Cryptocurrency: War On Crypto - Govts Planning Global Coordinated Regulation

grarpamp grarpamp at
Thu Oct 27 23:28:42 PDT 2022

The worlds’ wealthiest nations are aiming for cryptos, restricting,
amongst others, the following:

    Peer-to-Peer Transactions;
    Private wallets (cold storage, phone and desktop apps);
    Privacy (privacy coins, mixers, Decentralized exchanges, use of
TOR and I2P);
    Former ICOs and Future Projects (DeFi, NFT, smart contacts, second
layer solutions, and much more).

In addition, these new regulations intend to:

    Force those active in crypto to be licensed and regulated as banks
(responsible for KYC and transaction tracking);
    Create full transparency for ALL transactions;
    Exclude and freeze assets of persons, activities, and countries
labeled a “risk;”
    Force the inclusion of user information with all transactions;
    Revoke the license of those who don’t comply.

In short: they want to change the way the space can operate. As you’ll
discover, the regulation rolled out aim to create a system of complete
transparency and control.

At the same time, regulatory clarity could pave the way for the next
stage of adoption.

What Can You Get from This Due Diligence

For years, we wondered if governments would “ban Bitcoin.” As it turns
out, they will not. Instead, they intent to simply absorb cryptos into
the existing regulated financial system.

This due diligence is based on new international regulations. This DD
reveals exactly what the coming regulations mean for cryptos, who is
behind them, and how they will be implemented. Next, this DD
highlights the most revealing and stunning clauses. And finally, it
summarizes which activities are likely to thrive and which are bound
to suffer, so that you can prepare yourself.

Why Now?

In 2018, the news that Facebook was creating a crypto currency shocked
international regulators. Until then, they didn’t see cryptos as a
risk to the stability of the global financial system. However, Libra,
the coin Facebook proposed, was a so-called stablecoin; it maintains
its value relative to fiat currencies such as the USD. They quickly
realized what would happen when a company with a billion users creates
an instant payment system that is cheaper, faster and more
user-friendly than the current financial system.

This topic was discussed at the highest levels of government; the G20,
an international forum for the governments and central bank governors
from 19 countries and the European Union. They engaged an organization
called the Financial Action Task Force (FATF).

This organization has passed similar legislation for banking and
financial service providers around the world. They are responsible for
the fact that all crypto-currency exchanges where fiat is exchanged
for cryptos have the same KYC and anti-money laundering requirements
as banks. Now, they are going to use this framework to focus on the
elements of the industry currently outside their control, and declare
what is, and isn’t acceptable.

New Guidance on Bitcoin and Cryptos

The latest draft guidance of the FATF, to be implemented in July 2021,
is called “Guidance for a risk-based approach to virtual assets and
VASPs” (GVA) [1]. This DD is based on this GVA.

As you will learn, they have a deep understanding of what is happening
in the space. Moreover, they take the expansive view that “most
arrangements currently in operation,” including “self-categorized P2P
platforms” may have a “party involved at some stage of the product’s
development and launch” who will be covered by this new legislation.
(GVA, p29)

Why do the FATF regulations have global reach?

Since FATF isn’t an official government agency of any country, they
cannot create law. They issue what is known as “soft-laws”:
recommendations and guidance. Only when this guidance is implemented
in the laws of the countries, they become “hard-laws” with real power.

In theory, they are thus subjected to the formal law-making process of
law-giving countries. However, countries that don’t participate are
placed on a list of “non-cooperative jurisdictions.” They then face
restricted access to the financial system and ostracism from the
international community. For this reason, almost all nations implement
these recommendations.

It also must be said that national governments, especially in the
Western world, highly value this kind of international cooperation and
the power it gives them. Many such treaties are passed into law with
little opposition or delay.

Once these treaties are accepted, they become part of a body of law
called international law, a type of law in many cases superseding
national laws. Unknown to the general public, international law is
increasingly being used as a backdoor for passing invasive regulations
such as these.

