Comparative Analysis: FATF 2015 vs 2019 vs 2021 — The Progressive Shift of the Regulatory Burden in Virtual Asset Governance

Between 2015 and 2021, FATF moved from a narrow, money-centric view of Bitcoin-like systems to a broad, ecosystem-level conception of virtual assets and service providers. This shift progressively relocates compliance burdens from states and banks to a diffuse set of actors embedded in decentralised networks.

The Financial Action Task Force (FATF) has been at the forefront of global regulatory responses to the rapid rise of crypto-assets. Between 2015 and 2021, its treatment of virtual assets evolved dramatically, reflecting deeper transformations in both technological architectures and policy objectives. While early FATF guidance maintained a cautious, exploratory posture, later iterations revealed a decisive shift: the progressive transfer of regulatory burden from states and traditional intermediaries toward a broader range of actors embedded within the crypto-ecosystem.

This doctrinal evolution—from the 2015 typologies report, to the 2019 comprehensive Guidance on Virtual Assets and Virtual Asset Service Providers (VASPs), and finally to the 2021 updated guidance—illustrates how FATF adapted its framework to confront emerging challenges such as decentralised finance (DeFi), peer-to-peer transactions, and the absence of identifiable intermediaries. The trajectory reveals not only an expansion of the AML perimeter but also a redefinition of what constitutes a “service provider” in an increasingly decentralised environment.

This article offers a comparative analysis of FATF’s 2015, 2019, and 2021 frameworks. It argues that the evolution of FATF guidance reflects a progressive externalisation of compliance obligations—from narrowly defined custodial actors to a diffuse set of participants whose roles blur the traditional boundaries between infrastructure, service provision, and governance. This evolution captures a deeper regulatory shift: the attempt to reconcile AML law, which presupposes the existence of responsible intermediaries, with decentralised systems designed to eliminate those very entities.

I. FATF 2015: A Cautious, Technology-Specific, and Money-Centric Approach

The 2015 FATF report on virtual currencies represented the organisation’s earliest systematic engagement with crypto-assets. Its conceptual foundation was deeply rooted in the perception of Bitcoin as an alternative monetary instrument used primarily for illicit transactions. This framing shaped the report in three significant ways.

First, FATF treated “virtual currencies” as monetary analogues, focusing on their ability to function as media of exchange rather than as multi-purpose digital assets. This monetary lens narrowed the scope of regulatory concern to payment-like activities, reflecting the technological and market realities of the time but failing to anticipate later diversification.

Second, FATF emphasised centralised points of control, particularly custodial exchanges. Compliance obligations were conceptualised around intermediaries—operators of wallet services, exchanges converting fiat to crypto, and custodial platforms. These actors were understood as natural chokepoints capable of conducting due diligence and monitoring.

Third, FATF’s regulatory model remained largely state-centric. It encouraged jurisdictions to regulate custodial service providers, but did not propose a comprehensive global standard or an integrated VASP framework. The focus was on establishing minimum requirements while recognising the nascency of the sector.

In sum, FATF’s 2015 approach was exploratory, bounded by assumptions inherited from traditional finance, and relatively narrow in scope. It did not yet recognise the systemic transformations posed by decentralised systems.

II. FATF 2019: Expansion to the Virtual Asset (VA) and VASP Framework

The 2019 FATF Guidance marked a turning point. It represented a comprehensive attempt to harmonise global AML standards for crypto-assets by shifting from the earlier concept of “virtual currencies” to the more inclusive and technologically neutral concept of virtual assets (VAs). This conceptual reorientation was accompanied by the introduction of Virtual Asset Service Providers (VASPs) as regulated entities.

1. From virtual currency to virtual asset: broadening the perimeter

The definition of a “virtual asset” expanded regulatory coverage from exclusively monetary instruments to a vast array of digital representations of value. This shift captured ICO tokens, utility tokens, governance tokens, and a wide spectrum of assets with financial or hybrid characteristics. FATF explicitly acknowledged the multifunctionality of digital assets, moving beyond the early monetary paradigm.

2. The VASP model: institutionalising responsibility

The 2019 guidance imposed AML obligations on VASPs, including customer due diligence, Travel Rule compliance, suspicious activity reporting, and registration or licensing. The scope of VASP activities was defined broadly, covering exchange, transfer, safekeeping, and administration.

This represented a major broadening of the regulatory burden: whereas the 2015 framework targeted custodial exchanges, the 2019 model embraced a wider ecosystem of intermediaries.

3. The implicit persistence of centralisation assumptions

Despite the broader scope, the VASP model still assumed the existence of identifiable operators. FATF acknowledged decentralisation but maintained that many ostensibly decentralised systems retained “owner/operators” who could be held accountable. The regulatory burden thus expanded horizontally but remained tied to institutional logic.

III. FATF 2021: The Attempt to Capture Decentralisation and Reallocate Responsibility

The 2021 update to the FATF Guidance marked a critical shift. It confronted DeFi, DAOs, DEXs, unhosted wallets, stablecoins, and cross-chain risks. The conceptual tension between decentralised architectures and AML enforcement became explicit.

