A Guide to Anti-Money Laundering for Crypto Firms
In recent years, the rate at which new European Union (EU) Anti-Money Laundering Directives (AMLDs) have emerged has increased significantly. This is in response to a number of influences on the regulatory environment, including innovation in the financial sector, the perceived need for greater corporate transparency, and to align with international standards.
Three key themes have recurred in the recent suite of anti-money laundering regulations (AMLDs 4,5 and 6). We’ll briefly take a look at these and recap what the rules are.
Themes in Recent AML Directives
As a response to the corporate corruption and unethical practices which were exposed by the Panama Papers in 2016, the EU has introduced tighter rules relating to the transparency of company beneficial ownership. Together the recent directives have tackled the issue of beneficial ownership in a number of ways.
On a phased basis, the directives have introduced rules relating to the introduction of national Ultimate Beneficial Ownership (UBO) registers. Essentially, member states are required to keep a central register of beneficial owners (i.e. those with shareholdings of more than 25 per cent), including senior management. These measures were introduced with a view to creating greater transparency around complex corporate and legal structures which have been used in the past to hide illicit funds
The concept of a UBO register was first introduced in 4AMLD, in which EU member states were required to establish central UBO registers by 2017 and give access to national Financial Intelligence Units (FIUs), public agencies with a responsibility to receive and disseminate suspicious activity reporting, or members of the public with a “legitimate interest”.
5AMLD extended these rules to make UBO registers publicly available, and further extended the need for transparent registers to other potentially opaque legal arrangements, including trusts.
The rise in popularity of cryptocurrencies and other Virtual Assets (VAs) has been swift over the last few years. Naturally enough, this has caught the attention of regulators, who have expressed concerns that these innovations are vulnerable to being used by criminals, because of the potential for anonymity in transactions mediated by blockchain technology.
5AMLD was the first EU directive to provide a definition of a cryptocurrency and provide a set of AML/CFT specifically applied to certain types of Virtual Asset Service Provider (VASPs).
For the first time, businesses providing crypto wallet services and exchanges were considered to be “obliged entities”. This meant that these businesses were required to conduct AML/CFT checks on their customers, including due diligence at onboarding, ongoing monitoring, and filing Suspicious Transaction Reports (STRs) when client behaviour was concerning. Additionally, businesses were required to enhance their cooperation and information-sharing with FIUs.
With the intended transposition of 6AMLD into national laws in December 2020, the EU has also extended both the levels and scope of liability for anti-money laundering activities and the seriousness of the sanctions imposed for breaching the rules. For example, the directive has introduced the offence of aiding and abetting money laundering. In addition, the EU extended the scope of liability for money laundering offences from “natural persons” to “legal persons”, including businesses
6AMLD also enumerated a list of 22 new “predicate offences” in an effort to harmonize rules across member states. It is interesting to note that two of these, cybercrime and environmental crime, are relatively novel offences for the majority of member states.
Challenges and Obstacles to Implementation of AMLDs
Volume and Complexity of Rules
Complying with anti-money laundering rules is both time-consuming and expensive. In addition, the nuances in various national rules can make it difficult for firms to ensure they are in full compliance when operating across numerous jurisdictions.
Obviously, one of the most pertinent issues for businesses when it comes to complying with anti-money laundering directives is the speed at which new rules have been introduced. This is especially true over the past few years. With the fourth, fifth, and sixth directives published in quick succession, affected businesses have not exactly had a lot of room to breathe.
The introduction of regulatory changes with regard to cryptocurrencies and VASPs in the EU has proved divisive for the crypto industry. Some firms have expressed fears that AML/CFT rules will be detrimental to the industry.Initially, news of 5AMLD resulted in a departure of crypto businesses from the EU, with some exchanges migrating their services to jurisdictions that they viewed as more favourable to innovation, especially in Asia-Pacific.
Obviously, many of the businesses providing services were concerned about the stripping away of anonymity that comes with the introduction of customer due diligence. Indeed, for a proportion of crypto enthusiasts, the very rationale of using crypto has basically been libertarian, to remove the interference and oversight of governments in the financial system. With crypto regulated, they have feared that it will lose its distinctive advantages over fiat currencies.
