22/03/2023 Alexander

What are the global regulations around VASPs?

Pawel Kuskowski invited Director and Head of Public Affairs, Policy, Regulatory Affairs of Xapo Bank, Joey Garcia to discuss the global regulations around Virtual Asset Service Providers (VASPs). Joey is one of the pioneers for the regulation of the virtual currency and distributed ledger technology space and chairs a specialised industry technical working group seeking to provide a working solution for the industry for the recently published Financial Action Task Force (FATF) recommendations in respect of the Travel Rule, and provides different regulatory authorities guidance and training in respect of the other FATF recommendations.

Competitive advantage of smaller jurisdictions

According to Joey, the Association of Southeast Asian Nations (ASEAN) is a hub of innovation as they are faster moving and open to new experiences. He highlights that the crypto world is incredibly fast-paced, with the development of infrastructure and the application of blockchain growing much faster than the legislative infrastructures of a country. Matching technical development with legislative development therefore becomes difficult which results in smaller jurisdictions who can act faster than others gaining concrete advantages.

FATF recommendations regarding VASPs

In reference to FATF June 2019, Joey highlights the recommendations that are published around the registration or licensing of virtual assets service providers. Even though that may have acted as a trigger, he says that although the FATF remains a global standard setting body for Anti-Money Laundering (AML) and Combating the Financing of Terrorism (CFT) regulation, they are not a regulatory authority. The recommendations are therefore focused on AML and CFT but the way countries react differ.

For example, if there is an international organisation or standard setting initiative which says that we should all register VASPs, there can be a number of issues which can arise out of that starting from the definition of VASPS, what falls within the definition and what falls outside of it since each country has different interpretations of it.

Variety in jurisdictional interpretations for VASPs

When Pawel asks why countries have variety in interpretation, Joey explains that pre-FATF, there was AML Decentralized Finance (DeFi) and even then, the crypto to crypto platform would not fall within the definition so the FATF clarified that it should be included. However, Joey mentions that post 2019, it has become visible that in the Dex universe, crypto denominated derivative infrastructures, staking, lending activity and many other developments have taken place which required every country to reinterpret the definition in their own ways to ensure that everything falls within their definition or interpretation.

Some countries have facilitation of a transaction as part of their law, indicating that today, certain DeFi related operators/programmers are caught within the definition. On the other hand, other countries have slightly different interpretations.

The key difference however is that some countries have tried to literally comply with the definitions while many others have not. By complying with those recommendations, countries are bringing their activities within the scope of AML and NFT registration regime and when that happens, countries will register for the VASP and the risk within that VASP activity is far greater than AML because that leads to the following:

  1. Core customer asset protection principle;
  2. Segregation of those assets and how they are accounted for;
  3. Basic governance standards;
  4. Basic security requirements;
  5. Questions regarding regulatory capital calculation;
  6. Questions regarding insurance;
  7. Questions regarding business continuity plans;
  8. Risk frameworks.

Watch the whole discussion:

Creating a secure and regulated ecosystem

Joey says that one could go on about what it could include but there are platforms like Futures Exchange (FTX), a global platform which had only 3 months of experience in risk management which leads one to question if it is right that they had no governance, or if there should there be a higher standard to create a secure and regulated ecosystem.

The problem is that different countries have different views on what a secure regulated ecosystem looks like as a result of which good operators in that space apply the highest possible standards.

Moreover, since this is a global, cross border industry, it really does not matter as much as before where the market is domiciled or where the customers being serviced are from, making it much more risky.

On the DeFi related side, one approach could be that everything that touches a blockchain is treated as a VASP. Consequently, everything would need to be regulated in the same way or it can be said that there is a risk that exists and let’s not try and find an intermediary onchain compliance based system or compliance oracle based system. One can look at the transaction and how it works to identify the risks and structure/create solutions. However, that is a very positive way of seeing it and this rarely happens in reality.

Pawel mentions that in the customer protection case, the UK has been moving in the right direction to make it meaningful for everyone but at the same time, the volumes are with unregulated exchanges as opposed to regulated exchanges.

With Joey’s background as a lawyer and then switching to business, he concludes that lawyers can be considered as ship builders who are allowing the ship to be constructed in the right way, to operate properly, to sell correctly but they go after sale. As a result, lawyers are not on the ship so they will come and try to fix a hole in that ship but they will not be there when the ship will be sinking.