red 
Perhaps more than any other region, Europe offers a glimpse into the rapidly evolving and highly diverse cryptocurrency AML regulation. Your crypto business should now start preparing for the shifts ahead.
In this blog, we look at how cryptocrime and regulation have evolved across Europe, and how we expect these developments to impact cryptocurrency compliance efforts in 2019 and beyond.
Highlights of this post include:
-
The lack of a coherent regulatory framework to date has resulted in high levels of illegal cryptocurrency activity across Europe.
-
The EU’s Fifth Anti-Money Laundering Directive (5AMLD) is an important first step in mitigating these risks, but EU-wide measures will need to be expanded in scope to meet changing global anti-money laundering standards.
-
Several jurisdictions across Europe – such as Malta, Gibraltar, Switzerland and others – are adopting advanced approaches to cryptocurrency regulation that go beyond the scope of the 5AMLD and include new and sometimes complex new licensing regimes. The UK has also indicated that it will consult in early 2019 on expanding the scope of regulation beyond 5AMLD.
-
Cryptocurrency businesses in Europe need to be aware of these evolving and diverse regulatory requirements and should now prepare for further changes and expanded regulatory scrutiny on the horizon.
Little regulation, lots of crime
As far back as 2012, bodies across Europe – such as the European Central Bank, the European Banking Authority, Tracfin and the UK’s Financial Conduct Authority – have warned of the financial crime risks associated with cryptocurrencies and the need for proportionate regulation.
However, it was not until February 2016, following the terrorist attacks in Brussels and Paris, that the EU as a whole set out a plan for a regional AML regulatory framework for cryptocurrencies.
This delay in regulatory action of just a few years had real consequences: it enabled widespread cryptocurrency money laundering activity across Europe.
As our research has shown, between 2013 and 2016, European cryptocurrency exchange services accounted for more than one-third of all Bitcoin laundering globally.
This is in contrast to the US, which issued AML regulatory guidance on cryptocurrencies in 2013 and accounted for a much smaller share of cryptocurrency laundering over the same time period, according to our research.
Recently, Europol also noted that cryptocurrencies may have accounted for as much as $5.5 billion in illicit earnings during 2017, or 4% of all money laundering activity in Europe.
“Money launderers have evolved to use cryptocurrencies in their operations and are increasingly facilitated by new developments…”
– Europol, 2018
If there’s one region that shows how a lack of regulation can lead to crypto-crime, it’s Europe.
So it was a timely and important move in June 2018 when the EU finalized 5AMLD, which requires member states to apply AML regulation to fiat-to-crypto exchange platforms and custodial wallet providers by January 2020.
5AMLD: Just the beginning
5AMLD marks an important step in ensuring that fiat-to-cryptocurrency approaches in Europe are less vulnerable to criminal abuse.
But even though it’s only six months old, the fast-moving nature of cryptocurrencies threatens to make 5AMLD obsolete.
Several important activities and emerging business types in the cryptocurrency space are outside the scope of 5AMLD and continue to operate in a regulatory vacuum. These include:
-
Crypto-to-crypto exchanges that facilitate the exchange of transparent cryptocurrencies, such as Bitcoin, for privacy coins, such as Monero, that are attractive to money launderers.
-
Initial Coin Offerings (ICOs), which are vulnerable to fraud and money laundering.
-
Decentralized exchanges (DEX), which are not by nature and allow users to exchange cryptocurrencies without providing Know Your Customer information.
-
Peer-to-peer platforms that allow users to exchange cryptocurrency for cash without intermediaries and are vulnerable to exploitation by illegal Bitcoin brokers.
In October 2018, the Financial Action Task Force (FATF), the global standard setter for AML regulation, called on countries to expand the scope of regulatory frameworks to address these and other emerging risks in the cryptocurrency space. In January 2019, the European Banking Authority stressed the importance of ensuring that the EU-wide framework is extended to meet these new global standards as well.
