Challenges Remain for VASPs as Regulators Ready New Round of Policing

Tim Alper
Last updated: | 3 min read

International bodies representing virtual asset service providers (VASPs) are braced for a whole new set of regulatory hurdles – and seemingly face a race against time to prepare industry-wide standardization before regulators unleash another barrage of policing measures on crypto exchanges and other industry players next year.

Source: Adobe/leszekglasner

Speaking at a panel session for industry groups at the V20, a summit that brings together regulators and crypto industry players, industry representatives championed the IVMS (interVASP Messaging Standard) 101 standard, a standard data model that VASPs can use when transmitting required originator and beneficiary information on crypto transactions.

The IVMS 101 was put together in an 18-week period following the inaugural V20 meeting with regulators on the fringes of the G20 summit in Osaka last year as a response to the Travel Rule, a key Financial Action Task Force (FATF) recommendation that requires VASPs to abide by financial industry-like Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT) protocols.

But although V20 attendees were briefed on some of the available Travel Rule solutions available and applauded the masterminds of IVMS 101, panelists appeared under no illusion as to the scale of the regulatory challenge ahead.

David Riegelnig, the Head of Risk Management at Bitcoin Suisse and the President of the OpenVASP Association, warned,

“We need to be aware of the many topics not covered by IVMS, such as how [individual VASPs] can cope with errors and how verification works in each case.”

Riegelnig added,

“As great as it is that we have unifying standards, we need to be aware that the crypto industry is fast-moving, fast developing, and that there are so many different use-cases.”

Siân Jones, a Senior Partner at XREG Consulting and one of the chief architects of the standardization efforts, agreed that there was a need for “a common language and standards” and opined that “an IVMS 2, 3 and 4 may emerge soon,” with a number of proposed amendments and extensions already tabled for discussion later today – and in the months ahead.”

Crypto industry insiders are already bracing for the worst after the FATF spoke earlier this week about its plans to potentially issue a brand new, updated set of guidelines in June 2021, with peer-to-peer platforms set to fall under the spotlight.

Jones added,

“The industry has shown that it could collaborate in ways it has not previously done. […] But there is a wider need for a single, overarching voice – that will help [the industry] engage with FATF and other multinational organizations in an infinitely more powerful manner.”

But Dave Jevans, the Chief Executive Officer at Ciphertrace and the Chair of the Travel Rule Information Sharing Alliance, had a starker warning, stating,

“Five years from now, we will be facing other [regulatory] issues pertaining to non-custodial wallets, private wallets and more – if they are going to be regulated, it will be massive. It will make the work done over [recent] months look like child’s play.”

Andrew Davidson, the Head of Architecture & Strategy at Asian brokerage OSL and the Chair of the Travel Rule Protocol Working Group, another industry group of crypto players preparing for Travel Rule compliance, opined that the “biggest challenge” was still the “sunrise issue,” whereby countries are set to implement the Travel Rule months or even years apart.

Davidson added that it was “important to make sure we don’t go too far off the beaten path” with standardization as regulations “may change in the future.”

And Malcolm Wright, the Chair of the Advisory Council at the Global Digital Finance standardization group, stated that the “next layer” of his and the other groups’ work would need to focus on “how to operationalize within the timeframe of June next year.”

He identified three action areas, namely,

1. A global VASP directory needed, to help parties understand if other VASPs are licensed; what protocols they use. This needs to be frictionless for customers; and perhaps standardization is needed here too?
2. A data security standard – what happens to data after it has been sent from A to B? How do customers know their data is secure and encrypted? Parties need to ensure that data transmission and storage protocols are equally secure.
3. Improved screening for sanctions – a set of best-practice guidelines may be needed here, rather than a set of standards.

The V20 summit concludes later today.

Learn more:
Pakistani Regulator Shows Positive Signs To Growing Local Crypto Market
FATF Signals More Pressure on Crypto Industry As It Moves ‘Too Slow’
SWIFT-based FATF Rules Poor Fit for Crypto Industry, Says V20 Speaker