DeFi and FATF, VASPs, & The Travel Rule

January 31, 2024

DeFi companies: Are you a VASP? Are you subject to the Travel Rule? What does that mean by Jurisdiction?

DeFi market participants may be classified as a VASP depending on context and as such may be subject to regulatory obligations related to the travel rule. By way of background, FATF defines VASPs as the following: any natural or legal person who is not covered elsewhere under the Recommendations and as a business, conducts one or more of the following activities or operations for or on behalf of another natural or legal person:

  • the exchange between virtual assets and fiat currencies;
  • the exchange between one or more forms of virtual assets;
  • transfer of virtual assets;
  • participation in and provision of financial services related to an issuer’s offer and/or sale of avirtual asset. (FATF. 2021b, p. 109)

More specifically for DeFi, FATF states:

A DeFi application (i.e. the software program) is not a VASP under the FATF standards, as the Standards do not apply to underlying software or technology. However, creators, owners and operators or some other persons who maintain control or sufficient influence in the DeFi arrangements, even if those arrangements seem decentralized, may fall under the FATF definition of a VASP where they are providing or actively facilitating VASP services. (FATF. 2021b, p. 27, para. 67)

Chainalysis highlights in a recent blog some of the specific jurisdictions regulating this unhosted wallet activity and their differences, i.e.

For instance, in the EU, UK and Gibraltar, VASPs are required to collect the unhosted wallet’s information from their client. In Singapore and Germany, VASPs need to verify the identity of the unhosted wallet owner. In Liechtenstein, VASPs are required to perform enhanced due diligence, while in Switzerland, they need to verify identity as well as proof of ownership.

Many in the cryptocurrency community have expressed concerns about these measurements, stating that since the blockchain is already a public network, sharing personal information behind an unhosted wallet will reveal the complete transaction history of that client, surpassing much more the amount of information that Travel Rule
collects from traditional financial institutions.