ADAN’s Position on the Updated FATF Guidelines

General comments

ADAN welcomes the FATF’s revisions to its guidelines, which are based onprevious recommendations issued by ADAN. ADAN strongly supports the development of appropriate AML/CFT measures to prevent risks related to money laundering and terrorist financing, and more broadly, any illicit use of virtual assets/crypto-assets.

However, the Adan believes that there are still some areas that need improvement in order to establish an appropriate and proportionate framework for combating money laundering and terrorist financing in the crypto-asset markets:

1. A broad interpretation of the concepts of virtual assets and VASPs, the regulatory and legal implications of which are irrelevant:

• Almost all NFTs are considered virtual assets and are therefore subject to the Anti-Money Laundering and Counter-Terrorist Financing Act. 
• Many individuals and entities involved in the development of DeFi applications are considered VASPs.
• Classifying stablecoin governance bodies and developers as VASPs is neither fair (governance or technological development do not constitute services involving digital assets) nor useful, as these entities have no direct relationship with their users and therefore cannot meet AML/CFT requirements. Furthermore, this is not the approach adopted by MiCA.

2. Decentralized finance (DeFi) is subject to traditional AML/CFT rules, without any adjustments or flexibility:

• If a legal entity exercises sufficient influence over the operation of the protocol, it may be classified as a VASP and will be required to comply with AML/CFT obligations with respect to the protocol’s users; however, this concept of “sufficient influence” is too vague and risks leading to differing interpretations across jurisdictions and classifying many entities as VASPs if the interpretation is too broad.
• The possibility that a competent national authority might require—if there is no identifiable underlying entity associated with the protocol—that an entity be created in order to qualify as a VASP risks undermining the fundamental principles of this ecosystem, while also being impractical in reality. 
• Ultimately, only certain protocols—whose founders have remained anonymous, with a highly decentralized DAO and no central entity—could be excluded from the definition of a VASP. 

3. The requirement for VASPs to apply the travel rule should not be rushed or overly broad:

• The flexibility granted by member states in implementing the travel rule threatens to undermine harmonized implementation across member states, to the detriment of operators in the most compliant jurisdictions. 
• Even though the FATF requirement is less stringent, the travel rule applies to VASPs in transactions involving a non-custodial wallet (which the Group nevertheless considers to be a non-regulated entity). However, no exchange of information is possible since there is only one VASP, and information collection is not feasible.
• The requirement for VASPs to systematically verify that the originator and recipient of a transaction are not subject to sanctions, and the possibility of suspending the transfer during this verification, appears to be extremely burdensome for the crypto-asset sector and runs counter to the principle of technological neutrality (indeed, no such obligation exists in the case of transfers of funds in legal tender). 
• The implementation of the travel rule is currently hampered by the lack of information-sharing channels that meet FATF requirements: a European solution must first be developed. 

On these points, ADAN provides a detailed analysis and recommendations in its position paper.

Background

On October 28, the FATF published itsupdated guidelines. This update comes at a particular time: in March 2021, the FATF published an initial proposal to revise the guidelines targeting digital assets (also referred to as “Virtual Assets ” or “VA” by the FATF) and virtual asset service providers (referred to as “Virtual Asset Service Providers” or “VASP” by the FATF) and, at the same time, launched a one-month consultation with industry stakeholders. ADANrespondedto this public consultation, highlighting various issues related to the definition of VAs and VASPs and the implementation of the Travel Rule.

These revised guidelines appear to have taken into account recommendations made by the industry and aim to refine the definitions by proposing additional measures to prevent money laundering and terrorist financing in the digital asset sector.

The adjustments proposed by the FATF are as follows:

