The latest EU crypto-asset proposals: travel rule and anonymous crypto wallets
The European Commission wants to tighten the rules on crypto-asset transfers. It also announced a ‘ban’ on anonymous crypto-wallets to target money laundering and terrorist financing, it announced, but the proposed rules don’t seem to go that far.
The new crypto rules form part of a broader package of reforms on anti-money laundering put forward by the Commission. As part of the package, the Commission is also proposing a new EU-wide anti-money laundering body.
For crypto-assets, the Commission wants two legal changes: (i) an extension of the so-called travel rule to all cryptoasset transfers involving crypto-asset service providers and (ii) a ban on anonymous crypto-services, such as anonymous exchange accounts.
The rules apply only to the extent an intermediary is involved. The EU draft uses the term Crypto-Asset Service Provider (CASP) – a one-letter difference with the ‘VASP’ (Virtual Asset Service Provider) acronym used by the Financial Action Task Force.
The Commission cites the risk of crypto-assets being used to launder the proceeds of ransomware and other illicit activities as a justification for its new rules. Estimates of that risk vary significantly (see below), but the Commission is certainly not alone in making that link.
Travel rule: data collection
The Commission wants companies that facilitate crypto-asset transfers to collect certain data on both the sender and the recipient of the crypto-assets, such as the full name and date of birth of the sender and the name and account of the recipient (if one exists).
What if the recipient of the crypto-assets does not have an account, for example, if the crypto-assets are sent to a non-custodial wallet? In that case, the CASP of the originator must ensure the transfer ‘can be individually identified and record the originator and beneficiary address identifiers on the distributed ledger.’ It is not clear why this information needs to be recorded on-chain (rather than, for example, in an internal database).
This so-called travel rule is already in place for money wires and would be extended to any crypto-asset transfer involving a CASP. Some crypto-asset transfers were already subject to the rule (those considered to be money transfers) but under the new rule any crypto-asset transfer that passes through a CASP would be subject to this data collection exercise.
There is no definition of crypto-assets in the proposed rules, which instead refer to the definition in the draft MiCAR (Markets in Crypto-Assets Regulation).
The travel-rule is part of the anti-money laundering (AML) rulebook of the Financial Action Task Force (FATF). The supra-national body already updated its AML guidance to include Virtual Assets (VAs) and Virtual Asset Service Providers (VASPs). A few months ago, FATF published plans to apply its AML regime to decentralized and peer-to-peer networks. This proposal stirred controversy in the crypto community, with some querying why crypto-asset transfers would become subject to more stringent requirements than cash transfers. FATF’s governing council delayed a decision on the topic to its summit in the Fall.
‘Today’s amendments will ensure full traceability of crypto-asset transfers, such as Bitcoin, and will allow for prevention and detection of their possible use for money laundering or terrorism financing’, the Commission said in its press release.
‘Ban’ on anonymous crypto-wallets
Anonymous crypto asset wallets will be prohibited under the new rules, the Commission said in its press release.
However, commentators remarked that the proposed rules don’t amount to an actual ban of anonymous wallets. Instead, they prohibit anonymous crypto services such as anonymous exchange accounts. ‘[T]he ban would impact the crypto equivalent of Swiss bank accounts,’ according to a Coindesk opinion piece.
In other words, non-custodial wallets can still be anonymous, just like your own physical wallet holding your banknotes and coins can be anonymous, according to commentators. But anytime crypto is transferred from or to such a non-custodial, anonymous wallet by a CASP, the rules would require the CASP to collect name of the non-custodial wallet owner.
The draft EU rules only apply if there is a CASP involved somehow. A peer to peer transaction is not covered. A transaction between two natural persons ‘acting as consumers’ and without the involvement of a CASP is not subject to the draft rules.
As FATF acknowledged, it isn’t that easy to gather all the information required to comply with the travel rule in the crypto world. However, in FATF’s view, there is little incentive for the crypto industry to create technical tools to comply with the travel rule as long as there is insufficient enforcement of the existing rules on VASPs. Therefore, FATF wants greater enforcement first, in the hope that this will incentivize the crypto industry to speed up developing adequate compliance tools.
FATF: what’s next?
