Agreement on new Crypto rules to improve anti-money laundering standards & protect privacy

This evening, negotiators from the European Parliament, Council and Commission have reached an agreement on the Transfer of Funds Regulation on anti-money laundering rules for crypto-assets. Tomorrow negotiations will continue on and the Regulation on Crypto Assets (MiCA). Until now, the crypto-assets sector is for the most part unregulated in Europe. These two regulations will seek to create a safer space by providing stronger protections for investors, preventing money laundering and assessing the environmental impact of crypto-assets.    

Ernest Urtasun MEP, Greens/EFA Vice-President and European Parliament Rapporteur on the Transfer of Funds Regulation:

“For the first time we will have meaningful regulations on crypto-assets-assets in the EU. We are moving from the wild west of unregulated and risky digital assets to a safer crypto sphere that protects privacy, supports investors and prevents money laundering. The Transfer of Funds Regulation will ensure that all crypto asset transfers will be linked to a known beneficiary and originator, which will be a bold step in preventing crypto from being abused by money launderers, criminals and terrorist networks. Blockchain analytics increase transparency but cannot replace anti-money laundering rules for the traceability information on real identities, which is crucial for the prevention, detection and prosecution of money laundering and compliance with targeted financial sanctions.

“This regulation will strengthen the fight against money laundering, reduce fraud and improve the overall security of crypto transactions. The new rules will enable law enforcement officials to be able to link certain transfers to criminal activities and identify the real person behind those transactions. It will also help to enforce EU targeted financial sanctions on Russian oligarchs and others by stopping them from circumventing sanctions through crypto. 

“The new rules will have a very robust approach to transfers involving unhosted wallets. In case the customer sends or receives more than one thousand euros to or from its own unhosted wallet, the CASP will need to verify whether the unhosted wallet is effectively owned or controlled by a customer. Crypto exchanges will also need to assess the risk of the other entities that they are interacting with. Specific enhanced due diligence will apply to unregistered or unlicensed entities outside of the EU.

“To support privacy and safety, we have successfully included provisions on data protection. This regulation will ensure that crypto exchanges will have to adopt policies and procedures inline with GDPR. The European Data Protection Board will be tasked with providing guidelines for exchanges on how GDPR requirements should apply in the context of crypto transfers. This will also make more difficult data leaks that compromise the wallets, therefore protecting the users.”

Key details:

Until today crypto-asset transfers of crypto-assets remained outside of the AML regime on traceability obligations which apply to wire transfers. Moreover, only crypto-to-fiat exchanges and custodial wallets providers are at the moment subject to AMLD.
Scope - traceability from the first euro: The travel rule will apply from the first euro. Crypto-ATMs will also be captured by the rules when they perform transfers.
Unhosted wallets: The travel rule will apply also to transfers from and to unhosted wallets (non-custodial). This means that CASPs are required to collect from the customer and store information on those transfers.
CASPs will be obliged entities under the comprehensive AMLD framework:
All CASPs (crypto-asset service providers) as defined in MiCA will become obliged entities under AMLD.
Compliance with targeted financial sanctions: CASPs will be required to adopt internal policies, procedures and controls to ensure compliance with targeted financial sanctions.
List of non-compliant CASPs: The idea to maintain a register of non-compliant CASPs will be introduced in the context of the MiCA Regulation. Such a list will include operators providing services abusively in the EU.
Relationship with non-EU CASPs: Given the limited progress at global level with the adoption of a regulatory framework for crypto-assets and with the application of the travel rule, it is crucial that CASPs perform enhanced due diligence before establishing a business relationship with CASPs operating in third countries or in the cloud.
Data protection: the travel rule information should only be handled and made available to CASPs executing the transfers and competent authorities.