“Criminals thrive where rules allowing for confidentiality allow for secrecy and anonymity.”

This was the conclusion of the Members of the European Parliament (MEPs) from the Committee on Economic and Monetary Affairs (ECON) and the Committee on Civil Liberties (LIBE) when they discussed the need for increased transparency of crypto-asset transfers earlier this year.

The new legislation aims to close this loophole, by tracking and identifying the transfers of crypto assets, such as bitcoins and electronic money tokens.

In the drive to prevent money laundering, terrorist financing, and other crimes, the EU Parliament and Council negotiators have reached a provisional deal on the new bill which will ensure that suspicious transfers can be traced and blocked.

The new legislation is a key element of a much wider anti-money laundering (AML) programme and will align with the Markets in Crypto-assets rules (MiCA). 

Traceability without a minimum threshold

The legislation extends the Travel Rule, which already applies to traditional finance, to crypto-assets. As a result, it will now require both the originators and beneficiaries involved in the transfer of all types of digital funds to exchange and store information about their identities.

Furthermore, crypto-asset service providers (CASPs) must provide this information to the competent authorities if an investigation is conducted into money laundering and terrorist financing.

Due to the speed and virtual nature of crypto-asset transactions, they can easily circumvent existing thresholds that would normally trigger any traceability requirements. Consequently, there will be no minimum thresholds or exemptions for low-value transfers.

With respect to protecting personal data such as the name and an address required by the Travel Rule, it was agreed that if there is no guarantee that privacy will be maintained by the receiving end, data such as this should not be sent.

Steps to curb money laundering and terrorism financing

Providers will now have to verify that the source is not subject to restrictive measures or sanctions, nor that there is a risk of money laundering or terrorism financing before the crypto-assets are made available to beneficiaries.

It was also agreed to set-up of a public register for non-compliant and non-supervised CASPs which will be covered in the Markets in Crypto-assets rules (MiCA), currently being negotiated, with whom EU CASPs would not be permitted to trade.

Crypto-asset Service Providers (CASPs) will now have to meet tests, undertake stress testing, and safeguard customer funds. While EU Member states will be the main supervisors, the European Securities and Markets Authority (ESMA) and European Banking Authority will have intervention powers to limit the activities of CASPs who will also have to meet the significant AML requirements under the Transfer of Funds Regulation.

Un-hosted wallets

The rules also cover the transactions made from un-hosted wallets (a crypto-asset wallet address in the possession of a private user) when they interact with hosted wallets managed by CASPs.

In future, if a customer sends or receives more than 1000 euros to or from their own un-hosted wallet, the CASP will need to verify whether the un-hosted wallet is effectively owned or controlled by this customer.

However, the rules do not apply to person-to-person transfers conducted without a provider, such as Bitcoin exchanges, or among providers acting on their own behalf.

Stablecoins

Under the new regulations, Stablecoin issuers will be required to obtain authorisation based on the nature of their arrangement. They will also be subject to disclosure requirements in order to demonstrate they maintain a fully backed 1:1 reserve. The deal is reported to prohibit interest on Stablecoin products and is designed to prevent payments from becoming too large by limiting transactions to €200 million per day.

NFTs

NFTs are broadly excluded from the scope of MiCA, except for instances where ownership is fractionalised. At present it is believed that any investigations into NFTs will be on a case-by-case basis with the European Commission being given 18 months to develop a more comprehensive regime.

DeFi

No definitive action was taken with regard to DeFi and lending, but the issue is expected to be addressed and more action taken in the future.

The implications for compliance teams

Although crypto-assets are still in their infancy, they are used to facilitate a wide range of criminal activities including, the laundering of illicit proceeds, purchasing weapons, and perhaps most notably as payment in ransomware attacks.

The EU has taken a huge step forward in addressing these problems and is set to adopt one of the most comprehensive and strictest crypto-asset regulatory regimes in the world.

Once extended travel rule has been fully implemented, it will be far harder to misuse crypto-assets and law-abiding traders and investors will be better protected.

Compliance teams should not only be aware of the new legislation but keep up to date with any forthcoming changes to the rules surrounding crypto-assets as they come increasingly under pressure by regulatory bodies across the world.

For a no-obligation demonstration of how RiskScreen’s AML solutions for crypto businesses can help ensure your organisation stays compliant in the face of an ever-changing landscape, contact us today.