The Commission clearly drew inspiration from FATF’s AML guidance. So what’s next for FATF and how may that impact the EU draft rules?
Earlier this month, FATF published its second 12-month Review of its updated rules for VAs and VASPs. Although FATF saw progress in AML compliance within the crypto industry, it concluded that ‘two years after the FATF revised its Standards, most jurisdictions and most VASPs are not complying with the travel rule.’
Several jurisdictions asked FATF for greater clarity on how to apply its AML rules to decentralized finance (DeFi) and peer-to-peer networks. FATF said it sees no need to change its AML Standards at this point in time, which ‘do not explicitly apply to P2P transactions’. It will address this and other issues in its Revised Guidance on how to interpret its Standards, which it plans to publish by November 2021.
FATF isn’t all negative about peer to peer crypto transfers: it acknowledges that on-chain P2P transactions can help AML monitoring. In its second Review, it wrote:
‘…investigators, blockchain analytic companies, and other parties can generally capture information on P2P transactions generated on public blockchains, which can be transparent and traceable. This information can provide greater visibility of virtual asset transfers than off-chain transfers or transfers on private blockchains, including those carried out by VASPs, and assist in AML/CFT risk mitigation.’
The European Commission’s draft rules also offer some room for exemptions from the travel rule for certain crypto transfers. For example, transfers with a value of up to €1,000 can be exempt, if the transaction can be traced individually on the blockchain or distributed ledger.
As mentioned above, the draft EU rules also do not apply for transactions between natural persons (acting as consumers) that do not involve a CASP.
All in all, the EU’s proposed changes are not quite as dramatic as the word ‘ban’ suggested at first sight. However, if adopted, these rules will certainly require crypto companies to up their compliance game.
It may take two years before the rules are formally adopted and enter into force. Much can change in the crypto-asset world between now and then. In the short run, EU negotiations on the proposal will be influenced by FATF’s updated Guidance, scheduled to be published by November.
Crypto and money laundering: how big is the problem?
FATF’s second Review of its VASP rules, published earlier this month, tried to put a number on the size of the peer to peer crypto market and the prevalence of money laundering issues.
That’s an important piece of information. Many jurisdictions plan to impose tougher AML rules on crypto-asses transactions, citing money laundering concerns. Recent ransomware attacks asking for ransom payments in crypto added to the perception that somehow crypto is fuelling ransomware attacks (which isn’t the case, of course, but the question remained whether crypto makes it easier to launder the proceeds of crime).
The threat that crypto-assets are being used for ransomware attacks is also cited in the Commission proposal. The Colonial Pipeline attack and other high-profile attacks are clearly fresh on everyone’s mind. The bitcoin ransom paid in the Colonial Pipeline attack was, at least partially, retrieved by US law enforcement. Crypto proponents point out that on-chain traceability of transactions makes it harder for criminals to launder proceeds of illicit activities through crypto-assets.
Money laundering is still done mostly through cash, not crypto-assets, certainly in terms of overall volumes. When we look at the proportion of crypto-assets used for money laundering, we’re seeing widely diverging estimates. One of the most well-known blockchain analytics companies estimated that only 0.34% of crypto transactions in 2020 involved criminal activity.
FATF asked seven blockchain analytics companies to estimate the size of the P2P crypto market for bitcoin and the size of its money laundering problem. Estimates varied widely. One analytics company estimated roughly 0.2% of bitcoin transactions (measured in US$ value) in 2020 involved criminal activity, while another one thought it amounted to 15.4%.
The analytics companies also gave widely varying estimates on criminal bitcoin transactions (measured in US$ value) in 2020 which did not involve a VASP and are therefore considered to be peer-to-peer, ranging from 0.1% to 27.9% of illicit bitcoin transactions.
As FATF diplomatically noticed, it is ‘difficult to draw clear conclusions’ when the variation in empirical data on the topic is ‘extremely high’. (According to Chainalysis, the companies submitted only raw data to FATF, which did its own calculations to come up with these estimates.)
That might be a useful message for the EU to keep in mind: negotiations on the draft EU rules could do with a clear mapping exercise to better understand the size of the markets involved and the money laundering risks.
Nothing on this website shall be considered legal advice. This website and its content are provided for information purposes only. If you need legal advice, please consult your legal counsel.