1. First, the updated guidelines clarify the definitions of VAs and VASPs and promote a broad interpretation of these terms.
   • The FATF defines non-fungible tokens (NFTs) as collectible assets that are not themselves virtual assets. However, if NFTs are used for payment or investment purposes, they may be treated as virtual assets. Furthermore, NFTs that are digital representations of other assets (e.g., tokenized financial assets) would not be considered virtual assets but would be regulated under the regime governing the underlying asset.
   • The FATF also weighed in on the question of whether central bank digital currencies (CBDCs) should be considered virtual assets. In the FATF’s view, they are not, as they are merely digital representations of fiat currencies.
   • Finally, the FATF excludes certain entities from the definition of VA that do not exercise direct control over virtual assets, such as manufacturers of hardware wallets, providers of unhosted wallets, miners, and cloud service providers.
2. Furthermore, in this new draft of guidelines, the FATF has sought to revise its approach to decentralized finance (DeFi) protocols, while leaving room for broad interpretation by national authorities. The FATF explains that DeFi protocols (i.e., the decentralized application itself) are not VASPs; however, if a legal entity has sufficient influence over the operation and provision of the services offered by the protocol, then that legal entity may be a VASP. Furthermore, if no VASP is identified due to the absence of an underlying entity created by the protocol operators, countries may require the protocol to establish an entity that will qualify as a VASP and that must implement AML/CFT measures with respect to its customers/users. In general, the FATF favors a broad interpretation of the VASP designation. Paragraph 80 of the guidelines states that the FATF envisages very few VA arrangements without VASPs being involved at some point, provided that countries correctly apply the definition.
3. In addition, the FATF states that stablecoins should be treated as virtual assets or securities under the existing regulatory framework. Stablecoin operators who have sufficient influence over the development and launch of the stablecoin may be treated as a VASP.
4. Finally, regarding the Travel Rule (set forth in Recommendation 16 of the FATF Guidelines), the FATF reiterates the need for states to implement the Travel Rule in the virtual asset sector. Certain requirements have been added, notably that institutions must verify that senders and recipients are not subject to sanctions (§183). Since this verification takes time and may be completed after settlement, this may require measures such as holding transfers in abeyance until the verifications have been completed (§194).

 

I – Revision of the definitions of VASP and VA with regard to NFTs and decentralized finance (DeFi)

A – Treating NFTs used for payment or investment purposes as virtual assets

In principle, the FATF considers non-fungible tokens (NFTs) to be assets that are unique rather than interchangeable, and that are in practice used as collectibles rather than as payment or investment instruments.
According to the FATF in paragraph 53, an NFT is—in principle—not a virtual asset, but if used for payment or investment purposes, it may be treated as a virtual asset. Furthermore, NFTs that are digital representations of other assets (e.g., tokenized assets that are not a digital representation of value) would not be considered virtual assets, but would be regulated through their underlying assets by the other FATF recommendations.

ADAN's Position

ADAN recommends tailoring NFT regulations to their intrinsic characteristics. According to ADAN, NFTs present a wide range of scenarios that require a case-by-case regulatory approach. The aim of including a broad definition of NFTs, while establishing certain criteria for their inclusion, is a sound approach to effectively integrate these new assets into an AML/CFT framework.

However, some clarification is needed regarding the interpretation of an NFT used for payment or investment purposes. The line between NFTs used for payment or investment purposes and those used for other purposes is sometimes much blurrier than it appears. An unclear distinction could be difficult for the crypto-asset sector to enforce. In most cases, an NFT is purchased with the objective (even if secondary) of making a profit. Consequently, based on the FATF criteria, it would appear that most NFTs could be classified as virtual assets (even those whose underlying asset is an asset already covered by previous FATF guidelines).

Recommendation from Adan

The "payment or investment purposes" criterion is not appropriate for classifying NFTs. A more granular, case-by-case analysis and classification of NFTs should be based on the underlying asset. ADAN is preparing a detailed legal analysis of NFTs and will recommend a methodology for classifying these assets.

B – Exclusion of DeFi protocols from the definition of VASP

According to the FATF in paragraph 67, decentralized finance (DeFi) protocols—that is, software developed on blockchain networks that provides financial services—are not, in and of themselves, classified as VASPs.
However, the FATF considers that the creators, owners, and operators, or other persons who maintain sufficient control or influence over DeFi systems—even if those systems appear to be decentralized—may be treated as VASPs when they actively provide or facilitate the services.

This was confirmed in paragraph 84, which states that a person who creates or sells an application or a platform for virtual asset services (i.e., a software developer) is not considered a VASP when they create or sell only the application or platform. However, using the application or platform to perform VASP functions as a business on behalf of others would alter this determination.

ADAN's Position

The Adan welcomes the FATF’s decision to exclude decentralized finance protocols—programs developed on a blockchain network—from the definition of VASP (in paragraph 67).

ADAN also agrees with the FATF provision (§84) stating that a person who creates or sells a software application or a VAS platform may not constitute a VASP when creating or selling the application or platform. According to Adan, it is incorrect to assume that launching a smart contract on a decentralized infrastructure to offer VASP services amounts to providing those services and exercising direct control over users.
In many cases, control over these decentralized applications is delegated by the protocol creators to a decentralized autonomous organization (DAO).

