A little over a year ago, in September 2020, the European Commission announced its digital finance legislative package. The package includes a proposal for a Markets in Crypto-Assets Regulation (MiCAR), which we discussed previously on this blog. Now, there is also a crossover with another legislative package, namely that overhauling EU anti-money laundering legislation. While some virtual currency service providers – namely custodian wallet providers and exchanges – are already subject to anti-money laundering law, this scope will likely be increased in years to come.
Already in 2006, the European legislator adopted a Regulation on information on the payer accompanying transfers of funds. Generally, this Regulation required persons initiating certain electronic transfers to provide identifying information – such as name, address, account number, and possibly date and place of birth, customer identification number or national identification number. Payment service providers may, in principle, not execute transactions lacking this complete identification.
In 2015, this framework was replaced by a new Regulation. Apart from the payer, now also the payee must be identified with name and account number. Except where derogations apply, payment service providers must verify that this identification information is provided before executing any payment.
Since 2015, this new framework has been amended a few times, and it is the opinion of the European Commission that a recast is needed to implement further amendments and preserve clarity. As part of these new amendments, the European Commission refers to the latest Financial Action Task Force (FATF) recommendations, which refer to virtual assets and virtual asset service providers. Currently, the framework only applies to ‘funds’ as defined under PSD2, being banknotes and coins, scriptural money and electronic money. As a result, some changes are needed to apply this framework to virtual currencies as well.
The European Commission published its proposed revisions in July 2021. First, the definition of virtual currencies used in current anti-money laundering law will be expanded to the definition of crypto-assets as proposed in the MiCAR framework. The proposed Regulation will then apply to crypto-asset service providers whenever their transactions, whether in fiat or crypto-assets, involve a traditional wire transfer or a transfer of crypto-assets involving a crypto-asset service provider. Given their inherent international nature, any crypto-asset transfer should be considered as a cross-border operation. No domestic deviation can therefore apply to crypto-asset transfers.
Except where derogations apply, any funds or crypto-asset transfer therefore requires identification of the payer and the payee. However, the Regulation will not apply to person-to-person transfers of crypto-assets, meaning between natural persons acting as consumers for purposes other than trade, business or profession. As a result, the identification duty will be triggered only when the transfer involves crypto-asset service providers.
More concretely, the payer or originator will need to provide its name, account number, and address, official personal document number, customer identification number or date and place of birth. The payee or beneficiary will need to provide name and account number. Where no account numbers are involved, the persons’ blockchain address identifiers should be used. Oddly, while a definition for ‘wallet address’ is included in the proposal, that term is not used anywhere in the text. Likely, the blockchain address identifier should just be interpreted as meaning the persons’ wallet addresses. The crypto-asset service provider involved in the transaction must verify this information before executing the transfer. Missing information must be completed, or the transaction must be flagged as suspicious.
On 30 November 2021, the European Central Bank (ECB) provided its opinion on the proposal. In its opinion, the ECB stresses that since crypto-assets may be subject to the same money laundering and terrorist financing risks as fiat, they should be subjected to the same anti-money laundering rules. Such should help to achieve a level playing field.
More specifically, the ECB points out that it should be clarified that also transfers between hosted and unhosted wallets are covered. Moreover, the ECB finds that the legislator should keep an eye on transactions not involving crypto-asset service providers – meaning the person-to-person transactions currently excluded from the scope – or executed via decentralized exchanges (DEX), and that future expansion of this regulation may be considered if needed.
Additionally, the ECB asks to make it clearer that central bank digital currencies – as it is developing itself – should not be covered by the scope. Last, it asks to replace any reference to ‘fiat currencies’ by ‘official currencies’, to more explicitly refer to the currencies recognized as legal tender in the EU.
So what will this mean in practice? Likely not all too much. The most typical virtual currency or crypto-asset service providers – the custodian wallet providers and the exchanges – are already subjected to EU anti-money laundering laws. As a result, their customers will already have to provide this identification data as part of these obliged entities’ know-your-customer process. So this legal framework will not include many new obligations for them.
It is clear, however, that the scope of which service providers are covered will be expanded. The MiCAR already regulates a whole list of crypto-asset service providers, and it should come as no surprise that those will end up being subjected to anti-money laundering law as well. In the meantime, even when they are not yet subjected to anti-money laundering law, they may become subjected to this framework – thus essentially imposing a know-your-customer obligation already.
Do you have questions about crypto-assets or anti-money laundering legislation? Please contact Timelex.