The European Commission has put forward a proposal that will significantly expand money laundering regulation in the EU. Among other things, the proposal will expand the scope of application for companies operating with crypto-assets and extend the money transfer regulation to include transfers with cryptocurrency (travel rule). This ties a bow on the Commission's Digital Finance package, where, among other things, the MiCA regulation was introduced.
In 2021, the Commission presented a money laundering package that aims to harmonize EU rules on money laundering, establish an EU money laundering supervisory authority, and strengthen cooperation and information exchange between member states' financial intelligence units ("FIUs"). The Danish FIU is the Money Laundering Secretariat.
The Money Laundering Package is a follow-up to a commitment from the European Commission to protect EU citizens and the EU financial system against money laundering and terrorist financing and thus aims to address the following issues:
1.1 What's new?
The anti-money laundering package will result in similar rules and standards for anti-money laundering procedures, policies and controls across member states. Covered businesses will therefore be subject to the same requirements regardless of the Member State in which they are licensed or registered.
The requirements for compliance with anti-money laundering obligations are increasing, which may make it harder for smaller businesses to meet the requirements.
One of the key measures in the anti-money laundering package is the creation of the EU Anti-Money Lundering Authority ("AMLA"). AMLA will be the central authority that monitors and coordinates national FIUs to ensure the correct application of EU rules.
When transferring crypto-assets, providers of crypto-asset services must collect information about who is sending and receiving the crypto-assets in question. This means that crypto-asset transfers must collect the same information that payment services under the current rules collect in connection with ordinary electronic money transfers.
1.2 Applicable law
Under current law, money laundering is regulated by the Money Laundering Act, which implements the 2018 directive ("AMLD5"). The directive sets the framework for money laundering regulation in the member states. It is up to the individual member states to decide how to implement further than what is set out in the directive. In other words, member states can choose to over-implement the directive, resulting in uneven regulation across member states.
Through the directive, the Commission has set the overall conditions for money laundering regulation in the EU. Standards, best practices and guidelines for the implementation of the procedures set out in the Directive are still left to the individual financial authorities. According to the Commission, this has led to excessive differences between Member States' respective legislations. This makes it more difficult for companies covered by the Money Laundering Act and the Directive to offer their services in several Member States while complying with national rules.
Finally, there is no central coordinating body at EU level. This hampers cooperation between national supervisors and FIUs and leads to excessive money laundering risks in cross-border activities.
The above has now resulted in a money laundering package that will strengthen the EU's anti-money laundering and combating the financing of terrorism(AML/CFT) rules. This is a breakthrough in the field of money laundering that will have a major impact on future money laundering regulation at all levels.
This article will review the Commission's money laundering package with a special focus on crypto assets.
The money laundering package contains four proposals:
The money laundering package proposes that the regulation of FIUs will continue to be done through a directive. On the other hand, the aim is to harmonize money laundering rules, including rules on reporting, money laundering procedures and thresholds for the implementation of money laundering procedures. These will be regulated through the Money Laundering Regulation and thus have direct effect on EU member states.
The Commission will establish a new EU whitewash supervisory authority called "AMLA" to ensure harmonization of national supervisory authorities' workflows and supervisory culture. Among other things, AMLA will be tasked with setting standards for reporting and exchange of information, supporting joint operational analysis, etc.
Among other things, this means that it will be easier for Danish companies to report report reportable transactions to, for example, the French authorities, as the content and reporting procedures must be the same across the EU.
NRAs and FIUs will continue to exist as important components of the EU AML/CFT enforcement system. However, AMLA will replace NRAs as direct supervisors in certain large cross-border financial sector firms. This applies in the case of obliged entities with activities in a large number of member states categorized in the highest risk category for money laundering, or if the Commission so decides.
AMLA is expected to be established in 2023 and begin operations in 2024.
The Commission believes that there is a need to harmonize money laundering rules across member states - a so-called "EU single rulebook".
The Commission has therefore proposed a regulation on rules on money laundering and terrorist financing. As it is a regulation, unlike a directive, it will have direct effect in the member states and thus not have to be implemented through national law.
