Voice of the Industry

Bitcoin and AML: regulating the new mainstream

Thursday 9 May 2019 09:50 CET | Voice of the industry

Nadja van der Veer, Payment Counsel: “Cryptocurrency has been historically involved in a lot of negative news, instigated by government warnings”

Governments have raised concerns relating to its price volatility, anonymity, and its association with the dark web. The European Supervisory Authorities (ESAs) have come up with a whole list of risks, including lack of exit options and lack of price transparency. However, benefits to cryptocurrency are also being acknowledged. It can improve payment efficiency, reduce transaction cost, it is cheaper, faster, and more secure. It addresses the needs of the unbanked and it is irreversible.

Regulatory attempts

The regulatory attempts made worldwide lack a consistent and unilateral approach. Some jurisdictions went for a separate licensing system, others chose putting AML obligations on cryptocurrency service providers. While others use an existing licensing system like e-money or class it as a defined asset, others feel that since cryptocurrencies are not created or controlled by any central entity, that any applicable financial industry regulations are not suitable. It is important to know that if regulators choose one of these options they must carefully balance these to ensure that it does not stifle innovation.

Be ready for 5AMLD

While certain crypto exchange platforms have already voluntarily been applying identification and verification of their customers in order to fulfil demands of banking partners (or to disassociate themselves from the criminal use of cryptocurrency) now, in order to keep pace with technological innovation, the European Commission has put cryptocurrency exchange platforms and custodian wallet providers into the scope of the EU AML Directive (5AMLD). Since the 5AMLD refers to virtual currency, we will keep this reference, but cryptocurrency has been given many more names. The main reasons for the AMLD change are related to concerns that these exchange platforms have no legal obligation to identify suspicious activity and that the anonymity aspect of virtual currency (VC) allows potential misuse for criminal purposes.

The Commission has chosen a broad application of virtual currency purposes as being a means of payment, exchange, for investment purposes, as store-of-value products, or for use in online casinos. While the definition of VC exchange platforms is quite obvious and speaks for itself (parties that exchange between VC and fiat currency), the definition of custodian wallet providers seems still a bit ambiguous and perhaps too broad. They are ‘an entity that provides services to safeguard private cryptographic keys on behalf of their customers, to hold, store, and transfer virtual currencies.’ Potentially, this has the consequence that parties which are not really designed as wallets but hold private keys may fall under the Directive as well. And what about multisig key holders, which could be individuals? But they won’t have the capabilities to comply with the Directive and they shouldn’t.

How would they be able to identify the transaction as being suspicious? Including parties like this can stifle the development and innovation ongoing, so this broad definition is not always supported throughout the industry.

The ambiguous definition is perhaps the result of the European Commission also not really knowing where the market and technology are going to, or – even worse – not really understanding the underlying principles of VC.

As all other obliged entities, VC exchange platforms and custodian wallet providers will need to comply with all AML obligations, from identification to verification, to ongoing monitoring to suspicious activity reporting. While the initial draft proposals were setting licensing requirements to these new obliged entities, this has now been transformed into a registration condition. The 5AMLD must be implemented into national laws by 10 January 2020. VC exchange platforms will have to watch regulators’ actions closely as more countries (especially APAC) are adapting their anti-money laundering regulations to include VC platforms.

Are the concerns real and the measures effective?

The UK House of Commons Twenty-Second Report of Session 2017-2019 on Crypto-assets also recognised the risk of cryptocurrencies (according to stakeholders questioned for the report, crypto-assets is a more appropriate terminology) acting as a vehicle for money laundering. However, it is interesting to note that the UK National Crime Agency in its latest risk assessment has determined that the use of cryptocurrency for money laundering and terrorist financing is currently low. Cases are present, but it is not widespread. Placing this into context, the NCA stated that there are other large-scale areas of the money laundering problem over cryptocurrency. Quite interestingly, HM Treasury has explained that certain characteristics of cryptocurrency in fact disincentive criminals from using them to launder money: while cryptocurrency is ‘an anonymous way of paying for illicit activity, there is the fact that you are potentially creating a more transparent record of the transaction, which is potentially auditable… There are other methods available to them [terrorists], many of which are easier, such as cash couriers”, the House of Commons Report continues.

Further concerns about the effectiveness of the changes in combating money laundering and terrorist financing relate to the aim of the 5AMLD to ensure traceability of VC and to lift anonymity. However, the Commission also fully acknowledges that a large part of the VC environment will remain anonymous because transactions can also take place without exchange platforms or custodian wallet providers. We are yet to see if these changes will have a true impact.

Perhaps the industry doesn’t really need any more regulatory changes, but rather requires more focus on collaboration (not only between member states but also between obliged entities) and on how the obligations are to be fulfilled. Regardless, the 5AMLD is there and the changes seem to be welcomed by the industry as the lack of regulation would still mean that especially the fiat to crypto conversion and vice versa is vulnerable to criminal activity, as stated by CryptoUK.

This editorial was first published in the Web Fraud Prevention, Identity Verification & Authentication Guide 2018-2019. The Guide covers some of the security challenges encountered in the ecommerce and banking, and financial services ecosystems. Moreover, it provides payment and fraud and risk management professionals with a series of insightful perspectives on key aspects, such as fraud management, identity verification, online authentication, and regulation.

About Nadja van der Veer

Nadja van der Veer is a payments lawyer with almost 10 years of experience in the international Payments industry and a legal expert in rules and regulations involving PSD, AML and CDD, and Card Schemes. As Co-Founder of PaymentCounsel and one of the Managing Partners of Pytch Ventures, she consults Merchant Acquirers, Payment Services Providers (PSPs/MSPs), other Fintech companies, and Merchants in their startup phases who want to expand their business internationally, while mitigating risk.

About Payment Counsel

PaymentCounsel provides a breadth of services to companies spanning the payments value chain, including: drafting industry standard merchant agreements, analysing risk and global compliance with payment laws and regulations, negotiating payment partnership and vendor relationships, and reviewing and negotiating agreements. PaymentCounsel will help impact your speed and competitiveness, accelerate revenue, and manage your global risk, while providing a cost-effective solution.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: Nadja van der Veer, Payment Counsel, cryptocurrency, AML, regulation, volatility, anonymity, virtual currencies
Countries: World

Industry Events