Circular C589 – MONEYVAL’s report on money laundering and financing of terrorism risks in the world of virtual assets
We would like to draw your attention to Circular C589 (the “Circular”), issued by the Cyprus Securities and Exchange Commission (the “CySEC”) on the 18th of July 2023, for the purposes of informing Regulated Entities, as these defined therein, about MONEYVAL’s Report on money laundering and financing of terrorism risk in the world of virtual assets (the “Report”).
A. Purpose:
The Report purports to present in an integrated manner an overview of the money laundering and financing of terrorism risks in the world of virtual assets (the “VAs”) and their service providers in MONEYVAL members. In order to do this, the Report includes the following:
- horizontal analysis of MONEYVAL’s members’ level of compliance with the Financial Action Task Force (the “FATF”) Recommendation 15;
- an overview of the measures taken to regulate and supervise virtual asset service providers (the “VASPs”) sector; and
- features of the identified risks that criminals use VASPs and VAs to launder proceeds of crimes (i.e. exchanges, exchange offices, aggregators, and other cryptocurrency platforms including e-gaming, sports betting, and NTFs).
In particular, the Report integrates and analyses data obtained from MONEYVAL members across multiple issues, relating to (a) how members regulated the activity of issuance of Vas and operation of VASPs; (b) whether the Law Enforcement Authorities (LEAs) have adequate powers and tools to investigate, locate and impose interim measures in respect of Vas; (c) the types of VA platforms used for financial support of criminal activity; (d) examples of cases investigated by the relevant authorities with description of criminal schemes involving the virtual asset elements that have been identified; and (e) other data relevant to the goals of the study.
B. Main Provisions:
In view of the above, the Report has been structured into the following four (4) sections:
1. Horizontal review of compliance with FATF Recommendation 15:
FATF has published documents that are aimed at helping jurisdictions and the private sector to comply with the new AML/CFT requirements for VAs and VASPs (available here and here). Due to the peculiarities of the sector and the relatively recent adoption of the standard, the vast majority of MONEYVAL members have not yet fully implemented these requirements (i.e. of the 23 jurisdictions that have been assessed since June 2021 for their compliance with Recommendation 15, the majority require major or moderate improvements). In particular, further improvements are needed in assessing ML/TF risks, supervision, and the application of AML/CFT preventative measures.
2. Assessment of VA and VASP risks:
As already mentioned above, not all members have assessed the ML/TF risks posed by VAs and VASPs, or if such risk assessment has been conducted in many cases it lacks depth. In the case of Andorra that carried out its second national risk assessment back in 2020, it is noted that the risk assessment at the national level would start with an inventory (i.e. when VASPs must be licensed or registered, leaving the authorities with the tasks of estimating if and to which extent unregistered entities are still servicing clients in the respective jurisdiction) of the registered entities in the jurisdiction and determining the materiality of the VASP sector. However, in practice, jurisdictions experience challenges in identifying unregistered or unlicensed VASP activity in their jurisdiction.
In view of the above and following the first inventory of VASPs, a more in-depth analysis of the sector was undertaken. There is a risk that if the work conducted by Andorra indicates that there are no businesses operating domestically that should be registered, then VAs and VASPs become less of a focus. An assessment must be made about the use of VAs in the country even if there are no registered VASPs (for instance, whether customers in the domestic jurisdiction are obtaining services in another jurisdiction).
3. Risk-Based Approach Supervision of the VASP Sector:
The relevant section of the Report outlines the different approaches taken by members to license or register domestic VASPs and to implement a risk-based supervisory framework for the VASP sector. In brief, the following are noted:
- VAs is defined as a digital representation of value that can be digitally traded or transferred and can be used for payment or investment purposes and do not include digital representations of FIAT currencies, securities, and other financial assets that are already covered elsewhere in the FATF Recommendations.
- VASP is any natural or legal person that provides as a business activity one or more of the following activities or operations for or on behalf of another natural or legal person: (i) exchange between virtual assets and FIAT currencies; (ii) exchange between one or more forms of virtual assets; (iii) transfer of virtual assets; (iv) safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; and (v) participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.
- The analysis shows that not all members included natural persons in the definition of VASPs.
- A risk-mitigating measure for VASP activity is the application of market entry controls and of adequate risk-based supervision for AML/CFT purposes in the sector.
- Recommendation 15 allows countries to choose between licensing or registration of VASPs, providing that at a minimum, VASPs would be required to be licensed or registered in the jurisdiction(s) where they were created.
- MONEYVAL members have implemented different approaches to supervision (i.e. licensing or registration authority is not always the same authority that conducts the AML/CFT supervision of VASPs).
- In supervising the VASP sector most of the MONEYVAL members are at the beginning of implementation. Not all supervisors are comprehensively resourced in terms of staffing and knowledge, and the risk-based approach is rarely tailored to a sector-specific risk assessment.
- The volume and flow of cross-border transactions is one important element that supervisors should consider when determining the risk of the VASP sector and conducting supervision activities.
- The availability of sanctions for VASP supervisors in MONEYVAL members differs in the scope and mounts of the sanctions that can be applied.
4. Law Enforcement and Operational Issues:
The capabilities and approaches of authorities in MONEYVAL countries to investigate ML/TF cases involving the use of VAs and to impose interim measures are examined in the relevant section of the Report. In particular, a number of case studies from the MONEYVAL region shed light on the use of VAs for money laundering purposes, such as the types of understanding crimes that are normally associated with such ML cases, as well as the modus operandi and typologies as to how such money laundering cases are perpetrated, are outlined within the Report. VAs are being used and can probably be used interchangeably with FIAT currencies when looking at typologies, as per the following investigated cases:
- Theft of VAs through “typosquatting” – Isle of Man (in cooperation with UK and Netherlands);
- Sale of fake VAs – Azerbaijan;
- Use of money mules – Latvia;
- Drug and arms dealing – Slovak Republic; and
- Laundering of drug trafficking proceeds – Malta.
C. Next Steps:
CySEC considers the Report to be of assistance to the Regulated Entities engaging or seeking to engage in VA activities, in understanding their AML/CFT risks and obligations and how they can effectively comply with these obligations.
To this end, it is expected by CySEC that all Regulated Entities will study the Report and take its content into account when assessing AML/CFT risks, thereby improving the effectiveness of the measures and procedures applied.
Should you have any further questions, please do not hesitate to contact us at info@apapageorgiou.com.
Disclaimer: The information contained in this article is provided for informational purposes only, and should not be construed as financial or investment or legal advice on any matter. Andria Papageorgiou Law Firm is not responsible for any actions (or lack thereof) taken as a result of relying on or in any way using information contained in this article and in no event shall be liable for any damages resulting from reliance on or use of this information.
Latest Posts
A Quick Guide to IP Rights for Fintech Companies in Cyprus
A. IP Protection for Software Under Cyprus law, software or computer programs are considered literary works protected by copyright, specifically under...
New Rules for Crypto-Asset Service Providers (CASPs) in Cyprus: Key Updates
The Cyprus Securities and Exchange Commission (CySEC) has made an important announcement regarding regulating Crypto-Asset Service Providers (CASPs). Here’s...
The EU’s Digital Operational Resilience Act 2022/2554 (DORA)
Financial regulators have long faced the challenge of ensuring stability in financial markets, especially given the growing reliance on third-party systems,...