According to the International Association of Compliance (ICA), “the global virtual assets regulatory landscape is a patchwork of differing approaches, reflecting, in turn, the cultural, political and social differences of many different jurisdictions”. Against this backdrop, it should be no surprise that both unregulated and regulated virtual asset service providers (VASPs) appear not to know what practices to follow (when unregulated) and are questioning the validity of what is expected (when regulated).
In the first of this two-part series, this writer discussed the significance of a risk-based approach by supervisory bodies in their regulation and monitoring of virtual assets and associated service providers. In the final part of this series, there will be an overview of the obligations facing entities involved in providing virtual asset services, and suggestions for their integrated risk management environments or lack thereof.
Responsibility of the providers under Financial Action Task Force (FATF) guidance
What is extremely helpful is that the Financial Action Task Force (FATF) has updated its guidance, clarifying the definitions of ‘virtual assets’ and ‘virtual asset services providers’; which providers should be licensed and/or registered; wire transfers and the travel rule; and how to approach customer due diligence (“CDD”). It confirmed that its Recommendations one, and nine through 21, should apply to regulated digital asset entities in the same manner that they apply to financial institutions.
However, there were two qualifications:
- First, the occasional transaction threshold above which virtual asset services providers are required to conduct customer due diligence is 1,000 US dollars or euros (rather than 15 000).
- Second, the wire transfer rules set out in FATF recommendation 16 apply to virtual asset services providers and virtual asset transfers in a modified form (the ‘travel rule’).
Risk management
Virtual assets services providers should have a multi-faceted approach to their governance and risk management environment. It is imperative to have a documented strategy; assessment of risks; responses to those risks through controls; effective communication and reporting; monitoring of the enterprise; and ensuring the technological business structure is aligned with identified risks.
The issue many virtual asset services providers face is their lack of implementation and strategic risk management. This stems from their belief that, because the business is not a traditional financial institution, it does not need the same levels of accountability surrounding risk management processes, which is a fundamental mistake. The world is experiencing evidence of these mistakes, seemingly quarterly, through the implosion of many actors in the crypto currency arena. Virtual asset services providers should not get caught up in minutiae but, rather, define, understand and conceptualise the risks they face.
How a GRC professional can help virtual asset services providers
As regulatory frameworks and market trends evolve, governance, risk and compliance (GRC) specialists can provide guidance on the design and implementation of your business strategy. More precisely, they are able to offer:
· Updated compliance control frameworks and policies through assessment and guidance.
· Risk assessment assistance for financial crimes.
· A review of client files and a plan for remediation (Know Your Customer)
· Anti-money laundering and counter-terror finance training
Conclusion
In short, both regulators and virtual asset services providers have substantial roles to play in the latter’s success. The rapid growth of virtual asset technologies and associated products is likely to lead to new laws and regulations being implemented by regulators around the world if they have not already done so. Equally, this rapid growth must be internally managed through agile risk management approaches and solutions.
• NB: About Derek Smith Jr
Derek Smith Jr. has been a governance, risk and compliance professional for more than 20 years. He has held positions at a TerraLex member law firm, a Wolfsburg Group member bank and a ‘big four’ accounting firm. Mr Smith is a certified anti-money laundering specialist (CAMS), and the compliance officer and money laundering reporting officer (MLRO) for CG Atlantic’s family of companies (member of Coralisle Group) for The Bahamas and Turks & Caicos.
Commenting has been disabled for this item.