BA Responds to the Financial Action Task Force’s “Updated Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers”

Blockchain Association
6 min readOct 28, 2021

This morning, the Financial Action Task Force (FATF) released its “Updated Guidance for a Risk-Based Approach to Virtual Assets (VAs) and Virtual Asset Service Providers (VASPs).” This blog post will summarize key takeaways from this guidance and posit potential implications that it might have for industry.

Context and Background:

The FATF is an inter-governmental body that acts as “the global money laundering and terrorist financing watchdog.” With more than 200 countries and jurisdictions making up the FATF’s membership, the recommendations — which today’s publication is not — put forth by this organization represent the international standard for combating illicit financial activity. The publication put forth by the FATF today is Guidance, which the FATF hopes will assist countries with the implementation of the FATF standards/recommendations. This guidance is not mandatory for assessing compliance with the Standards/Recommendations, but countries may find it valuable to have when considering how best to implement the FATF Standards/Recommendations.

Additionally, the FATF is an informal organization that was not created by treaty or law and does not have the power to create binding laws or policies. The FATF can, however, apply substantial pressure on non-compliant countries and jurisdictions using blacklisting and policy audits. As cryptocurrency and blockchain technology grow in popularity and usage, the FATF is taking the lead on determining when and how existing anti-money laundering/combatting the financing of terrorism(AML/CFT) standards should apply in this growing ecosystem.

In October 2018, the FATF updated its international standards to account for cryptocurrency and blockchain technology and added two terms, “virtual asset” and “virtual asset service provider” to its glossary. In June 2019, the FATF released guidance to clarify how the FATF’s individual jurisdictions can help bring constituents involved in this ecosystem into compliance with the FATF’s Standards. It also pledged to both monitor implementation of the new requirements by countries and service providers and conduct a 12-month review in June 2020.

During its June 2020 review, the FATF decided that it would update its June 2019 guidance Today, after four rounds of written comments provided by countries’ delegations in February, April, June and August 2021, a full public consultation in April 2021, and a limited consultation with select private sector representatives in August 2021, the FATF published its updated guidance. It can be accessed here.

High-Level Takeaway

Overall, the “Updated Guidance” is simply too broad and vague to glean tangible policies and legislation that might come from it. While some changes to the “Updated Guidance” provide a certain level of clarity when it comes to self-hosted wallets, NFTs, and miners, the same cannot be said for decentralized finance (DeFi). Indeed, the “Updated Guidance” has been interpreted by some to be “an attempted kill shot at DeFi.”

Unhosted Wallets:

When describing how the requirements of Recommendation 16 (i.e. the travel rule) apply to a VA transfer between a VASP and a non-obliged entity (i.e., an unhosted wallet), the FATF explains “for transfers involving unhosted wallets, the full requirements of R.16 apply in a specific way (paragrph 179).” Several pages later FATF describes this “specific way.”

The Updated Guidance says that when a VASP sends VAs on behalf of a customer to an unhosted wallet, or when a VASP’s customer receives VAs from an unhosted wallet, the VASP should still collect and report the information about their customer in accordance with Recommendation 16 (Paragraphs 203–204). In other words, the FATF does not expect VASPs to collect and report information about non-customers (the unhosted wallet user in the example above).

While the Association appreciates that the FATF explicitly states that the “full requirements” of the travel rule do not apply to transfers between a VASP and an unhosted wallet, it remains to be seen what, if any, requirements included in the travel rule could be applied to these types of transactions. It is ultimately the view of the Association that none of these requirements apply because these transactions have no resemblance to wire transfers, which are “bookended” by financial institutions.


The FATF determined non-fungible tokens (NFTs), which are unique, non-fungible crypto-collectibles, to be outside the scope of the guidance unless they are used as a payments tool or in an investment. The FATF generally does not consider NFTs to be virtual assets, and therefore, they are not directly addressed throughout the guidance. However, the FATF distinguishes that it is the practical function of the token, rather than the terminology used, that defines whether or not a NFT could be considered a virtual asset (Paragraph 53). Specifically, NFTs used for payments or investment purposes in practice would be considered virtual assets.

While the Updated Guidance does provide some clarity around NFTs, there is still uncertainty when it comes to their status as VAs. Many existing NFTs are tradable on secondary markets. Indeed, many NFTs are exchanged in a manner similar to trading cards or physical works of art, but when collectors invest in NFTs, they are often doing so with the hope that they appreciate in value and can be traded or sold. Based on this guidance, the FATF may need to consider if these “practical functions” qualify those NFTs as VAs.

Miners & Validators:

The FATF also makes the very welcome clarification that natural or legal persons engaged in the operation of a VA network and do not engage in the activities or operations of a VASP, e.g. those who create, validate, and broadcast blocks of transactions, are not to be considered VASPs (Paragraph 83). Further, as it pertains to the Travel Rule, the FATF states that “transaction fees relating to a VA transfer are not within scope of the travel rule (Paragraph 180).” Transaction fees are defined as the amount of virtual assets that are collected by the miner and validators who include the transaction in a block. VASPs are therefore not required to identify the recipient of the transaction fee. In other words, the FATF’s “Updated Guidance” makes clear that miners and validators are not to be considered VASPs and are omitted from the relevant requirements.


While some portions within the FATF’s “Updated Guidance” provided some clarifying for many aspects of industry (see above), the impact that this guidance will have on decentralized finance (DeFi) will be wildly negative. For example, the “Updated Guidance” maintains that “a DeFi application (i.e. the software program) is not a VASP under the FATF standards, as the Standards do not apply to underlying software or technology. However, creators, owners and operators, or some other persons who maintain control or sufficient influence in the DeFi arrangements, even if those arrangements seem decentralized, may fall under the FATF definition of a VASP when they provide or actively facilitate VASP services (Paragraph 67).”

Additionally, the FATF further explains that “launching a service that will provide VASP services, for instance, imposes VASP obligations, even if those functions will proceed automatically in the future, especially if the provider will maintain some measure of control or sufficient influence (Paragraph 92).” It is important to note that many crypto “services” beyond those traditionally thought of as being DeFi protocols, including any network with a native cryptocurrency, could be captured as providing “VASP services.”

Given the fact that “sufficient influence” is not defined by existing regulation or law and every DeFi protocol provides VASP services using automatic functions, it remains to be seen how good actors in the DeFi ecosystem will be able to operate should the United States’ decide to implement a strict interpretation of the FATF’s guidance. Additionally, with VASP status being assigned to any entity or individual that launches “a service that will provide VASP services,” DeFi and crypto protocols could effectively be stopped from becoming decentralized.

At the Blockchain Association, we stand behind both the promise of innovation, as well as the need to protect consumers. We firmly believe that technology innovations like DeFi and the transfer of value on a peer-to-peer basis can exist simultaneously and harmoniously with customer protection and the disruption of illicit financial activity. Different regulatory solutions are already in the works, but developing new ways to achieve core AML/CFT objectives in peer-to-peer markets while preserving the unique features of novel technologies is a challenge that will take significant time and effort.


Ultimately, it is likely that the real-world implications of the “Updated Guidance” will be limited. Implementation of any of the guidance’s recommendations would require the United States’ enforcement agency for money laundering and terrorist financing, the Financial Crimes Enforcement Network (FinCEN), to go through a public rule-making process, which would take months. In short, today’s new guidance is not positive for industry, but it’s nothing to lose sleep over just yet.