However, in our view, the second sentence of paragraph 67 of the guidelines appears problematic. We understand that the recommendations aim to include any entity that retains significant control over assets and operations, and the current definition includes individuals such as creators, owners, and developers. In our view, these individuals, for the most part, have no significant control over these operations and are therefore—to date—unable to implement AML/CFT measures.

Recommendation from Adan

The ADAN recommends deleting the second part of paragraph 67 of the guidelines updated by the FATF. The paragraph would then read as follows:

“A DeFi application (i.e., the software program) is not a VASP under the FATF standards, as the Standards do not apply to underlying software or technology (see paragraph 82 below). However, creators, owners, and operators—or other persons who maintain control or sufficient influence over the DeFi arrangements, even if those arrangements appear decentralized—may fall under the FATF definition of a VASP where they are providing or actively facilitating VASP services. This applies even if other parties play a role in the service or portions of the process are automated. Owners/operators can often be distinguished by their relationship to the activities being undertaken. For example, there may be control or sufficient influence over assets or over aspects of the service’s protocol, and the existence of an ongoing business relationship between themselves and users, even if this is exercised through a smart contract or, in some cases, voting protocols. Countries may wish to consider other factors as well, such as whether any party profits from the service or has the ability to set or change parameters to identify the owner/operator of a DeFi arrangement. These are not the only characteristics that may make the owner/operator a VASP, but they are illustrative. Depending on its operation, there may also be additional VASPs that interact with a DeFi arrangement.« 

II – Identifying the VASP underlying the DeFi protocol

Decentralized finance requires a new regulatory approach   1. The traditional regulatory framework is designed for centralized activities, not for decentralized use cases. According to Adan, decentralized finance services—which do not rely on central entities and are built on distributed ledger technologies—require a drastic overhaul of the commonly accepted approach to regulating financial actors.  Indeed, the traditional financial system is based on a centralized architecture, which has gradually led to regulations centered on the supervision and liability of intermediaries (such as banks, insurance companies, and others). With regard to decentralized finance, a key issue must be resolved: determining the criteria that would make an authority competent to supervise a decentralized finance protocol. Indeed, financial regulation is built around the territorial application of rules. It is therefore difficult for a national authority to establish the jurisdiction over decentralized finance protocols, and it seems necessary, before imposing obligations on actors, to establish clear legal criteria for jurisdiction.  Consequently, it seems difficult to us to envision an effective and sustainable legal framework for decentralized finance if it is not designed around the principles inherent to these applications. Regulations that are not adapted to these new services could be ineffective and significantly limit exponential growth. According toDeFi Lama, decentralized finance currently has over $260 billion in assets under management across decentralized finance protocols. By comparison, in December 2020, decentralized finance represented only $18 billion in assets under management. of industry players. 2. The risk profile of DeFi services is highly heterogeneous and differs from that of traditional finance. While ML-FT risk exists within the DeFi ecosystem, its level and manifestation differ significantly from the centralized financial system and vary from one protocol to another: The funds used are not exchanged for fiat currency. They will be converted back into fiat currency when they are transferred to a centralized platform. It is precisely at that moment that the money laundering offense will be established. → The focus must be on the transfer of crypto-assets to fiat currency. When assets do not leave the chain, the advantage of DeFi is that they remain traceable. Only decentralized mixers—such as Tornado Cash—cannot (for the moment) be subject to precise transactional analysis by tools such as Chainalysis or Scorechain. → The use and sophistication of blockchain analysis tools will be essential for managing risks within the DeFi ecosystem. In recent years, decentralized finance protocols have been subject to a wide variety of attacks, with stolen funds typically laundered or used for illicit activities afterward. The DApps (decentralized applications) used to attempt to launder the criminal proceeds from these attacks are primarily “cross-chain bridges,” decentralized exchanges (DEXs), and decentralized mixers. Indeed, these DApps are generally used as “layering” tools to introduce artificial complexity into transactions, making it harder for authorities to trace the funds. However, all other types of protocols—used to deploy lending services, insurance services, decentralized derivatives, aggregators, etc.— —are not useful to criminals seeking to launder their illicit “funds.” → Specific rules must target DApps where the ML-FT risk may materialize (so-called “layering” tools), whereas they are not as relevant for other protocols.

