1/ FATF published its recommendations. It's so bad that it makes the infrastructure bill look reasonable.
TLDR: Only permissioned DeFi is allowed. An intermediary must be inserted to serve as a VASP. The global impact of these recommendations is an attempted kill shot at DeFi.
TLDR: Only permissioned DeFi is allowed. An intermediary must be inserted to serve as a VASP. The global impact of these recommendations is an attempted kill shot at DeFi.
2/ Several takes today reflect less concern because they are not focused on DeFi in particular. When looking at DeFi, it is clear that the implications are brutal. They start out ok and then it gets worse from there. fatf-gafi.org/media/fatf/doc…
3/ Paragraphs 58-61 provide definitions particularly relevant for DeFi. These terms were had been used in prior guidance but were not defined, so they could be interpreted broadly. Other than the use of "active facilitation" in the definition of "conducts," they aren't horrible.
4/ But they blow it all up when they start explaining those definitions or telling countries how to implement rules based on those definitions. Pay particular attention to paragraphs 67, 80, 91, and 92.
5/ In paragraph 67: "However, creators, owners and operators ... who maintain control or sufficient influence in the DeFi arrangements ... may fall under the FATF definition of a VASP where they are providing or actively facilitating VASP services."
6/ Begs the question of what "sufficient influence" and "actively facilitating" mean, which we don't know, though there are many random tidbits of possibilities thrown in the guidance in different places, all of which imply an all-encompassing view.
7/ Paragraph 80: "... the FATF envisions very few VA
arrangements without VASPs involved at some stage if countries apply the definition correctly." That really tells you everything you need to know about how this guidance was approached, but they mean it even more for DeFi.
arrangements without VASPs involved at some stage if countries apply the definition correctly." That really tells you everything you need to know about how this guidance was approached, but they mean it even more for DeFi.
8/ Paragraph 91: "The FATF ... considers most arrangements currently in operation, even if they self-categorize as P2P platforms, may have at least some party involved at some stage of the product’s development and launch that constitutes a VASP." But that's not the worst. 👇
9/ Specifically, "[a]utomating a process that has been designed to provide covered services for a business does not relieve the controlling party of obligations." Is a DAO a "controlling party"? Is it only certain participants of a DAO?
10/ Saving the best for last. Paragraph 92: "The use of an automated process such as a smart contract to carry out VASP functions does not relieve the part(ies) of responsibility for VASP obligations."
11/ "In such instances, controlling parties qualifying as VASPs should undertake ML/TF risk assessments prior to the launch or use of the platform and take appropriate measures to mitigate risks."
12/ To be clear: all DeFi protocols use "an automated process such as a smart contract to carry out VASP functions." So, the FATF believes that a developer must put controls in place before deploying smart contracts to be able to undertake all obligations of a VASP forever.
13/ FATF claims to be technology neutral but that can't be true where it requires removing key benefits of the technology to comply. It is gutting DeFi in favor of TradFi.
14/ Also, check out this thread for even more detailed thoughts:
https://twitter.com/millercwl/status/1453712314939674629
• • •
Missing some Tweet in this thread? You can try to
force a refresh
