The anti-money laundering and terrorist financing landscape in Europe for providers of cryptocurrency exchange platforms and custodian wallet providers is likely to change in the near future. This is similar to the position of other regulators globally (for example, in the US). At the moment, the cryptocurrency sector is not generally subject to any anti-money laundering/terrorist financing laws or oversight in Europe (although some elements of cryptocurrency businesses can fall within the regulatory framework of various EU countries).
However, the European Commission has published a proposal for a draft directive (“MLD5”), which, among other things, would make certain providers of cryptocurrency exchange platforms and custodian wallet providers subject to the current anti-money laundering and terrorist financing framework in the EU. In effect, these entities would be treated in a similar way to financial institutions for the purposes of anti-money laundering laws.
Cryptocurrency businesses subject to MLD5
MLD5 makes the following entities subject to anti-money laundering and terrorist financing laws:
- providers engaged in exchange services between virtual currencies and fiat currencies; and
- custodian wallet providers.
A virtual currency is defined as a digital representation of value that is not issued or guaranteed by a central bank or a public authority, is not necessarily attached to a legally established currency, and does not possess a legal status of currency or money, but is accepted by natural or legal persons, as a means of exchange, and which can be transferred, stored and traded electronically. For the moment, it seems that only virtual currency to fiat currency exchanges (and vice versa) will be caught by the new laws. It seems that virtual currency to virtual currency exchanges are not covered by MLD5.
Custodian wallet providers are defined as entities that provide services to safeguard private keys on behalf of their customers, to hold, store and transfer virtual currencies. Some wallet providers are already subject to EU laws by virtue of being considered payment services or e-money institutions.
Initial token or “coin” offerings (ICOs) are not covered by the current drafting of MLD5, limiting its applicability in the cryptocurrency market. This is unlike the US where, as we have pointed out in our March 16, 2018 alert, ICO issuers may be required to implement AML programs. This is a sign of a lack of consistency of global regulators’ approach to this sector.
MLD5 is a directive, which means that each EU Member State has to transpose its rules into national legislation.
If MLD5 is implemented in the proposed format, cryptocurrency exchange platforms and custodian wallet providers based or operating in Europe will be subject to the detailed requirements of European anti-money laundering and terrorist financing laws. These include the following requirements:
- to identify and verify the identity of the person you are transacting with (the “customer”);
- to identify and verify the identity of beneficial owners (broadly, any individual holding more than a 25% interest) of any customer;
- to carry out an anti-money laundering risk assessment for transactions;
- to report suspicious transactions; and
- to retain records regarding the above.
In addition, cryptocurrency business subject to MLD5 will be required to register with the relevant regulator.
The implementation of MLD5 is likely to change the regulatory landscape for cryptocurrency in Europe, making operating more burdensome and formalistic, but decreasing the likelihood that such entities are used for money laundering or terrorist financing purposes. It is currently unclear when MLD5 will be formally adopted. However, it is a sign of things to come in the cryptocurrency sector in Europe, which generally operated in an unregulated framework.