How does the latest FATF virtual asset regulatory guidance view DeFi, NFTs, and stablecoins?

Author: Richard Lee
On October 28, the Financial Action Task Force (FATF), the global anti-money laundering regulatory body, released an updated version of its virtual asset regulatory guidelines, which includes regulatory opinions on NFTs, DeFi, stablecoins, and P2P (peer-to-peer) transactions, providing a glimpse into future regulatory trends.
FATF is an intergovernmental organization responsible for global anti-money laundering and counter-terrorism financing regulation. Although FATF does not have judicial enforcement power, its action standards are often adopted by multiple countries. FATF first published virtual asset regulatory guidelines in 2019 to address the risks posed by cryptocurrency technology. A report in July this year indicated that 58 jurisdictions worldwide have implemented FATF's cryptocurrency regulatory standards.
Are NFTs and DeFi included in the regulatory scope?
The definitions of virtual assets (VA) and virtual asset service providers (VASP) determine the scope of FATF's regulatory standards. The latest FATF guidelines primarily define virtual assets based on "interchangeability."
The guidelines state that due to the "non-interchangeability" of NFTs (i.e., their value is difficult to transfer), "NFTs" are generally not considered virtual assets. However, FATF also indicated that if NFTs are used for payment or investment purposes in practice, they will fall under the regulatory scope of "virtual assets."
"It is important to consider the nature of NFTs and their role in practice, rather than professional or marketing terminology," the guidelines state.
DeFi applications, such as decentralized exchanges, have always been a focus of cryptocurrency regulation.
According to the guidelines, Dapps themselves are not considered virtual asset service providers under FATF standards; "however, creators, owners, and operators (or certain others who maintain control or significant influence in DeFi arrangements) … may fall under FATF's definition of VASP."
FATF believes that even if these applications or platforms typically operate in a decentralized manner, "there is usually still a central party with some form of participation or control measures," such as creating and issuing virtual assets, developing DApp functionalities, and user interfaces. In other words, taking Uniswap as an example, Uniswap, as a decentralized exchange platform integrated with underlying technology, cannot be included under regulatory standards, but its development team, Uniswap Labs, is a regulated entity under FATF standards.
It is worth noting that in cases where a DeFi application has no central owner or operator, FATF also suggests that countries can monitor risks by engaging with representatives from the DeFi community.
In addition to NFTs and DeFi, the FATF guidelines also clarify that auxiliary entities responsible for verifying signature accuracy, providing cloud data storage services, etc., are generally not within the regulatory scope, which is a positive for the decentralized storage sector.
What types of stablecoins are more likely to be regulated?
FATF states that some stablecoin projects may increase the risks of money laundering and terrorist financing.
According to its guidelines, whether centralized or decentralized stablecoins, as long as a central developer or corresponding governance body can be identified, the latter will be treated as a VASP and subjected to FATF's regulatory standards.
Specific recommended measures include incorporating money laundering and terrorist financing (ML/TF) risk assessments and risk mitigation into the licensing or registration process for stablecoin issuers. This also means that if this recommendation is adopted, the issuing entity or governance body of a new stablecoin must undergo the aforementioned risk assessment checks before the stablecoin is officially issued.
An important question is, which categories of stablecoins are more likely to attract the "attention" of regulators?
Stablecoins like USDT, USDC, and DAI that are "mass adopted" may be the first to receive regulatory notifications.
FATF analyzes that "mass adoption" is an important ML/TF risk factor because the ability of criminals to use virtual assets as a means of exchange largely depends on their liquidity and free exchange; only assets that are "mass adopted" possess this characteristic.
"In the licensing or registration process and risk assessment of VASPs, the possibility of 'mass adoption' should be considered an important factor," the guidelines summarize.
Furthermore, given the free cross-border circulation of virtual assets, FATF emphasizes that international cooperation is crucial in the regulation of stablecoins.
How to mitigate the risks of P2P transactions?
A transfer of an asset from one Metamask wallet to another wallet address, completed entirely by two individuals spontaneously without involving any intermediary service providers, is defined by FATF as a P2P transaction.
Unlike the traditionally negative attitude of regulators towards P2P transactions, FATF's latest guidelines suggest that the "visibility" of such transactions on public blockchain networks may aid financial analysis and law enforcement investigations, especially when combined with other information sources.
For measures that can be taken, FATF recommends that P2P transaction risks should be monitored in a continuous and proactive manner. Similar risk mitigation measures also apply to stablecoins where identifiable operating entities cannot be found.
Some of the measures include: regulators developing blockchain analysis methods and tools to collect and assess market indicators, determine risk mitigation solutions, and identify suspicious behaviors; engaging with programmers/developers in the field; conducting on-site inspections and off-site supervision of service providers, focusing on transactions between non-custodial wallets.