesse Spiro wrote in a letter to the FATF earlier this year.

They warned that placing the heavy identity requirements on the VASPs could ultimately be counterproductive. “Forcing onerous investment and friction onto regulated VASPs, who are critical allies to law enforcement, could reduce their prevalence, drive activity to decentralized and peer-to-peer exchanges, and lead to further de-risking by financial institutions. Such measures would decrease the transparency that is currently available to law enforcement.”

Nonetheless, the FATF seems sure of its decision.

“By adopting the standards and guidelines agreed to this week, the FATF will make sure that virtual asset service providers do not operate in the dark shadows,” said U.S. Secretary of the Treasury Steven Mnuchin at the FATF Plenary Session in Orlando, Florida.

“This will enable the emerging Fintech sector to stay one-step ahead of rogue regimes and sympathizers of illicit causes searching for avenues to raise and transfer funds without detection.”

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}