Smaller cryptocurrency service providers were also concerned about the administrative and financial burden of compliance with the 5AMLD.
However, many exchanges and wallet providers, especially the larger, more established firms have embraced these changes as a necessary part of wider societal acceptance of crypto. For example, the CEO of Coinbase stated that:
“5AMLD is a positive step forward for the crypto space. It helps provide clarity and establish a standard for AML checks that crypto businesses are required to comply with. If anything, we feel it should help drive further innovation in the crypto space.”
For businesses such as Coinbase, the application of the AMLDs has been seen as a step in the right direction. Being regulated provides them with legitimacy, and therefore the credibility to work with large banks and other financial institutions. This in fact has been the case, with cryptocurrencies seeing more widespread adoption and interest from institutional investors and members of the public, although some legacy institutions remain cautious.
How Regtech Can Alleviate the Burden for Impacted Business
As mentioned above, complying with what is an ever-evolving set of AML/CFT rules and regulations is challenging. This is a particular issue for businesses that need to put most of their focus on growth and fulfilling customer expectations. However, while AML/CFT should not be taken lightly or overlooked by obliged entities, there are tools available that can streamline the process and make AML/CFT related tasks, such as customer onboarding, ongoing monitoring, and reporting, more efficient and effective.
In the past few years, compliance with onerous rules has become a resource blackhole for regulated businesses. Regtech can assist businesses by automating their customer onboarding, screening, and monitoring processes. For example, up-to-date databases and real-time transaction monitoring allow businesses to focus more of their attention and resources on improving business processes and customer outcomes.
Implementation by Member States and EU Action
The EU has stated that its aim is to implement a harmonised approach to the regulation of anti-money laundering across the entire bloc, and the Commission has been proactive in the past with regard to late implementation of the AMLDs. For example, in July of last year, fines were imposed on both Romania and Ireland for failing to implement 4AMLD on time. Both countries were hit with quite heavy fines for missing the deadline – three and two million euros respectively.
In February 2020, the EU sent formal communications to a number of member states warning them on the basis that they had not yet transposed the directive in full. According to the EU, the transposition of the 5AMLD is currently at 70 percent. The Commission stated that they were taking enforcement action against 22 of the EU member states due to “the lack or delay of the notification of national transposition measures or their incompleteness”.
As of November 2020, 19 member states have reported full implementation of the directive. Seven countries – Belgium, Czech Republic, Hungary, Ireland, the Netherlands, Poland, and Spain – have communicated “partial transposition measures”. Cyprus appears to be the only member state to date that has not yet communicated its transposition measures.
With regard to 6AMLD, the European Commission will be responsible for drawing up a report detailing the implementation of the directive by member states. Member states were required to implement the directive into their national legal frameworks by December 2020. The Commission’s report on member states’ implementation is due to be completed in 2022.
The European Commission does not publicly state the precise details of the failures or infringements made by individual member states, although media reports often provide a general sense of where issues lie. It seems that there have been many particular, and country-specific, challenges with 4AMLD. In July 2020, Austria was still facing action for failures to properly implement gambling controls and Belgium for failing to put in place effective international information sharing measures. However, for both 4 and 5AMLD, it appears that the greatest problems have been with the development of national beneficial ownership registers, which have required significant investment for many EU member states’ governments. One of the most problematic aspects has been the 5AMLD requirement to make the registers publicly available. Although the regulation is intended to help the private sector better undertake its Client Due Diligence (CDD) and Know Your Customer (KYC) duties, so far it has proved of relatively limited use. For the foreseeable future, therefore, EU firms will continue to look to Regulatory Technology to help them deliver their obligations with effectiveness.
Originally published February 22, 2021, updated November 17, 2021
Disclaimer: This is for general information only. The information presented does not constitute legal advice. ComplyAdvantage accepts no responsibility for any information contained herein and disclaims and excludes any liability in respect of the contents or for action taken based on this information.
Copyright © 2022 IVXS UK Limited (trading as ComplyAdvantage).