Ad
Policy

Crypto Industry Cautiously Welcomes Agreement on New EU AML Rules

NFTs, DeFi and outlawing privacy tools might be out, but for crypto firms, requirements for customer checks might be more stringent than for banks, policy watchers told CoinDesk.

Updated Mar 8, 2024, 8:14 p.m. Published Jan 19, 2024, 9:00 a.m.
16:9 EU parliament
16:9 EU parliament
  • The European Parliament and EU Council have reached a provisional deal on an anti-money laundering regulatory package that applies to crypto.
  • The agreed framework includes requirements for crypto firms to run customer due diligence on transactions of 1,000 euros or more.
  • While the industry is largely satisfied with the outcome of the framework, some feel it may not be as fair as policymakers project.

Crypto industry participants worry that new anti-money laundering rules agreed to by European Union policymakers are more stringent than measures that apply to more traditional financial institutions.

EU policymakers struck a deal this week on a comprehensive anti-money laundering regulatory framework, which includes strict requirements for crypto firms.

Under the agreed provisions, service providers will have to comply with stringent customer verification requirements, as well as take measures to mitigate the risks of transactions involving self-hosted wallets and cross-border transfers.

While the stated objective was to level the playing field by applying the same rules for crypto firms and banks, some in the industry worry policymakers’ insistence that digital asset firms are subject to the same money-laundering checks as other financial institutions might be a tad light on truth.

“Despite the enthusiastic press statements of the co-legislators about this agreement, a level-playing field has not been created, as the thresholds for [crypto asset service providers] and other financial institutions are not equal,” said Robert Kopitsch, secretary-general at the industry advocacy group Blockchain for Europe.

The EU crypto industry also lobbied pretty hard during the legislative session to keep non-fungible tokens (NFT) and decentralized finance (DeFi) out of the package’s scope, and may have even managed to – at least temporarily – prevent restrictions on privacy-enhancing tools, CoinDesk was told.

The AMLR

The EU made history last year when it finalized the first comprehensive regulatory framework for crypto by a major jurisdiction. Alongside its landmark Markets in Crypto Assets (MiCA) regulation, the bloc also set in place rules for gathering information on crypto transfers (TFR) as part of a much larger Anti-Money Laundering Regulation (AMLR).

The AMLR is a broad-stroke effort by the bloc of 27 European states to combat illicit fund flows and sanctions evasion. It targets everything from jewelry and luxury cars to big football clubs as potential vehicles for laundering funds and caps large cash payments in the EU at 10,000 euros ($10,888).

The AMLR facilitates the creation of a single rulebook for the EU and sets up a supervisory authority that will also have purview over the crypto sector.

While the AMLR package isn't final yet, "the main political principles have been agreed," Eero Heinaluoma, a Finnish member of the European Parliament leading negotiations on the regulation said during a Thursday press conference.

Heinaluoma added that technical discussions on crypto-related details – which Kopitsch says won't involve tweaking actual measures so much as making sure the text makes sense on a technical level – will start Friday.

NFTs, DeFi out. Privacy tools MIA?

While there was some heated discussion on whether to include non-fungible tokens (NFT) in the scope of the regulation, Vyara Savova, senior policy lead at the industry advocacy group, the EU Crypto Initiative, said during a Wednesday call that the assets are likely going to stay out of the package.

Tommaso Astazi, head of regulatory affairs at Blockchain for Europe also said NFTs will likely remain beyond the scope of the regulatory package along with decentralized finance (DeFi).

"I think we can be certain that the scope has not been increased. The scope is the one of MiCA," Astazi told CoinDesk in a Thursday interview. Crypto service providers that are captured under MiCA will be subject also to the AMLR, and where they are not – in the case of DeFi and potentially NFTs – the measures don't apply, he explained.

There were concerns that the AMLR would look to outlaw or restrict crypto anonymizing tools after the sanctions against Tornado Cash, and fears that crypto was being used by sanctioned entities like Russia, said Marina Markezic, co-founder of the EU Crypto Initiative, during a Wednesday call.

But it's unclear if discussions involving those tools were continued by policymakers or whether they will be included in the final text, Astazi said on Thursday.

Same rules for banks and crypto firms?

In Heinaluoma’s own words, the AMLR seeks to treat crypto asset service providers the same as credit institutions – with equal obligations for both.

"The most important thing is that totally the same obligations which are now enforced and will be enforced in the future for the banking sector, are also enforced concerning crypto assets business," Heinaluoma said during the Thursday press conference.

"This is important because we know that a lot of money is going from the traditional payments to the crypto area," he added.

According to Kopitsch, the agreed measures apply different thresholds to crypto firms, cash transactions and financial institutions for applying customer due diligence.

The legal texts show that while all regulated entities have to apply customer due diligence to transactions above 10,000 euros, financial and credit institutions as well as crypto firms have to conduct full customer checks on transactions above 1000 euros, Astazi said.

But this is where things differ, according to Astazi.

Crypto firms will also have to do basic know-your-customer (KYC) checks on all occasional transactions, which are transactions that occur outside of business relationships.

“For occasional transactions, they will always still need to identify the customer and verify the customer's identity. Now, this is a change,” said Astazi, adding that right now, firms can do these types of transfers in some EU member states because nations don't always uniformly implement existing AML requirements.

It’s not exactly a hill the industry wanted to die on, especially since it won't really matter to fully regulated entities – but Kopitsch says imposing different thresholds “showcases that the technological advantage of blockchain technology has not been acknowledged.”

“As an industry, we can live with the final outcome of the AMLR negotiations as the alignment of its regulatory scope with MiCA and the TFR has been ensured. This was key,” Kopitsch added.

While it's hard to give an exact timeline, Savova anticipates the technical discussions on the AMLR to be "quite intensive" as policymakers hope to have the package ready for Parliamentary approval in April, ahead of upcoming elections.

“This means that for us, as representatives of the crypto industry, the work on the AMLR continues at an even faster pace,” Savova said.

The regulatory package will need to be formally adopted by Parliament and Council before it can take effect.

Sandali Handagama

Sandali Handagama is CoinDesk's deputy managing editor for policy and regulations, EMEA. She is an alumna of Columbia University's graduate school of journalism and has contributed to a variety of publications including The Guardian, Bloomberg, The Nation and Popular Science. Sandali doesn't own any crypto and she tweets as @iamsandali

picture of Sandali Handagama