Meet FATF: The Financial Bullies Memberclub Trying To KYC The Planet
There's assholes, and then there's FATF.
The Financial Action Task Force is an intergovernmental body created in 1989 to "combat money laundering and terrorist financing". In its thirty-plus years of existence, FATF has bullied countless countries into exclusionary financial policies. Now it's coming for your bitcoin.
The past week has been devastating for Bitcoin privacy. The indictment of the founders of the non-custodial Bitcoin privacy wallet Samourai Wallet on unlicensed money transmission charges by the US Department of Justice – despite clear policy to the contrary – caused complete regulatory unertainty.
Samourai's servers, based in Iceland, have been seized, the privacy wallet Wasabi Wallet is shutting down its services, even non-custodial Lightning operators have announced their depature from US markets.
The DOJ's attacks on financial privacy have since been widely scrutinized, with legal experts going as far as deeming their practice unconstitutional. We cannot help but wonder: what on gods green earth moves the DOJ to argue against its own government's policies? Meet: FATF.
FATF is not your average regulatory institution. For one, because it has no regulatory powers. FATF doesn't write laws or regulations, but its standards, known as 'recommendations', influence AML/CFT policies around the world.
FATF is, essentially, a members club. Currently, FATF consists of 38 member countries, including the US, the UK, Israel, and many EU member countries, as well as nine associate members, forming dedicated groups to ensure the adoption and enforcement of FATF AML/CFT standards.
Since 2019, FATF ministers, comprised of representatives of FATF member countries, including ministers of finance, ministers of justice, and heads of financial intelligence units, have granted the task force an open-ended mandate of operation.
To become a FATF member, countries grant FATF so-called observerships. FATF observers include financial institutions, such as the European Central Bank, the IMF, and the World Bank, as well as law enforcement agencies, such as Europol and Interpol.
FATF applicants go through a mutual evaluation process to assess a country's current implementation of AML/CFT policies. If the evaluation is statisfactory, the country is granted membership. If it isn't, countries are expected to provide ministerial commitments to better AML/CFT efforts in accordance with FATF standards.
Now, you're probably wondering why any country would care what another country's minister thinks of its AML/CFT implementations. This is where the crux of FATF comes in.
FATF regional bodies, or FSRBs – short for Financial Action Task Force-style Regional Bodies – regularly assess jurisdictions deemed to pose significant risks to the global financial system. FATF then bullies countries into submission to apply FATF standard policies by placing them on FATF 'black-' and 'greylists'.
FATF lists, officially titled the 'FATF Non-Cooperative Countries and Territories List' and the 'FATF List of Jurisdictions Under Increased Monitoring', aim to fullfill FATF's primary objective: the "full and effective implementation of the FATF Recommendations by all countries."
When a country is placed on the FATF blacklist, FATF members, and those looking to remain in the Task Force's favor, are effectively excluded from conducting commerce with blacklisted countries. Unless, of course, they want to land on a FATF list too.
FATF lists are extremely efficient, as FATF members hold the majority of world GDP. FATF policies, however, are not. As a recent AML proposal shows, after more than three decades of FATF recommendations, 99% of criminal profits still escape confiscation.
This week, the EU is set to update its AML/CFT policies in accordance with FATF recommendations. The law package introduces far-reaching AML/CFT regulations mandating custodial service providers to implement KYC, banning the offering of privacy coins, and implementing due diligence and KYC procedures for transactions between non-custodial and custodial wallets, in addition to a ban on commercial, anonymous cash transactions over €3.000 and a ban on all commercial cash transactions over €10.000. Similar regulations are currently being proposed in the US.
Now FATF is coming for your bitcoin.
Now FATF is taking on bitcoin, and its first order of business seems to be the blurring of lines between custodial and non-custodial services; despite the fact that non-custodial services have been clearly excluded from money transmission classifications due to their lack of control over user funds.
As FinCEN's 2019 guideline on 'Convertible Virtual Currencies' reads: A cryptocurrency wallet provider is to be classified as a money transmitter if "the host has total independent control over the value (although it is contractually obligated to access the value only on instructions from the owner)."
FATF seems to see this differently. According to FATF's updated guidance for a risk-based approach to virtual assets and virtual asset service providers, even a non-custodial service can be deemed a 'Virtual Asset Service Provider' – and therefore a money transmitter – if it has "control or sufficient influence [...] over aspects of the service’s protocol, and the existence of an ongoing business relationship between themselves and users."
FATF's guidance appears eerily aligned with the DOJ's argumentation in both the Samourai Wallet and the Tornado Cash cases, which attempt to deem both non-custodial services unlicensed money transmitters.
It's been widely pointed out that the Samourai indictment is riddled with technical inaccuracies. It alleges that Samourai is a mixer (it's not), that Samourai creates new addresses for users (it doesn't), that Samourai broadcasts transactions for users (it mostly doesn't), and that operators take fees for profit (they don't).
After 14 years of Bitcoin, let us rejoice for a moment at the thought of federal agents dwelling in their depression-cubicles still going bro, how the fuck do bitcoins work.
However, the indictment is correct in stating that Samourai operated a centralized server controlling the protocol, and that this server, as well as the services provided, were operated in exchange for a fee.
In the Tornado Cash case, prosecutors go as far as challenging the meaning of the term 'transfer' directly, which has brought us the wonderful frying pan memes (surely the DOJ was not ready for cast iron Twitter).
It seems that these are the exact same arguments FATF is making to classify non-custodial services as money transmitters, in which control over a protocol and the offering of a service in exchange for a fee is enough to submit you to full FATF tyranny. And it doesn't stop there.
FATF guidance states that even decentralized services can have "a central party with some measure of involvement of control," such as "developing user interfaces for accounts holding an administrative "key"."
Again, the same argumentation can be found in the Tornado Cash case, in which the DOJ alleges that: "The UI could have been designed – or modified at any time – to maintain a copy of the secret note."
FATF guidance further states that control over assets must not be "unilateral". According to FATF, "'Control' can include circumstances where keys or credentials held by others are required to exchange the asset's disposition, such as multi-signature processes.
As Peter van Valkenburgh of the advocacy group CoinCenter points out, the DOJ's attacks on non-custodial services are "an insidious development that appears to be nothing less than regulation by criminal enforcement." Except that its not their own regulation. It's FATF's.