New FATF recommendation for sharing user data | Guido Lassally

Guido Lassally
6 min readJun 6, 2019

The impact on security token exchanges

The Financial Action Task Force (FATF), also known as Groupe d’action financière (GAFI), is an inter-governmental body and was started in 1989 by G7 countries. The original mission of FATF was to develop policies to combat the widespread problem of money laundering across international borders. As of now, FATF has 38 member countries and is also focused on stopping terrorism financing all over the world. Most of the bigger economies, The European Central Bank, the United Nations and other influential bodies are involved with activities of the FATF. The FATF recommendations are not binding, but are generally implemented at national levels by respective governments and central banks.

Recently, the FATF has made a recommendation requiring virtual asset service providers such as exchanges, crypto custodians and providers of financial services for Initial Coin Offerings (ICOs), to share their user data with governments and other central bodies. You can read about in details from here:

It will officially become a part of the FATF Standards in June 2019 and all member countries may choose to implement this recommendation.

In this article Autradety will try to analyse and explain the possible impact of FATF Recommendation16 on security token exchanges (STEs).

Before we start, we need to define and understand what ‘virtual assets’ are.
According to FATF, virtual assets are:

“digital representations of value that can be digitally traded or transferred and can be used for payment or investment purposes, including digital representations of value that function as a medium of exchange, a unit of account, and/or a store of value.”

Think of cryptocurrencies such as Bitcoin, Ethereum and all ICO tokens, but also loyalty points and the tokens with which purchases in video games such as World of Warcraft can be made. These are all virtual assets.

Guido Lassally, CEO of Autradety: “When it comes to ‘virtual assets’ there is not a lot of regulation and rules set by governments and banks yet. They are still struggling to catch-up with the fast pace at which digital economy and virtual tokens are exploding.”

Are security tokens virtual assets?
Security tokens are not virtual assets. They are transferable rights via the Blockchain that are regulated. In the United States of America, crypto tokens are called security tokens if they pass the Howey Test (named after the case of SEC against J.W. Howey in 1946). According to Howey test, security tokens must meet following three criteria:

✓ An investment of money
✓ In a joint venture
✓ With an expectation of profit that mainly comes from the efforts of others

Security tokens are also regulated in Europe because they are seen as a financial instrument. Legal and Blockchain experts agree that security tokens do not require additional European regulation. This conclusion was drawn following a discussion that took place on January 19, 2019 at the Protos Blockchain Summit in Zurich.

What is the impact of the recommendation on European security token exchanges?
According to Guido Lassally, Security Token Exchanges (STEs) are an essential part of the security token ecosystem. They provide professional STO investors with access to tokens and provide liquidity to the market. In Europe, STEs are subject to MiFID II (Markets in Financial Instruments Directive). This is a European directive that entered into force on January 3, 2018 and a revision of the European directive MiFID II introduced in 2007. The purpose of MiFID II is to make European financial markets more efficient and transparent and to increase investor protection.

With regard to transaction reports, MiFID II distinguishes between investment institutions and trading platforms (exchanges). Investment institutions act on behalf of a group of investors in financial instruments, such as shares or security tokens, with the proceeds being distributed. An investment institution must ensure that all transactions it carries out are reported to the regulator. It can do this itself or outsource it to a company that acts as an Approved Reporting Mechanism (ARM), and the transactions can also be reported via the trading platform on which the transactions were conducted.

Trading platforms are responsible for reporting transactions taking place on their platform by members who are not investment firms. This information must be reported to the supervisor fully, accurately and as quickly as possible (at the latest by the end of the following working day).

Personal data required in transaction
Customer’s personal data must also be reported for each transaction. For natural persons, a national passport number must be used when reporting. If the customer does not have a passport, a national identification number must be used. A legal entity identifier (LEI) must be used for legal entities.
For European Security token exchanges that follow the guidelines of MiFID II, the FATF recommendation will have little legal impact. After all, they are already obliged to share user data with governments. In fact, the recommendation might even lead to more customers.

Switch investors to European STE
To prevent money laundering and terrorism financing, every exchange is required to screen its customers through a Know-Your-Customer (KYC) check before they are allowed to trade on the platform. For non-regulated exchanges that do not have their KYC policies in order, the FATF recommendation can have major consequences. If a supervisor finds that cryptocurrencies have been traded by criminals, minors or other unauthorized persons, it can lead to hefty fines and even closure of the exchange. The new recommendation and its implementation might act as a positive push for professional investors and inspire them to switch to European security token exchange instead of investing in unregulated platforms.

What is the impact of the recommendation on U.S STEs?
STEs wishing to operate from the United States of America must register with the SEC, the US regulator, in accordance with Section 6 of the Securities Exchange Act (1934). Just like MiFID II, the Securities Exchange Act requires STEs to transfer all customer data transactions to the regulator in a timely manner.

Only future will tell the impact of FATF recommendation16 on U.S based STEs. There are currently no STEs registered with the SEC and it is highly doubtful whether this trend will change anytime soon. This is mainly due to uncertainty about the SEC’s policy on cryptocurrencies and exchanges. Since 2017, the SEC has stated that Bitcoin and Ethereum are not securities, but then that same year they fined a cryptocurrency exchange on which ERC20 tokens were traded, which were issued on the Ethereum blockchain.

According to the SEC, EtherDelta users placed more than 3.6 million cryptocurrency orders over a period of eighteen months. Some of these cryptocurrencies were seen as securities. This involved so-called DAO tokens that were issued on the Ethereum blockchain. DAO tokens are tokens from a Decentralized Autonomous Organization, or an organization that works independently without a person using smart contracts. The more tokens a person buys, the greater control they have over the course of the organization.

Because of the trading of the DAO tokens, the SEC should have had EtherDelta register as a trading platform or at least should have allowed them to request an exemption.

EtherDelta founder Clayton neither denies nor confirms the judgment of the SEC. He did, however, agree to cooperate in the process. He will repay the state $ 300,000 in illegal profits. He also agreed to pay the US state $ 13,000 in conservatory interest, plus a $ 75,000 fine. The SEC further states that it would have issued a higher fine if Clayton had not co-operated.

The FATF recommendation may work well for European STEs. They have nothing to fear from a legal point of view since they are already required by a law against money laundering to share their user data with the authorities. They can also benefit from taking over customers from non-regulated exchanges who do not have their KYC policies in order. The FATF recommendation might even make European STEs more attractive to new and cautious customers since now they will come across as exchanges that emphasize on quality, compliance and safety.

Autradety believes that there is a good chance that many unregulated exchanges will have to close their doors in the coming period. This will ensure that the chaff is separated from the wheat and will lead to further professionalization and streamlining of the blockchain and security token industry.



Guido Lassally

Guido Lassally is co-founder and CEO of Oxido Solutions — a Dutch company specialized in crypto trading bot solutions.