The Commission has proposed a significant expansion of anti-money laundering regulation in the EU. The proposal aims to extend the scope of companies operating with crypto-assets and expand the money transfer regulation to include transfers involving cryptocurrencies (travel rule). This thus completes the Commission’s Digital Finance package, which introduced, among other things, the MiCA regulation.
Stay updated by signing up for Samar Law’s newsletter here, or follow us on LinkedIn or Facebook.
Published on February 14, 2023
1. BACKGROUND
In 2021, the Commission proposed an AML package aimed at harmonizing EU rules concerning money laundering, establishing an EU anti-money laundering supervisory authority, and enhancing cooperation and information exchange between member states’ financial intelligence units (FIUs). The Danish FIU is known as the Anti-Money Laundering Secretariat (in Danish: Hvidvasksekretariatet).
The AML package was proposed to uphold the Commission’s commitment to protect EU citizens and the EU financial system from money laundering and terrorist financing. Consequently, it addresses the following issues:
- Inconsistent rules in the field of money laundering, resulting from uneven implementation of money laundering directives across member states.
- Inconsistent supervision across member states and insufficient coordination between national supervisory authorities in cross-border cases.
- Inadequate coordination and information exchange between FIUs and between FIUs and national anti-money laundering supervisory authorities.
1.1 What’s new?
The AML package will establish consistent rules and standards for money laundering procedures, policies, and controls across member states. As a result, covered companies will be subject to the same requirements, regardless of the member state in which they are licensed or registered.
The requirements for fulfilling anti-money laundering obligations will become more stringent, potentially making it more challenging for smaller companies to comply.
One of the most crucial measures in the AML package is the establishment of the EU anti-money laundering supervisory authority, the Anti-Money Laundering Authority (AMLA). AMLA will serve as the central authority overseeing and coordinating national FIUs to ensure proper application of EU rules.
For transfers of crypto-assets, crypto-asset service providers (CASPs) must gather information about the sender and receiver of the relevant crypto-assets. This means that the information collected by payment services for ordinary electronic money transfers must also be collected for transfers involving crypto-assets.
1.2 Current regulation
In Denmark, money laundering is regulated by the Danish Anti-Money Laundering Act (in Danish: hvidvaskloven), which implements the 2018 directive (“AMLD5“). The directive sets the framework for anti-money laundering regulation in the member states. Each member state is responsible for deciding how to implement the directive beyond its provisions, leading to potential over-implementation and inconsistent regulation across member states.
The Commission has established the overall terms for anti-money laundering regulation in the EU through the directive. However, standards, best practices, and guidelines for implementing the procedures outlined in the directive are left to individual financial authorities. According to the Commission, this approach has resulted in significant differences between member states’ respective laws, making it more challenging for companies subject to the relevant Anti-Money Laundering Act and directive to offer their services across multiple member states while complying with national rules.
Furthermore, there is no central coordination body at the EU level, hindering cooperation between national supervisory authorities and FIUs and leading to substantial money laundering risks in cross-border activities.
These issues have led to the development of an AML package to strengthen EU rules on combating money laundering and terrorist financing (AML/CFT), representing a breakthrough in the field of money laundering and significantly impacting future regulations at all levels.
This article will review the Commission’s AML package with a particular focus on crypto-assets.
2. INTRODUCTION
The AML package includes four proposals:
- A regulation establishing a new EU anti-money laundering supervisory authority for AML/CFT (“AMLA“).
- A regulation on combating money laundering and terrorist financing (“AMLR“).
- A sixth directive on combating money laundering and terrorist financing (“AMLD6“).
- A revision of the 2015 Regulation on Transfer of Funds to track transfers of certain crypto-assets (“Regulation on Transfer of Funds“).
The AML package proposes that the regulation of FIUs should continue through a directive. However, the goal is to harmonize money laundering rules, including reporting rules, money laundering procedures, and threshold amounts for implementing such procedures. These aspects will be regulated through the AMLR, directly impacting EU member states
3. AMLA
- The Commission will establish a new EU anti-money laundering supervisory authority called “AMLA,” which will ensure harmonization of national supervisory authorities’ work processes and supervisory culture. AMLA’s tasks will include establishing standards for reporting and information exchange, supporting joint operational analysis, and more.
- This development means that Danish companies, for example, will find it easier to report reportable transactions to French authorities, as the content and reporting procedures must be the same across the EU.
