EU Parliament approves AML legislation impacting cryptocurrency

Yesterday, the European Parliament successfully endorsed the final iteration of three comprehensive anti-money laundering (AML) directives, encompassing provisions that affect cryptocurrencies and crypto-assets on a broader scale. This development came at a pivotal juncture, coinciding with Parliament’s impending recess ahead of scheduled elections. Notably, the regulation pertaining to cryptocurrencies garners significant attention within the EU’s regulatory framework. The ultimate step in the process necessitates approval from the European Council.

Although the legislation maintains a robust stance, certain clauses concerning cryptocurrencies have been moderated compared to earlier drafts. Notably, crypto asset service providers (CASPs) are now obligated to adhere to identical AML regulations as banks for transactions exceeding €1,000, marking a substantial adjustment reported earlier this year.

Encouragingly, the initial proposal to encompass non-fungible token (NFT) platforms and Decentralized Autonomous Organizations (DAOs) under CASPs’ purview has been retracted. However, the legislation stipulates that by year-end, the Commission will furnish Parliament with a report on crypto-assets in general, including specific attention to NFTs. Consequently, while NFT AML legislation remains pending, its consideration is deferred. Notably, DAOs are not addressed in the legislation.

The treatment of self-hosted wallets also emerged as a point of contention. CASPs are prohibited from offering custody services for anonymous crypto accounts or ‘anonymity-enhancing coins’. Nevertheless, the legislation explicitly exempts self-hosted wallet providers from AML obligations:

“The prohibition does not apply to providers of hardware and software or providers of self-hosted wallets insofar as they do not possess access to or control over those crypto-assets wallets.”

A clause outlines the requisite steps for CASPs in transactions involving self-hosted wallets. CASPs are mandated to attempt identifying the wallet holder, including through third-party reliance, likely involving blockchain intelligence firms. Additionally, CASPs must gather supplementary information regarding the crypto’s origin and destination and conduct ongoing enhanced monitoring.

Prior regulations had already addressed CASP transactions involving self-hosted wallets. Following the enactment of the MiCA regulations, an accompanying AML directive relating to the travel rule was implemented. Enhanced due diligence is mandatory for transactions involving self-hosted wallets, entailing intrusive inquiries into individuals’ assets and income sources.

In January, the European Banking Authority issued guidelines for implementing these regulations. Notably, self-hosted wallets aren’t the sole entities categorized as high-risk; certain seemingly innocuous behaviours also fall under this classification. For instance, utilizing a bank account from a different EU jurisdiction or employing multiple cards or bank accounts to replenish a crypto account is deemed suspicious. Furthermore, depositing crypto into an unregulated peer-to-peer lending platform is considered dubious.