The FATF’s current approach represents a significant expansion of the definitions and operations of the entities covered. The FATF provides:
(A) The ability to identify a VASP underlying the DeFi protocol;
(B) The possibility of requiring a DeFi protocol to establish an entity that will qualify as a VASP;
(C) The requirement to include a VASP for each VA arrangement.

A – The ability to identify and classify an entity underlying a DeFi protocol as a VASP

The FATF explains that if a natural or legal person exercises sufficient control or influence over the protocol, that entity may be considered a VASP if it actively provides or facilitates the services.

Indeed, the paragraph reads as follows: “In order to determine whether an entity qualifies as a VASP, competent authorities will need to verify, among other things, the level of control or sufficient influence over the assets or certain aspects of the service protocol, and the existence of an ongoing commercial relationship between them and users, even if this is exercised through a smart contract or, in some cases, voting protocols. Countries may also wish to consider other factors, such as whether a party is profiting from the service or has the ability to set or change parameters that identify the owner/operator of a DeFi device.”

ADAN's Position

The Adan questions how the term “sufficient influence” should be interpreted. In ADAN’s view, it is necessary to explain in greater detail the situations in which a person would be considered to exercise such influence over the operation or governance of the protocol. Indeed, there is a risk of divergent interpretations among States, which would lead to a non-harmonized framework.

The level of involvement varies by protocol, and the influence exerted by individuals active in these applications can sometimes vary significantly. It would be helpful to establish clearer criteria that specify exactly how a person’s influence on a protocol is deemed significant enough to qualify as a VASP.

Recommendation from Adan

In the context of the future framework for combating money laundering and terrorist financing, a binary dichotomy of “control/influence vs. no control/no influence” is misleading. Analyzing various criteria, such as the following examples, should make it possible to develop a more precise rating system:

• Transactions sent by clients to the protocol or smart contract are controlled or monitored by the deployer/developer.
• In practice, the deployer/developer has retained control over the smart contract or the protocol's governance.
• The deployer/developer is the sole recipient of the transaction fees paid by users.
• The smart contract or protocol can only be used in conjunction with another service operated by the deployer/developer that is not operated on the blockchain.
• The protocol can only be used through an interface controlled by the developer or deployer.

B – The possibility of requiring the protocol to establish an entity that will be classified as a VASP

In paragraph 69, the FATF acknowledges that if no VASP is identified on a DeFi protocol, there may be no central owner or operator that meets the definition of a VASP. Countries should monitor the emergence of risks posed by DeFi services and arrangements in such situations, including by engaging with representatives of their DeFi community.

In addition, the FATF explains that competent authorities have the power to require that a regulated VASP be involved. If no VASP is identified due to the absence of an underlying entity established by the protocol’s operators, the authority may order the protocol to establish an entity that will qualify as a VASP.

ADAN's Position

According to ADAN, this provision appears to be highly restrictive for players in the decentralized finance sector. The goal of DeFi is to provide greater access to financial services traditionally offered by banks and financial institutions, without the need for a trusted third party but through a decentralized infrastructure. Requiring a DeFi protocol to constitute a central entity that would then be classified as a VASP appears to contradict the nature of this decentralized ecosystem. Furthermore, the wording of these revised guidelines raises the question of which national authority can be considered competent to impose this requirement.

Such a requirement would be somewhat more realistic for the ecosystem’s most significant protocols, since most major DeFi applications already have an underlying entity that provides a significant degree of control over the platform’s operations. While these entities can easily be identified and classified as VASPs, the same cannot be said for all protocols.

However, ADAN wishes to draw the FATF’s attention to the difficulty DeFi protocols face in implementing KYC and CDD measures. Users of these applications rely on non-custodial wallets and, to date, have no means of implementing customer identification. In practice, it is impossible to expect decentralized finance protocols to comply with the same AML/CFT requirements as centralized entities (such as centralized exchange platforms).

Recommendation from Adan 

The Adan suggests that the FATF focus more on the protocols that allow money launderers to add a layer of complexity to the transaction model and on the tools that enable transactions to be anonymized.

C – The intention to include a VASP for each virtual asset transaction

In order to include as many entities as possible within the definition of a VASP, the FATF intends to significantly expand its guidelines to cover activities related to virtual assets. Indeed, according to paragraph 80 of these guidelines, the FATF specifies that it envisages very few transactions involving VAs in which VASPs are not involved at some stage if countries apply the definition correctly.

