On 21 June 2019, the FATF issued a public statement stating that the threat of criminal and terrorist misuse of Virtual Assets is a serious and urgent matter. Therefore, national authorities are expected to take immediate action to prevent the misuse of Virtual Assets for money laundering, terrorist financing and the financing of proliferation.
As a result, an Interpretive Note to Recommendation 15 and the Risk-based approach guidance were adopted by the FATF to ensure that national authorities and entities in the private sector implement adequate anti-money laundering and counter financing of terrorism measures in relation to Virtual Assets and Virtual Assets Service Providers.
Amendments to the FATF standard
In October 2018, the FATF updated its standard with specific focus on Recommendation 15 which highlights the importance of the risk analysis, management and mitigation of new technologies. The amendment included Virtual Assets as a new technology whilst urged national authorities to regulate Virtual Asset Service Providers for Anti-money laundering and Counter Financing of Terrorism (AML/CFT) purposes and to license or register Virtual Asset Service Providers to ensure effective supervision and monitoring.
Furthermore, the updated standard also included a definition of Virtual Asset and Virtual Asset Service Providers.
Adoption of the Interpretive Note and the Risk-Based Approach Guidance
The Interpretive Note and the Guidance obliges national authorities to adopt the following counter measures to mitigate the misuse of Virtual Assets in relation to money laundering, terrorist financing and the financing of proliferation:
- apply the relevant AML/CFT measures to Virtual Assets and Virtual Asset Service Providers;
- identify, assess, and understand the money laundering and terrorist financing risks emerging from virtual asset activities and the activities or operations of Virtual Asset Service Providers;
- apply the risk-based approach to implement measures that commensurate with the risks identified;
- require Virtual Asset Service Providers to identify, assess, and take effective action to mitigate their money laundering and terrorist financing risks;
- implement licensing or registration procedures for Virtual Asset Service Providers;
- ensure that Virtual Asset Service Providers are subject to adequate regulation, supervision and monitoring for AML/CFT purposes;
- ensure that Supervisory Authorities have the necessary powers to effectively monitor Virtual Asset Service Providers;
- implement a range of effective, proportionate and dissuasive sanctions in case of compliance failure;
- amend the definition of occasional transactions to include the € 1000 threshold which obliges Virtual Asset Service Providers to conduct customer due diligence; and
- ensure international cooperation.
What regulatory requirements has Malta enacted to date?
In July 2018, Malta adopted the Virtual Financial Assets Act (Cap 590) which provided a definition of Virtual Financial Assets and outlined the licensing or registration requirements for
- Initial Virtual Financial Assets Offerings;
- Virtual Financial Assets Agents; and
- Virtual Financial Assets Service Providers.
The Act captures several Virtual Financial Assets Service Providers which include
- entities that receive and transmit orders;
- entities that execute orders on behalf of other persons;
- entities that deal on own account;
- entities that manage assets belonging to another person;
- custodian or nominee services;
- investment advisors;
- entities that place virtual financial assets to trading; and
- Virtual Financial Assets exchanges.
The Malta Financial Services Authority (MFSA) is appointed through the Act to supervise the aforementioned entities during the course of their business. To date, the MFSA issued three rulebooks which clarify the expected standards to be undertaken by the entities dealing in Virtual Financial Assets.
Furthermore, the aforementioned entities were included in the definition of obliged entities under the Prevention of Money Laundering and Funding of Terrorism Regulations (S.L. 373.01). Therefore, such entities are required to undertake the necessary AML/CFT measures to prevent the misuse of Virtual Financial Assets for money laundering, financing of terrorism and financing of proliferation purposes. Counter measures include customer due diligence, reporting of suspicious transactions, implementation of a business risk assessment and the implementation of record-keeping procedures.
A Compliance Certificate is required to be submitted on annual basis for Initial Virtual Financial Assets Offerings and Virtual Financial Assets Service Providers to the MFSA. These entities are required to appoint an auditor to ensure that the regulatory requirements, including those pertaining to AML/CFT, are being undertaken and are effective.