- National supervisory authorities and FIUs will continue to exist as essential components of the EU’s enforcement system for AML/CFT. However, AMLA will replace national supervisory authorities as direct supervisors for certain larger cross-border companies in the financial sector. This replacement applies to obligated entities with activities in a large number of member states, those categorized in the highest risk category for money laundering, or when the Commission decides on it.
- AMLA is expected to be established in 2023 and commence its activities in 2024.
4. ANTI-MONEY LAUNDERING REGULATION (AMLR)
The Commission has identified a need for harmonizing anti-money laundering rules across member states through an “EU single rulebook.” As a result, the Commission has proposed a regulation regarding anti-money laundering and countering terrorist financing. This regulation will have direct effect in member states, without requiring national implementation.
The AMLR will fundamentally change the current anti-money laundering framework, expanding its scope in Europe and covering activities included in the MiCA regulation. All types and categories of CASPs will be subject to the AMLR, unlike current law, which applies only to certain entities that offer activities with crypto-assets.
This means that individuals and companies advising on crypto-assets, including placement of crypto-assets, which are not currently subject to the Danish Anti-Money Laundering Act, will be subject to the obligations in the AMLR. In practice, for example, consultants advising on crypto-assets will be subject to anti-money laundering obligations under the AMLR.
The AMLR also prohibits anonymous crypto-assets, such as Monero and Zcash, making it illegal for CASPs to offer wallets or other services involving anonymous crypto-assets in the EU.
Moreover, the regulation expands member states’ ability to require CASPs, established in their territory but headquartered in another member state, to designate a central contact point (as is already the case for issuers of electronic money and payment service providers).
The AMLR’s rules are more detailed and extensive than those in the current Danish Anti-Money Laundering Act and include various regulatory technical standards to be developed by AMLA. We will now explain the significant changes that this will have, specifically for CASPs in the anti-money laundering area within the EU.
4.1 Obliged entities
Under current regulation, nearly all financial businesses, including certain types of virtual currency service providers, are covered by the Danish Anti-Money Laundering Act. The AMLR, on the other hand, will cover all types and CASPs. The Commission will therefore replace the term “virtual currency” with “crypto-assets,” increasing the scope of obligated entities and aligning it with FATF recommendations. This change ensures a uniform interpretation of crypto-assets and CASPs.
The Commission notes in the preamble to the AMLR that although the regulation expands the number of rules in the anti-money laundering field, the principle of proportionality still applies.
The rules on obligated entities are set out in Chapter 2 of the AMLR.
4.2 Customer Due Diligence (CDD)
In the future, there will be a greater focus on how CDD procedures are performed internally. Obliged entities will be required to ensure that relevant employees possess the necessary skills to perform CDD. Such a requirement is already included in the Danish anti-money laundering rules and is explicitly stated in the Danish Financial Supervisory Authority’s (in Danish: Finanstilsynet) guidance on the Danish Anti-Money Laundering Act. In the future, however, it will be specified directly in the AMLR and thus have direct legal effect. In addition, Employees working with CDD must undergo an assessment of their skills, knowledge, expertise, integrity, and behavior to ensure the proper execution of their tasks.
Similar to the Danish Anti-Money Laundering Act and AMLD5, the regulation outlines several situations where CDD must be performed. These include (i) establishing a business relationship, (ii) exceeding the threshold for single transactions, (iii) suspicion of money laundering or terrorist financing, or (iv) doubt about the correctness or adequacy of previously collected customer information. The threshold for single transactions will remain the same for CASPs (EUR 1,000) but will be lowered from EUR 15,000 to EUR 10,000 for other obliged entities.
AMLA must develop technical standards within two years of the regulation coming into force to determine which entities, industries, and transactions can be classified as high-risk.
As something new, the regulation specifies what information must be included in a CDD, such as customer identity, verification, beneficial owners, and the purpose of customer engagement.
However, the rules in the AMLR are unlikely to significantly impact Danish CASPs, who are already subject to the Danish Anti-Money Laundering Act. In addition, the current anti-money laundering policies of CASPs will likely not require extensive changes to comply with the AMLR, as it simply codifies existing standards.
Finally, it should be noted that there is a proposal for expanded reporting requirements to the relevant FIU. This means that reporting obligations in case of suspicion of money laundering or terrorist financing will be expanded.
The rules on CDD are set out in Chapters 2 and 3 of the AML/CFT regulation.
4.3 Digital identity
The Commission has also presented a new digital identity as part of its package on digital finance, which marks the next step towards digitalization of the financial sector and easier exploitation of the internal market’s potential. Part of the regulation deals with a new digital identity framework that supports secure digital onboarding and strengthens non-physical verification possibilities.