It must be noted that people working for this Paris-based organization
are faceless bureaucrats who have not been elected, their procedures
and budget are not subjected to democratic oversight, and they are
almost impossible to remove from power. Like most international
organizations, they fall under the Vienna Conference on Diplomatic
Intercourse and Immunities.[2] As such, they enjoy immunity for their
actions, are exempt from administrative burdens in the countries they
are active, such as taxes, and free from most COVID travel

When will this “Guidance” be Implemented?

The GVA was published in March to be subjected to public consultation.
This gives it the appearance of the public having a say in the
implementation of it, but when you read it carefully they will
consider feedback only on “relevant issues” they themselves selected.
Other feedback might be considered in the next review in 12 months (by
then, most current recommendations will likely have been passed into
law). In other words, this will be it, with minor adjustments.

June 2021 FATF previewed all feedback and July 2021 these new
“recommendations” would become official. However, last Friday, June
25, FATF postponed the finalization of the recommendations to October
2021. From that day forwards, we can expect these recommendations to
start being implemented in our national legal systems, and as such,
start affecting our lives.

This process has been successfully used in the banking system and tax
systems―it is now coming for crypto. It is worth noting that
individual countries might decide on even more specific or explicit
prohibitions on top of this. It is also worth noting that these
regulations do not apply to central bank-issued digital currencies.

How Will Cryptos Be Regulated?

Before we can understand how FATF proposes to regulate cryptos, we
must learn what they mean when they talk about a Virtual Asset:

“A virtual asset is a digital representation of value that can be
digitally traded, or transferred, and can be used for payment or
investment purposes. Virtual assets do not include digital
representations of fiat currencies, securities and other financial
assets that are already covered elsewhere in the FATF
Recommendations.” (GVA, p98)

Cryptos will not be outright banned. They will be regulated via an
indirect method; those who facilitate virtual asset transactions, are
designated as a Virtual Asset Service Provider, or VASP.

Next, all VASPs will be subjected to similar regulation as banks. The
definition of VASP is so wide that most current projects in the crypto
space are covered by it.

Definition of a VASP:

*“*VASP: Virtual asset service provider means any natural or legal
person who [...] as a business conducts one or more of the following
activities or operations for or on behalf of another natural or legal

    exchange between virtual assets and fiat currencies;
    exchange between one or more forms of virtual assets;
    transfer of virtual assets (In this context of virtual assets,
transfer means to conduct a transaction on behalf of another natural
or legal person that moves a virtual asset from one virtual asset
address or account to another.);
    safekeeping and/or administration of virtual assets or instruments
enabling control over virtual assets; and
    participation in and provision of financial services related to an
issuer’s offer and/or sale of a virtual asset.” (GVA, p18)

Many Organizations and Individuals Will Be Designated as VASPs:

A VASP is any natural or legal person, and “the obligations in the
FATF Standards stem from the underlying financial services offered
without regard to an entity’s operational model, technological tools,
ledger design, or any other operating feature.” (GVA, p21)

The expansiveness of these definitions represents a conscious choice
by the FATF. “Despite changing terminology and innovative business
models developed in this sector, the FATF envisions very few VA
arrangements will form and operate without a VASP involved at some
stage.” (GVA, p29)

For those wondering if they are a VASP, the following general
questions can help guide the answer:

    “who profits from the use of the service or asset;
    who established and can change the rules;
    who can make decisions affecting operations;
    who generated and drove the creation and launch of a product or service;
    who possesses and controls the data on its operations; and
    who could shut down the product or service.

Individual situations will vary and this list offers only some
examples.” (GVA, p30)

What Are VASPs Obliged to Do?

All VASPs will be forced to implement KYC legislation and monitor
transactions. They become fully regulated entities who need to obtain
a license. Individuals can also be labeled a VASP.

The real kicker is that all activities not part of the regulated
system are labeled as “high-risk.” And as such, those performing such
activities become high-risk persons, which could have repercussions
for accessing the wider financial system.