1. The “owner/operator” doctrine expanded

FATF sought to address decentralised applications by asserting that actors with “sufficient influence” over a protocol could be classified as VASPs. This expanded the regulatory burden to:

• developers with residual control;
• interface operators;
• governance token holders exercising voting power;
• entities providing ancillary functionalities.

This represented a conceptual attempt to reconstruct intermediaries where they were absent—a significant shift from the 2015 reliance on custodial actors and the 2019 reliance on identifiable service providers.

2. Growing emphasis on Travel Rule enforcement and cross-chain risks

FATF recognised that illicit finance increasingly exploited:

• DeFi protocols;
• cross-chain bridges;
• privacy coins;
• mixers.

This recognition led to heightened pressure on VASPs to monitor, trace, and mitigate risks associated with actors beyond their direct control. The regulatory burden thus intensified, extending not only to VASPs but also to the broader technical environment surrounding them.

3. The shift toward market-wide responsibility

The 2021 guidance introduced the notion that compliance responsibilities might need to be distributed across participants, including:

• stablecoin issuers,
• governance structures,
• entities involved in protocol maintenance,
• software providers in certain contexts.

Though FATF stopped short of imposing full AML duties on developers, it signalled a willingness to attribute responsibility to actors previously considered outside the regulatory perimeter.

This represented a decisive step toward ecosystem-level compliance, breaking with the earlier assumption that only custodial or primary service providers bear AML obligations.

IV. Comparative Analysis: Shifting the Regulatory Burden Across Three Phases

A comparative evaluation of FATF’s 2015, 2019, and 2021 frameworks reveals a clear trajectory: the progressive expansion and redistribution of regulatory responsibility.

1. From a narrow to a broad definition of regulated assets

2015: virtual currencies (monetary)
2019: virtual assets (multi-functional)
2021: virtual asset ecosystems (contextual and system-wide)

The broadening of asset definitions enabled the FATF to extend AML duties beyond currency-like tokens to encompass nearly the entire digital asset landscape.

2. From custodial to multi-layered service providers

2015: Custodial exchanges and wallet providers
2019: A wide range of VASPs
2021: Actors with influence over decentralised systems

The emphasis shifted from entities with custody to entities with functional relevance, even without direct control.

3. From entity-based to ecosystem-based accountability

2015: Obligations attached to operators
2019: Obligations attached to service providers
2021: Pressure to extend obligations to developers, governors, and interfaces

The regulatory burden gradually migrated downward into the infrastructure layers of decentralised systems, albeit without explicit and enforceable obligations.

4. From state-centric to global and cross-chain enforcement

2015: National regulation of exchanges
2019: Global Travel Rule implementation
2021: Cross-chain and DeFi compliance expectations

FATF’s expectations evolved from territorial supervision to the ambition of global, interoperable traceability.

V. The Implications of the Progressive Burden Shift

The evolution of FATF guidance has significant implications for the future of crypto regulation.

1. Conceptual tensions increase as decentralisation deepens

The more FATF attempts to capture decentralised systems within AML norms, the more apparent the conceptual mismatch becomes. VASP-based obligations presuppose operators, but decentralised systems lack them.

2. The risk of overextension and regulatory fragmentation

The “owner/operator” doctrine risks expanding AML obligations to actors who lack capacity to comply, such as developers or governance token participants. This may lead to selective enforcement, regulatory uncertainty, or chilling effects on innovation.

3. Structural limitations of AML frameworks

The evolution from 2015 to 2021 reveals that AML frameworks are structurally constrained by their reliance on intermediaries. Decentralised finance challenges this logic by eliminating or dispersing intermediaries.

4. Potential shift toward new paradigms

FATF’s trajectory suggests an eventual transition toward:

• cryptographic identity systems;
• algorithmic risk scoring;
• compliance at the user or interface level;
• hybrid centralised–decentralised regulatory models.

Thus, FATF’s burden shift may foreshadow deeper shifts in AML methodology.

Conclusion

Between 2015 and 2021, the FATF’s approach to crypto-assets underwent a profound transformation. Initially focused on virtual currencies and custodial intermediaries, it expanded toward a broad ecosystem of virtual assets and service providers, culminating in the tentative attempt to encompass decentralised actors within a VASP-like framework. This evolution reflects a progressive shift of the regulatory burden, driven by the recognition that illicit finance increasingly operates through decentralised systems that lack identifiable custodians.

Yet this shift reveals a deeper tension: AML frameworks are premised on institutional structures that decentralisation dissolves. The FATF’s successive refinements illustrate both the ambition to extend compliance obligations and the structural limitations of doing so within a paradigm designed for centralised finance.

In the long term, the evolution from 2015 to 2021 suggests that AML regulation must adapt not by stretching intermediary-based models to their breaking point, but by reimagining compliance through distributed, technologically grounded mechanisms that align with the decentralised architecture of modern digital asset ecosystems.

Key takeaway. FATF’s journey from 2015 to 2021 is not just about redefining “virtual assets”; it is about progressively relocating AML responsibility into the heart of crypto infrastructures, exposing the limits of intermediary-based regulation in a decentralising world.