It is still unclear when and how the EU might extend the scope of 5AMLD. But with international watchdogs demanding additional measures, it’s only a matter of time before additional cryptocurrency platforms are brought into the EU-wide regulatory regime and face increased scrutiny.
“We see that crypto-assets are here to stay. . . At the same time, we also see the risks associated with a lack of transparency. . .”
– Vice President of the European Commission Vladis Dombrovskis, September 2018
New frameworks for innovative technology
Meanwhile, several jurisdictions across Europe are already expanding the scope of their local regulatory frameworks to lead the way.
Gibraltar, Malta, Switzerland, Liechtenstein, France, Jersey and the UK are among those countries that are developing far-reaching regulatory frameworks and incorporating innovative approaches to keep pace with new cryptocurrency developments. Some features of these innovative regulatory schemes include:
-
Bespoke ICO Regimes: Rather than trying to bring all ICOs under old and sometimes inappropriate regulatory frameworks, some of these regimes try to distinguish between different types of crypto tokens that have different functions and therefore require carefully considered regulatory approaches. In early 2018, Switzerland put in place a new approach to ICO regulation. Jersey, Gibraltar, Liechtenstein and Malta have since started to develop similar measures, and France is currently debating the design of a bespoke ICO regime.
-
Broad coverage of cryptocurrency platforms: The UK has indicated that it will expand the scope of its AML regulation to cover crypto-to-crypto exchanges and other service providers not currently covered by 5AMLD. Malta and Gibraltar already have statutory language ensuring that these platforms fall within the scope of their requirements. Their regulation is broad enough that other cryptocurrency service providers could be caught as the industry produces new, dynamic business models, leaving regulators less vulnerable to catching up over time.
-
Comprehensive Licensing Schemes: Recognizing that cryptocurrency business presents unique risks and oversight challenges, Malta, Gibraltar and Liechtenstein have devised new approaches to approving and licensing cryptocurrency service providers. They require cryptocurrency services to demonstrate that they are fit and proper before authorisation, to provide information to regulators to ensure they are able to comply, and to undergo regular on-site visits and post-licensing audits. Dutch regulators also recently proposed a tailored licensing regime for crypto businesses operating in the Netherlands that would allow regulators to reject applicants before entering the market.
These new regulatory approaches are just beginning. Only time will tell if they will be effective.
“Crypto is vulnerable to financial crime due to the anonymous, cross-border nature of crypto transactions. . . licensing regime. . . it allows candidates to be evaluated and rejected if necessary before they enter the market.”
– Die Niederlansche Bank and the Netherlands Financial Markets Authority, December 2018
But the steps these individual jurisdictions are taking could very well become models for comprehensive EU-wide regulatory approaches in the future.
Crypto companies operating across Europe need to be alert to the upcoming changes and ready to withstand the tightening of regulations.
“The cryptoasset market and the underlying DLT technology are evolving rapidly and participants need to be clear about where they are conducting activities that fall within the FCA’s regulatory remit and require authorisation.”
– UK Financial Conduct Authority, 23 January 2019
Preparedness is key
Cryptocurrency businesses must take proactive steps to ensure they can meet AML requirements in this rapidly changing environment. Failure to do so could put them at risk of regulatory censure or unsuccessful licensing applications that would prevent them from accessing certain country markets.
As your company wants to establish or expand operations across Europe, ask yourself:
-
Do you understand the different regulatory approaches that apply from country to country?
-
Are you ready to meet all the compliance requirements in every European jurisdiction in which they operate?
-
Does your company meet the high standards required to obtain approval under the newly established licensing regimes?
-
Do you offer any cryptocurrency services that are not currently regulated but may become regulated soon?
-
Are you aware of the money laundering risks in each European country where you operate and do you have the necessary tools to monitor and investigate cryptocurrency laundering in those countries?
With regulatory targets shifting across Europe, cryptocurrency companies cannot afford to hesitate to address these issues.
Contact us to understand how Elliptic can help you navigate these compliance challenges.