It is important to understand that most peer-to-peer activities
themselves will not be banned (although individual countries may do so
on their own accord).

However, transactions with a “high-risk” background will be tainted
and scrutinized. Exchanges risk losing their license if they deal with
them, and many will simply choose not to allow them. It might get to a
point where proceeds from certain peer-to-peer transactions or private
wallets are no longer usable in the financial system, at least not
without extensive due diligence.

New Government Organizations for Overseeing the Crypto Market

Every country should assign a “competent authority” to monitor the
crypto space and communicate with competent authorities in other
countries: “VASPs should be supervised or monitored by a competent
authority, not a self-regulatory body (SRB), which should conduct
risk-based supervision or monitoring.” (GVA, p45)

This can be an existing regulatory body, such as a central bank or a
tax authority, or a specialist VASP supervisor. (GVA, p91)

What Activities Will Be Regulated?

This chapter highlights crypto activities, currently considered
completely normal, and details how they are to be regulated.


Peer-to-Peer transactions: transactions without the involvement of a
VASP. They are not subjected to regulation, but are a “risk.” That’s
why the FATF recommends increased monitoring and restriction of this
kind of activity, and possibly reject licensing VASPs that engage in


Stablecoins: are considered a major risk because they think they are
more likely to reach mass adoption. They may be targeted at the level
of the central developer or governance body, which will be held
accountable for the implementation of these recommendations across
their ecosystem.


Unhosted Wallets: Commonly used private wallets are called: “unhosted
wallets.” As mentioned, the FATF suggests denying licensing VASPs “if
they allow transactions to/from non-obliged entities (i.e., private /
unhosted wallets).” (GVA, p37) VASPS should also “treat such VA
transfers as higher risk transactions that require enhanced scrutiny
and limitations.” (GVA, p60)


Client Information to Collect by VASPs: all VASPs should collect
information on their clients such as the customer’s name and further
identifiers such as physical address, date of birth, and a unique
national identifier number (e.g., national identity number or passport
number). VASPs should conduct ongoing due diligence on the business
relationship and the customer’s financial activities.


Travel Rule: FATF recommends applying traditional bank wire transfer
requirements on crypto currency transactions; this is called the
travel rule.

It includes the obligation to obtain, hold, and transmit required
originator and beneficiary information associated with VA transfers in
order to identify and report suspicious transactions, take freezing
actions, and prohibit transactions with designated persons and

Information accompanying all qualifying transfers should always contain:

    “the name of the originator;
    the originator account number where such an account is used to
process the transaction;
    the originator’s address, or national identity number, or customer
identification number, or date and place of birth;
    the name of the beneficiary; and
    the beneficiary account number where such an account is used to
process the transaction.” (GVA, p53)


Instant transfer of ID information tied to transactions: Obliged
entities should submit the required information simultaneously with
the batch VA transfer, although the required information need not be
recorded on the blockchain or other Distributed Ledged Technology
(DLT) platform itself.


Categorize Clients and Activities According to their level of Risk: VA
and VASP activity will be subject to a “Risk-Based Approach.” In
practice, this means that each client and activity is categorized by
their risk level. Risk levels are determined based on a variety of
factors. Persons or activities considered a risk can see enhanced due
diligence and even their ability to use VASPs reduced.


Ongoing Transaction Monitoring: Every customer is assigned a risk
profile. Based on this profile, customer transactions will be
monitored to determine whether those transactions are consistent with
the VASP’s information about the customer and the nature and purpose
of the business relationship.


Transactions tight to Digital IDs: In the future, VA transactions
might need to be subject to digital identity regulations, also being
developed by the FATF.


Freezing of Assets: Cryptos can be frozen when the holder is suspect
of a crime, as part of other investigations, when the VA is related to
terrorist financing, and when related to financial sanctions. The
freezing of VAs will happen regardless of the property laws of
national legal frameworks, and it will not be necessary that a person
be convicted of a crime.


