'Don't Be Lulled' as European Commission Mulls a Crypto KYC Trap
Exchanges would be obliged to report suspicious transfers to an "unhosted wallet." A transfer from your wallet to an exchange would not be accepted without KYC. Whether the proposal will make it through the legislative process remains to be seen.
While the European Commission (EC) says it is not targeting non-custodial crypto wallets, their new set of legislative proposals would still affect such users and the whole nascent sector.
Niklas Schmidt, a lawyer and partner with the Austrian law firm Wolf Theiss, told Cryptonews.com that “in the context of an overhaul of the EU's anti-money laundering rules, the European Commission – in a desperate power struggle – wants to tighten the thumbscrews on cryptoassets, such as Bitcoin (BTC).”
“Don't kid yourself and don't let yourself be lulled into sleep,” warned Compliance Advisor at Dutch bitcoin exchange Bitonic, Simon Lelieveldt.
Under these proposed rules, any entity transferring cryptoassets must collect and store details about the senders and recipients, similar to what already applies to wire transfers – and this so-called "travel rule" had been introduced in June 2019 by the Financial Action Task Force (FATF).
Now, the European Commission wants EU Member States to implement it in order to get full traceability of crypto transfers, Schmidt argued.
What he describes as “typical of the EU's bureaucratic approach” is the use of the term CASPs (cryptoasset services providers) in contrast to the FATF's VASPs (virtual asset service providers).
According to Schmidt,
“In the long run, this rule – if adopted – would likely lead to a bifurcation between fully compliant (and thus very expensive) centralized crypto actors such as centralized exchanges (CEXes) and a parallel universe of non-compliance consisting of alternatives such as decentralized exchanges (DEXes).”
The lawyer stressed that, whether the proposal will make it through the legislative process remains to be seen.
The limited scope with far-reaching impact
The proposal itself does not apply to peer-to-peer (P2P) transfers of cryptoassets nor to transactions involving a cryptoasset services provider (CASP) and an "unhosted wallet" (just a regular crypto wallet where a user is in control of the private keys).
Its scope is limited to cryptoasset transfers involving CASPs and other companies, such as various payment service providers.
However, if the proposal is implemented, crypto exchanges would be still obliged to report if a customer is sending cryptoassets to an "unhosted wallet" if they find it suspicious. At the same time, a transfer from this type of wallet cannot be accepted without customer due diligence.
Because CASPs - which includes crypto-to-fiat and crypto-to-crypto exchanges - would be included among the entities covered by the new anti-money laundering (AML) regulation, they would be submitted to customer due diligence and they'd have to declare any suspicious transactions, be it when entering into a business relation or when making an occasional transaction. This includes receiving crypto from "unhosted wallets."
The proposal itself speaks of a "preventive approach" in full compliance with the free movement of capital. It finds it "appropriate" for a system to be created that would require payment service providers and CASPs to include information on the originator and the beneficiary of each crypto transfer.
They say that this is to "ensure the transmission of information throughout the payment or transfers of cryptoassets chain."
Member States, however, should have the ability to exempt from this regulation certain domestic low-value transfers of funds, such as low-value transfers of cryptoassets, used for the purchase of goods or services, provided that it's always possible to trace the transfer to the payer / the beneficiary.
Where the verification hasn't yet been done, the obligation to check the accuracy of the information on the originator and the beneficiary should be imposed only to individual transfers that exceed EUR 1,000 (USD 1,188), unless:
- the transfer appears to be linked to other transfers which together would exceed EUR 1,000;
- cryptoassets have been received or paid out in cash or in "anonymous electronic money";
- there are reasonable grounds for suspecting money laundering or terrorist financing.
This is done so the efficiency of payment systems and crypto-asset transfer services wouldn't be impaired, argues the proposal, and to "balance" the risk of driving transactions underground as a result of "overly strict identification requirements against the potential terrorist threat posed by small transfers of cryptoassets."
'A major intrusion on human rights'
“The EU is fully taking all FATF principles on board. While they technically may not prohibit self-hosted wallets the trick is to be found in the obligation under article 58 to verify and KYC [know-your-customer] the beneficiary of wallets,” Simon Lelieveldt told Cryptonews.com.
He added that this is the same “trick” that the Dutch Central Bank (DNB) pulled in the Netherlands to achieve almost the same goal.
As reported in May, a court order obtained by Bitonic succeeded in forcing the DNB to scrap its controversial wallet verification requirement.
The European Banking Authority (EBA) has been calling out DNB for frontrunning FATF rules, said Lelieveldt, emphasizing paragraph 54 of the 2020 interim report of the FATF, which reads:
“The launch of new virtual assets however could materially change the ML/TF risks, particularly if there is mass adoption of a virtual asset that enables anonymous peer-to-peer transactions. There are a range of tools that are available at a national level to mitigate, to some extent, the risks posed by anonymous peer-to-peer transactions if national authorities consider the ML/TF risk to be unacceptably high. This includes banning or denying licensing of platforms if they allow unhosted wallet transfers, introducing transactional or volume limits on peer-to-peer transactions or mandating that transactions occur with the use of a VASP or financial institutions.” [Emphasis added.]
The report update also notes that “denying licensing of VASPs if they allow transactions to/from non-obliged entities (i.e., private / unhosted wallets) (e.g., oblige VASPs via the ‘travel rule’ to accept transactions only from/to other VASPs).”
Therefore, per Lelieveldt, the EU is forcing beneficiary KYC for P2P wallets as for safe deposit boxes, “for which it doesn't make sense.”
Providing further insight in his Twitter threads, Lelieveldt argued that the reason we ended up with the travel rule on banking and now crypto too is because it’s “a tool to avoid and duck proper applicability of legal duties by government entities that wanted to free ride big data without caring about privacy,” describing it as the government imposing ransomware onto its citizens and financial institutions.
He also called the EU package “a major intrusion of human rights,” arguing that that is the reason the European Data Protection Board (EDPB) sent the EC a letter on the protection of personal data in the AML-CFT legislative proposals last May.
The EDPB told Cryptonews.com that,
The EC “has taken due note of our letter and of the concerns expressed therein and we are confident they will strive to address them within the next steps of the legislative process.”
The legislative package will now be discussed by the European Parliament and Council. Also, the EC hopes that the new EU-level Anti-Money Laundering Authority (AMLA) should be operational in 2024. But it would start its work of direct supervision "slightly later, once the Directive has been transposed and the new regulatory framework starts to apply." AMLA would be the central authority coordinating national authorities "to ensure the private sector correctly and consistently applies EU rules."
Watch Bitcoin speaker, author & educator Andreas M. Antonopoulos arguing that privacy is a human right.