The European Commission recently unveiled four legislative proposals that constitute the new rulebook for Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT), comprising:
- the sixth Directive on AML/CFT (“AMLD6”), replacing the existing Directive 2015/849/EU (the fourth AML directive as amended by the fifth AML directive), containing provisions that will be transposed into national law; and
- a revision of the 2015 Regulation on Transfers of Funds to trace transfers of crypto-assets (Regulation 2015/847/EU).
Following up the AML/CFT Action Plan of 7 May 2020, the Commission aims to establish a robust and future-proof enforcement system to improve the detection of money laundering and terrorism financing in the Union, with more consistency and enhanced supervision and enforcement.
Some of the highlights of the legislative proposals include:
- A new EU AML/CFT Authority (AMLA);
- A more granular and consistent risk-based approach across the EU;
- Enhanced customer due diligence (CDD) and harmonised beneficial ownership requirements;
- Limits to large cash payments to 10,000 EUR (although lower levels can be set at national level);
- Stronger coordination among Financial Intelligence Units (FIUs);
- Connection of national registers for bank accounts;
- Traceability of crypto-assets; and
- Alignment to Financial Action Task Force (FATF) standards, including third countries lists.
Changes in the crypto sector The new Anti-Money Laundering rules affecting the crypto sector take into consideration the Digital Finance Package presented by the Commission in September 2020. Specifically, these new rules reflect the Markets in Crypto Assets (MiCA) Regulation proposal which establishes definitions as well as several requirements for EU issuers of crypto-assets and crypto-asset service providers. (Discussions in the European Parliament on the proposed MiCA Regulation are ongoing and MEPs appear close to reaching a position. Once the Parliament has adopted its position, three-way (trilogue) negotiations will begin with the Council and European Commission to reach a final consensus.)
Currently, only certain categories of “Crypto-Assets service providers” (CASPs) are recognised as obliged entities in the AML legislation. The recast of the 2015/847/EU Regulation on the traceability of transfers of funds is set to ensure the full traceability of crypto-asset transfers and the authentication of their users, in line with Financial Action Task Force (FATF) standards.
The proposal extends the scope of Regulation 2015/847 to cover all categories of CASPs recognised at the FATF level. It also includes transfers of crypto-assets made by Crypto-Asset Service Providers, in addition to the current provisions on the transfer of funds.
According to the Commission proposal, the requirements of this regulation will apply to CASPs whenever their transactions, whether in fiat currency or a crypto-asset, involve a traditional wire transfer, or a crypto-asset transfer between a CASP and another obliged entity (e.g. between two CASPs or between a CASP and another obliged entity, such as a bank or other financial institution).
For transactions involving crypto-assets transfers, all crypto-asset transfers will be treated with the same requirements as for cross-border wire transfers rather than domestic wire transfers. This is designed to take into account the risks associated with crypto-assets activities and CASP operations.
Additionally, the crypto-asset service provider of the originator will have to ensure that transfers of crypto-assets are accompanied by:
- the name of the originator;
- the originator’s account number, where such an account exists and is used to process the transaction;
- and the originator’s address, official personal document number, customer identification number or date and place of birth.
Furthermore, the CASP of the originator will have to ensure that transfers of crypto-assets are accompanied by the name of the beneficiary and the beneficiary’s account number, where such an account exists and is used to process the transaction.
The crypto-asset service provider of the beneficiary will have to implement effective procedures to detect whether the information on the originator is included in, or follows, the transfer of crypto-assets. It will also have to implement effective procedures, including, where appropriate, ex-post monitoring or real-time monitoring, in order to detect whether the required information on the originator or the beneficiary is missing.
With the Commission looking for a speedy adoption of the four legislative proposals, the European Parliament and Council are now due to begin discussions on the legislative package.
According to the tentative timetable, the future EU AML Authority (AMLA) should be established in 2023 and become operational in 2024. The direct supervision of certain high-risk financial entities would start in 2026, as it can only start once the harmonised rulebook which AMLA will have to enforce is completed and applicable. AMLA will also support cooperation among Financial Intelligence Units (FIUs) and, eventually, will also supervise non-financial entities.
Additionally, AMLA is expected to publish Regulatory Technical Standards (RTS) that will complete the single rulebook in early 2026. The Authority will employ some 250 people; the location will be discussed in the coming months. National Competent Authorities are also expected to remain active to tackle money laundering at the local level.