Since 2020, UK regulator the Financial Conduct Authority (FCA) has required crypto firms to register with it before they can operate.
But earlier this year it was reported that only around one-third of firms had met the necessary criteria. An FCA spokesperson said the rest had failed to meet requirements or decided to operate outside the UK.
Anecdotal evidence shows a similar situation in the EU, where crypto firms are required to register under the 5th Anti-Money Laundering Directive (5AMLD).
The reasons why so many EU and UK crypto firms are failing to address the growing requirement to prove compliance are many and varied.
The view from the experts
Dirk Zetzsche is professor in financial law at University of Luxembourg and author of several papers on cryptos and decentralised finance. He said many virtual asset service providers (VASPs) in the UK and EU shun the registration, with “manyfold excuses.”
“Some argue they are located outside the UK/EU,” said Zetzsche. “Some argue they fall outside the regulatory product and service definitions. I do not share their view. Many providers don’t want the costs of regulatory compliance, so avoid it for as long as possible. They are concerned it could mean early loss of business, undermining their ability to scale quickly.”
Zetzsche added, “Many also think their risk of receiving enforcement action is low as they are based in say Asia or the Caribbean, far from the UK or EU. They believe they can keep their head down and let their business grow until regulators take more serious enforcement action, which may be in a year or two.”
Fabrizio Lorini, managing partner at consultant Sapios Group, said: “Reinforcement of VASP regulation is welcome. Not all companies will have the financial and staff capacity to meet the requirements, allowing a natural industry clean-up as many will have to shut down. However, this industry has passed from anarchy to drastic regulation, so we should give some time to the firms to adapt and put compliance frameworks in place.”
The global net is tightening
The EU already requires crypto-fiat exchanges to perform know your customer (KYC) and customer due diligence (CDD) under 5AMLD.
But it is also set to create one of the most comprehensive cryptoasset rule regimes worldwide by adding the Regulation on Markets in Cryptoassets (MiCA), which will come into force in 2024.
MiCA will bring cryptoassets, their issuers, and service providers under a specific regulatory framework for the first time to end what some lawmakers call “the crypto Wild West”. MiCA will require all providers to have a licence if they serve EU clients.
EU regulators will also oblige all crypto wallet providers to trace fund origins through the ambitious upcoming Wire Transfer Regulations update.
Furthermore, in 2023 the EU is due to unveil its sixth Anti-Money Laundering Authority that will be specifically responsible for regulating the cryptocurrency industry.
Lorini pointed out that not all crypto companies want to shun registration, in fact some welcome it. “As there are still many grey areas at regulatory and organisational level, there has been an exponential growth of companies developing anti-financial crime expertise, and technology firms implementing services that promote good conduct,” he said.
“Given the new regulations’ level of expectations and severity, sector professionals must have a solid and reliable compliance framework in areas such as KYC and transaction monitoring. FinTechs in this space are rarely big enough to have a full compliance department, so they need cutting-edge support tools in areas such as transaction red flagging to help avoid lethal penalties.”
Lorini said MiCA will help standardise the cryptocurrency business and make European cryptocurrency flows more fluid. But professionals must do everything they can to comply with the new rules and prevent AML breaches.
The world’s financial watchdogs are struggling
Global watchdogs are also facing an uphill struggle to keep on top of the crypto market.
A recent report from the Financial Action Task Force (FATF) identified a need for many countries to strengthen their understanding of money laundering risks in the virtual asset sector, and to rapidly implement its recommendations for mitigating such risks.
These include the Travel Rules on sharing relevant originator and beneficiary information. But the report found only around a third of jurisdictions have passed Travel Rule laws, with an even smaller number having started enforcement.
The FATF highlighted “an urgent need for jurisdictions to accelerate implementation and enforcement, and to keep increasing interoperability between solutions and across jurisdictions.”
Regulation of the crypto sector will only intensify
Zetzsche believes MiCA will solve the current fragmentation in EU AML framework for cryptos.
“Globally, I would welcome more coordination among regulators,” he said. “Bodies such as the International Organisation of Securities Commissions for investment cryptos and the Bank of International Settlements for payment cryptos could play a beneficial role. I expect the EU trend towards tracing will become the new norm worldwide.”
“Tracing, by checking the distributed ledger technology log, means wallet providers and crypto exchanges understand the origin of assets swapped into cryptos and that the transaction meets AML requirements. The Ukraine conflict has shown how important this tracing is. Whether the service provider wants this is a different matter as many of them have lived well between the light and dark worlds.”
As new regulations come into force, better AML procedures will help the crypto industry become more stable and mainstream. But rather than trying to escape the process, it means service providers will need to work together with regulators to protect the market from criminal abuse – and use the best compliance technology they can get.
Crypto firms must embrace technology
The attempts by crypto firms to circumvent regulations aimed at preventing financial crime are shortsighted to say the least.
Claiming to be based outside a jurisdiction or that they fall outside the regulatory product and service definitions will cut no ice with regulatory authorities. There will undoubtedly be a surge in regulatory action over the coming months and years.
And while many providers don’t want to incur the costs involved with ensuring they are compliant, the punitive fines that will invariably be meted out will eventually force most crypto firms to acknowledge the reality.
As regulations become tighter, crypto firms will be forced to implement processes to prove they are taking all the steps necessary to demonstrate compliance, no matter where they are located.
Manual solutions are simply not up to the task. Not only are they time-consuming, but they are also prone to human error; any overlooked details can make the firm liable to regulatory penalties.
It is now crucial that crypto firms employ the latest technology that will significantly ease their compliance burden, while also helping the crypto sector to become more stable and mainstream.
RiskScreen offers a complete end-to-end automated solution
Our mature, integrated technologies are already providing crypto firms with the support they need to fight illicit activity and to avoid punitive action.
We build solutions that allow the data you hold on customers to be used to maximum effect in order to identify and manage the risk of financial crime, thus ensuring compliance with ever-evolving regulatory standards.
Our award-winning technology not only bolsters your AML defences, it has been designed to improve compliance efficiency at every stage of the customer lifecycle, including:
- Initial onboarding and risk assessment
- KYC screening and ID verification
- Enhanced due diligence
- KYC remediation
- Ongoing monitoring/periodic reviews
In order to deal with the complexity of operating in the crypto sector, we have developed a range of modules that enable you to cover every aspect of your compliance framework:
- Seamlessly onboard new customers and third party suppliers in real time.
- Perform electronic ID verification checks within the same workflow
- Automatically screen for adverse media across structured and unstructured data sources, to deliver an early warning system to risk
- Cover the entire customer lifecycle, from initial onboarding and screening to ongoing monitoring, and remediation projects
For flexibility, you can choose from individual modules to cover specific areas or the complete package for a fully integrated solution.
Whatever your requirements, you can rest assured that your anti-money laundering (AML) and know your customer (KYC) processes will be immediately transformed, with full scalability in order to future-proof your compliance programme.
For a no-obligation demonstration of how RiskScreen can work for your business, contact us today.