April 9, 2021

FATF’s New Guidance Takes Aim At DeFi

The Financial Action Task Force (FATF), the inter-governmental watchdog that establishes standards for anti-money laundering (AML) and know-your-customer (KYC) requirements, has published new draft guidance for decentralised platforms. FATF made headlines two years ago when it proposed – and then finalised – guidance urging nations to implement KYC requirements for all crypto exchanges. The so-called Travel Rule defined virtual asset service providers (VASPs) as businesses that transfer funds in the form of cryptocurrency (i.e., crypto exchanges, among others) and mandated that the businesses should have KYC information for both the sender and the recipient of these transactions.

Countries are beginning to implement these recommendations – South Korea recently brought new anti-money laundering (AML) rules into effect, resulting in at least one major exchange shuttering its operations in the country.

The updated draft guidance massively expands the types of entities that might fall under FATF’s umbrella. It distinguishes between fungible tokens and non-fungible tokens (NFTs), adds descriptors for decentralised exchanges and decentralised finance (DeFi) and specifies who might be held liable for enforcing KYC requirements for DeFi platform.

The new rules are a reaction to the rapid growth of NFTs and DeFi within the past year and would ask countries to ensure that even DeFi platforms have some form of KYC rules, even if there’s technically no single party responsible for a live network.  In particular, developers who create some sort of decentralised platform and do not maintain any form of control may still be liable for KYC rules, even if they don’t have a role in the platform post-launch.

Why is this important for your organisation?

The rapid growth of decentralised platforms has piqued FATF’s interest forcing it to upgrade AML and KYC requirements on these platforms to ensure that they are not used to support illicit activities. The consequence of this is that regulatory institutions now have increased obligations towards virtual assets (VA) and virtual assets service providers (VASPs).


  • National regulatory authorities should undertake a coordinated risk assessment of VA products, and services, as well as of the risks associated with VASPs and the overall VASP sector in their country.
  • As the VASP sector evolves, countries should consider examining the relationship between AML/CFT measures for covered VA activities and other regulatory and supervisory measures i.e. consumer and investor protection, tax etc.
  • VASPs should identify, assess, and take effective action to mitigate the ML/TF risks associated with providing or engaging in covered VA activities or associated with offering particular VA products or services

Learn more here.

Share on social media: