Awareness Session: Regulatory Obligations as a Virtual Asset Service Provider (VASP)

Webinar Recording and Transcript

Date: 06/06/2024

Host: Kevin Whitmore, Business Innovation Advisor at Callaghan Innovation

Guests: Jeff Napp, Senior Advisor Perimeter and Response at FMA, Rocky Yuen, Practice Leader at DIA

Webinar Length: 01:11:40

Kev: All right. Morena kia koutou katoa. Welcome to today's session. We are joined by Rocky from the DIA and Jeff will be joining us shortly from the FMA. He's just been held up a little bit. But yeah, very fortunate to have these guys come and talk to us. Obviously a few of you will have already interacted with DIA and FMA individually.

I think today's attempt is to try and bring them to us so that we can, I guess, do a one to many and save everybody a bit of time but also have a good discussion about obviously obligations under existing regulations. Yeah, so I think we found out that this was the, the topic with the most number of acronyms involved in terms of AML, KYC, CFT, DIA, FMA, and F and VASP.

So today is a session on uncovering what all those acronyms mean. And yes, this has been about 12 months in the making in terms of getting this session set up. So yes, we're going to kick it all off just very quickly some housekeeping. So again, if you want to ask a question, maybe just put it in the chat as we go through the process.

Afterwards we're going to have a more formal chance at talking asking questions so we can come off mute and things like that. We are recording this session. And at the end we will have a quick survey. And again, this, the, the point of that survey is, is to get your feedback on how today went, but also to get feedback on how other topics that you want to explore as well that we can stand up for Q3 and Q4.

[00:01:42] Virtual Assest & FSPR Registration

Jeff: Excellent. Hey, thank you for joining and thank you for having us here today. My name is Jeff Napp. I'm a senior advisor here at the Financial Markets Authority, Te Mana Tātai Hoko Hoko. And so what I'm going to talk about today is how virtual assets And financial service providers register registration kind of works.

Now our focus in terms of this is going to be mostly on the registration process for the financial service providers register. And we'll touch a little bit on the other regulations that might be relevant for virtual asset service providers in New Zealand. But the main AML bulk will be covered off by Rocky in the DIA as they are the main AML supervisor for virtual asset service providers in New Zealand.

So looking at the content that we'll do today is we'll look at that financial service providers register. Then we'll look at how you determine your AML supervisor, because we do have a split remit between the FMA and the DIA. And we'll talk a little bit about some of the other relevant regulations that might come up for some of the people that are acting in this space.

So FSPR basics, we'll just look over the acts, what capture points and what your obligations actually are. So the act that we've got is the Financial Service Providers Registration and Dispute Resolution Act 2008, or as commonly referred to as the FSP Act. So what this is, is it covers financial service providers, which requires them to register and become part of a dispute resolution scheme. So, looking at the content that we're going to look at today, we'll look at the financial service provider's register, who the AML supervisor will be, and what other relevant regulations we might have.

So, skipping ahead a couple here from where we were. So, the Act, the FSP Act, that's that Financial Service Providers Registration and Dispute Resolution Act 2008, or as we commonly sort of refer to it as I said, the FSP Act. So this covers, What financial service providers are. It defines a financial service and has some regulations.

The financial service providers registration regulations that it interacts with. Now these have two key obligations, which are that requiring registration and to become part of an independent dispute resolution scheme. There are penalties for not registering or being part of a dispute resolution scheme.

Now, this sort of stuff you know, it's, it's pretty unlikely that you'd get caught up with this if you haven't registered. What you're sort of looking at there is people who are maliciously using our register or, Basically deliberately avoiding registration. We like to take a sort of regulatory approach where we will help guide people towards compliance.

We're not immediately going to come down and start prosecuting people just because we find that you haven't registered appropriately or you haven't got the right sort of I guess financial services designated or anything like that So talking about some of these capture points In the FSP Act, The financial service definition includes Things like, operating a money or value transfer service And keeping, investing and registering, Or managing money and securities Or or investment portfolios on behalf of other persons.

Now, prior to some recent sort of changes to the AML CFT regulations, these were the sort of two key points where virtual asset service providers might have been captured. There are quite a range of financial services that are defined under the act. So have a peruse of section five there and see what might potentially capture you if you're looking at starting a startup in this space.

But there What we're finding now is that because we've got a new element coming in, this is AML CFT Regulation 10 AAA. So it's anyone who provides safekeeping or administration of virtual assets on behalf of any person. This interacts with Section 7A of the FSP Act and basically applies this Act to anybody who is captured for AML CFT purposes.

Now that's a new regulation that has basically come in at the end of this month, 30th June is when that will be in force. But basically it is probably gonna capture almost everybody who is in this space. So we will be looking at sort of FSP registration as part of that, because you will have to be basically captured by that A-M-L-C-F-T Act here.

So, going ahead, here's some examples of some of the activities that might be relevant to these capture points, as well. If you're issuing tokens, that are used to pay for things like currency, you're likely to be undertaking that financial service of issuing or managing the means of payment. That's obviously, you know Pretty straightforward there.

If you're basically doing something that looks like currency or meant to be used as a form of payment, this is where you're going to be captured. And that's the relevant service you should sign up for on the FSPR. Another option is if you're facilitating trading or exchange services, you're likely to be transferring money or value for, or on behalf of a customer.

That could also include brokering of transactions. So there's separate registrations there that include brokering as well. So when you're signing up for the FSP. You need to basically identify which services that you are going to be providing. So these are some examples of common activities that might sort of inform what you're going to be doing on the FSP and which services you might like to select there.

Now, when you sign up for the FSP, it does come with a couple of legal obligations, so the main one is to basically register on the FSPR, and this is a, basically, it's a measure to improve transparency around here, one of the big purposes of the FSP is to allow people to, who are wanting to, Engage with your company to look up and find out information about the company.

So obviously you have your company number there, director information and what sort of services you provide. Now you also need to include information on your AML reporting entity status. So as part of your signup. Basically process you're going to, I need to identify that you're an AML CFT reporting entity and you also generally choose your supervisor there.

We'll talk a little bit more about the supervisor later, but you need to provide this required information upfront at the point of registration. Now it's also required for you to do an annual confirmation of the information. So anything that you've put on there, you're going to need to basically go back to the FSP and confirm that it's correct every year.

And it's really important that you keep the information up to date. If you have, you know, for example, the director leave change of ownership status, or if you're changing the services that you provide, make sure that you keep the information on the FSP up to date because that is you know, a really key, as I mentioned element of transparency for us.

So we want to make sure that consumers are able to access this information. It's a publicly accessible register and be able to identify who they're engaging with. Another part of this is that you need to join an approved dispute resolution scheme. So that will also be information that's shown on the financial service providers register.

And so if a, you know, a client does have a dispute that they need to undertake with your company, they can go through this independent dispute resolution scheme process. There are four different options for approved dispute resolution schemes. Information about those are available on the FSP Register website.

So when you're sort of going through the process pre signing up, you might want to sort of have a look at those dispute resolution schemes see which one might be best fit for your company and sort of go from there, pick which one you want to engage with, maybe discuss with them what your goals and objectives are and what sort of services you provide to see which one is best for you.

Any of the four are okay to use. But basically it's up to the individual company to decide which one that they want to go with.

[00:09:06] Determining AML supervisor

Jeff: Alright, so, determining your AML supervisor. This is also a key part of the registration process. So we'll talk a little bit about this because we do have a slightly complicated remit here in terms of AML, where the FMA supervises certain entities and the DIA also supervises other ones.

So, we've got a little bit of information here about Basically who we've got in the different pools. Now, the DIA will be the main supervisor for most virtual assets service providers in New Zealand because they've got the broadest remit that includes the service of issuing or managing the means of payment.

So that's most sort of issuers and things like that, or transferring money value for, or on behalf of a customer. So that's most virtual asset exchanges. And now the other part here is that DIA is sort of the catch all regulator for AML in New Zealand. So anything that's not specifically supervised by FMA will generally fall into the DIA's bucket there.

FMA has a bit more of a more specialized remit, and that's defined a little bit in the section 130 of the AML CFT Act. So services that you might basically come under the FMA for are regulated. Client money or property services included custodial services. So that's custodial services where you are holding property or money for other people on the basis of a trust agreement.

So that might be, you know, something where if you're holding virtual assets for other people, you may need to sign up and basically get a license from the FMA so that's going to be people taking ventures in that area. So keeping, adverting, administering, or managing money securities and investment portfolios on behalf of other persons.

So if you're running an investment scheme that involves virtual assets, you're likely to come under the financial markets authority here. Those are also probably going to be places where you need to be licensed or make certain disclosures that the FMA regulates as well. So we'll talk a little bit more about some of the other financial markets legislation later on in the presentation, but these are sorts of things where you're going to need to basically engage with the FMA nice and early.

And what we want to see is people engaging with us and you know, you have to get licensed before you start bringing these products to market. So before you start offering these to consumers and you see. You need to make sure that you've got everything in basically ready and able to be disclosed to customers, the appropriate licences, and all those sorts of things.

And any other sort of service, which the FMA licences will also come up here. So there's a number of different areas that FMA looks at. These are detailed on our website particularly in terms of, Financial products, financial products are things like debt securities, equity securities, derivatives.

Talk a little bit more about those again a little bit later, but those sorts of things are specifically within the FMA's remit. And if you're coming under any of those, you're very much going to be supervised by the FMA for AML. So that'll be next week. part of the registration process, you can identify us as your supervisor.

Now, so what we often also find in this area is that this crossover, some businesses will sort of do a little bit of one financial service, a little bit of another, on DSA. So what we sort of say here is that anything that requires FMA licensing. That's going to come to FMA. So if you need a license, if you're making a product disclosure statement or anything like that, any of those sorts of requirements under the FMC Act, the Financial Markets Conduct Act, you're going to be coming to FMA for AML pretty much 99 percent of the time there.

Otherwise what we direct people to do is consider which. Service you've registered for is a larger part of your business. So if, in an example here, you're doing 75 percent of your time is transferring money or value for on behalf of a customer, but the other 25 percent is the FMA service of keeping, investing, administering or managing money securities or investment portfolios on behalf of other people, your supervisor is likely to be DIA because you're spending the majority of your time in that service that DIA is going to be supervising.

So what we also encourage people is that if you're unsure, you can contact us either DMA, DIA, or FMA, we're happy to answer questions around this and give you some guidance and also as part of the ads, we are required to, if there is crossover here, basically liaise and determine who is going to be your supervisor.

You can only have one AML supervisor. That's legally defined under the AML CFT Act. And so DIA and FMA will get together and determine who will be your supervisor based upon, you know, what we, what we think is the most appropriate agency with the right sort of expertise. to provide AML supervision to you.

With that process, it's ratified through a sort of bi weekly meeting that DIA and FMA have called the Supervisors Forum. So what that will do is provide basically an official confirmation to you who your supervisor will be. Engage with us nice and early and we can guide you through that process.

[00:13:49] Financial Products and Financial Advice

All right. Talk a little bit about some of these other regulations about financial products and in particular one that we've been seeing is financial advice. These are both FMA sort of areas that we look at under the Financial Markets Conduct Act. So this is the FMC Act, regulates financial products including those debt and equity securities, managed investment products, and derivatives.

Jeff: So those are a few different sort of areas that we look at. You know, these sorts of things you might crop up with. The most common one that we see that people engage with as our managed investment products through the KiwiSaver channel. So that's a essentially managed fund that most people in New Zealand do engage with.

But one that we are seeing in this space in terms of Crypto increasingly is people who are trading in derivatives. Derivatives can be things like futures contracts. They're commonly sort of, you know, put out there. There's a lot of technical lingo, but people also discuss, discuss calls and puts.

So these are contracts to basically pay a certain price for something in future, or, you know, basically have an asset that you want to buy at a certain price for something in the future that Futures contracts essentially is the most common type of derivatives, but they do encompass a really wide range of financial products here.

And they are regulated under the FMCA, you do need to basically engage with FMA and basically be licensed or, you know, have certain product disclosure statements in relation to these. So if you are thinking about applying Offering anything in these sort of areas derivatives in particular is the one that we do see a lot in the crypto space We recommend that you seek legal advice if you think your business might be covered by it and also consult our website and basically Get information from FMA directly because we can provide them A decent amount of guidance to you, but these sorts of products, you are going to have to have a license for if you are going to be dealing with those in New Zealand.

So it is sort of a bit of a niche area and a lot of businesses don't deal with any of this deliberately because the licensing process can be, you know, it is fairly comprehensive. You're going to need to get a lot of things in place, have certain amounts of capital and things like that ready so that you can obtain a license to deal with these.

So if you are thinking about going into this area. Again, that highlighted sentence that we really recommend seeking legal advice and basically getting things all correct and set up before you go to apply for this license because it is a really reasonably complex process. The other element that you might want to consider here is that we've got various other provisions, including fair dealing, that these actually apply beyond financial products.

So this is what's contained in Part 2 of the Financial Markets Conduct Act. And the fair dealing provisions are basically, they're kind of a little bit about price, quality, and certain characteristics of any products that you might be offering. So if you were going out and you know, basically. We're not accusing anybody of or wanting to identify anybody of not dealing fairly with customers.

But if we see issues where prices are being advertised at a certain level, or given to customers at a certain level. And they're not actually being charged that amount. Or if there's issues with the Certain quality or how services that are described. You might fall under the fair dealing provisions.