ADAN's Position

It follows from this paragraph that DeFi protocols and all other systems enabling the transfer of virtual assets are not considered VASPs in and of themselves, but that, in order to fulfill their AML/CFT obligations, they will need a legal entity that qualifies as a VASP (and is therefore subject to AML/CFT requirements).

According to Adan, this provision seems overly broad and ambitious given the nascent nature of this ecosystem. Most decentralized finance protocols are developed by individual developers who do not necessarily have the financial and human resources to establish a formal organizational structure or implement anti-money laundering and counter-terrorist financing measures, which are particularly complex to implement, especially in the digital asset sector.

Recommendation from Adan

Consequently, Adan proposes deleting this paragraph, which seems overly broad and practically incorrect.

III – Regulation of stablecoins and their operators

A – Treating stablecoins as virtual assets

Paragraph 54 of these updated guidelines states that stablecoins must be classified as virtual assets or financial instruments in accordance with the regulations in force in the member country. Consequently, in Europe, stablecoins must be classified as virtual assets or crypto-assets.

ADAN's Position

The Adan shares the FATF’s position. In Europe, the proposed regulation on the market in crypto-assets (MiCA) defines stablecoins as a subcategory of crypto-assets and regulates them accordingly by establishing a specific regulatory framework for their issuance.

B – The debatable classification of stablecoin regulatory bodies as VASPs

In this update, the FATF highlights the AML/CFT risks posed by stablecoins. According to the FATF, when a stablecoin is held by a central developer or a governing body responsible for managing and developing the stablecoin (e.g., determining the stablecoin’s functions, managing the stabilization mechanism), that entity will meet the definition of a VASP.
On the other hand, if a stablecoin has a party that leads the “development and launch” of the stablecoin, that party could fulfill the function of a VASP. Similarly, a party that has decision-making power over the structure could be considered a VASP.

ADAN's Position

ADAN questions whether it is appropriate to classify a stablecoin regulatory body as a VASP. In our view, issuers or central bodies involved in the governance or issuance of a stablecoin—such as Circle—have no relationship with the end users of these crypto-assets, and as such, we do not see how they could ensure compliance with anti-money laundering and counter-terrorist financing measures.

IV – Application of the Travel Rule

The updated FATF guidelines reiterate that Recommendation 16 (the “Travel Rule”) applies regardless of whether transfers are denominated in fiat currency or virtual assets, and then detail how this recommendation applies in the context of virtual assets.

A – The introduction of additional requirements for compliance with the Travel Rule

According to paragraph 179, AML/CFT requirements apply in the same way as for traditional transactions to VA transfers between a VASP and another obligated entity (VASP or other financial institution). This means that the originating institution must collect and verify the payer’s name and account number (or wallet address in the context of a VA). It must also collect, without verifying them, the name and account number of the payee (i.e., the wallet address). For the receiving institution, the verification obligations are reversed: it may rely on the information provided for the payer but must verify that relating to the payee.

Furthermore, the FATF adds in paragraph 183 that VASPs must verify that the originators and beneficiaries are not subject to sanctions; and since this verification takes time and may be completed after settlement, paragraph 194(a) states that this may require a temporary suspension of transfers.

ADAN's Position

According to Adan, these additional monitoring requirements could significantly hinder market participants in their implementation of the Travel Rule. Furthermore, in our view, it is neither economically acceptable nor technologically feasible to suspend a transaction between two users in order to verify the recipients’ status and ensure they are not subject to sanctions. Furthermore, this obligation does not apply to every transaction in the traditional financial sector—where ongoing verification is conducted periodically against customer databases rather than for each individual transaction—and imposing it could violate the principle of technological neutrality.

B – Developing a phased approach to implementing the Travel Rule

Furthermore, paragraph 200 of the guidelines acknowledges that implementing the rule can be fraught with challenges and that, as a result, countries may wish to adopt a phased approach to enforcing the Travel Rule requirements to ensure that their VASPs have sufficient time to implement the necessary systems.

ADAN's Position

ADAN welcomes the FATF’s commitment to a phased approach for implementing the Travel Rule. According to ADAN, this will allow regulators to be flexible during the initial rollout, acknowledging the real challenges that VASPs and service providers have reported to them.