Anonymity-Enhanced Cryptocurrencies (AECs) and Privacy Tools: The GVA
specifically targets tools intended to improve privacy, such as:
anonymity-enhanced cryptocurrencies (AECs) such as Monero, mixers and
tumblers, decentralized platforms and exchanges, use of the Internet
Protocol (IP) anonymizers such as The Onion Router (TOR), the
Invisible Internet Project (I2P) and other darknets, which may further
obfuscate transactions or activities.

This includes “new illicit financing typologies” [Author: DeFI?], and
the increasing use of virtual-to-virtual layering schemes that attempt
to further obfuscate transactions in a comparatively easy, cheap, and
secure manner” [Author: Lighting, Schnorr, Taproot?]. (GVA, p6)

And if a VASP “cannot manage and mitigate the risks posed by engaging
in such activities, then the VASP should not be permitted to engage in
such activities.” (GVA, p51)


Obligations to get a License for all VASPs: The GVA intends to subject
all VASPs to a licensing scheme: “at a minimum, VASPs should be
required to be licensed or registered in the jurisdiction(s) where
they are created.” (GVA, p40)

Moreover, each jurisdiction might require licensing for those
servicing clients in their jurisdiction.

It bears repeating that a natural person can also be designated as
being a VASP and be required to obtain a license to work on a crypto
project. Moreover, the competent authorities get to determine who can
and cannot become a VASP, and monitor the Internet for unlicensed
activities by engaging in “chain analysis, webscraping for advertising
and solicitations, feedback from the general public, information from
reporting institutions (STRs), non public information such as
applications, law enforcement and intelligence reports.” (GVA, p41)


Bitcoin ATMs: “Providers of kiosks—often called “ATMs,” bitcoin teller
machines,” “bitcoin ATMs,” or “vending machines”—may also fall into
the above definitions.


Decentralized Exchanges: According to the GVA, the concept of a
decentralized exchange doesn’t exist, since these regulations are
technology neutral. As such, those running the exchange can be held
liable for implementing these regulations.


Multisig Contracts: In case of partial control of keys, like a
multisig or any kind of shared transaction, the providers of such
services could be subjected to this regulation as well.


Regulation of Future Developments: Countries should identify and
assess the money laundering and terrorist financing risks relating to
the development of new products and business practices. The result
might be that the development of new projects need some sort of
approval process.


International Cooperation of Competent Authorities: And finally, the
FATF Recommendations encourages competent authorities to provide the
fullest range of international co-operation with other competent

What Will Not Be Regulated?

Some good news is that what makes crypto, crypto, remains unregulated;
peer-to-peer transactions themselves, small transactions and
ecommerce, open source development, and cold storage will remain

Specifically exempt are persons facilitating the technical process,
such as miners and nodes (called validators), and those that host,
facilitate and develop the network. In addition, small transactions
under 1.000 USD/EUR are exempt, although basic identity information
will be recorded when done through a VASP.

What Will Be the Outcome of These Regulations?

This regulation, like many of its kind, will have (un)intended
consequences. The stated goal of increased transparency in the space
might very well be achieved, reveling the proceeds of certain crimes.

However, a secondary goal is clear for those understanding these kinds
of open-ended legislation; controlling what can and cannot be done
with crypto in the real world by labeling certain activities and
undesired persons as “high risk.”

It will be increasingly difficult to deal with proceeds from the
“wrong” activities, especially for people from high-risk countries,
engaged in high-risk activities, or just being considered a high-risk

In addition, it will become expensive and technologically challenging
to comply with this legislation. Small companies with unique business
models might find it impossible to survive. Only the large regulated
entities might remain in existence. This is a common result of
regulation that is welcomed by regulators; a few large companies are
easier to regulate than one thousand small ones. In some cases, the
large participants welcome regulations as well, as it reduces
competition. The same happened in the banking sector, for example.

