Cryptocurrency Companies Face Revised FATF Guidelines: What Changes Must Digital Currency Businesses Adapt to Survive?
The Financial Action Task Force (FATF) has finalised a new regulation aimed at preventing cryptocurrencies from being used for money laundering and terrorism financing. The new rules primarily affect virtual asset service companies, including exchanges, funds, and custodians, and establish comprehensive Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) standards.
The regulation requires virtual asset service providers (VASPs) to comply with the same AML/CFT obligations as traditional financial institutions. This includes robust Customer Due Diligence (CDD) and Know Your Customer (KYC) processes to verify identities, check beneficial ownership, and monitor transactions continuously for suspicious activities.
Under the FATF's Travel Rule, VASPs must collect, retain, and transmit originator and beneficiary information for virtual asset transfers above a specified threshold. This enables traceability across services to prevent money laundering and terrorism financing. Jurisdictions implement thresholds variably, with some, like the EU, enforcing a zero-threshold (i.e., all transfers).
The FATF mandates that jurisdictions license and supervise VASPs to ensure regulatory compliance. However, global oversight gaps persist, particularly concerning decentralized finance (DeFi) and offshore providers. The 2025 FATF update stressed the urgent need to close these loopholes and enhance supervision globally.
The FATF requires VASPs to adopt a risk-based approach (RBA) to AML/CFT. This involves identifying and assessing risks across customers, products, geographies, and transaction types. VASPs should apply Enhanced Due Diligence (EDD) for high-risk customers and simplified due diligence for low-risk ones. Continuous transaction monitoring using advanced analytics is also essential to detect suspicious activity.
VASPs must maintain transaction records typically for at least five years (sometimes longer), and report suspicious transactions to authorities as part of ongoing AML/CFT obligations.
In summary, the FATF's 2025 targeted updates sharpen and reinforce global AML/CFT standards for VASPs by highlighting the necessity of effective KYC, customer data sharing (Travel Rule), licensing, and a dynamic risk-based approach that adapts to innovations in virtual asset services and emerging risks worldwide.
The new FATF regulation, focusing on virtual asset service providers (VASPs), extends AML/CFT obligations to the business sphere of technology, requiring them to follow strict KYC and CDD processes similar to traditional financial institutions. Additionally, this regulation also introduces the Travel Rule for virtual asset transfers, which emphasizes the importance of technology in facilitating information sharing and preventing money laundering and terrorism financing.
