What are the Crypto Industry’s Main Regulations and Travel Rules?

The OECD’s Financial Action Task Force (FATF), which deals with international money laundering, recently presented its “Updated Guidance for a Risk-Based Approach to Virtual assets and Virtual Asset Service Providers”. This guide is intended as a reference for countries around the world when drafting cryptocurrency regulation.

The OECD’s Financial Action Task Force (FATF), which deals with international money laundering, recently presented its “Updated Guidance for a Risk-Based Approach to Virtual assets and Virtual Asset Service Providers”. This guide is intended as a reference for countries around the world when drafting cryptocurrency regulation.

The inclusion of an obligation on business operators to follow travel rules (rules on the movement of money) has caused a stir in the industry.

The old travel rule controversy

The travel rule is an obligation imposed by the FATF requiring virtual asset service providers (VASP) to collect information from both parties to a trade whenever sending or receiving cryptocurrencies worth over $1,000.

The travel rule has been a topic of debate in the industry ever since the FATF included the clause in its June 2019 draft Recommendation. The rule is controversial not only because it goes against the principle of decentralization, but also because it requires cooperation between exchanges along with a high level of technical infrastructure, which makes it difficult for individual companies to comply.

After the FATF’s plans to include the travel rule in its draft guidance became public, various players entered the travel rule solution market, including anti money laundering (AML) solution providers such as Elliptic, CoolbitX, Ciphertrace, and Shift. In Korea, Upbit subsidiary Lambda256, Bithumb, Coinone and Korbit formed the joint venture CODE. Yet among all these companies, there is no standardized technology on the market.

However, the FATF’s updated guidance published this October still includes the so-called travel rule for cryptocurrency operators. While the FATF’s recommendations are not formally enforceable, they are considered binding in practice because countries that fail to comply are subject to sanctions in the global financial system. For this reason, the FATF’s recommendations have a major impact on how financial authorities around the world regulate the cryptocurrency industry.

However, while the FATF stressed the need for countries to implement and comply with the travel rule, it did state that a phased approach could be considered given the lack of a solution to technically implement the rule.

Broad regulatory scope includes DeFi developers

But it’s not just the travel rule that is controversial about the FATF’s guidance. Another issue is the scope of businesses that are subject to the regulations. The recent guidance extends the scope to include not only existing CeFi (centralized finance) companies, but also major cryptocurrency industry players such as stablecoins and DeFi.

Under the amendment, any developer, operator, owner, etc. capable of exercising influence on a DeFi service function – including stablecoin projects – can be considered a Virtual Asset Service Provider (VASP). According to the guidelines, even if a DeFi service is designed to allow people to trade, lend, etc. without intermediaries, if the Dapp (Decentralized App) development team sells or distributes project-related governance tokens to investors and users, they fall subject to anti money laundering (AML) regulations.

Earn Up To

15% APR*

On your crypto today!

*Haru Earn Plus/365days lock-up


To quote the guidelines: “It seems quite common for DeFi arrangements to call themselves decentralized when they actually include a person with control or sufficient influence, and jurisdictions should apply the VASP definition without respect to self-description. For example, there may be control or sufficient influence over assets or over aspects of the service’s protocol, and the existence of an ongoing business relationship between themselves and users, even if this is exercised through a smart contract or in some cases voting protocols. Countries may wish to consider other factors as well, such as whether any party profits from the service or has the ability to set or change parameters to identify the owner/operator of a DeFi arrangement.”

High standards for vague regulations. Blockchain industry concerned about rising costs

The impact of FATF regulations on the blockchain/cryptocurrency industry is enormous. This is because whenever countries around the world draft regulatory proposals with reference to the FATF guidance, VASPs have to introduce additional travel rule solutions, greatly increasing their operating costs.

As mentioned, if under the guidance DeFi project development teams are interpreted as a VASP, they must comply with travel rules and other AML obligations in the same way as CeFi projects.

The cost to the industry could increase even further with the addition of another clause in the guidance, according to which VASPs might not transmit essential user information to other VASPs if there are AML or CFT (Countering the Financing of Terrorism) risks.

Siân Jones, senior partner at XReg Consulting, noted: “One thing that leaped out for me was that the updated guidance allows for alternative procedures, including not sending required user information, if a VASP believes a counterpart VASP will not handle transmitted user data securely and the AML/CFT risks are acceptable. In such cases, VASPs can still execute a transfer but the implication is that such risk assessments are made on a case-by-case basis and therefore could carry significant compliance burden and cost.”

Experts are concerned that this increase in costs could hamper or overshadow the growth of the blockchain industry. Especially given that the definition of VASP in the guidance remains unclear while the scope of application appears overly broad, the industry is concerned that few companies will preemptively take on the cost of compliance.

Lucy Gazmararian, co-chair of the Hong Kong Blockchain Council’s Fintech Association of Fintech, said: “According to the guidance, VASP must follow at least the standard observed by traditional financial institutions”, cautioning that “as DeFi is still in its infancy and at the experimental stage, a heavy-handed regulatory approach may serve to stifle innovation and the further healthy development of the FinTech sector. At worst, a non-specific approach may drive DeFi innovation underground and with it any associated ML/TF activity.”

On the other hand, some commentators believe that regulations will play a role in making the industry more transparent. After all, the purpose of the regulation is to create a healthier ecosystem by imposing anti money laundering obligations on an industry that is currently prone to hacking and fraud. Chia Hock Lai, co-chair of the Blockchain Association Singapore remarked that the guidance is “overall a step in the right direction” in terms of providing greater clarity and certainty on regulations but advised that more discussion is needed not just on the definitions for DeFi and NFTs, but also the implementation timeline.

Start earning effortlessly with the

Haruinvest Mobile App

We’ve assembled the best strategies with minimized risk for you.

Continue reading