The Money Laundering Regulation will thus fundamentally change the framework of money laundering regulation. The AML Regulation will expand the scope of the money laundering regulations in Europe and will also include the activities included in the the MiCA Regulation. All types and categories of crypto-asset service providers will thus be covered by the Money Laundering Regulation, as opposed to current law where only a few entities offer crypto-asset activities.
This means, among other things, that persons and companies advising on crypto-assets, including the placement of crypto-assets, which are not currently covered by the Money Laundering Act, will be subject to the money laundering obligations of the Money Laundering Regulation. In practice, this means that e.g. consultants who advise on crypto-assets will be subject to the money laundering obligations under the Money Laundering Regulation.
The Money Laundering Regulation also contains prohibitions on anonymous crypto-assets, including Monero and Zcash. This means that crypto-asset service providers cannot offer wallets or other services with anonymous crypto-assets. This will make anonymous crypto-assets illegal in the EU.
The rules also extend the possibility for member states to require crypto-asset service providers established on their territory but headquartered in another member state to designate a central contact point (as is already the case for e-money issuers and payment service providers).
The rules in the Money Laundering Regulation are more elaborate and detailed than the Money Laundering Act and include a number of regulatory technical standards to be developed by AMLA. Below we will explain what significant changes this will have for crypto-asset service providers in the money laundering area within the EU.
4.1 Obligated entities
Under current law, almost all financial institutions are covered by the Money Laundering Act, including certain types of virtual currency service providers. However, the AML Regulation will cover all types and categories of crypto asset service providers (abbreviated "CASP"). The Commission will therefore replace the term "virtual currency" with "crypto assets". The scope of obliged entities will therefore increase and thus be brought in line with FATF standards. This means that in the future there will be a single legal definition of crypto-assets and providers of crypto-asset services, thus ensuring a uniform interpretation.
The Commission notes in the preamble of the AML Regulation that although the AML Regulation expands the amount of regulation in the money laundering area, the principle of proportionality remains, so that there must be proportionality between the amount of regulation and the money laundering risks faced by the entity.
The rules on obliged entities are set out in Chapter 2 of the Money Laundering Regulation.
4.2 CDD
Going forward, there will be greater focus on how customer due diligence ("CDD") processes are performed internally in an entity. It will thus be a requirement for obligated entities that relevant employees possess the necessary skills to perform CDD. Such a requirement is already included in the Danish anti-money laundering rules and is explicitly stated in the Danish FSA's guidance on the Money Laundering Act. In the future, however, it will be specified directly in the Money Laundering Regulation and thus have direct legal effect. In addition, everyone working with CDD must undergo an assessment of their skills, knowledge, expertise, integrity and behavior to ensure proper performance of the employee's duties.
The Regulation, like the Money Laundering Act and the AMLD5 , contains a number of situations where CDD needs to be performed. These must be performed when (i) a business relationship is established, (ii) the single transaction threshold is exceeded, (iii) there is a suspicion of money laundering or terrorist financing, or (iv) there is doubt about the accuracy or adequacy of previously obtained customer information. The thresholds for single transactions will be the same for crypto-asset services, i.e. EUR 1,000 before CDD must be performed. However, the threshold is reduced from EUR 15,000 to EUR 10,000 for other obligated entities.
It specifies that within two years of the regulation's entry into force, AMLA must develop technical standards on which entities, industries and transactions can be classified as high-risk.
As something new, the regulation specifies what information must be included in a CDD. This includes customer identity and its verification, beneficial owners and the purpose of the customer engagement.
The rules do not entail much new and will probably not have much impact on Danish providers of crypto-asset services, which are already subject to the Money Laundering Act. In addition, the current money laundering policies of crypto-asset services probably do not require extensive changes to be compliant with the AML Regulation, as it is simply a codification of already existing standards.
Finally, however, it should be noted that extended reporting requirements to the relevant FIU are envisaged. This means that the reporting obligations in case of suspicion of money laundering or terrorist financing will be extended.
The rules on CDD are set out in Chapters 2 and 3 of the Money Laundering Regulation.
4.3 Digital identity
The Commission has also presented a next step towards digitization of the financial sector and easier use of the potential of the single market. Part of the regulation deals with a new digital identity. This is part of the Commission's digital finance package.
