Earlier this week the FIAU issued Implementing Procedures applicable to the Virtual Financial Assets (VFA) sector.
The new Implementing Procedures (IP) apply to VFA agents, VFA issuers and VFA service providers that are regulated by the Virtual Financial Assets Act. In the case of VFA issuers it is important to note that they would be expected to abide by all of the AML/CFT obligations in the PMLFTR even in situations where, for whatever reason, they fail to comply with the whitepaper registration requirement of the VFA Act.
The IP extend also to other subject persons who may not be licensed as VFA service providers but who may be handling VFAs in the course of carrying out relevant financial business or activity. Persons carrying out one or more of these relevant financial businesses or activities in connection with VFAs are thus subject to the rules of the IP for VFAs:
Depending on the particular context in which they take place,
may also be subject to the IP for VFAs.
The new sectoral IP emphasise the risks arising from the nature of Virtual Financial Assets, such as anonymity, immediacy, irrevocability and decentralisation. In order to mitigate such risks while taking consideration of the nature of the VFA business and the rapid improvements in this sector, the Business Risk Assessments prepared by the subject persons shall be reviewed bi-annually rather than on an annual basis, or earlier if necessary.
VFA service providers are obliged to commission an independent external third party to perform a review of their AML/ CTF controls, policies and procedures. The independent review must be carried out at least every eighteen months or upon any material change or enhancement to the VFA service provider’s AML/ CFT programme.
The IP clarify how Customer Due Diligence shall be performed in a VFA scenario. Notably, they also provide guidance on the application of Simplified Customer Due Diligence in low risk scenarios where customers are trading with VFAs under €1,000.
In terms of transaction records, data such as wallet addresses involved in the transaction, customer identification details, name of the parties involved, type and value of the VFAs transacted, details of the bank account or wallets in all transactions shall be collected and kept on file.
The IP provide guidance on how to deal with various types of wallets such as Private Wallets, Custodian Wallets and Multi-Signature Wallets. Subject persons are to apply analytical tools to identify the content of the wallets and the history of the coins. Wallet addresses involved in the given transaction must be checked for adverse media in the public domain. As part of the process of identifying Source of Funds, subject persons must establish the origin of the coins, having special regard to the mining activity of the customer.
The Annex of the IP provides an indicative list of red flags, trends and case studies in the VFA sector to help VFA service providers understand better what they should look out for when designing and implementing their AML/ CFT programmes.
Article written by Dr Agnes Antal and Mr Stefan Briffa.
This publication is provided for your convenience and does not constitute legal advice.
This publication is protected by copyright © 2020 GTG Advocates.
Please contact Dr Ian Gauci at firstname.lastname@example.org or Dr Terence Cassar at email@example.com for more information on Virtual Financial Assets, and Mr Stefan Briffa at firstname.lastname@example.org for compliance and AML/ CFT information.