Reading Time: 2 minutes

The Financial Action Task Force (FATF) made a series of recommendations for the cryptocurrency and blockchain sector in June this year. The recommendations are aimed at the national authorities of the institution’s member countries, but affect exchanges where they are implemented. The Competitive Compliance blog presented a detailed analysis of the guidelines.

One of FATF’s recommendations is that VASPs (virtual asset service providers; exchanges, for example) should be registered or licensed. This means that associating with a self-regulated organization will not be enough. In addition, the agency determines that VASPs must have the AML (anti-money laundering) program in force.

Another point raised is that VASPs that facilitate the transfer of funds should include information about the sender and the recipient, and this information must accompany the transfer. They can be on-chain or off-chain. On the other hand private wallets and P2P services are not subject to this regulation if they do not facilitate agreements or involve funds.

FAFT recommendations consider risk in crypto asset transactions?

FATF does not determine what are the risks of crypto asset transactions. The risk criteria should be carried out by each country. However, the institution gives some guidelines.

According to FATF, the highest risks exist when transactions are performed in the anonymity  and the VASPs are unable to identify the final beneficiary of those transactions. Therefore, in such cases, associated funds cannot be tracked.

In addition, the agency analyzes in companies the ability to make payments or transfer funds and their international scope. Another concern is with the inconsistency or different treatments, depending on jurisdictions.



The definition of electronic transfer (transaction carried out on behalf of a sender, through a financial institution, electronically, aiming to make funds available to a beneficiary person in a beneficiary financial institution) now extends to VASPs.

This means that VASPs will be responsible for collecting transaction information. About the sender, it will be required data such as name, account number, physical address, national identification, place of birth, among others.

The determination is that the information is transmitted immediately and safely. The goal, therefore, is to protect the integrity and availability of information among VASPs by facilitating the transfer in cases of transactions above US$ 1,000.

Customer screening is also required to comply with freezing orders and sanctions lists. If the transfer is a personal transaction, such as reloading or withdrawn, for example, or with an unregulated institution, the regulated VASPs should not transfer any information, but still need to have it with respect to their own client.