FATF, DeFi, and NFTs

Major three and four letter agencies continue to eye burgeoning three and four letter technologies. The Financial Action Task Force (FATF), an intergovernmental organization focused on global anti money laundering and know your customer (AML/KYC) standards, and their governmental partners like the US Department of Treasury, have been focused on blockchain and cryptocurrencies for several years. We wrote about this back in 2019 and urged crypto investors to take their regulatory guidance seriously, a position at odds with the predominant crypto point of view espoused by rosy-eyed technologists who imagined they had innovated themselves an immunity from regulation by way of “decentralization”. Since then, that initial FATF guidance has been incorporated into laws and we have seen enforcement in major jurisdictions, including high profile arrests and charges against mjor industry players due to lax AML/KYC procedures. A few weeks ago, FATF came forward with additional clarification on their view of AML/KYC compliance which touched on two hot sectors in the blockchain and cryptocurrency world today: decentralized finance (DeFi) and non-fungible tokens (NFTs).

DeFi

For those diligently following the developments from international regulators, the updated FATF guidance is not groundbreaking. In short, the guidance simply added clarity to who should be considered a virtual asset service provider (VASP) and thus be obligated to follow existing AML/KYC best practices known as the “travel rule”. The travel rule requires entities to check and share account holder information for transfers of value over $1,000 USD. The main focus of this clarification was the inclusion of the developers and operators of DeFi platforms, decentralized exchanges (DEXs) , or decentralized applications (DApps).

“Exchange or transfer services may also occur through so-called decentralized exchanges or platforms. ‘Decentralized or distributed application (DApp),’ for example, is a term that refers to a software program that operates on a P2P network of computers running a blockchain protocol—a type of distributed public ledger that allows the development of other applications.”

FATF noted that despite the existence of any decentralized network architecture, the developers and operators of “decentralized” finance, exchanges, or applications are nonetheless beholden to law.  

“These applications or platforms are often run on a distributed ledger but still usually have a central party with some measure of involvement, such as creating and launching an asset, setting parameters, holding an administrative “key” or collecting fees. Often, a DApp user must pay a fee to the DApp, which is commonly paid in VAs (virtual assets), for the ultimate benefit of the owner/operator/developer/community in order to develop/run/maintain the software. DApps can facilitate or conduct the exchange or transfer of VAs.”

Because DApps, including DeFi or DEXs, “facilitate or conduct the exchange or transfer of VAs”, FATF is recommending that regulators enforce existing AML/KYC best practices for them.

“A DApp itself (i.e. the software program) is not a VASP under the FATF standards, as the Standards do not apply to underlying software or technology (see below). However, entities involved with the DApp may be VASPs under the FATF definition. For example, the owner/operator(s) of the DApp likely fall under the definition of a VASP, as they are conducting the exchange or transfer of VAs as a business on behalf of a customer. The owner/operator is likely to be a VASP, even if other parties play a role in the service or portions of the process are automated. Likewise, a person that conducts business development for a DApp may be a VASP when they engage as a business in facilitating or conducting the activities previously described on behalf of another natural or legal person. The decentralization of any individual element of operations does not eliminate VASP coverage if the elements of any part of the VASP definition remain in place.”

For people with a perspective that extends outside of the cryptocurrency/blockchain bubble this is not surprising news. Code which is written to operate in a decentralized or automated manner is ultimately written by individuals, and individuals operate under a legal ruleset. Observers of Craig Steven Wright (CSW), the Chief Scientist at Bitcoin R&D company nChain and the man Unbounded Capital maintains invented Bitcoin, will find this point familiar. For years, CSW has been making this exact point and warning crypto speculators that, eventually, laws will catch up with any novelty of decentralized networks and the laws on the books will be effectively enforced. In his July 2020 blog post, Cryptocurrency and the Law of the Horse, CSW reiterates this point, noting that, “Only humans exhibit and express intention, and only humans can contract or create the necessary conditions to commit a crime. It will never be the case that computer code exists outside of the minds of individuals.” This recent FATF clarification is the first step towards regulators agreeing with CSW, and ultimately realizing that they are able to enforce existing laws, despite any popular and widely propagated claims of technological immunity via decentralization.

