FATF’s updated guidance: 4 things to know




Date: November 3rd 2021

Published on: Regulation


AML, CBDC, crypto AML, Cryptocompliance, Cryptocurrency, Cryptoregulation, DeFi, FATF, NFT, stablecoin,

Last Thursday, the Financial Action Task Force (FATF) released its latest guidance1 for a risk-based approach to virtual assets (VAs) and virtual asset service providers (VASPs). The FATF’s updated guidance updated the risk-based approach to VAs and VASPs guidance from 20192. As stated in the FATF’s press release3, this guidance takes part in its ongoing monitoring of VAs and VASPs. 

FATF’s updated guidance aims at tackling the issues identified during the 2nd 12-Month Review of the Revised FATF Standards on VAs and VASPs (Read more: FATF’s 2nd 12-month review of the implementation of the revised standards on VAs and VASPs) and develops inputs collected through a public consultation held earlier this year.

In this article, we will break down 4 key points from this updated guidance that you need to know:

Definitions of VAs and VASPs


FATF implements a “functional approach” in the definition of VASPs considering the commercial reason of a VASP’s activity. 

Central bank digital currencies (CBDCs)

Even though CBDCs are not considered in this guidance, the FATF states that its standards still “apply to central bank digital currencies similar to any other form of fiat currency issued by a central bank”. The FATF defines CBDCs as digital representations of fiat currencies.

The watchdog also mentions that CBDCs may have unique ML/TF risks compared to fiat. And, these risks should be investigated before the launch of the CBDC.

DeFi, DApps, NFTs

FATF’s updated guidance provides a more functional definition of decentralized finance (DeFi) which states that “creators, owners, and operators . . . who maintain control or influence” may need to comply with FATF’s rules and, as such, DeFi may be considered as a VASP even if the project may seem decentralized.

NFT collectibles are generally not considered VAs. But if they are used for payment, investment purposes, or to transfer value they may be considered as such.


The FATF wants to establish measures to mitigate risks related to stablecoins. For the FATF, stablecoins represent the same kinds of risks as VAs because of their anonymous characteristic and of their global reach.

The FATF also points out stablecoins’ potential for mass adoption. Indeed, this is another ML/TF risk that can facilitate illicit funds transactions by criminals.

P2P transactions

For now, peer-to-peer (P2P) transactions are not subject to FATF’s controls. However, the guidance outlines that P2P transactions can represent an increased ML/TF risk. Also, it suggests several mitigation measures. The measures include using blockchain analytics to collect and assess P2P transactions and understand risk methodologies to identify suspicious behavior.

Additional guidance on the implementation of the “Travel Rule”

The updated guidance in regards to the “Travel Rule” requirements states that:

  • VASPs should perform sanction screening of the transaction’s originator/ beneficiary
  • VASPs should undertake counterparty VASP due diligence.

In short, if VASPs do not meet the “travel rule” requirements, they can represent higher risks.

How Scorechain can help you comply with FATF’s requirements?

Scorechain solution provides compliance officers with tools to facilitate and improve their AML/CFT risk assessment and mitigation policies.

Our risk scoring relies on a powerful algorithm and gives sharp data about the origin and destination of funds. Coupled with our risk indicators, compliance officers can have a broad vision of the level of risk at the level of the address, the transaction, and the entity.

Users can also use Scorechain’s Entity Directory to perform risk analysis on their counterparties. The Directory gathers due diligence information on 700+ VASPs, helping users to understand their assigned risk score.

Moreover, the solution provides tools to help teams carry and manage investigations on crypto wallets. Our KYA and KYT reports can help to report these investigations if necessary.

Would like to see how Scorechain can help you meet FATF’s requirements? Download this guide.

If you’d like to discover more about our products, don’t hesitate to ask for a free demo.

About Scorechain

Scorechain is a Risk-AML software provider for cryptocurrencies and digital assets. As a leader in crypto compliance, the Luxembourgish company has helped more than 200 customers in 40 countries since 2015, ranging from cryptocurrency businesses to financial institutions with crypto trading, custody branch, digital assets, customers onboarding, audit and law firms, and some LEAs.

Scorechain solution supports Bitcoin analytics with Lightning Network detection, Ethereum analytics with all ERC20 tokens and stablecoins, Litecoin, Bitcoin Cash, Dash, XRP Ledger, and Tezos. The software can de-anonymize the Blockchain data and connect with sanction lists to provide risk scoring on digital assets, transactions, addresses, and entities. The risk assessment methodology applied by Scorechain has been verified and can be fully customizable to fit all jurisdictions. 300+ risk-AML scenarios are provided to its customers with a wide range of risk indicators so businesses under the scope of the crypto regulation can report suspicious activity to authorities with enhanced due diligence.


  1. https://www.fatf-gafi.org/media/fatf/documents/recommendations/Updated-Guidance-VA-VASP.pdf
  2. https://www.fatf-gafi.org/media/fatf/documents/recommendations/RBA-VA-VASPs.pdf
  3. https://www.fatf-gafi.org/publications/fatfrecommendations/documents/guidance-rba-virtual-assets-2021.html