5AMLD: Implications for Cryptocurrency

What is 5AMLD?

As part of the Action Plan against terrorism, the 5th Anti-Money Laundering Directive (5AMLD) proposed by the European Commission aims to address risks associated with virtual currencies and wallet providers. The proposal augments the 4th Directive in its efforts to enact EU rules designed to combat Anti Money Laundering (AML) and financing of terrorist activities (CFT). 

The indication is of thorough regulatory change as digital currency exchange platforms and e-wallet providers are now required to comply with AML and CFT requirements. Collecting and monitoring customer data will be part of their compliance operations. 

Under the new law, the general public will have access to beneficial ownership information of EU companies, and due diligence measures for financial flows from high-risk countries will be beefed up. 

Cryptocurrency – Safe or Not?

Virtual currencies such as bitcoin provide efficient ways of data sharing and user interaction for a wide customer base. However, the inherent way in which cryptocurrencies are able to hide user identity opens up opportunities for suspicious transactions online. 

This implies that authorities cannot trace the identity behind any kind of transaction, and financial transfers can therefore be concealed easily. The risk of such services being used by terrorist organisations looms large on the horizon, leading to strict scrutiny measures for the crypto realm in 5AMLD. Virtual currency remittance systems are also at the risk of being used for terrorist and illegal activity financing.

As safety of digital transactions dwindles, KYC for identity verification becomes an increasingly important part of the security equation. In contrast, at the very heart of cryptocurrency is the counter-intuitive idea of decentralisation that allows a user to create a disconnect between his identity and e-money. The key here is finding the middle ground between privacy and legality. 

Currently, only a third of all businesses across Europe and the US perform background checks on their users. And this is about to change after the implementation of 5AMLD. 

Before this commission, no other EU Laws were directed at monitoring digital currencies or e-wallets. Previously absent in 4AMLD, the new directive includes a definition of virtual currencies: 

‘a digital representation of value that is not issued or guaranteed by a central bank or a public authority, is not necessarily attached to a legally established currency and does not possess a legal status of currency or money, but is accepted by natural or legal persons as a means of exchange and which can be transferred, stored and traded electronically’.

This covers a wide range of virtual money – coins, tokens, custodial wallets – to ensure that no form of electronic value escapes monitoring. Although the definition is all-encompassing, it is useful to note that it merely views cryptocurrency as a means of exchange online and not as assets, securities or commodities. 

There is no clarification for ‘virtual currency exchanges’, but individual entities are identified as providing services between virtual and fiat currencies. Again, the scope of such transactions under AML/CFT compliance is unclear, and the commission almost overlooks crypto-to-crypto exchanges. For Initial Coin Offering (ICO) organisers, brokers and other platforms, this underscores the need for detailed checks under 5AMLD Compliance.  

In this respect, the UK has warned against the use of crypto assets in illegal activities, and hinted at using a broader regulatory framework. 

Next in importance to cryptocurrencies are e-wallets. A custodian wallet is explained by the law as:

“An entity that provides services to safeguard private cryptographic keys on behalf of their customers, to hold, store and transfer virtual currencies”. 

Following this interpretation, a service provider shall not be liable under CFT/AML laws unless it holds the user’s private key. Obliged entities include centralised cryptocurrency exchanges such as Mist, Ledger Nano S and Trezor. 

Under 5AMLD, previously unlicensed exchange services and e-wallet providers now need to be authorised through a registration process. This means that common AML practices such as customer due diligence, transaction monitoring, and fraud detection will need to become part of company compliance processes. Countries are obliged to create central databases, with complete lists of virtual currency users and their self-declaration forms. 

As ironic as it may seem, cryptocurrency providers will collect, store and monitor information of customers, as well as any beneficiary owners that may be involved. For the purpose of AML/CFT screening, this puts an end to any anonymity in the currency space, and enables concerned national authorities to collect such data and verify it against relevant account holders. 

The law also lowers the threshold for identifying users of e-money, to further empower Financial Intelligence Units (FIUs) by facilitating information exchange. In addition, when performing a KYC before a business relationship, the corresponding beneficial register in the EU must be accessed. 

Onwards and Safer

After the 5th AML Directive of the EU is rolled out, crypto exchanges, e-wallets and trading platforms will require efficient identity verification processes and AML monitoring tools for enhanced customer experience. 

For smooth sailing amid regulatory change, digital currency providers are better off adopting reliable KYC/AML/Customer Due Diligence and financial crime control strategies well in time. Cybercrime and terrorism need to be rooted out at source, and compliance officers must carefully identify their exposure to the risk of criminal activity. Keeping in view the products and services being offered, cryptocurrencies must conduct a risk assessment and take pre-emptive action against high-risk transactions and users. 

Regulating cryptocurrency space will not be as easy as controlling its non-digital counterpart. Regulators, financial institutions and crypto providers equally face technical challenges in ensuring compliance of AML laws. Sharing relevant, open and transparent information, as well as establishing partnerships at each level, will, therefore, be central to the process of regulation and innovation.