Cryptocurrencies or crypto-assets have gained a lot of popularity over the past few years. In particular, during the latter part of 2017 market capitalizations for many of the more prominent cryptocurrencies reached all-time highs.
Along with their increased popularity, cryptocurrencies are also an attractive tool for criminals, who view their relative anonymity as a means to making their illicit activity easier to hide. This caught the attention of regulators who sought to bring crypto-assets within the remit of their oversight and subject them to tighter controls.
The regulation to date has arguably been beneficial for the market as cryptocurrencies and blockchain technology are likely to become even more mainstream in the near future due to the increased interest from institutional investors. Tighter regulation may mean that cryptocurrencies will be less attractive to criminals as a means to launder illicit funds.
In addition, governments and Central Banks have begun to seriously consider digitization of major currencies, including the dollar and euro, with the potential use of blockchain as the underlying technology to facilitate what are known as “Central Bank Digital Currencies” or CBDCs. In fact, China has already unveiled a digital yuan this year – something their Digital Money Institute has been working on since 2014.
For clarity’s sake, we should mention that cryptocurrencies are different to e-money, which is an electronic representation of an underlying amount of fiat currency. However, while not backed by fiat, some crypto-assets, known as “stablecoins”, are pegged to the price of fiat currencies or commodities such as gold.
Additionally, while the first cryptocurrency, Bitcoin, was used as a means of transferring value through the use of peer-to-peer, decentralised verification on the “blockchain”, other use cases have since been developed. For example, Ethereum, which is only second to Bitcoin in terms of its popularity and market capitalization, is used to create smart contracts on the blockchain. Cryptocurrencies enabling decentralized finance or “de-fi” have also gained popularity recently.
Due to the fact that different types of cryptocurrencies have various uses, it’s been quite a challenge for regulatory authorities to categorize them into an existing asset class. In the US, for instance, there have been divergent opinions regarding how they should be classed. The Securities and Exchange Commission (SEC) views cryptocurrencies as a security, while the Commodity Futures Trading Commission classes them as a commodity.
Stablecoins have thrown up similar problems regarding their classification. As discussed briefly above, stablecoins may be backed by a variety of things, including fiat currency, commodities and even algorithms. Depending on what classification regulators decide to give them, they could present challenges for service providers. A good example of this is where a stablecoin is backed by fiat in the US. Where this is the case, US regulators could potentially view the stablecoin as a deposit, thereby bringing it into the remit of federal banking laws.
There is also the possibility that stablecoins could be considered derivatives. A derivative’s value relies on the price of the underlying asset, so it would be reasonable to see why certain stablecoins might fall into this category of securities.
While cryptocurrencies are a major innovation for the financial industry, the relative anonymity associated with exchanges and wallets makes them vulnerable to being used by criminals.
Bitcoin and other popular cryptocurrencies, for example, have been subject to a growing number of ransomware attacks, whereby hackers encrypt files and demand payment in cryptocurrency to have the files released. Ransomware attacks are one of the most scalable types of crime enabled by cryptocurrencies. These attacks present a challenge for law enforcement and regulators, as there is a possibility that large organizations, institutions or even governments themselves may be targeted and held to ransom.
Sanctioned countries and organizations are also using cryptocurrencies for sanctions evasion purposes. This is commonly referred to as “crypto-cleansing”. In particular, crypto-assets known as privacy coins are most widely used for this purpose.
EU regulators have responded to these risks by bringing crypto-assets, exchanges and wallets within the rubric of entities regulated by anti-money laundering rules.
The 5th Money Laundering Directive (5AMLD) was implemented in January 2020 and brought cryptocurrency exchanges and custodian wallets within the remit of EU money laundering legislation. This was a major step forward for the regulation of crypto-assets.
Crypto exchanges and wallet providers were included on the 5ALMD’s list of “obligated” entities, meaning that they are now required to perform customer due diligence checks, ongoing monitoring and file suspicious activity reports (SARs). Companies providing exchanges and wallets are also required to register with the competent authorities, such as the FCA in the UK.
Cryptocurrency custodian wallet and exchange providers obviously faced challenges with the introduction of customer due diligence and reporting requirements under 5AMLD. Effective customer due diligence and ongoing monitoring require an allocation of significant resources.
The 6th Money Laundering Directive (6AMLD) has made requirements more onerous for obligated entities, such as cryptocurrency exchanges and wallets.
In summary, the 6AMLD has made the following important changes:
New Predicate Offences
6AMLD aims to harmonize EU law through the introduction of 22 “predicate offences” including new offences of cybercrime and environmental crime.
Due to the requirement to file SARs, cryptocurrency service providers should ensure their staff are trained to identify the risks associated with potential criminal behavior.
Extension of Liability
The 6AMLD has also extended liability to include legal persons, as well as individuals. This means that corporate entities may be held liable for money laundering offences and will not be in a position to shift the blame onto rogue employees.
In practice, obligated entities must have robust controls in place ensuring that they are in compliance with money laundering rules. Additionally, such an extension of liability will put more pressure on leadership within companies offering cryptocurrency wallets and exchanges to have sufficient oversight of AML controls and consider the risks at board and senior management level.
6AMLD also imposes tougher punishments for those who are found guilty of money laundering. For example, the maximum prison sentence has been increased from one to four years. On top of this, offending businesses may find themselves with heavy fines or even have their business closed down permanently.
As obligated entities, it’s essential that cryptocurrency exchanges and custodian wallet providers comply with 6AMLD. The new directive will be transposed into EU law at the beginning of December, while full compliance will be required by June 2021.
Cryptocurrencies and other digital assets are likely to become less volatile, and the eventual digitization of national currencies seems almost inexorable. In addition to this, large institutional investors are now taking sizable positions in cryptocurrencies as the market is entering a phase of maturity.
As a result, regulators around the world are starting to become more receptive to the idea of cryptocurrency and are therefore taking steps to create regulatory ecosystems in which crypto businesses can operate, while mitigating associated AML and cyber risks.
For example, the EU has announced plans for further regulation of cryptocurrency. In a recent paper, the EU submitted that it will be a priority to build out comprehensive and “very clear” rules for crypto by 2024, including a framework for licencing and prudential regulation relating to crypto-assets.
However, as cryptocurrencies have not been around for much more than a decade, regulation of crypto-assets comes with a unique set of issues. With such a broad spectrum of uses and the sophisticated tech involved, regulators around the world will have the challenge of trying to understand how cryptocurrencies fit into the broader regulatory landscape.