In addition, ADAN wishes to draw the FATF’s attention to the risks associated with the phased implementation of the Travel Rule in the crypto-asset sector. Indeed, some countries are moving at different paces, which inevitably means that some of them are requiring VASPs to comply before other jurisdictions do (the “sunrise issue”), leaving VASPs in the difficult position of not knowing how to deal with VASPs in jurisdictions where the rule is not yet in place. It will therefore be essential to see how national regulators will implement the rules and what expectations they have of their VASPs, particularly in light of the technical and security challenges that implementing the rule presents.

Recommendation from Adan

Within the future framework for combating money laundering and terrorist financing, ADAN proposes giving stakeholders sufficient time to implement the Travel Rule by setting a definitive deadline or, at the very least, adopting the same phased approach for all parties to avoid any disparities among stakeholders in different countries in the implementation of the Travel Rule. In our view, a poorly harmonized implementation of the Travel Rule would risk making its implementation particularly complex.

C – Limitations on the Implementation of the Travel Rule

1. The implementation of a “limited application” of the Travel Rule for non-hosted wallets

In these updated guidelines, the FATF states that transactions involving non-custodial wallets are also covered by the Travel Rule.
Indeed, in paragraph 179, the FATF states that the requirements of Recommendation 16 apply to VASPs whenever their transactions—whether in fiat currency or VA—involve a transfer of VA between a VASP and a non-obligated entity (i.e., a non-custodial wallet). The paragraph specifies, however, that the full requirements of Recommendation 16 do not apply to a transfer of virtual assets between a VASP and a non-custodial wallet.

Furthermore, given the difficulties in implementing the Travel Rule in transactions involving non-custodial wallets, the FATF states in paragraph 204 that the application of Recommendation 16 may differ when the transaction involves a non-VASP (such as transactions to or from non-custodial wallets). In such cases, while the FATF does not expect VASPs to submit information to persons who are not obliged entities, it expects VASPs to obtain information on the originators and beneficiaries from customers in cases involving transfers to/from non-VASP entities (e.g., from an individual VA user to a non-custodial wallet).

ADAN's Position

According to ADAN, applying the Travel Rule appears particularly complex with non-custodial wallets because these wallets allow individuals to exchange virtual assets on a peer-to-peer basis, meaning that there is not necessarily a regulated entity involved in every transaction. Consequently, ADAN acknowledges that the draft guidelines do not require full implementation of the Travel Rule for transactions involving a VASP and a non-obligated entity, such as non-custodial wallets.
However, in our view, the adaptation of the Travel Rule to transactions involving a non-custodial wallet needs further development. ADAN therefore proposes that the Travel Rule not be applied to transactions involving a non-custodial wallet.

2. The risks posed by the implementation of the Travel Rule regarding the protection of virtual asset users’ personal data

Ultimately, in paragraph 188, the FATF specifies that as long as this requirement is met and the information is available to the authorities, the data does not need to be included in the transfer or recorded on the blockchain.

Given the risks posed by the Travel Rule in terms of protecting the personal data of VASP customers, paragraph 294 specifies that VASPs should use modified procedures, including the option not to send user information, when they reasonably believe that a counterparty VASP will not process it securely, while continuing to execute the transfer if they deem the AML/CFT risks to be acceptable. In such circumstances, VASPs should identify an alternative procedure, the design of which could be duly reviewed by their supervisors upon request.

ADAN's Position

The Travel Rule requires the sharing of information with other VASPs when transferring virtual assets. These VASPs may be located in countries outside the European Union that do not provide equivalent safeguards for the protection of personal data. According to Adan, this is the main issue associated with sharing personal data with these foreign VASPs. Indeed, these VASPs may have different security standards and a less stringent regulatory framework regarding AML/CFT and data protection. In Europe, the General Data Protection Regulation (GDPR), which entered into force on May 25, 2018, provides a particularly robust framework for the protection of European citizens’ personal data. It is therefore necessary to establish a Travel Rule that guarantees an equivalent level of protection for crypto-asset users. It is therefore necessary to coordinate with national authorities (taking into account the regulatory framework applicable to each country) to develop strict international standards that ensure the security of personal data transmission, while guaranteeing the interoperability of the technological solutions that will emerge to ensure this compliance.

Furthermore, according to ADAN, in practical terms, the requirement for “immediate” transmission of the date (thus ruling out transmission after the fact) and “secure” transmission raises questions regarding safeguards for the protection of the personal data being transferred.