For a perspective counter to CSW’s, one more of a piece with the blockchain/cryptocurrency orthodoxy, we can reference an article by Decrypt which suggested that the FATF update demonstrates regulators fundamental misunderstanding of blockchain technology. Citing a blockchain specialized lawyer interviewed for the piece, Decrypt claims that the “language and the thinking behind the guidance is alien and inapplicable to DeFi.” The subject cited suggests that while a legacy financial institution is able to comply with FATF’s travel rule, DeFi is different; “DeFi is totally peer-to-peer; you’re swapping, not transacting. There are no counterparties involved here. So the logic of centralized finance doesn’t apply here at all.”

While this point of view is popular within blockchain and cryptocurrency circles, it ultimately falls flat; FATF points out why. Although certain blockchain based applications may be to some degree technologically decentralized or automated, the individuals and organizations which make and/or maintain them are not. Another key point that CSW has consistently made, despite its unpopularity within the crypto sphere, is that parties which create decentralized technologies with the hope of removing or limiting their liability may inadvertently open themselves up to unlimited liability by forgoing the protections of formal legal structures like LLCs (limited liability companies). For more information on that particular perspective, reference CSW’s blog post Open Source and Liability.

NFTs

Allusions to NFTs were another headline grabbing part of the updated guidance. FATF mentioned “types of closed-loop items that are non-transferable, non-exchangeable, and non-fungible. Such items might include airline miles, credit card awards, or similar loyalty program rewards or points, which an individual cannot sell onward in a secondary market outside of the closed-loop system.“ The guidance noted that,

“Flexibility is particularly relevant in the context of VAs and VA activities, which involve a range of products and services in a rapidly-evolving space. Some items—or tokens—that on their face do not appear to constitute VAs may in fact be VAs that enable the transfer or exchange of value or facilitate ML/TF (money laundering/terrorism financing).”

While the clarifications regarding NFTs are not as detailed as those for DeFi and DApps, it is noteworthy that they included novel token types which might not initially appear to constitute virtual assets, but which may ultimately be defined as virtual assets and require issuers to comply with AML/KYC safeguards.

Why This Matters

This recent update to FATFs guidance highlights the importance of the combination of a thorough understanding of the technological side of blockchain and cryptocurrency and a robust legal framework rooted outside of cryptocurrency orthodoxy. This is true for people interested in speculating on popular DeFi assets or NFTs as well as companies seeking to leverage these technologies for traditional asset issuance or novel incentive aligning tokens. 

The most troubling aspect of the cryptocurrency mainstream’s reception to the FATF guidance is that it is often not taken seriously. It’s one thing to disagree with the guidance and the laws they inspire, but a large segment of the cryptocurrency ecosystem appears to ignore them altogether, imagining they won’t need to comply because laws against decentralized technologies are effectively unenforceable. This sentiment was recognized by the lawyer interviewed in the Decrypt article when he noted, “It seemed like last weekend after the FATF guidelines were released the whole crypto community was more interested in the chatter about BitClout...And yet, functionally, this proposal seeks to eliminate DeFi in any way.”

On this point we certainly agree. Because the majority of DeFi and NFT activity is built on unscalable and congested networks like Ethereum, there is not much of a value proposition outside of the evasion of law or the ability to exchange assets without the onerous processes and best practices of legacy financial institutions, virtually all of which comply with FATF guidance like the travel rule. The DeFi boom has been fueled by the same ethos that imagines regulation won’t matter because this time the technology has become unstoppable.

At Unbounded Capital we disagree. We think the future is bright for innovative applications of Bitcoin (BSV) as an immutable, public, distributed ledger. This includes massively improved ways to interact with financial assets as well as non-fungible tokens from coupons and loyalty points to ownable digital game items. In fact, several UC portfolio companies including RUN and Tokenized are at the forefront of innovation on how to issue, trade, and manage these digital items. The heavily game and collectible focused NFT boom is squarely in the purview of RUN and more stringently regulated assets or tokenized securities, such as those issued by VASPs as defined by FATF, aligns well with Tokenized (allowing for a fair amount of overlap). By leveraging companies like RUN and Tokenized, innovative entrepreneurs seeking to leverage Bitcoin for purposes outside of regulatory arbitrage will find the tools to generate enormous value with user friendly interfaces. When it comes to regulatory compliance, these companies are ahead of regulators like FATF in understanding and building for the future internet tech stack built on Bitcoin but remain rooted in a pragmatic understanding of the need for legal compliance, similar to the views demonstrated by CSW.

If you are building, or interested in building, in the booming blockchain and token (fungible or non fungible) space, please check out these powerful tools or get in touch with us directly to learn more.