And if you may, it's taken a number of different financial service providers to court over the last few years in relation to breaches around these and that can result in pecuniary penalties and things like that. So again, just deal with the customers fairly, have a look at what we've got there under the legislation.

And then you're unlikely to run into any trouble here. But it's worth highlighting that, you know, there are consumer protections in this area as well. So basically, if you're dealing with your customers, the first obviously port of call that they're generally going to go through is that dispute resolution scheme that you'll sign up for as part of the FSB registration.

But things could get a little bit more serious. And sometimes the dispute resolution schemes will refer things to the FMA if they think that there are problems in this area. Some other regulations that are really relevant in this space as well is financial advice. So that's something that's relatively new and has come under the Financial Markets Conduct Act as a result of some legislation that was passed in 2019.

Now regulated financial advice is defined in section 431 C of the Financial Markets Conduct Act. It's a relatively narrow definition and there are certain exclusions that are also defined in the Financial markets conduct act as well. Some general advice around this is that if you're simply providing factual information, basically anything that's pure fact, you are unlikely to be providing financial advice to people.

So you can put out information that is purely factual about your products and things like that. But if you're starting to. So if you want to delve into the realms of basically identifying particular products, derivatives, that people want too, that you want to advise and tell people to acquire or sell, you may be coming into this realm of financial advice.

And this requires a license to provide, and there is certain prohibitions around financial advising. Basically people providing this without the appropriate license. The license comes with certain obligations professional standards and things like that. And what we have unfortunately been seeing recently is that there are a lot of people who are out there posting on social media and getting really close or just sort of going over the border over the, of this financial advice type section.

We see this in sort of. Social media posts also there's a lot of activity people might be running basically chat channels telegram things like that and we've received complaints from people who have lost money on the basis of somebody who has you know made a recommendation, and it has sort of fallen under that financial advice kind of definition and that person hasn't been licensed to provide financial advice.

And so obviously that's something that as a regulator, we have to look into and potentially take action on. So I think be very careful about what you sort of post on social media. Crypto, as we see, just generally outside the parameter here, but consider what And it looks like you're talking about in terms of financial products particularly those derivatives there.

Be really careful around basically making recommendations in this area because you could be coming under this financial advice regime and potentially inadvertently, in most cases is what we're seeing here, People just don't know about this breaching and unfortunately, that can lead to responses in the use of regulatory tools.

from the FMA it's not again something that we want to see out there people making sort of moral claims and giving advice when they're not licensed and don't have the appropriate necessarily qualifications or knowledge to do so we want to make sure that people are not being sort of let down and given the wrong sort of financial advice here another disclaimer here is that sometimes we see on social media people will you know Make it, make a little disclaimer.

And sort of say, oh, not financial advice and then proceed to provide financial advice. Unfortunately that, that isn't really an excuse in this case. You can't you know, say, oh, you know, I'm not speeding then drive at 200km an hour, you do need to make sure that you aren't actually doing any of those regulated financial advice definitions that are in that act here.

Because if you do, you could be breaking the law. That's just a warning. Be careful what is posted on social media. Again, FMA's process in this area is generally we want to provide guidance to people. And if people are doing things inadvertently, set them on the right path to either get that license or correct the behavior.

And we're not necessarily wanting to go and immediately prosecute people or anything like that. But if you do sort of see this stuff out there, we also do appreciate being told about it and letting us know. About what's going on. Excellent. So that sort of brings us to the end of the initial part of the sort of presentation here.

Happy to take questions now, or I'm not sure how you'd like to run this, Kevin. If you'd like to go straight into the, DIA is AML, CFT here, or if you'd like, if there's any questions.

[00:21:37] FMA Q&A

Kev: Why don't we do some, some FMA specific questions if anybody's got any. So feel free to stick them in the chat or if you want to come off mute.

I've got a couple but yeah, some of them mostly relate to both. But maybe I'll just ask you, what's, what's the hardest thing that you see business, businesses struggling with in terms of the whole process around complying with regulation and or registering anything like that? Do you see any sort of gotchas frequently happening that, that are worth pointing out?

Jeff: The gotchas, I think probably we covered them a little bit in terms of some of those inadvertent for you people who are not necessarily aware of the regulations that they're potentially contravening. The, the registration process for financial service providers is, is reasonably smooth, I would say.

There's a lot of information out there on the financial service providers website and basically going through that process is shouldn't be too difficult for most people. So that one, you know, Yeah. Nice and easy. Unfortunately again, it's one of these sorts of places where people are really key and they get out there, they've got a great product to you know, go out and bring to market and they don't necessarily get reduced in advance of bringing that to market.

So I would say basically. The best thing to do is to get all your ducks in a row in terms of compliance before you go out and start making an offering to customers. And in those cases, you know, basically the FSP registration, you should be doing that first. Like I sort of mentioned before, we're not looking to crack down and be incredibly harsh on people that have, you know, made an honest mistake.

We'll sort of guide them towards getting registered in the first instance, but we prefer not to have to have that happen. And sort of, it's an indicator that if you're not. You know, taking the compliance seriously, you might not have actually done the research and gone to get that registration done in advance of going to market.

Kev: And you mentioned also the importance of seeking legal advice in certain scenarios. What, what's the order? Should people come to you first or seek legal advice first or doesn't matter or what's, what's kind of the, the, the best process?

Jeff: Yeah, look, we're, we're happy to provide and engage before you seek legal advice.

Obviously legal advice generally does, you know, cost money. So if you want to talk to FMA, get in touch with us first. Now we're not. We're generally going to provide you with strict legal advice. We won't sort of take a position that a lawyer might give to you. But we're happy to provide what we guidance.

So there's a lot of information on our website. We have a specific basically page for crypto asset service providers, which actually provides a lot of information about different types of, sort of digital tokens cryptocurrencies or exchanges, businesses that might be relevant for financial products and a whole section on what might be considered financial services.

I've got that page up here, so I can give you a little bit of a, so, we'll give you a taste of that if you're interested. Hold on. Show the screen again. So with these ones here, basically what we look at is the here we go, this is from the FMA website. So if you come to the FMA website, what you'd want to do is immediately select the finance professionals tab.

And then under that you've got your services tab. Go to this crypto asset service providers page, and there's a whole bunch of information here about exchanges, wallets that custodial services, investment opportunities, and all sorts of other different things. There's also more information on the registration process and other sorts of services that you might provide.

And again, down here, how we can help, we do encourage people to get in touch with us. We're happy to speak to you about, any specific queries and the other sorts of things are is that it's not guaranteed But there are provisions for the FMA to grant certain exemptions in order to promote the objectives of the FMCA Act.

Now that Broad objectives is to promote innovation and flexibility in our financial markets. So what I would say is that if you've got a particular exemption or particular element of the legislation that you are looking to get an exemption for, you can apply to us to have that, basically, part of the legislation waived.

It does need to be a relatively convincing, I guess, application in order to get an exemption here. There's not a whole lot Large number of these are granted, but in a certain cases, we can waive certain elements of the legislation if there is a convincing reason. So it's reasonably broad here. I would say engage with us, we're always happy to provide guidance and advice here, but if you are looking for legal advice, that is something that you want to go to a specific legal provider for.

Kev: And that cryptocurrency page you just mentioned before. Is that the best one for us to link to? Maybe from Web3NZ just to connect people in contextually so that they've got a A good place to go and find information.

Jeff: Yeah, that's a great one for if you're going to engage with the FMA. The DIA probably has their own one as well that they would want linked, but for anybody who wants to engage with us, that's a really great place to start.

Kev: Cool. And then in terms of reaching out to you, again, through that website, there's links to contact, for contact information and things like that. Okay.

Jeff: Yeah, that's exactly right. We also sort of got a interest in the sort of fintech space and what is sort of going on in this area. So we are promoting engagement here.

We have specialists in that area that are very keen to, you know, talk to people in the industry and see what we can do to provide that guidance and advice and give people the best chance of getting compliance sorted.

Kev: Cool. Maybe last question. So that's a good point on the, I think there's a fintech.govt.nz. site as well. Is that the better place for fintech and crypto related companies to go through or is it through, is there any difference in terms of how they reach out?

Jeff: Ah no, no, you can reach out directly through our website. That's probably the best way of getting in touch with us directly there.

Fintech is probably more about more industry engagement and things like that. Generally, if you've got specific queries that are related to your business, come to us directly, I would say.

Kev: All right. Awesome. Thank you very much. We might have some more questions for you a little bit later on, but yeah, otherwise we'll jump over to Rocky.

[00:27:50] Regulatory obligations for VASP

Rocky: Thanks, Kevin. And, and thanks Jeff for that presentation. It is a good leeway for us to move into the AML space my name is Rocky Yuan. I'm the practice leader at the DIA within the A-M-R-C-F-T group. More specifically we obviously, our scope is more specifically in relations to A-M-R-C-F-T rather than the broader aspect of, registration and FSPR as well. So I'll, I'll sit there. I'll leave that for now. So Jeff obviously has covered a lot in respect of the start of the process where entities will go through the FSPR process and register and select their supervisor. What I am looking to try and provide you is, is, The supervisor's expectation in respect of, you know, once you are registered, what are those processes?

What are the obligations fundamentally? It's good to see familiar faces in the room today. Some of the information obviously is well established in some entities. So my, my hope is that it will be able to be generic enough to cover both startups and also entities that are already in the sector.

But equally also have some helpful tips of where the supervisors will focus the areas of of efforts and respect of, and respect of supervision. So just to give you a quick overview of what I'm looking to discuss the risks for VASP, which I think a lot of entities are aware of already but I'll just briefly touch on that.

And then bullet point two, it's more around the specific risk factors that, that we believe the DIA believe that will, will be more relevant in regards to the virtual asset space. are the key vulnerabilities which will link in with the obligations so I'm really hoping to provide more details in regards to the specific focus area that, as DIA will look at in regards to assessments the risk assessment and the AML CFT program are two fundamental documents which I'm Confident that all supervisors will be able to actually communicate and, and have consensus around that is that fundamentally any entities, any reporting entities that are captured and registered will be required to have in written form risk assessment and AML safety program as a document.

So I think that would that would start off with actually providing entities with a fundamental documents and, and steps and policies to ensure that money laundering and versus not to get it. And then number five, key obligations, which I've briefly mentioned, we'll link back into the key vulnerabilities that, that are, that I'll cover, and then just hopefully some key takeaways for those that are, that are in the room.

[00:30:21] Sector risk for VASP

Rocky: So, sector risk for VASP overall, the determination around the sector is that it is high. In comparison to others there are a number of obviously factors that has been considered around that. Equally there are also, I appreciate that there are other virtual asset service providers or some niche, narrow services that may be provided which is less risk.

But in general, across the sector, it is high risk that has been that has been determined. And that's obviously based on both the domestic and international evidence and guidance to the risk, And that sector that obviously includes a number of Other areas such as easy access and geographic spread of VASP services coupled with, you know, their pseudo anonymous nature, and using every, it's basically using every phase of the money laundering and TF process.

A lot of typologies being used in addition to that, I think and as we, as we are well aware across scams, fraud, as well. Obviously an area that, that even though the VASP itself might not be involved, but it is definitely a channel that we have some visibility of, that we are aware of in terms of scammers potentially using virtual assets to funnel funds or transfer funds or move funds across.

So as a result the overall inherent risk is high. I would like to clarify one point specifically, and this is. Obviously I'm talking in regards to AML CFT. It is that virtual asset itself may not be captured under AML CFT, just to provide some clarity. I believe that AML, this might have been discussed in previous presentation by others that have presented here to referee participants, but the key is that virtual assets, even though there is a virtual assets, is the activity of the virtual assets being used or the services that is being provided that is captured. So just because you are a virtual asset service provider, that in itself is not the capture point. The capture point is the activity that is being carried out which is exactly what Jeff has touched on briefly issuing means of payment is actually the actual capture point, not the fact that you have created a token.

So, I just want to clarify that so, hopefully that, that provides some clarity in respect of the DIA's view around capture.

[00:32:37] VASP specific risk factors

Rocky: So, the virtual asset specific risk factors, obviously, Non face to face is a key element of virtual assets. Very often you will engage with customers that you may not meet ever face to face.

This is a risk factor for money laundering and TF risk as customers may hide their true identity to avoid sanctions or other law enforcement related activities, which I'm sure a lot of people are well aware. Virtual asset service providers should also be aware of the risk with customers who are operating as unregistered or illicit peer to peer exchanges.

So that in itself links in with what Jeff was talking about in regards to entities that are operating as a customer of virtual asset service providers, but yet they are actually a business. They're, so they're claiming to be an individual that are just trading, but in fact they're actually providing unregistered services not on FSPR.

Warning signs could include, you know, customers receiving a series of deposits from, you know, various different sources. But these are just generic, generic, generic warnings. And also, you know movement of funds, quite rapid movement of funds from one potential crypto wallet to another and then you can obviously have the tools and the feasibility to of that as a virtual asset, and we would expect you to actually be able to identify that.

Alternatively, you know, customers phone number or email address or actual bank accounts being used if you have, if you provide an on ramp and an off ramp fiat to virtual currency if those accounts are clearly not held by the individual customer that is claiming to be the customer, that in itself might be a flag, so all of those are, are some of the flags that we would anticipate virtual asset service providers to be aware of as a risk.

Virtual asset ATMs or kiosks present a unique risk because they obviously activate the facilitation of virtual assets from a physical terminal so that includes, you know, fiat, The conversion of fiat currency physically going into terminals and then converting that into virtual asset crypto. So, I think those, those aspects are also well known, I think and more common knowledge around risk.

And the final point there is potential customers may be victims of scams involving cryptocurrency. So we are seeing typologies where or we are hearing and we are, we are seeing some where funds are actually channeled through multiple exchanges and the transactions are following through.

There might be a legitimate transaction but equally that On the other side might be a result of a potential fraud or potential scam. So I think it is just something to be aware of in terms of the transactions that is occurring. And under the AML CFT obligation, there is a clear legal obligation for virtual assets to be aware of the business, the nature of the business that they're engaging in, that That the customer is engaging in with and why they're actually conducting the transaction.

So the business in nature area of those is key in regards to assisting the wider AML, CFT and the fraud regime and mitigating that. So I think that that is another area that. I would call out as a specific risk for virtual assets that may, may not be as prevalent in, in other areas.

[00:35:54] Key Vulnerabilities

Rocky: So the key vulnerabilities relevant for virtual assets as part of, you know, the DIA's financial institution sector risk assessment we have identified six key vulnerabilities and high risk factors associated to virtual asset sector.

The first being new payment technology. So new payment technologies some more established than others, obviously can increase the opportunity for money laundering and TF, particularly when they allow criminals to exploit technological developments to break down the barriers posed by international borders to facilitate anonymous payments between individuals.

So technology can be a great help as well and can be accessed remotely anywhere, which, which I think we're all aware in the room and, and can move funds relatively quickly and the re, the reintegration of, you know, potential investors. prices of crime into the financial system is relatively easy so I think that in itself provides that new payment technology area as an inherent risk, which I've highlighted as rear end well, so we would expect Virtual Assets Service Providers from the DIA's perspective to really focus on how, or the processes of potentially being used as an Payment technology for their customers if that is the payment rail that is being used by your customers as a form of payment or transfer.

So that if I leave that the next point is leads into this anonymity and complexity determining and verifying the identity of an individual. Behind the activity and transaction is one of the most important AML CFT measures that is required from the reporting entities. There are obviously technical challenges, which we are well aware of identifying the actual individual that is controlling the transaction.

The wallets or the transactions. But that in itself is a heightened risk and is a vulnerability that we believe that exists. Lack of money laundering and TF awareness, I think that in itself historically is, is obviously more of a challenge for the sector because the entities the sector was new.

There was less probably at the time when the, when the development of this of the sector assessment was done the industry was new. The industry was still exploring, you know, the touching base on other regulatory experiences and also, you know, covering off a number of red tape so to speak to really get into the business.

But what we are seeing in the entity that we are engaging in from a DIA's perspective is that money laundering and TF is actually relatively high. So in saying that there are obviously a diverse This population that the DIA supervise, so therefore the larger entities or the entities that are more well resourced have a great and high level of awareness around money laundering in TF.

Equally, you could have, and we have seen the smaller operators that are more well resourced. really looking to assist and participate in the sector, but yet they haven't actually uplifted their own money laundering and TF risks. So I, I think we are seeing some diverse knowledge gaps around the around the population.

Overall, I think the lack of money laundering and TF risk is, is definitely Not as significant as when the sector risk assessment was determined. Not to the extent, but it is still a risk and vulnerability. International payments, I think I've covered. Obviously the transactions involving countries with limited or no money laundering controls.

We would expect you to have a more intense or more enhanced level of engagement with, with those customers to identify the payments the, the transaction, the transaction. And also the source of funds, source of wealth, where it was acquired where the money came from, why are you transacting, so we will definitely ask you more questions around those international payments.

The use of wire transfer obviously is a decentralized process which moves funds quicker and to the detriment of that is that once the funds But gone, it is difficult for us it is difficult for law enforcement to really identify or trace the funds again. So that in itself is also an area that we are, we are definitely looking at.

That links in with high risk customers and jurisdictions. High risk customers is obviously determined by different types of entities and different entities have different risk profile for customers. So I'll touch on the risk assessment. It is very important for, for a virtual asset service provider to really hone in on when a situation or when a transaction is higher risk in comparison to other transactions that you conduct.

The reason for that is because we want entities, we want even startups to really focus, especially with the limited resources, really, really focus on the areas or high risk customers that you believe are the bad actors. I think that in itself is a starting point that we, we, we would really appreciate that we appreciate that obviously resources is limited, but You need to have the mechanism and the foundation to identify those transactions and then focus your area and focus your compliance area on those.

Finally, there, there is obviously the high the PEPs area and also the high wealth individuals. So politically exposed person there, there are potentially customers that are politically exposed and therefore the use of virtual assets is also important for them to actually track, Transfer funds we're not saying that politically exposed person is, is always going to, or potentially is dealing with criminal proceeds, but there is a higher chance of, or a higher risk in comparison to other customers, so we would expect, and, and in the Act, politically exposed person triggers an enhanced level of due diligence explicitly.

High wealth individuals is not so much but obviously high wealth individuals transaction is more likely to be larger and therefore links in with more potential risk of funds going through that may be part of criminal proceeds as well.

[00:41:48] AML/CFT Risk assessment

Rocky: What do you need to do if you're starting up and what do you really need to actually cover off as a start? And hopefully this will kick off your process. The first thing you need to do is appoint an AML safety compliance officer. If you have no employees, Then that might be yourself if you're a larger entity, which I'm aware of, that, that some of you are on this call now you might have a compliance function that, that has a compliance officer.

The compliance officer plays a key role. The compliance officer is, is the person that's responsible to oversee the whole process of conducting CDD, of identifying flags, of potentially filing SARs, suspicious activity reports. So a lot of the key obligations rest with the compliance officer. And also, the important point is, they need to understand the risk and context.

So as a starting point, I think the important starting step is to appoint a compliance officer. The next step in our view is that you need to conduct a risk assessment, which is what I've briefly mentioned, to identify and determine the money laundering risk that you may encounter. That definitely will vary between different customers you might have sorry, different entities.

And that may include large corporate customers, or some might only deal with smaller, you know, smaller customers at a non wholesale level. So you've got the wholesale customers and then you've got the retail customers as well. So it really depends on the business so therefore you need to really conduct a risk assessment to cover that off.

And then You need to then develop and implement a program that contains procedures, policies, and controls to mitigate the risk. So once you've identified the risk, what is the process, what is the policy that we're going to do it, and what are the controls to ensure that we have done those procedures in accordance with the policy.

So I will touch on each of those. Now, so in terms of the AML CFT risk assessment legislatively, I didn't put the reference in like Jeff, I, I think it might be useful, but all of these are actually matched to the actual legal legislative obligation under the AML CFT Act. The AML, CFT, risk assessment is how your business may you need to identify how your business may be vulnerable to money laundering and TF risk.

And you must consider, and I need to highlight the point, you must consider the following points. That includes the nature, size, and complexity of your business, which is what I've briefly touched on in terms of the size, in terms of how big, in terms of who your customer, who you're going to deal with, in terms of how your compliance function is going to sit, is it actually going to be liable.

Large enough, or is there enough transactions that you will require a, a separate compliance function? Is one compliance officer enough or do you need financial analysis or, or you need more analysis to be done to ensure that you cover off all the transactions that is performed through your business.

So that in itself as starting point is something that I think you really need to sit down and, and, and consider as part of your risk assessment. The products and services that you offer, which I think is, is also very, very important because you may only offer transferring value, i. e. I might just only transfer from virtual to virtual.

So someone might come to me with Bitcoin and they want some alternative coin, say FIFA or Selena. So that might be the only product that I offer, but equally some other. Providers, other businesses, might offer a fiat component and on ramp and off ramp component as well. So therefore you have added risk or there's a different dimension of the risk in terms of if I'm actually accepting fiat money, i. e. the real cash, or how is that process going to work. So that in itself is the third bullet point on how you're going to deliver your products and services. How would I deliver the service that I'm offering if I'm just providing an exchange. Am I just going to use a third party provider to accept the money, and then I would then transfer the wallet, or am I going to actually have that in my personal account?

Who am I going to deal with? Am I going to use ATM potentially? So those are all. areas that you need to consider in terms of how you deliver your products and services. The customers that you deal with, obviously, is a key point. Do you deal with retail customers, wholesale customers? Do you deal with overseas customers?

Given the borderless nature of this, do you accept customers that are based in other jurisdictions despite the fact that you are actually providing the service from within New Zealand? That in itself is also obviously something that you need to consider and that links into the next point, which is the countries that you deal with.

So if you open that up in terms of we are going to provide services to more than one jurisdiction in addition to New Zealand, obviously it's going to have a risk. The other point is, am I going to provide services to or send funds to other countries? Now I appreciate there's technical difficulties in regards to identifying whether or not which country you're dealing with.

But it is something that you will need to consider is that do I need to actually prove where the wallet holder is actually at? Which I'll touch on later on. Or, or it is something that you will need to actually think about in terms of, despite the fact that obviously there's a borderless element in the virtual asset space.

And the final point, the institutions you deal with obviously you might deal with the institutions like. The banks, despite the fact that obviously this is a decentralized process. Or you might deal with third party providers. You might outsource or you might get an agent to conduct CDD for you.

You might deal with entities that are more specialized in identifying transactions on the blockchain. So therefore, your ongoing monitoring or account monitoring might be outsourced to a different entity. Your, your, potentially your travel rule obligations that will be coming in in June might be outsourced.

So therefore, you need to consider The risk assessment and the risk associated to those entities that you are engaging with to assist you with meeting your obligations as a reporting entity.

[00:47:50] AML/CFT Programme

Rocky: Once you've determined all of that element, you are then required to develop a program. The program, Specifically is outlined by three parts in my view, and that's really to identify procedures, policies and controls.

You are required to outline what's your policy in regards to certain situations, what is the procedure in terms of what you will do in those circumstances, and then lastly, how do you mitigate that risk. By actually having controls in place. There's no point in having policies and procedures in place when you have no control.

Therefore you won't even know exactly whether or not the policy has been adhered to and the procedures have been followed. So I think that in itself is the program aspect of that and you are required to really cover that off. The program itself covers a number of elements and I will list some of the key elements in this slide.

[00:48:48] Key Obligations relevant for a VASP

Rocky: So there are a number of key obligations that you will need to cover under the AML CFT Act and you would obviously cover a lot of these that are listed on the slides in your program. I have included IVCOP, which is Identity Verification Code of Practice. The reason why I've included this is more the other way around, not because is to bring your awareness around this rather than actually having you to focus your resources around the IVC OP, but it's to bring your awareness around this. The clarity and the point that I want to flag around Identity Verification Code of Practice is that it only applies in situations where it's low to medium risk. So I think it's very important for, there's a misconception that if I, if I comply with The Identity Verification Code of Practice, that is a code, and if you comply with the code, you are safe, you, you, you benefit from a safe harbour of actually meeting your obligation under the AML CFT Act, but there is a key element in that, and that is that it does not apply to high risk situations.

So if you have determined that a customer is actually high risk that the safe harbor rules under the I-V-C-O-P is not you're not going to benefit from the safe harbor rules. So that's, that's the reason why I, I flagged that in, in this slide. The second point, which I think I've briefly touched on, is the new or developing technologies products that may favor anonymity. From a DIA's perspective our view is that virtual assets are new or developing technologies, and it will fall into that category. So therefore our expectation is that you will have policy procedures and controls in respect of actually ensuring that you have the ability to identify the individuals.

And that in itself is obviously a risk based and that in itself also is an important point for different businesses to take into consideration their risking context in terms of how they actually mitigate that risk. The ongoing CDD and account monitoring aspect is important because we know that transaction flows through, there's significant amount of transactions that are flowing through virtual assets and it's important for Virtual asset service providers to really have the ability to reconstruct transactions and to flow through the transactions And also to identify behaviors that may not reflect the business and nature That they hold and they understand the customer on.

So if a customer has provided a view of this is what they are going to do We're just going to do one or two transactions a month because I'm Just really keen on buying a little bit of whatever altcoin that might be available and it's just purely for fun for small amounts. Suddenly there's significant amounts coming in, suddenly there is transfer of different wallets into different areas.

We would expect you to ask the question why there's a sudden change and do you understand that the nature and the purpose of the engagement has changed? So you will need to have the ability to identify those in terms of those accounts. Wire transfer is, is, is definitely a contiguous point a, a, a, a complex area for virtual asset service providers.

Which is what I've touched on at the end of this month. There will be a new regulation that will be in act to ensure that New Zealand aligns with the FATF recommendation and respect of the travel rules. The travel rules, which I hope a lot of you might be aware is is in short wire transfer obligations where you will need to be able to identify the originator, your role as an ordering intermediary or beneficiary institution, and then finally also the beneficiary.

So, I think the important point is that you will be if you are wanting to start off as a virtual asset service provider, you will need to have the. PPCs, policies, procedures and controls to ensure that you meet the wire transfer obligations. As a collective and as Jeff has said the supervisors are providing a lot of education and guidance around this.

So, as a start, we will engage with entities and we will work with entities to try and comply with this wire transfer obligations, and we will, By all means, provide guidance as we can to assist with complying with that. The second to last point is prescribed transaction reporting. That equally is, is, is, We are providing clarity around that because in June, same period the end of this month the intermediary institution, if you are aware from an AML perspective, has been lifted, so therefore, if you are an intermediary institution, you will be, you will also be To be required as part of the wire transfer to file a PTR to the FIU.

And, and lastly suspicious activity and transaction reporting that, that's obviously very important. If you believe that transactions are suspicious, and if you have areas that you think raises concern, you should, and you are legally obliged to actually file a suspicious activity report to the financial intelligence unit.

