The expert explained what should crypto industry expect from the new EU AML Directive
The Fifth Money Laundering Directive (5AMLD) will come into force on the 10th of January 2020. Until then, member states of the European Union must bring their legislation in line with the 5AMLD requirements. Key changes stipulated in the new Directive include:
- broadening access to information on beneficiaries, improving transparency in the ownership of businesses;
- minimization of risks linked to prepaid cards and virtual currencies;
- cooperation between financial intelligence units;
- enhanced checks on transactions involving high-risk third countries.
At ECOMMTALKS 2019 in Riga, CEX.io Regulatory Affairs Counsel Serhii Mokhniev explained which changes await European crypto business when the Directive enters into force.
All those people working with crypto are now on the verge of the biggest global changes in the crypto regulation in the European Union since the introduction of cryptocurrencies
According to the expert, AML regulation in the EU is developing at an unprecedented pace. Since the 90s, this issue has been regulated in shifts by three directives. Conversely, in the last 5 years, the European Commission and the European Parliament managed to implement 4AMLD, develop and implement 5AMLD, and start working on 6AMLD. That’s why it is increasingly crucial for businesses to cope with and adapt to such rapid changes in the regulatory framework.
5AMLD: a brief overview of new requirements
1. Reduction of the monthly transaction limit on prepaid cards from 250 euros to 150 euros. This limit also applies to the amount that can be stored on cards. Similarly, online transaction limits are reduced to 50 euros.
In one respect, it doesn’t seem to be a significant change. However, if this is the main product for a business, it can result in an eloquent revenue outflow
2. Creation of the centralized UBO (ultimate beneficial ownership) lists at an EU level. These lists should be available for financial authorities, law enforcement agencies, and individuals whose social interest in obtaining such information exceeds the privacy concerns. For instance, for a journalistic investigation.
3. Release of an EU-level version of a functional PEP list made up of prominent politically exposed public functions.
4. Approval of the EU-level list of high-risk third countries. Companies working with customers from such countries will be required to perform enhanced measures to eliminate the risk posed by the lack of proper AML regulation in these countries.
5. Inclusion of custodian wallet service providers and virtual currency exchanges (crypto-to-fiat) in the list of regulated organizations. The inclusion of these two types of business is a minimum requirement of the Directive, which gives space for each of the EU countries to extend the list.
Countries going above & beyond
As Serhii Mokhniev noted, European countries have different approaches to the implementation of the requirements of the Directive in their legislation. As an example, the expert cited the UK, where in April 2019 a public consultation was launched on the transposition of the 5AMLD. In this consultation the Treasury suggested that the following types of businesses operating in the UK should be subject to the 5AMLD:
- Exchange providers – both fiat to crypto, and crypto to crypto;
- Crypto ATM providers;
- Custodian wallet providers (i.e. crypto assets custodial businesses);
- Peer to peer providers (i.e. peer to peer exchanges);
- Issuers of new crypto assets in exchange for fiat (i.e. ICOs/IEOs, any other new projects);
- Open-source software providers, providing wallets for storage/administration of tokens.
Estonia took a different approach, implementing amendments to its anti-money laundering law and starting to license exchanges and wallets at the end of 2017. The application fee for each license is only 345 euros. The requirements are the provision of a Compliance Program and MLRO (money laundering reporting officer) or compliance officer. According to the expert, unscrupulous crypto businesses can bypass these requirements without much effort.
For now, according to various sources, from 1.5 to 2 thousand licenses have been issued, which makes it somewhat overheated, from my point of view. For reference, the population of Estonia is approximately 1.3 million people. I have a logical question: how is Estonia going to oversee all this? After the incident with Danske Bank, this question does not leave me for a minute, and I am afraid to think what it would entail for Estonia in the future
What should crypto businesses do?
Regardless of the country of incorporation, according to Serhii Mokhniev, nothing will change for a business that is already authorized as a financial institution in the EU. The requirements will remain the same as for all other financial institutions. Otherwise, the business will need to conduct a risk assessment within the entire company (referring to the money laundering risks associated with the use of the product or service), and for each individual client.
You will have to know your customers, monitor their transactions (taking into account the cryptocurrency specifics, since the blockchain provides almost limitless opportunities for financial investigations, but also entails certain nuances associated with anonymity or pseudo-anonymity, depending on the type of blockchain). As the crown of all this, an investigation and determination of facts of suspicious activity on your platform, which you must report to the financial monitoring authorities of your country
According to the expert, the novelties will affect a wide range of crypto businesses, as many of them initially positioned themselves as IT companies. However, if these companies can bring their activities in line with the requirements of 5AMLD, they will have the opportunity to work with any market in the world. This is due to the fact that 5AMLD is based on the world’s leading anti-money laundering practices, and the requirements contained in it are similar to the requirements of regulators in other developed jurisdictions.