The purpose of a digital identity solution is to introduce a framework to support secure digital onboarding and strengthen the possibility of non-physical verification.
The new digital identity will be based on an amendment to the Regulation on electronic ID and trust services ("eIDASRegulation"), but it remains to be seen what the final measures will entail. However, the Commission describes that the purpose of the digital identity is to ensure the following across borders:
This will be ensured, among other things, by issuing European digital ID wallets and allowing for electronic certifications. We believe that a system similar to the Danish MitID will be introduced that can be used across national borders in the EU.
According to the Commission, the rules in the Money Laundering Regulation will allow for easier use of digital identity solutions and allow for increased cross-border activity. The amendments to the AML/CFT framework will therefore work seamlessly with the Commission's proposed framework for a European digital identity and will help remove barriers to the cross-border use of digital identities in the financial sector.
The rules on digital identity are included in chapter 3 on CDD, but will be implemented in the EU through an amendment to the eIDAS regulation.
The Commission also proposes a recast of the Money Laundering Regulation. The recast entails a rewriting so that the regulation not only covers fiat currency, but also crypto-assets. This relates to the EU's implementation of the controversial Travel Rule, which will be discussed below. The crypto-asset sector is preparing for the implementation of the FATF Travel Rule and several jurisdictions around the world have already implemented the Travel Rule, including Singapore and Switzerland, while other countries have adopted legislation in this area.
The amendment to the Money Transfer Regulation implements the Travel Rule, which requires all crypto-asset service providers involved in crypto-asset transfers to collect and make available data on the senders and recipients of crypto-asset transfers. The requirements apply when the transaction involves:
This means that crypto-asset transfers must be accompanied by the same information that payment services currently provide for electronic transfers. These new rules will significantly strengthen the monitoring of crypto-asset service providers and ensure compliance with the relevant measures in the FATF Recommendations, especially the Travel Rule.
The rationale is the same as for the original Money Transfers Regulation: to identify senders and recipients of crypto-assets for AML/CFT purposes and to identify possible suspicious transactions and block them if necessary. Among other things, the Commission has stated that reports show that crypto-assets are increasingly used for money laundering and other criminal purposes, making this amendment urgent.
We therefore expect the regulation for money and crypto-asset transfers to enter into force before the Money Laundering Regulation and probably in continuation of the entry into force of the MiCA regulation, which is estimated to happen in early 2025.
The Money Laundering Regulation states that AMLA cannot develop technical standards until the text and regulatory framework of the new AML package is in place. The Commission itself expects that the complete regulatory framework, which includes technical standards, is expected to be in place and applied by the end of 2025.
To give AMLA the necessary time to implement and finalize the framework, the new regulatory framework will apply three years after its adoption.
We believe that these proposals will contribute to the development of the EU crypto-asset sector as it will be covered by an updated, harmonized legal framework across the EU. This opens up the possibility that more established financial institutions, including banks and pension funds, will be more likely to establish partnerships or make investments in crypto-assets and crypto-asset services.
It also means that the requirements for companies subject to anti-money laundering will increase, making it burdensome for smaller companies to meet the requirements. We can therefore expect it to become more difficult for new companies to start their activities with crypto assets.
The introduction of the term "crypto-assets" in the Money Laundering Regulation will make the concept more relevant to more obliged entities. We therefore expect to see the term "crypto-assets" in other laws and regulations going forward. It is our assessment that this standardization of the use of the term will help create a more optimal situation for the sector.
The introduction of a harmonized digital identity solution will be a welcome change for Danish and European businesses subject to money laundering obligations, as it will be easier to onboard foreign customers and report to foreign authorities. Experience from clients operating across borders shows that reporting is currently almost impossible. This is because there are often requirements for reporting in the national language and it requires national login services, such as MitID.
At Samar Law, we believe that the anti-money laundering package is a good extension of the Commission's presentation of Digital Finance last year. The new rules ensure that all EU Member States comply with the same rules and we expect that the rules will build credibility for the crypto asset sector.
The entire anti-money laundering package can be found herewhile the eIDAS Regulation can be found here.
Samar Law follows the development closely, and we are of course available if you have any questions.
.svg){kind=icon}