Other downsides are that such regulations smother many otherwise
beneficial technological projects in the crib and criminalize
perfectly legal activities and the innocent citizen performing them.
The loss of privacy will also increase security risks, especially for
those living in dangerous countries.

The Crypto World at a Crossroads:

It is hard to determine how specific projects and the crypto space in
general are going to be affected; especially since this is not the
final guidance. Each national government will have a slightly
different interpretation of these regulations, as well as existing
laws and precedent in their own country. In addition, individual VASPs
will interpret these regulations according to the viewpoint of their
legal departments, as well. Cryptos will become a regulatory

A natural consequence of these regulations is that projects and
participants in the crypto space will be divided into two categories:
those who do/can meet these regulations, and those who do/cannot.

Potential Winners

First will be those that will fully comply with these regulations. In
terms of participants, these will be the big exchanges and onramps,
banks, and institutional investors. A lot of participants exclusively
use exchanges (VASPs) already for their coins anyway, and for them
nothing changes. In fact, additional regulations might help
institutional adoption, an idea supported by the fact that the Bank of
International Settlements issued new guidance for banks on the
prudential treatment of crypto assets.[3]

Crypto assets which might succeed in such an environment are projects
that have focused on transparency and KYC from the start, or those who
are already established too decentralized and operate without any
historic VASPs.

Potential Losers:

Next, there are the activities that are specifically targeted by this
regulation; peer-to-peer transactions, privacy coins, decentralized
exchanges, decentralized finance, and other peer-to-peer systems. It
appears that such projects have only one option and that is to go
fully decentralized. Which could actually make them attractive for

It is worth repeating that in principle, peer-to-peer systems are not
against the law. Those participating in them should however accept
that part of their assets and proceeds exist outside the regulated
financial system, and that by engaging in them they might be labeled a

Finally, there will be projects that fall in between: they are either
too centralized to become fully decentralized and considered too
“high-risk” to be licensed. Such projects will experience significant
headwind. Think about the aforementioned stablecoins, certain
decentralized finance applications, certain self-hosted wallets
(especially when facilitating exchange functions), and future ICOs.

Current projects that are still too centralized are a big question
mark. Especially those who have leading individuals still in control
of “road-maps,” or those relying on “governing councils.” Those
persons might suddenly be designated a VASP and forced to monitor the
individuals and transactions on their network (a big downside as
compared to the projects already decentralized).


Governments at the highest levels (G20) commissioned an organization
called FATF to come up with international regulations for cryptos.
They are using international law frameworks that supersede national
legislation and will force every country in the world to comply.

Their main goal is to keep crypto activity restricted to licensed and
regulated service providers. A long list of ordinary crypto activities
are now labeled a “risk.” Engaging in them will result in increased
scrutiny and possible difficulties accessing the wider financial

It remains to be seen how this will affect the crypto world. Over
time, it could likely split the crypto space in fully regulated (semi)
centralized, and unregulated decentralized projects. The winners will
likely be the projects that thrive in either of those; the losers
likely those fitting in neither...


NOTE: I uploaded this DD first on /r/bitcoin last week, and was asked
to post it here. The recommendations were supposed to be finalized in
July, but last Friday it was announced that they will now be finalized
and implemented with priority by October 2021.


PDF Version, with exact explanations of how the different activities
will be regulated:

Feel free to forward this PDF to whomever you think should read this


[1] FATF, “Draft updated Guidance for a risk-based approach to virtual
assets and VASPs,” (Paris, March 2021),

[2] UN, “United Nations Conference on Diplomatic Intercourse and
Immunities,” (Vienna, 2 March - 14 April 1961), accessed on June 10,

[3] BIS, “Consultative Document - Prudential treatment of cryptoasset
exposures,” (Basel Committee on Banking Supervision, Basel, June

Last Friday FATF announced the recommendations will be finalized by
October 2021:

More information about the cypherpunks mailing list