On October 28, 2021 the Financial Action Task Force (FATF) updated its guidance for
virtual assets (VA) and virtual asset service providers (VASP) with changes focused on six areas:
Clarification of the definitions of virtual assets and VASPs
Guidance on how the FATF Standards apply to stablecoins
Additional guidance on the risks and the tools available to countries to address the money laundering and terrorist financing risks for peer-to-peer transactions
Updated guidance on the licensing and registration of VASPs
Additional guidance for the public and private sectors on the implementation of the “travel rule”
Principles of information-sharing and co-operation amongst VASP Supervisors
As observed by FATF, VAs are becoming “increasingly mainstream for criminal activity”, including offenses such as computer crimes resulting in ransomware. From the perspective of combating these types of crimes, the guidance urges national co-operation relating to VAs to address cyber issues in part because of the highly-mobile and cross-border nature of VA activities. Moreover, supervisors should exchange information and co-operate, and proactively when a cybersecurity incident has potential AML/CFT impact on other jurisdictions.
By the numbers
This year, cyber crime and fraud have surpassed reports from 2020. Specifically in the cryptocurrency sector, data from the US, UK, Australia and Canada reveal significant increases:
In the UK, £146,222,332 has been lost to cryptocurrency fraud since the start of this year up nearly 30% (October 2021)
In the US between October 2020 and May 2021, nearly 7000 reports of losses amassing to more than $80 million on cryptocurrency scams (May 2021)
In Australia, more than half of the total reported losses of $70 million were to cryptocurrency scams, the most commonly reported type of investment scam with 2,240 reports (Aug 2021). Losses involving Bitcoin investment scams reached $25.7 million in the first half of 2021, up 44% compared to 2020.
In Canada, cryptocurrency fraud increase more than 400% between 2017 and 2020 (March 2021)
According to a report by Ciphertrace, major crypto thefts, hacks, and frauds totaled $681 million by the end of July 2021, with DeFi-related losses accounting for 54% of major crypto fraud volume.
The continued interest from investors in cryptoassets makes this trend a growing target for criminal activity.
From a regulatory perspective, the Financial Action Task Force (FATF) Guidance for a Risk-Based Approach to VAs and VASPs and related FATF recommendations (see above), provides standards for combating money laundering and the financing of terrorism & proliferation. For electronic funds and virtual currency transfers, Recommendation 16 and the travel rule requires financial entities, money services businesses to include certain information:
The name, address and account number or other reference number (if any) of The person or entity who requested the transfer (originator information);
The name and address of the beneficiary; and
If applicable, the beneficiary's account number or other reference number.
The objective is to prevent criminals and terrorists from moving funds and detecting misuse.