The key point that I will raise there is the suspicious activity reporting obligation Is an objective test. So therefore it is important for you to understand that. It's not so much as in I don't think that that is suspicious and therefore I didn't file. It is an objective test Therefore someone coming in looking at the transaction if it is determined from an objective perspective that that transaction should have triggered suspicious activity Reporting then you have an obligation So that's just something that I just want to call out.

[00:54:17] Key Takeaways

Rocky: Key takeaways as a starting point I think you need to appoint a compliance officer as a start. Once you appoint a compliance officer, be it yourself or an employee you, you, you. You should probably, and you will need to, legally develop a risk assessment, AML CFT risk assessment, and also an AML CFT program.

Number four is very useful because the content that I have presented on, majority of that is actually driven and derived from our guidance, and also guidance developed by The triple branded FMA and also RBNZ and the DIA and also obviously DIA specific sector related guidance. So I would strongly, strongly recommend you to review the guidance published by the supervisors.

There is a specific guidance provided for or there's a specific page And the DIA website for virtual asset service providers, which I will strongly encourage you to actually visit. There is also specific sections around virtual assets. That is actually on that page for you. Engage with the DIA or FMA, whoever it may be, really.

I would say to really seek some clarification around your potential obligations. And really clarify what you should and what you should, or what you don't need to do, potentially. To, to cover up, to cover up your obligations. By all means, I can only speak on behalf of DIA. We are not trying to force compliance onto individual entities.

Our view is that we're trying to assist you to comply with the legal obligations that you have. There is no meaningful way to say that, there's no purpose for us to really say, you need to focus and you need to conduct CDD on everything and you need to conduct eCDD on every single customer because our view is that picking a risk based approach is that you need to focus on the areas that is highest risk for your business and to mitigate the money laundering and TF risks in a meaningful way.

So that by all means is the message that I'm trying to provide you. And then finally which I think has been briefly covered by Jeff, is really seek advice if you don't understand your obligations. From a timing perspective which I'll address now that Kevin has asked we, we don't have a specific preference on whether or not you want to engage with us or your legal advisors first, but it is definitely important that you get advice from, from your supervisor or from this forum or from Your legal representative.

Cool. So that's all the presentation I have happy to take any questions if I could.

[00:57:01] Q&A

Kev: Cool. If anybody wants to jump off mute, feel free, or stick things in the chat. Otherwise, I'm just going to do my normal thing and start asking questions. So maybe have a think. So one question from me how have you seen analytics in this space come into I guess this assist against things like money laundering and, and financed terrorism and things like that.

So chain analysis, being able to, I guess, trace and track, you've seen quite a few individual analysts as well, starting to be able to track stuff like that. Has that been helpful? Useful in this context in terms of being able to identify those types of activities.

Rocky: That's a good question. And yes, we have seen large providers being used to follow transactions, to chase transactions, to show the ability of potential unusual transactions that are flowing through the blockchain.

So we have seen. The fact that these third party providers are useful but equally, it is not a legal obligation to use third party providers, which I'll clarify because of the resources that is available we're talking about smaller firms or smaller businesses that are starting up as well obviously your larger firms and, you know, with the volume of transactions, these analysis will be very useful and key but If you have a smaller volume of transactions, I think we would understand that you may not engage with some of these third party providers, but that doesn't mean that your obligation is different.

You'd still have an obligation to really monitor those transactions and provide that reconstruction as required by the Act. So it is more of a context issue rather than Rather than not adopting it. But to answer your question, Kevin, I think, which is a good one those third party providers are definitely providing a benefit in regards to providing more transparency though, for those transactions.

Kev: Cool. And you mentioned a way for people to. Or that there's an objective means of determining suspicious activity. Is there somewhere somebody, where somebody can go to sort of understand what that objective assessment is and, and not make it subjective? Like just, just trying to understand what's, if we say it's objective, then there should be some rules around, you know, determining that this was suspicious activity.

Rocky: Yeah, so we've provided guidelines in respect of suspicious activity reporting as a start, and equally, we would expect you to consider the flags that obviously have been that is publicly available. So if we flagged, and there are areas in terms of, you know the Objective flags such as refusing to provide information or the common knowledge of, you know, I'm transacting to 10 different wallets, but I'm not telling you why and I'm using one as a start when I signed up to the service, but yet I'm actually engaging in Multiple different wallets or multiple different sources now, instead of actually me just paying you from one single bank account.

Now I'm actually depositing from a random bank account. Those are those flags I think will be the key as a starting point. So I think those will be a good starting point as a, as a useful. Tool to really clear your obligations around that.

Kev: And then maybe, yeah, probably just my last question, how are you approaching scenarios like decentralized exchanges? So we talked about, you know, obligations to, to report suspicious activity and to understand identity of, of customers and things like that. Obviously DEXs and things like that create a different, scenario where there's, there's, you know, they're not operated centrally.

What's the DIA's kind of approach to that sort of technology?

Rocky: The decentralized process, basically, to be honest, if I take this back to fundamental we treat all sectors the same. So therefore our expectation is the same, that you will be able to identify the transactions. You will be able to reconstruct the transactions.

You will be able to identify the customers, what the purposes was. and follow through the process. Now it is up to the entity to really show us that and the legal obligation in our view is that it is up to the entity to actually say that they have met the actual legal obligation. We will work with the entity by all means.

We're not going to as Jeff said, to, to say that, hey, look, we're just going to come in to say, look, this is what we are seeing from the more. Established financial institutions or, or that sector, which has been around for a much longer period of time and it's much more centralized and, well, it is centralized but the rules are the same that we currently play with at the moment and so the AML CFT Act, the, the, the regulations that we're trying to introduce is, is really trying to provide clarity that Even though you're, whether or not you're operating as a centralized or decentralized process our the obligation fundamentally is the same under the AML CFT Act, and, and that's how we will approach it, and we will work with the entity to actually provide that.

Kev: Okay, cool. Yeah, I'm just, just looking at sort of scenarios in the U. S. like Tornado Cash and Wasabi Wallet and some of those where they've kind of, you know, It's software at the end of the day, obviously hosting it is different. If you're a actively involved as an entity, kind of doing activities that are deemed to be illicit versus people that are producing software.

That have used it in certain contexts. So yeah, just interested to see from a New Zealand lens, how that's, that's sort of being interpreted as well.

Rocky: Yeah, I'll quickly address that. I think obviously we know that there are a number of institutions, well sorry, there are potential bad or more riskier institutions and, and potential services that are actually provided.

So therefore I think this should be reflected in your risk assessment as part of your AML CFT. framework for your entity and we would expect you to include that in terms of if you are using various wallets or that you believe is higher risk. So instead of just using a hardcore wallet, you're actually using a third party wallet that, that may actually be a higher risk.

