A strict new regulatory regime is dawning upon European firms handling cryptocurrency.
Friday marks the deadline for the European Union’s 28 member nation-states to adopt the Fifth Anti-Money Laundering Directive or AMLD5. The new rules require crypto exchanges and custodial service providers to register with their local regulator and demonstrate compliance with thoroughgoing know-your-customer (KYC) and anti-money laundering AML procedures.
In addition to the enhanced KYC and reporting obligations, the regime gives greater power and reach to financial intelligence units and law enforcement.
These regulations represent a double-edged sword for the industry. On the one hand, the added costs of compliance may burden smaller firms in the field, and possibly force some to fold or merge.
“This will result in some closures and there are some early indications of that already, and in consolidation, where the industry starts to see M&A to scale up and meet increased costs,” said Siân Jones, director, xReg Consulting.
Already, Deribit, a Netherlands-based crypto derivatives exchange, is planning to relocate to Panama because its home country’s version of AMLD5 “would put too-high barriers for the majority of traders, both regulatory and cost-wise,” the company said Thursday.
A good deal of complexity also remains over how AMLD5 will be implemented and operated from one European country to the next.
On the plus side, the long-term effect should be greater trust in crypto from financial institutions in Europe. In particular, it should make banks more open to providing their services to crypto companies and attract more institutional capital.
“It’s part of a global trend to bring crypto in line with traditional finance; crypto is part of the global financial system, even if it doesn’t realize it yet,” Jones said.
Dispensing legislation over the EU’s 28 member states can be a lengthy and protracted business. As it stands, the accepted norms of traditional finance don’t map on to the crypto world.
While something like an emoney license in one European country can be passported into another, the AML authorization schemes regarding crypto vary across Europe; France has one approach, Germany another, the Netherlands is different again and so on.
This adds a layer of complexity when it comes to registration or authorization under AMLD5, said Malcolm Wright, head of the AML Working Group at the trade group Global Digital Finance. And if you happen to be in the U.K., Brexit throws yet another spanner in the works.
Firms may need to just do authorization or may need to do a full license or may not need to do anything, said Wright, who is also chief compliance officer at Diginex, a Hong Kong-based firm offering institutional-grade infrastructure for digital assets.
“There almost needs to be a more coordinated approach to make sure it allows the industry to still flourish and offer services to residents in the EU who want to invest in virtual assets products,” he said.
In the U.K., crypto firms will need to register with the local regulator, which is the Financial Conduct Authority (FCA). The consultation on the proposed cost of the registration pitched fees at £5,000 (about $6,500), with an annual fee yet to be decided upon. Firms will have until Oct. 20 to carry out the registration process.
AMLD5 has been on the cards for a couple of years now and to some extent has been superseded by recommendations from the Financial Action Task Force (FATF), first made in October 2018 and then updated in June 2019.
Where AMLD5 covers only cash to crypto transactions and vice-versa, the guidance from FATF, an international body with 39 member countries, also includes crypto-to-crypto exchanges.
Most significantly, it recommends applying payment data-sharing requirements from the traditional world to crypto, the so-called “travel rule.”
“We are seeing some member states going beyond AMLD5 and now including these wider FATF requirements, and I think that is an example, if you like, of where other events overtake some of the slow processes of bringing in EU legislation,” said Jones, citing the U.K. as an example.
“I think these FATF requirements will have a much more significant impact on crypto businesses. What might have been, to begin with, the EU taking the lead, the FATF requirements go beyond and apply globally,” she said.
One area of concern is the way in which an extra-restrictive implementation of AMLD5 might catch firms that provide non-custodial wallets on a completely decentralized basis.
This is something the U.K. and Germany were threatening to do, said Jacqui Hatfield, partner and head of Fintech Regulatory in the London offices of Orrick, Herrington and Sutcliffe LLP.
This would inappropriately include firms like ethereum-based finance platform TokenCard (which recently rebranded as Monolith) and crypto payment card provider Wirex, said Hatfield.
“Basically, they are not a custodian; they are providing the wallet facility but it’s on an open basis so they are not responsible for it. It’s actually very difficult for them to comply with this if they are not the ones who are in control of those wallets,” she said.
The FCA did not return requests for comment by press time.
“I have clients who think that the FCA is not going to go ahead with it, but no one at the FCA has actually confirmed that that is going to be the case,” said Hatfield. “I think it’s partly about being happy to gold-plate the regs and also just that they don’t really understand the tech.”
A disagreement has broken out over the definition of the term “license” in the Netherlands, where critics of the Dutch Ministry of Finance and central bank believe a disproportionately onerous version of AMLD5 is being handed down to crypto players.
Banking compliance consultant Simon Lelieveldt said the legislation is delayed because of a “serious disagreement between legislators and industry,” and that the Jan. 10 deadline will be missed in Holland.
The law is now in the Senate for discussion and this could take until the end of February or even later, he said.
“The Dutch Ministry of Finance and central bank have topped up the regular AMLD5 rules with two provisions from the financial supervision law book, which are generic umbrella clauses, allowing all kinds of investigations and measures,” said Lelieveldt.
“This [goes] against the explicit advice of the Council of State and against the text and spirit of the AMLD5 itself,” he said. “The Ministry misinformed the House of Representatives on the true nature of the law and played a word trick: by replacing the previous word ‘license’ for ‘registration’ they claim it is no longer a licensing regime.”
The European Commission’s digital innovation spokesman did not return requests for comment by press time.