Actual regulation in crypto: an overview on AML and upcoming MiCA

Reviewing the existing regulation on crypto, considering the latest debacle, could help understand the missing part and plan future development. This note starts from the financial crime overview and digs into AML actual regulation with a perspective on the MiCA adoptions.

Financial Crime

The term ‘financial crime’ covers a wide range of criminal offenses which are generally international. Financial Crime is an increasing concern for all financial institutions, which is developing together rapidly and equally together with technology. Financial crime affects the largest global organizations and the smallest companies and partnerships. Preventing and detecting Financial Crime is quickly evolving to be one of their biggest challenges, the impact of which extends well beyond monetary losses to reputation and brand, employee morale, business relations, and regulatory censure.

Major AML/CFT regulations

The term “AML/CFT” describes a set of laws, regulations, and procedures to protect the financial system’s integrity by preventing criminals from enjoying illicit profits. The goal is to prevent the concealment of ill-gotten proceeds’ origin through preventive measures and sanctions. From 1989 onward, international efforts have been coordinated by the Financial Action Task Force (FATF). The FATF is an intergovernmental, policy-making, monitoring, and enforcement organization that sets standards and provides comprehensive guidance, e.g., through its Recommendations. [1]

Essential AML duties are outlined in Figure 2. They encompass licensing regimes, Customer-Due-Diligence (CDD) obligations such as Know-Your-Customer (KYC) and ongoing monitoring (e.g., transaction scrutiny), as well as record retention and Suspicious Transaction Reporting (STR). The Risk-Based Approach informs most of these obligations, i.e., preliminary risk assessments tune consistent controls. As enshrined by Article 33 of the EU AML Directive, the ultimate goal is for authorities to be informed when a regulated entity “… knows, suspects or has reasonable grounds to suspect that funds, regardless of the amount involved, are the proceeds of criminal activity or are related to terrorist financing” [2]

Global approach

As these regulations bite into the infrastructure of the crypto industry, globally, cryptocurrency exchanges and other industry participants must be AML and KYC compliant.[3]

Systems that can help to achieve regulatory compliance include:

KYC: Customer onboarding to crypto platforms is a crucial industry compliance area. Robust identity verification checks during onboarding and transactions can help ensure traceability for money-laundering purposes and other criminal activity. Platforms that offer dynamic KYC provide the basis for ongoing checks to prevent fraud. Platforms such as EastNets SafeWatch-KYC, for example, use scoring methodologies to assess risk on a 24/7 basis.

Politically exposed persons (PEP) and sanction screening: Identity verification and KYC prevent cybercriminal activity at the outset with customer due diligence (CDD) and extended customer due diligence (EDD). These checks include sanction screening for high-risk individuals and politically exposed persons. These checks also include “high-risk third countries”. Sanction lists, however, are dynamic and require mechanisms that keep these lists up to date. EastNets provides a blockchain service, Chainfeed, to ensure that CDD and EDD checks comply with regulations.

AML: Anti-money laundering checks cover comprehensive requirements to prevent using financial structures, including crypto platforms, to launder money. They typically encompass KYC checks. Europe’s 5th Anti-money Laundering Directive (5AMLD) added new powers to control crypto exchange providers, including CDD checks and ongoing monitoring to file suspicious activity reports (SARs). The latest version of the law, 6AMLD, has added even more stringent requirements and increased penalties for non-compliance. Ensuring crypto businesses meet these stricter regulations requires advanced methods such as behavioral analytics. Platforms such as SafeWatch-AML use artificial intelligence (AI) to keep ahead of fraudsters and provide reports to evidence regulatory compliance.

EU approach

On 20 July 2021, the Commission adopted an anti-money laundering and countering the financing of terrorism (AML/CFT) legislative package, including a proposal for a sixth AML/CFT directive. This sixth Directive on AML/CFT (“AMLD6”) will replace the existing Directive 2015/849/EU (the fourth AML directive, as amended by Directive 2018/843, the fifth AML directive).AMLD6 contains provisions that are inappropriate for Regulation and require national transposition, such as rules concerning national supervisors and Financial Intelligence Units in Member States.[4]

The EU agreement has two key components:

· Transfer of Funds Regulation (TFR): The TFR sets EU-wide rules for the industry’s enforcement of what is commonly referred to as the “Travel Rule.” The TFR establishes the monetary threshold above which cryptocurrency transactions are subject to the rule, with special provisions for transactions involving personal wallets.

· MiCA: MiCA, or the Markets in Crypto Assets regulation, lays out the licensing regime for cryptocurrency businesses in the EU, including all-important “passporting rules.[5]

Four broad objectives are at the core of the proposed regulation. These are:

• To provide legal certainty for crypto-assets not covered by existing EU financial services legislation, for which there is currently a clear need;
• To replace existing national frameworks applicable to crypto-assets not covered by existing EU financial services legislation;
• To establish uniform rules for crypto-asset service providers and issuers at the EU level;
• Establish specific rules for stablecoins, including when these are marketed as e-money.[6]

The FATF’s latest update describes businesses that provide virtual asset services for or on behalf of another person as virtual asset service providers (VASP). In contrast, MiCA refers to these businesses as crypto asset service providers (CASPs). [7]

Overview of the situation in each European country

Some considerations

The potential and the ability to change the financial market from crypto do not need further explanation looking at the investment in the sector. The tangible capabilities to build and manage exchange from scratch and define new financial products that are very attractive. Fast and cheaper without control and with a massive inflow of capital increase some participants’ risk. The convergence of TradeFi and Defi accelerates the speed without proper expenditure control. False allocation and moving resources without reserve provide a shock to the system. Even if some resources transacted through international bank networks will soon be identified, repossession will be more difficult. The transparency embedded in the blockchain will be helpful to trace all the operations and identify the responsible.

Additional Infos :

Anti-money-laundering authority (AMLA) — European Parliament

MiCA (Updated July 2022): A Guide to the EU’s Proposed Markets in Crypto-Assets Regulation

Transacting with Unhosted Wallets as a VASP — TFR Explained

Transacting with Unhosted Wallets as a VASP: Questions & Answers:

Summary of the Transfer of Funds Regulation (TFR) — What Does It Entail?

What Is The Market in Crypto Assets (MiCA) Regulation?

Is a VASP a CASP?

[1] Pocher, N., & Veneris, A. (2021). Privacy and transparency in cbdcs: A regulation-by-design aml/cft scheme. IEEE Transactions on Network and Service Management.

[2] Directive (EU) 2018/843, “Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU,” 2018

[3] https://www.weforum.org/agenda/2022/09/why-crypto-businesses-need-anti-money-laundering-regulations/

[4] https://www.europarl.europa.eu/legislative-train/theme-an-economy-that-works-for-people/file-6th-directive-on-amlcft-(amld6)

[5] https://blog.chainalysis.com/reports/eu-cryptocurrency-regulations-july-2022-part-1/

[6] https://www.pinsentmasons.com/out-law/analysis/eu-mica-regulation-crypto-asset-service-providers

[7] https://www.21analytics.ch/blog/is-a-vasp-a-casp-market-in-crypto-assets/