Top questions from FinTech Advokat

The blockchain and crypto industries are becoming increasingly regulated. While the banking and traditional financial industry has been regulated and developed for a long time, the crypto and blockchain industry has been in active development since 2009.

This means that it is a relatively young area for conducting business, and compliance with regulatory requirements should be treated with particular care.

The same risks as in traditional finance are present here – anti-money laundering and sanctions evasion, customer identification, data storage, etc. However, regulation has not yet stabilized and case law is not fully developed.

Therefore, if you plan to open a VASP (Virtual Asset Service Provider), you must study the issue thoroughly. How are regulatory risks related to your activities? What do you need to operate in this field? And most likely, without the help of a lawyer, you will not be able to solve this task.

Banking lawyers are reluctant to venture into the crypto business because the rules and conditions in this area change too often and they are used to working in a very stable environment. Lawyers who specialize in crypto and fintech law are still relatively few. And the level of a lawyer’s expertise is one of the issues when bringing a VASP to market because you have to ensure that all rules and operating conditions are met.

The other problem you will face is the problems with frameworks in different countries, as in different countries not only different approaches and rules apply when dealing with VASP, but also different definitions of the crypto business.

Therefore, if you have decided to launch a VASP, you need to answer several important questions. In this article, we will thoroughly examine the algorithm of actions and ways to solve this problem with Mihhail Sherle, Head of Legal Practice at Gofaizen & Sherle, which provides consulting services for FinTech and crypto companies and VASP owners.

The first question you need to answer is exactly what VASP will do and what service it will provide. There are quite a few options.

If you offer a cryptocurrency wallet service, do you store your customers’ currency, do you allow them to make transactions?

If you don’t save the currency, the question arises – do you even need to open a VASP? Perhaps your company sells or only supplies software, and this activity is not licensed.

If you plan to open a cryptocurrency exchange, you need to answer what exchange operations you will perform. Cryptocurrencies to cryptocurrencies or to fiat money.

If you are implementing an innovative solution – crypto acquisition, lending, ICO, fashionable tokens – this is a complex financial service that requires a full service description. In addition, it is important to consider whether your service will provide the opportunity to trade on leverage or trade derivative financial instruments such as futures, options, CFDs, etc.

It all depends on how much money you need to start your project: what licenses you need to get, what capital requirements exist, and whether you can offer these services in different jurisdictions.

The second question you need to answer is where your company will operate and where the main infrastructure will be located.

In other words, you must decide in which jurisdiction you operate and in which jurisdiction you provide the service. The requirements for VASPs depend on this: internal guidelines, including requirements for employees, capital and the like. Some jurisdictions, such as Lithuania, require the CEO of the VASP to be located in the country, even if the service is provided in another jurisdiction.

That is, you must take into account the need for a physical presence in the country, maintenance of an office, local capital requirements and so on. Obviously, this affects how much money is needed to run your project.

The third question is to whom you offer the service and who will buy it. It is not always possible, while in one jurisdiction, to offer services to customers in another. For example, the CFTC accused Finance Exchange of offering services to US citizens without additional licensing. According to the commission, Binance did not properly perform compliance checks and did not require additional data from customers to avoid violations.

Thus, you cannot always, while in one country, offer the service to people from another. You must take into account the risk of further licensing

An extremely important aspect is how you offer or sell your service. You need to understand what internal processes need to be established, such as identification, transaction monitoring, reporting and communication with regulators. The key processes depend on the industry, and there can be many more of them.

Although the requirements for them may be unique in each jurisdiction, there are international standards that can help you – pan-European standards (AMLD) and standards from international organizations (eg FATF). Experience from traditional banking will also be useful – for example, the risk management principles are the same everywhere.

Define your partners. You need to understand which service providers you need. If you work with fiat currency, you need a fiat gateway (payment system), as well as a liquidity provider.

You also need service providers to provide data collection and storage, risk management and transaction monitoring solutions, screening and monitoring of customers to comply with transaction control requirements. It is important to understand where to look for these providers and how much their services cost.

An important point to remember is data protection. Data security covers a variety of risks, including financial. It is crucial to ensure the security of personal data of customers and employees, even if you are a small company. In EU countries, there is a general regulation on the protection of personal data, GDPR. Therefore, when processing personal data of EU citizens, you must comply with the requirements. And you must understand the rules for working with personal data in your jurisdiction.

A very important point that is often overlooked is the need to maintain the company’s reputation. This is critically important in the financial sector – if your reputation deteriorates, it is unlikely that you will be able to simply open a new project with the same confidence. Therefore, it is important to check and choose partners who provide services to avoid becoming part of a semi-legal scheme.

Finally, you should be prepared for a fairly long timeline. Obtaining licenses for VASPs is a slow process, taking several weeks to several months. During this time, you can fully describe your business and its processes, select suppliers and carefully consider all the details of licensing in the necessary jurisdictions. In this way, you enter the market with reflected processes, a clear goal and the necessary resources.