At the end of October, the Financial Action Task Force (FATF) refined and published guidance for the crypto industry, setting standards in particular for DeFi and NFT segments.
Specifically for ForkLog, GMT Legal managing partner Andrey Tugarin and NOA Circle partner Eduard Davydov analysed the most significant changes in the guidelines that could potentially pose risks to the founders and developers of DeFi and NFT projects.
Risks for NFT Projects
The updated version provides more specific and complete definitions of virtual assets (VAs) and virtual asset service providers (VASPs). It also explains cases in which NFTs may fall under the VA definition.
When are NFTs recognised as virtual assets. Non-fungible tokens used as collectibles, rather than as payment or investment instruments, are not considered virtual assets (Section 53 of the Guidelines).
“FATF notes that it is important to consider the nature of NFTs and their function in practice, not the marketing terms used. Therefore NFTs may fall under the VA definition if they are used or can be used for payment or investment purposes”, said Andrey Tugarin.
In this case, all provisions of the guidelines regarding customer verification, AML/CFT – compliance will apply to the companies that service NFT turnover, the lawyer explained.
The FATF’s new guidance suggests that individual countries may tighten local regulation of NFTs.
For projects in this segment, the expert advised developing a concept for applying NFTs with consideration of their possible classification as investment or payment tokens.
Risks for DeFi Projects
The agency defined the circumstances under which DeFi projects fall under the VASP definition.
When is a DeFi project defined as a VASP. First of all, FATF notes that a DeFi application as software is not a VASP. However, the creators of such software, its owners, operators, or other persons who control the DeFi project or exert sufficient influence over it, may fall under the VASP definition, even if the project appears decentralised or parts of its processes are automated (Section 67 of the Guidelines).
“If the owners or controlling persons of a DeFi project meet the VASP definition, they should undertake an AML/CFT risk assessment before launching or using the software or platform and implement appropriate measures to manage and mitigate these risks on a continuing basis”, said Andrey Tugarin.
Definition of owners or controlling persons of DeFi project. FATF provides guidance on who to consider the creator (developer) of a DeFi project, taking into account their relation to the activity performed.
Among the defining factors may be:
- Having control or sufficient influence over the DeFi project’s assets;
- Having ongoing business relationships between the person and users, including in the form of a smart contract or voting protocols;
- Receiving profits from the services provided by the DeFi project;
- Having the ability to set or modify parameters for identifying the operator of the DeFi project.
According to Eduard Davydov, a partner at NOA Circle, DeFi projects are often described as decentralised, though in reality they have a representative with control or sufficient influence. In such cases, the definition of VASP should be applied irrespective of self-description.
“The guidance may not apply to DeFi software, but operators of dapps and DEXs may be VASPs, and should comply with anti-money laundering requirements”, said the expert.
Self-identification of a DeFi project. Marketing terms or self-identification as a DeFi project are not determinative. In Section 68 of the FATF Guidelines, it notes that DeFi projects quite often call themselves decentralised, even though in reality they have a specific controlling person with sufficient influence on the project’s activities.
“In this regard, states should apply the VASP definition without regard to a service’s self-identification as a DeFi project”, said Andrey Tugarin.
Governance token holders for a DeFi project. Not all persons connected to control over a DeFi project are required to meet AML/CFT obligations. In cases where a person can acquire governance tokens of a VASP, the VASP itself remains responsible for AML/CFT obligations.
“A separate governance token holder in this case does not bear such responsibility if they do not exercise direct control or exert sufficient influence over the VASP’s activities”, the lawyer explained.
Inability to identify owners or controlling persons of a DeFi project. If it is not possible to identify the person who controls or exerts sufficient influence over a DeFi project, the VASP requirements do not apply to them. States should monitor the emergence of such projects and the associated risks, including through engagement with the DeFi community.
“Countries may develop certain measures concerning such projects and consider an option that a already-regulated VASP (for example, a licensed crypto exchange) participates in activities related to a DeFi project”, said the expert.
According to Tugarin, the principal risk for DeFi projects will be obligations to identify their ultimate beneficial owners:
“More often than not, even if the project itself is decentralised, its creators are well known or easy to locate. It is they who will have to comply with the guidance’s provisions”.
Conclusion
The guidance urges national regulators to apply the VASP definition more broadly and effectively requires registration or licensing of nearly every activity involving digital assets.
“It is precisely for these purposes that FATF brings NFT and DeFi projects out of the shadows. Their developers should be prepared for tighter regulation of the digital assets space by the organisation”, said Andrey Tugarin.
Eduard Davydov, a partner at NOA Circle, drew attention to the potential risk of restrictions for developers and owners of software:
“In this case, FATF is extending reach to those it can reach. Popular crypto wallets that provide access to dapps and DEXs may fall under such definitions, and at a minimum will be obliged to implement AML/KYC procedures for users”, said the expert.
Read ForkLog’s Bitcoin news in our Telegram — cryptocurrency news, rates and analysis.