It in itself is a higher risk. It is, it's out there. So it is. We, we would expect that to be reflected in your risk assessment.

Paul: Hey just a question for both of you really. When you're evolving your thinking, your regulatory thinking, how much does what's going on in the rest of the world in terms of the regulatory stuff, particularly Australia, play in your thinking and what you do and all that sort of stuff?

Jeff: I'm going to jump in here first, Rocky. So the FMA does sort of monitor what's going on in the wider sort of world, and we have a number of international agreements that go beyond kind of what just crypto sort of deals with, particularly in terms of what's called IOSCO or the International Organization of Securities Organizations.

So there's a number of I guess. International standards that in particular, IOSCO are promoting heavily at the moment. And so New Zealand is responding to those and that will drive policy development. Ultimately as a Crown agency, we provide opinions basically to government, to our legislators on what we think the legislation will be, but we don't necessarily set the legislation ourselves.

We sort of basically just will take what is given to us and try and apply that. In the best context with the purposes of the act and the purposes of the FMA our main objective has set out in our act, which is to promote fair, efficient and transparent basically financial markets in New Zealand.

So we try and do that. Yeah, so the way that that's done is with the legislation that we've got that's going to involve in a lot of cases following international best practice. I'm guessing possibly what you're referring to in Australia is the sort of upcoming licensing regimes and things like that, which they're looking at for some of their so you're probably aware that That's not a requirement in New Zealand currently I think discussion papers and sort of policy advice that's been given to government has hinted that that's probably the direction that New Zealand would like to proceed down we've also been seeing this from sort of industry where they're saying, you know, this is where globally things are going and so, you know having a licensing regime in New Zealand might help facilitate New Zealand entities with international business.

Currently, there is no legislation for that in New Zealand but I would not be surprised if we see it in the future. But yeah, basically, we will give policy advice, we'll try and do what we can in terms of applying international standards in New Zealand, but we have to do so within the bounds of our own legislation.

So that's something for the legislators in parliament to either give us or make decisions about.

Rocky: Thanks Jeff and that's useful. Thanks Paul for the question. I think that is an interesting question and a useful question to ask. We work very closely with OSTRAC who is the supervisor for virtual assets.

They call it DCEs Digital Currency Exchanges across Australia. Our operational relationship is very good with Australia to, to understand the processes and the context. This might lead on to the next question around the, the potential issue or summarize issue of jurisdictions that are not implementing travel rules.

But despite the fact that New Zealand is actually implementing the travel rules, which. I think you might be intending to add that too, Paul. I think it is something that we will take into consideration from a supervisory perspective. It's not just obviously Australia that is one of the one of the countries that's does not have travel rules.

There are other jurisdictions that may not have travel rules. So I think it is something that we appreciate and we acknowledge from a supervisory perspective. It is something that is to act in terms of the New Zealand regulation and, and we do have the travel rule obligations in place. More broadly speaking, do we actually at a operational level work with other agencies?

We do. Obviously New Zealand is part of the 5 Eye Connections as well. So therefore we do have connections in regards to other jurisdictions from a supervisory and operational perspective. From a policy perspective we also do similar to what Jeff has said from an AML perspective around taking consideration of what other jurisdiction have done and what possible benefits or, or there's anything that we could take and use and share our knowledges as well across not only New Zealand and Australia, but also the Pacific jurisdictions as well.

Paul: Yeah, cool. Hey, can I, can I just say, look, cause I possibly one of the few people who run businesses in multiple jurisdictions by the access we get to regulators. It's unbelievable, like it's really, really helpful and I think our working relationship stands out and, and I'm, I'm looking at Australia, I'm looking at America, you know, I just don't see it elsewhere.

So I really do appreciate you guys doing what you do and turning up to forums like this and being approachable to companies like ours. Right. And so I just wanted to thank you for doing that. And I really appreciate the response on that. That's really helpful too. So thank you.

Harry: Yeah, thanks for the presentation guys, really informative. And yeah, my fellow Paul, this is awesome that New Zealand gets to have this sort of transparency. I was just wondering, obviously this is in the context of organisations which are classified as VASPs.

You know, I'm interested in your guys perspective just on general peer to peer crypto trading between individuals such as through Facebook groups or other platforms.

Jeff: Yeah, I'll go again Rocky. So that's really not something that's particularly well covered by New Zealand legislation currently. I think in terms of the, the trading there, obviously what we want to do from a consumer protection perspective from FMA is just to make people aware of, you know, Risks around that.

Obviously, if you're not dealing with a business, if you're dealing with a peer to peer exchange, you might not have the recourse of a dispute resolution scheme or some of those other channels that there might be to resolve things. If things go sideways for one reason or another. Currently, that's a little bit of a wild west kind of area for New Zealand is that you know, there's, there's, it's a, it's a not a lot in terms of, as a regulator, at least for the FMA, we can, we can do in that space.

Rocky: Thanks, Harry, for that question, and I think that's a, that's a, again, a good question around supervisory. Our supervisory aspect obviously covers the entities that are already captured under they're all classified as a FAFSA. I'll clarify also is that from our approach, the, the FAFSA actually falls into a financial institution, which links in with the FSPR.

So our view is that if you are taking an order, if it is in your ordinary course of business, that you are actually trading, transferring, and that you are actually providing that service, even to some extent remitting. If that is the reason why you're actually providing that service, even though you are let's say peer to peer it is possible, and do clarify me if I'm wrong on this, Jeff, is that an individual could be providing a financial service from an AML perspective by all means, we, we think that an AML an individual could be a reporting entity if you're just using your sole trader name to provide a capture service.

So I think it's just something that if you are providing that service that you need to be aware of.

Harry: Well, yeah, thanks for that. I'm sure you guys will update us if anything changes. Thanks.

Kev: All good. Any other questions? What we'll probably do as well is we've got some links that I've posted in the chat there. Based on both Jeff and Rocky's suggestions on how you can find out more from the FMA and DIA and also reach out to them. We'll connect that up via the link, the web3nz.xyz resource page as well. So that we've got more of a direct linkage in there for the people to stay in touch. Obviously there's other pages and areas as well, like IRD that, that, that will also link to as well. So we've just got sort of one central place for, for information, but yeah, just lastly, I will share that page share screen.

So if you could just zap that on your phone, fill that form out, or I posted the link in the chat before as well, we'd really appreciate your feedback. Otherwise, thank you both to Rocky and Jeff for making the time, really appreciate the effort obviously there's been a while in the making but yeah, Being able to make yourself available, as Paul mentioned is something that's pretty unique to New Zealand and it means that we get more business opportunities based on businesses getting access to the information that they need without trying to scramble across a million different places, which can be tricky when you're, you're getting going.

So thank you again for, for making the time. Thanks everybody for, for joining we'll share this session on the recording on the circle page and also on the homepage as well. And otherwise have a good Thursday and we'll speak to you soon.