TRACE has passed its first year and in the two years since its inception a lot has changed. The timeframe in the financial sector is significant for the technology-intensive field, particularly in the emergent areas of cryptocurrency and Virtual Financial Assets (VFA) regulations. A lot of challenges have pushed the regulatory interventions, including the Financial Action Task Force (FATF) directives. The balance between the advantages of cryptocurrency transactions anonymity, which attracted many investors, and the ability to harness the technology without the fear of misuse or enabling crime had to be struck. Analysis of the key geographies which took quite different approaches to regulating their VFA markets can be found in the Aston University’s 2020 report following the 5th Anti Money Laundering Directive (5AMLD) implementation. The analysis showed the starting point of managing the cryptocurrency transactions compliance, ranging from complete prohibition to unregulated jurisdictions giving rise to the crypto assets being used to launder the proceeds of organised crime. Several states, such as Malta, sped towards implementing regulatory interventions through trial and error. Some attempts worked well; some changes led to the exodus of cryptocurrency actors from certain countries.
TRACE aims to develop illicit money flows detection and evidencing mechanisms for law enforcement throughout Europe. We therefore closely follow the regulatory amendments, including changes in the cryptocurrency market. Thus, the current compliance regime affects how anti-money laundering and counter-financing of terrorism (AML/CFT) are detected and prosecuted.
Among other policy issues in the post-pandemic recovery, EU AML/CFT legislation was prioritised in 2022. The European Union has been making substantive efforts to fight against money laundering and financing of terrorism within EU Member States and worldwide. Specifically, the 6th Anti Money Laundering Directive (6AMLD) has come into force.
Highlights of the 6AMLD
The implementation of the new 6AMLD has come against a background of meaningful change in the way the EU could structure its AML/CFT framework in the future.
The 6AMLD is aimed to close some of the loopholes in the domestic legislation of EU member states by harmonising definitions of money laundering across the EU. The current criminal framework created a lack of legal clarity in cases and the challenges of recognition of some criminal activities in courts.
One of the key changes brought about by the 6AMLD is that all companies regulated and affected by this standard must adopt a rick-based approach to avoid crime and develop technological procedures to implement EU 6AMLD requirements. All companies must have technology capacity in their processes, such as Know Your Customer (KYC), for example, to comply with the 6AMLD.
A total of 22 predicate offences have been established, including most notably, cybercrime, digital crime, tax crime, insider trading and market manipulation and environmental crimes. It is mandatory for all companies and organisations to set up safe KYC procedures and they should be able to identify these types of crimes.
Criminal liability for legal persons (both company and individuals) has increased. The greater penalties and economic sanctions for money laundering offences have been introduced as well.
The last important change connected with the 6AMLD is the increased cooperation between EU states for the detection of financial crimes (dual criminality). The 6th Directive introduces specific requirements for the exchange of information between jurisdictions so that related offences can be prosecuted in several Member States.
An EU AML/CFT reform plan is likely to be implemented, but the earlier AMLDs – including the original 6AMLD – remain fully in force and businesses need to ensure they are aligned with all their requirements.
Since the 6AMLD provisions are already embedded in the EU legislation, all banks and financial service providers in the EU must ensure that they are compliant with the 6th Directive. Subject Persons must ensure that their own internal governance and monitoring frameworks are in place and working effectively to predicate offences and criminal liability.
Regulation of the EU crypto market
The proliferation of the fast-paced Fintech is intertwined with blockchain technologies and cryptocurrencies.
Blockchain technologies offer great potential, using the open code of cryptocurrencies, properties of decentralization, the absence of intermediaries, the low cost of transactions and the convenience of transferring payment for goods and services. However, to implement these initiatives at the European level, it is necessary to establish a coherent legal status to cryptocurrencies and blockchain settlement technologies, as well as to set clear rules for mining, trading on the exchange and cryptocurrency settlements. Between 80-90% of cryptocurrencies accounts are used for speculative transactions as an exchange of assets, and the rest for payment transactions.
There is a perception that cryptocurrencies and blockchain technologies are used mostly for money laundering, financing of terrorism or hiding real income from entrepreneurial activity. In fact, non-cash payments using blockchain technologies and using cryptocurrencies present an opportunity to effectively overcome the shadow economy and corruption.
The growing popularity of cryptocurrencies and blockchain technology has prompted regulation authorities in many countries to set up compliance framework for EU member countries. Some EU countries (Germany, Switzerland, Lithuania, Malta, France and others) have developed individual member-state regulations. EU sees a need for harmonising international rules to combat money laundering and terrorist financing, but until recently its regulatory activities on cryptocurrency have been somewhat slow and fragmented.
After two years of negotiations, the European Council and Parliament introduced new legislation in June 2022 that ensures the traceability of crypto-assets and for the first time offers a regulatory framework for digital asset businesses. The rules are a part of an AML package that will follow the Markets in Crypto-assets (MiCA) rules. The legislation extends the Financial Action Task Force’s ‘Travel Rules’ to crypto assets, requiring originators and beneficiaries of all transfers of digital funds to share identifying information. This new regulation strengthens the European anti-money laundering system, reduces fraud risks and makes transactions with cryptocurrency assets more secure.
Travel Rules (or Traceability of transfers of crypto assets)
New regulations in the European Union require crypto companies to operate under a license and force stablecoin issuers to hold reserves like those banks have. The EU Travel Rule ensures that Crypto Asset Service Providers (CASPs) can prevent and detect sanctioned addresses, and crypto asset transfers can be fully traced.
The new rules require that information about the source of an asset and its beneficiary moves with the transaction and is stored by both sides of the transfer. CASPs will have to provide this information to the competent authorities if an investigation into money laundering and terrorist financing is carried out.
Before transferring crypto assets to beneficiaries, providers will need to ensure that the source of the asset is not subject to restrictive measures or sanctions, and there are no risks of money laundering or terrorist financing. Thus, the law introduces a requirement to comply with the “know your customer” style for crypto platforms wishing to do business in the EU. Travel rules do not apply to person-to-person transfers made without a provider, or between providers acting on their own behalf.
EU legislators have decided that there should be no minimum cap — meaning that all crypto transactions involving CASPs will have to comply with the Travel Rules, no matter how much or how little crypto is transferred. This strengthens the Commission’s earlier proposal to remove the €1,000 limit on anonymous transactions, originally proposed.
The MiCA rules establish the creation of a public register for non-supervised and non-compliant crypto asset service providers, with which EU providers would not be allowed to trade. The MiCA framework covers crypto assets that are not yet regulated by other EU financial legislation.
Under the new MiCA rules, crypto service providers will be liable in case of loss of investors’ assets and will be subject to European rules on market abuse, including market manipulation and insider trading. Lawmakers announce MiCA rules as the world’s first comprehensive regime for crypto assets.
For stablecoins, the rules set out strict requirements for the creation, authorisation, and reserve management, including EU oversight of significant stablecoins that are of systemic importance. CASPs must also be authorised in the EU, and they should be able to provide their services throughout the Union using an EU passport. As a result, MiCA rules provide legal certainty for market participants and encourage innovation in the single market with a new EU passport for cryptocurrency service providers.
The MiCA rules don’t cover some emergent developments in the crypto space, such as non-fungible tokens and decentralised finance projects.
In summary, the EU is the first authority to have created such a comprehensive regulatory framework for crypto assets. Such progress in VFA compliance puts Europe at the forefront of regulating a diverse and fast-growing digital asset economy and is seen as exemplary for other international regulations.