The new digital identity will be subject to authority through an amendment to the regulation on electronic eID and trust services (“eIDAS regulation“), but the final measures are still unclear. However, the Commission describes the digital identity’s purpose as ensuring the following across borders:
- Access to highly secure and reliable electronic identity solutions,
- Public and private services’ ability to use reliable and secure digital identity solutions,
- Physical and legal persons’ ability to use digital identity solutions,
- Solutions linked to a range of different attributes and allowance for targeted sharing of identity data to the extent necessary for the specific service requested, and
- Acceptance of qualified trust services in the EU and equal conditions for their provision.
This is to be ensured, among other things, by issuing European digital ID wallets and providing the option for electronic attestations. It is our assessment that a scheme similar to the Danish MitID will be introduced, which can be used across borders in the EU.
According to the Commission, the rules in the AMLR will make it easier to use digital identity solutions and enable increased cross-border activity. The changes to the AML/CFT framework will therefore work seamlessly with the Commission’s proposed framework for a European digital identity and help remove barriers in cross-border use of digital identities in the financial sector.
The rules on digital identity are set out in Chapter 3 on CDD, but will be implemented in the EU through an amendment to the eIDAS regulation.
5. TRANSFER OF FUNDS AND CRYPTO-ASSETS
The Commission also proposes a revision of the Regulation on Transfer of Funds, expanding its scope to cover not only fiat currency but also crypto-assets. This relates to the EU’s implementation of the widely discussed Travel Rule, which has already been implemented in jurisdictions like Singapore and Switzerland, while other countries have passed legislation in this area.
The amendment to the Regulation on Transfer of Funds implements the Travel Rule, requiring all CASPs involved in transfers of crypto-assets to collect data on senders and recipients and make this data available. The requirements apply when transactions involve traditional transfers of funds or transfers of crypto-assets between a CASP and another obliged entity (e.g., another CASP or a bank). This means that the same information must be included in transfers with crypto-assets as payment services currently include in electronic transfers.
These new rules will significantly strengthen the monitoring of CASPs and ensure compliance with the relevant measures in the FATF recommendations, including in particular the Travel Rule. The reasons are the same as for the original Regulation on Transfer of Funds: to identify senders and recipients of crypto-assets for AML/CFT purposes and to identify possible suspicious transactions and block them if necessary. The Commission has stated, among other things, that reports show that crypto-assets are increasingly being used for money laundering and other criminal purposes, making this amendment urgent.
We expect the Regulation on Transfer of Funds and Crypto-assets to come into force before the AMLR, likely following the MiCA regulation’s entry into force, estimated to occur in early 2025.
6. WHEN WILL THE PACKAGE BE IMPLEMENTED
The AMLA cannot develop technical standards before the text and regulatory framework for the new AML package is in place, as stated in AMLR. The Commission expects the entire regulatory framework, including technical standards, to be introduced and implemented by the end of 2025.
To give AMLA sufficient time to carry out and complete the regulatory framework, the new legal framework will be applied three years after its adoption.
7. OUR ASSESSMENT
We believe these proposals will contribute to the development of the EU’s cryptocurrency sector by providing a harmonized legal framework throughout the EU. This may encourage more established financial institutions, including banks and pension funds, to form partnerships or invest in crypto-assets and CASPs.
However, the requirements for obliged companies will become more stringent, potentially making it difficult for smaller companies to meet these requirements. As a result, it may become more challenging for new companies to enter the crypto-asset market.
The introduction of the term “crypto-assets” in the AML regulation is likely to make the term relevant for more obligated entities. We expect to see the term “crypto-assets” in other laws and regulations in the future. It is our assessment that this standardization of the use of the term will help create a more optimal situation for the sector.
The introduction of a harmonized digital identity solution will be a welcome change for obliged companies in Denmark and the EU, simplifying the onboarding of foreign customers and reporting to foreign authorities. Currently, reporting from clients operating across borders shows that reporting is almost impossible due to national language requirements and national login services, such as MitID.
At Samar Law, we believe that the AML package as a good extension of the Commission’s presentation of Digital Finance from last year. The new rules ensure all EU Member States comply with the same rules, and we expect the rules to build credibility for the cryptocurrency sector.
The entire AML package can be found here, while the eIDAS regulation can be found here.
Samar Law closely monitors any developments and is available to answer any questions you may have.
