Moving beyond the ‘on’ and ‘off’ ramps of the virtual asset ecosystem

The Mutual Evaluation Report of Japan

In 2019, the FATF revised its Standards to apply AML/CTF obligations to VASPs. The FATF defines a VASP as any natural or legal person that conducts one or more of the following activities or operations for or on behalf of another natural or legal person:

• Exchanges between virtual assets and fiat currencies;
• Exchanges between one or more forms of virtual assets;
• Transfers of virtual assets;
• Safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; and
• Participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.

The Joint FATF/Asia-Pacific Group on Money Laundering (APG) Mutual Evaluation Report of Japan was one of the first applications of these new requirements. This was fortuitous given Japan “has become the leader for developments in the virtual asset ecosystem and the mainstream adoption of virtual assets”¹ and regulatory authorities in the country had to act fast to respond to hacking of Mt Gox in 2014 and Coincheck in 2018. The Mutual Evaluation Report of Japan clarified two important aspects of how countries can implement the revised FATF Standards:

1. Regulation that broadly applies to the exchanging between virtual assets and fiat currencies, or between virtual assets, can capture ‘Initial Coin Offerings’², and
2. A country can only fulfil compliance with the revised FATF Standards, particularly the services relating to transfers of virtual assets and safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets, by regulating custodial wallet services.

Beyond the precedent set by the Mutual Evaluation Report of Japan, any proposed changes to the designated services table in the Act will need to address recent developments in the virtual asset ecosystem and will need to be carefully tailored to avoid unintended capture.

Recent developments and the design of the Act

The current definition of “digital currency” in the Act³ does not include tokens issued by or under the authority of a government body. While this is consistent with the FATF treatment of central-bank digital currencies (CBDC), the development and potential launch of an Australian CBDC may require amendments to the definition of “digital currency” or the definition of “money” in the Act that currently applies to “physical currency”.

Furthermore, any proposed changes to cover entities involved in safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets under the Act will need to be crafted so as not to apply to hardware wallet manufacturers or providers of unhosted wallets (i.e. those that do not hold the private keys of the users of the soft wallet). Each of these entities is viewed as “ancillary services” by the FATF and are specifically excluded from the scope of the definition.⁴ In addition, AGD may need to consider whether specialist stores that retail hardware wallets to customers should be considered in this category of “ancillary services” and therefore excluded from the reforms to the designated services table.

A designated service framed to cover transfers of virtual assets will also need to contemplate such activities being undertaken by law enforcement and national security agencies. With the rise of cybercrime and hacking activity, state and non-state actors continue to seek virtual assets as a form of ransomware payment. While law enforcement in Australia has demonstrated that it is up to the challenge, the search and seizure of these payments will necessarily involve the transfer of virtual assets from these nefarious groups to secure wallets held by agencies. This type of activity will need to be considered as part of the drafting of such a designated service, or in considering future exemptions to the Act.

Alignment with Treasury reforms

The Consultation Paper also states that “[t]hese reforms would be aligned with any future reforms in the crypto asset services sector being undertaken by Treasury to minimise duplication where possible.” One of the drivers of the Treasury reforms is a report prepared by the Select Committee on Australia as a Technology and Financial Centre into digital assets markets and regulation in October 2021 (Report).

The Report made 12 recommendations to develop Australia’s regulatory regime for digital assets and markets. This included the creation of a market licensing regime for digital currency exchanges and a custodial regime for companies holding digital assets for investors. As an initial step, the Report recommended the preparation of a token mapping exercise to determine the best way to characterise the various types of digital asset tokens in Australia.

In February 2023, the Treasury released a consultation paper to move forward with the token mapping exercise. This consultation paper noted that:

“After token mapping, licensing and custody reforms are the logical next step for crypto reforms in Australia.”

One key area of interaction with these reforms will be the extent to which the businesses that are caught by future reforms to the Act will be required to register with AUSTRAC. Currently, digital currency exchanges are required to register with AUSTRAC prior to providing customers with exchange services. This is a comprehensive process, which is focused on preventing criminal elements from entering the digital currency exchange sector. In deciding whether to accept an applicant’s request for registration, the AUSTRAC CEO has regard to, amongst other matters, the applicant’s involvement in significant money laundering, financing of terrorism or other serious crime risk, their compliance or non compliance of the applicant, or any other person, with the Act or any other law and the legal and beneficial ownership and control of the applicant, or any other person.

If the Australian Government proceeds to establish a market licensing and custody regime, then consideration will need to be given to whether this process is sufficiently rigorous to prevent criminal infiltration of a regulated participant and the regulated sector more broadly, or if the AUSTRAC CEO should be required to undertake the registration process that has already been established for digital currency exchanges.

As the consultation progresses on reforms to the Act, our expert Risk Advisory Team will provide updates on our dedicated Tranche 2 consultation page here. Our Team are able to assist should you need any assistance in responding to or understanding the implications of the consultation.