This is a very disturbing recommendation from the FATF (financial action taskforce) and could be implementen in June 2019…Especially important paragraph 7b
Scary for the privacy coins though…They want wallet providers, banks, exchanges to show the details of both senders AND receivers for each transaction…Goes against the GDPR if you ask me where the users should have the right to their own data
It’s for sure an interesting case but in many cases it makes sense.
For example IF a company doesn’t has detailed info on Sender/Receiver/Date/Amount/Reason than every company could fake their books if you think about it. This includes several different tax avoidance, faking the bilance and 101 other things that are illegal.
As soon as you have to declare something, be it to the tax department or similar it just must have these Sender/Receiver/Date/Amount/Reason or they can’t check it if needed.
About the GDPR, pretty sure it’s confirm with it as after a given amount of time, let’s say 5 or 10 years in which many companies (at least in europe have to keep all paper work/books/whatever) the data can get or even must get deleted.
Just some thoughts as it’s new land for everyone…
Someone trying to get their orders filled? ever heard of viewing keys?..and whats up with this non secure .org site? Sounds just like the Bitfinex subpoena thing, we know how that ended.
This comes back to the “travel” rule and it only applies to transactions over USD EUR 1000
If you’re a money transmitter in the United States you’re basically already subject to all of that anyways (and if you’re not you’re still subject to claiming taxes on anything over $600 I believe)
I’ve looked into crypto ATMs, OTCs, all of it requires liscenses (which is the easy part), aml / kyc, reporting everything including any suspicious activity which is predefined
Doable but it doesn’t really spark Joy
But yeah dont let this keep you awake,
Good points…Maybe I need to switch a button in my head about privacy/freedom…(For some unknown reason it doesn’t feel right though)
First thing I noticed too about that they didn’t have a non-secure site :). Very disappointing to see this on such an important international website
yeah… …they say it is about money laundring but it is about control and power…
Heres a FinCen pdf that fear mongers would prefer you not read
It basically says that although these financial institutions are required to collect and share this information with each other which ain’t nothing new here in the US, they are also very much required to, in good faith at least, protect it as well
That’s why Zcash is compliant because you can simultaneously encrypt all the information AND send the user information along in the memo to be verified at the other end
View keys would only make it even more so
(And you know I just thought about it it stands to reason that maybe the best way other coins could comply is to use zcash as that secondary channel to send the information!)
Just took the time with my morning tea to read the whole FATF paper. Below the interesting parts that directly adress privacy coins:
Initial Risk Assessment:
28. …Similarly, VA products or services that facilitate pseudonymous or anonymity-enhanced transactions also pose higher ML/TF risks, particularly if they inhibit a VASP’s ability to identify the beneficiary.
The latter is especially concerning in the context of VAs, which are cross-border in nature. If
customer identification and verification measures do not adequately address the risks associated with non-face-to-face or opaque transactions, the ML/TF risks increase, as does the
difficulty in tracing the associated funds and identifying transaction counterparties.
c) The specific types of VAs that the VASP offers or plans to offer and any unique
features of each VA, such as AECs, embedded mixers or tumblers, or other
products and services that may present higher risks by potentially obfuscating
the transactions or undermining a VASP’s ability to know its customers and
implement effective customer due diligence (CDD) and other AML/CFT
f) Exposure to Internet Protocol (IP) anonymizers such as The Onion Router
(TOR) or Invisible Internet Project (I2P), which may further obfuscate transactions or activities and inhibit a VASP’s ability to know its customers and implement effective AML/CFT measures;
FATF Definitions and Features of the VASP Sector Relevant for AML/CFT
- The FATF Recommendations require all jurisdictions to impose specified AML/CFT
requirements on FIs and DNFBPs and ensure their compliance with those obligations. In the
Glossary, the FATF defines:
a) “Financial institution” as any natural or legal person who conducts as a business one or more of several specified activities or operations for or on behalf of a customer;
b) “Virtual asset” as a digital representation of value that can be digitally traded
or transferred and can be used for payment or investment purposes.
c) “Virtual asset service provider” as any natural or legal person who is not
covered elsewhere under the Recommendations and as a business conducts
one or more of the following activities or operations for or on behalf of another
natural or legal person:
i. Exchange between virtual assets and fiat currencies;
ii. Exchange between one or more forms of virtual assets;
iii. Transfer of virtual assets; and
iv. Safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets;
v. Participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.
