EU regulators unveiled a broad package of legislative proposals to strengthen its AML/CFT laws, incorporating the Travel Rule and AMLD6.
A new law proposed by the EU would force all crypto asset service providers (CASPs) that engage in cryptocurrency transactions within the EU to become KYC (know your customer) compliant and traceable. This is the latest in the EU’s efforts to regulate the cryptocurrency industry.
On July 20, 2021, the EU published its legislative package on anti-money laundering and counter-terrorist financing (AML/CTF). The package consists of four proposals, one of which is the implementation of the Financial Action Task Force’s (FATF) Recommendation 16, otherwise known as the ‘Travel Rule’ into EU legislation.
The EU regulator’s efforts are a strong response to the emerging challenges linked to technological innovation, in particular, the crypto asset sector with its gray areas and lack of clear and cohesive current regulation.
The EU’s AML/CFT rules currently only have a few categories of CASPs in its scope, however, the new measures will widen the net and extend to the entire crypto sector, obliging all crypto service providers to undertake the necessary due diligence on their customers.
Regarding the new regulation proposal, the EU commission stated that:
“Today’s amendments will ensure full traceability of crypto-asset transfers, such as bitcoin, and will allow for prevention and detection of their possible use for money laundering or terrorism financing.”
The 4 New Legislative proposals
- Regulation establishing a new EU AML/CFT Authority;
- Regulation on AML/CFT, containing directly-applicable rules, including in the areas of Customer Due Diligence and Beneficial Ownership;
- Sixth AML/CFT Directive (“AMLD6”), replacing the existing Directive 2015/849/EU (the fourth AML directive as amended by the fifth AML directive), containing provisions that will be transposed into national law, such as rules on national supervisors and Financial Intelligence Units in Member States;
- revision of the 2015 Regulation on Transfers of Funds to trace transfers of crypto-assets (Regulation 2015/847/EU).
EU Regulatory Proposal’s 4 Big Takeaways
All wire transfers within the EU bloc are already subject to the FATF Travel Rule. However, according to the proposal, the cryptocurrency wallets of both the sender and recipient of any cryptocurrency will also need to be KYC compliant. Key takeaways from the proposal include:
- The new regulation will make it illegal to own pseudonymous cryptocurrency wallets within the EU. However, the regulation will not apply to person-to-person transfers.
- The regulation will transpose the FATF Travel Rule directly to EU Member States, meaning there will be no need for each state to implement it into national law.
- The new regulation will apply to all CASPs, which have a wider scope of services than FATF’s VASPs (Virtual Asset Service Providers).
- In order to be KYC compliant, anyone wanting to send cryptocurrency will have to provide their full name, address, date of birth, place of birth, and account number to their service provider.
What are CASPs?
CASP stands for Crypto Asset Service Provider, whereas VASP refers to Virtual Asset Service Providers.
Unlike FATF, which consistently uses the term VASPs, this latest EU regulatory proposal specifically applies to CASPs. The term was introduced by the Markets in Crypto Assets (MiCA) regulation, which is still in the draft stage.
According to the MiCA draft, the term CASP will encompass FATF’s VASP definition as well as go over and beyond their scope. MiCA refers to CASPs as being “any person whose occupation or business is the provision of one or more crypto-asset services to third parties on a professional basis”.
The proposed requirements for CASPs
As well as all EU wire transfers, which the Travel Rule is already transposed on, the new regulation will also apply to all crypto-asset transfers between a CASP and another obliged entity (such as a bank or other financial service provider), or between two CASPs.
CASPs must ensure that the transfer is accompanied by the following details of both the originator and beneficiary of the transfer:
- Full name
- Account number – this can also refer to anything that identifies the transaction on the blockchain
CASPs are also required to accompany the following details of the originator of the transfer:
- Identification number
- Customer ID number, or
- Date and place of birth
For transfers below or equal to 1000 euros, CASPs of the transfer originator may choose to provide a reduced scope, which includes just their name and account number or transaction identifier.
The CASP of the transfer beneficiary is also required to implement procedures to ensure that all required originator information is included in the crypto-asset transfer and that all information is reliable and accurate.
The proposal also notes that GDPR provisions will apply to CASPs with regards to all personal data handled in the transaction.
A new EU AML Authority (AMLA)
According to the EC publication, the creation of a new EU Authority which will transform AML/CFT supervision in the EU and enhance cooperation among Financial Intelligence Units (FIUs) is at the core of the legislative package. The new EU-level Anti-Money Laundering Authority (AMLA) will be the central authority coordinating national authorities to ensure the private sector correctly and consistently applies EU rules. AMLA will also support FIUs to improve their analytical capacity around illicit flows and make financial intelligence a key source for law enforcement agencies.
Specifically, AMLA will:
- establish a single integrated system of AML/CFT supervision across the EU, based on common supervisory methods and convergence of high supervisory standards;
- directly supervise some of the riskiest financial institutions that operate in a large number of Member States or require immediate action to address imminent risks;
- monitor and coordinate national supervisors responsible for other financial entities, as well as coordinate supervisors of non-financial entities;
- foster cooperation among national FIU and facilitate coordination and joint analyses between them, to better detect illicit financial flows of a cross-border nature.
A Single EU Rulebook for AML/CFT
The Single EU Rulebook for AML/CFT will harmonize AML/CFT rules across the EU, including, for example, more detailed rules on Customer Due Diligence, Beneficial Ownership and the powers and task of supervisors and Financial Intelligence Units (FIUs). Existing national registers of bank accounts will be connected, providing faster access for FIUs to information on bank accounts and safe deposit boxes. The Commission will also provide law enforcement authorities with access to this system, speeding up financial investigations and the recovery of criminal assets in cross-border cases. Access to financial information will be subject to robust safeguards in Directive (EU) 2019/1153 on exchange of financial information.
Full application of the EU AML/CFT rules to the crypto sector
Currently, only certain categories of crypto-asset service providers are included in the scope of EU AML/CFT rules. The proposed reform will extend these rules to the entire crypto sector, obliging all service providers to conduct due diligence on their customers. Today’s amendments will ensure full traceability of crypto-asset transfers, such as Bitcoin, and will allow for prevention and detection of their possible use for money laundering or terrorism financing. In addition, anonymous crypto asset wallets will be prohibited, fully applying EU AML/CFT rules to the crypto sector.
What Happens Next?
The legislative package will now be swiftly discussed by the European Parliament and Council. The future AML Authority should come into effect in 2024 and will start its work of direct supervision soon after, once the Directive has been transposed and the new regulatory framework comes into effect.
- The EU’s new proposed AML measures could have far-reaching consequences for European CASPs. Despite the initial confusion and misunderstanding across the industry, it is encouraging that the regulatory playbook is finally being drawn up and finally addresses the Travel Rule for all 27 member states as a unified regulation. It’s important to note that the proposal is not a directive either, and will allow the crypto industry enough time for hopefully a constructive response. This means:
- The rules will be transposed directly through regulations, and won’t be reliant on governments to adopt it into law.
- The broader definition of CASP vs VASP should make it a more pressing reform for regulators and companies to get right.
- The proposal will help EU nations better align with the FATF Standards which does not apply to P2P transfers at present.
The package is still only in draft stage and will likely take at least 2 more years to push through legislative process, but after that, there will be no more hiding place for the crypto industry in terms of complying, even outside of any licensing process delays.