Notably, the scope of the FATF definition includes both virtual-to-virtual and virtual-to-fiat
transactions or financial activities or operations.
A VASP may fall into one or more of the five categories of activity or operation described under
the VASP definition (i.e., “exchange” of virtual/fiat, “exchange” of virtual/virtual, “transfer,”
“safekeeping and/or administration,” and “participation in and provision of financial services
related to an issuer’s offer and/or sale”).
…Rather, the VA and VASP definitions are intended to capture specific financial activities and
functions (i.e., transfer, exchange, safekeeping and administration, issuance, etc.) and assets
that are fungible—whether virtual-to-virtual or virtual-to-fiat.
Similarly, AML/CFT regulations will apply to covered VA activities and VASPs, regardless of
the type of VA involved in the financial activity (e.g., a VASP that uses or offers AECs to its
customers for various financial transactions), the underlying technology, or the additional
services that the platform potentially incorporates (such as a mixer or tumbler or other
potential features for obfuscation).
Due to the potential for increased anonymity or obfuscation of VA financial flows and the challenges associated with conducting effective customer identification and verification, VAs and VASPs in general may be regarded as higher ML/TF risks that may potentially require the application of enhanced due diligence measures, where appropriate.
A jurisdiction has the discretion to prohibit VA activities or VASPs, based on their assessment
of risk and national regulatory context or in order to support other policy goals not addressed
in this Guidance …
As discussed previously, VAs have certain characteristics that may make them more
susceptible to abuse by criminals, money launderers, terrorist financiers, and other illicit
actors, including their global reach, capacity for rapid settlement, ability to enable “individual
user-to-individual user” transactions (sometimes referred to as “peer-to-peer”), and potential
for increased anonymity and obfuscation of transaction flows and counterparties. In light of
these characteristics, countries may therefore go further than what Recommendation 10
requires by requiring full CDD for all transactions involving VAs or performed by VASPs (as
well as other obliged entities, such as banks that engage in VA activities), including “occasional
transactions” below the USD/EUR 1 000 threshold, in line with their national legal
frameworks. Such an approach is consistent with the risk-based approach set out in
Recommendation 1, provided that it is justified on the basis of the country’s assessment of
risks (e.g., through the identification of higher risks). Additionally, jurisdictions, in establishing
their regulatory and supervisory regimes, should consider how the VASP can determine and
ensure that the transactions are in fact only conducted on a one-off or occasional basis rather
than a more consistent (i.e., non-occasional) basis.
Countries also should consider the risk factors associated with the VA product, service,
transaction, or delivery channel, including whether the activity involves pseudonymous or
“anonymous transactions,” “non-face-to-face business relationships or transactions,” and/or
“payment[s] received from unknown or un-associated third parties” (see INR. 10 15© as well
as the examples of higher and lower risk indicators listed in paragraph 31 of this Guidance).
The fact that nearly all VAs include one or more of these features or characteristics may result
in countries determining that activities in this space are inherently higher risk, based on the
very nature of VA products, services, transactions, or delivery mechanisms.
In these and other cases, the enhanced due diligence (EDD) measures that may mitigate the
potentially higher risks associated with the aforementioned factors include:
a) corroborating the identity information received from the customer, such as a
national identity number, with information in third-party databases or other
b) potentially tracing the customer’s IP address; and
c) searching the Internet for corroborating activity information consistent with
the customer’s transaction profile, provided that the data collection is in line
with national privacy legislation.
Countries also should consider the enhanced CDD measures detailed in INR. 10, paragraph 20,
including obtaining additional information on the customer and intended nature of the
business relationship, obtaining information on the source of funds of the customer, obtaining
information on the reasons for intended or performed transactions, and conducting enhanced
monitoring of the relationship. Additionally, countries should consider the measures required
for FIs that engage in fiat-denominated activity that is non-face-to-face (such as mobile services) or that is comparable to VA transactions in assessing their risks and developing
mitigating controls accordingly
For example, the information available on the blockchain or other type of distributed ledger
may enable relevant authorities to trace transactions back to a wallet address, though may not
readily link the wallet address to the name of an individual. The wallet address contains a user
code that serves as a digital signature in the distributed ledger (i.e., a private key) in the form
of a unique string of numbers and letters. However, additional information will be necessary
to associate the address to a real or natural person.
stopping here as it would get way to long …
full text here: