European Parliament Agrees First EU Rules For Tracing Crypto-Asset Transfers

July 4, 2022
Back
The European Parliament has provisionally agreed a landmark bill that will see most transfers of crypto-assets regulated in the same way as traditional money transfers.

The European Parliament has provisionally agreed a landmark bill that will see most transfers of crypto-assets regulated in the same way as traditional money transfers.

The bill, which was agreed on June 29, is part of a new EU anti-money laundering package that will complement the wider Markets in Crypto-Assets Regulation (MiCA).

Under the new framework, transfers of crypto-assets will be traced and identified, and will give regulators the ability to block suspicious transactions.

The agreement takes the concept of the travel rule from traditional finance and applies it to transfers of crypto-assets from the first euro sent.

The travel rule ensures that information on the source of the asset and its beneficiary travels with the transaction and is stored on both sides of the transfer.

Crypto-assets service providers (CASPs) will be obliged to provide this information to competent authorities if an investigation is conducted into money laundering or terrorist financing.

Originally, the framework had included a proposal for a minimum transfer value that would trigger the imposition of traceability requirements.

Ultimately, however, parliament negotiators agreed that there should be no minimum threshold for regular hosted wallet transfers, due to the ease with which such a rule could be circumvented.

Before making the crypto-assets available to beneficiaries, CASPs will have to verify that the source of the asset is not subject to restrictive measures or sanctions, and that there are no risks of money laundering or terrorism financing.

Regarding protecting personal data, including a name and an address required by the travel rule, negotiators agreed that if there is no guarantee that privacy is upheld by the receiving end, such data should not be sent.

The European Parliament, Council and Commission said they will now cooperate to thrash out further “technical aspects” of the legislation.

Thereafter, the agreement must be approved by the Civil Liberties, Justice and Home Affairs (LIBE) committee, the Committee on Economic and Monetary Affairs (ECON) and rubberstamped by the Parliament as a whole before it can enter into force.

Crypto blacklists and unhosted wallets

The new legislation will also cover transactions from unhosted wallets when they interact with hosted wallets managed by CASPs.

An unhosted wallet is typically a hardware wallet, such as Ledger, Trezor or SafePal, or a wallet that is embedded in a personal web browser, such as Metamask.

If a customer sends or receives more than €1,000 to or from their own unhosted wallet, the CASP will need to verify whether the unhosted wallet is effectively owned or controlled by this customer.

The rules do not apply to peer-to-peer transfers conducted without a CASP, or to transfers between CASPs acting on their own behalf.

In other words, the framework gives crypto-users an incentive to transact on a peer-to-peer basis to avoid scrutiny, although this does not appear to be an intended effect of the legislation.

Finally, negotiators agreed that the MiCA will include provisions for a public register of non-compliant and non-supervised CASPs, with which EU CASPs would not be allowed to trade.

Assita Kanko, co-rapporteur for the LIBE, said the legislation will bring most crypto-asset transfers under the scrutiny of regulators and law enforcement for the first time.

“Terrorists used crypto for fundraising, to access to child pornography and criminals laundered their proceeds through it,” said Kanko. “This has really harmed people’s lives and raised doubts about the crypto sector.”

“Today, we have taken a big step to address these problems. It will be much harder to misuse crypto-assets and innocent traders and investors will be better protected. The extended travel rule will make that world safer”.

FATF follows up with global travel rule guidance

In related news, the Financial Action Task Force (FATF) has published updated guidance for the implementation of its own Travel Rule for virtual assets and virtual asset service providers (VASPs).

The report found that the vast majority of jurisdictions have not yet fully implemented FATF’s Travel Rule requirements, which set the global standard for anti-money laundering/counter-terrorism financing (AML/CTF) among VASPs.

Of the 53 jurisdictions that have been assessed by FATF’s Global Network since June 2021, the majority still require major or moderate improvements.

Over the last year, jurisdictions have made only limited progress in introducing FATF’s Travel Rule, which is key for private sector entities to comply with sanctions and detect suspicious transactions.

As of March 2022, 29 out of 98 responding jurisdictions reported having passed Travel Rule legislation, while only 11 jurisdictions have started enforcement and supervisory measures.

Although around a quarter of responding jurisdictions are now in the process of passing the relevant legislation, around one third (36 out of 98) have not yet started introducing the Travel Rule.

As noted by FATF, this gap leaves virtual assets and VASPs vulnerable to attack, misuse and negligence, and demonstrates the need for jurisdictions to accelerate implementation and enforcement.

FATF’s latest report comes three years after it extended its AML/CTF measures to virtual assets and VASPs to prevent criminal misuse of the sector.

The report builds on FATF’s two previous reviews on implementation by providing a short update on the latest country compliance with FATF’s Recommendation 15 and its Interpretative Note (R.15/INR.15).

It also places a specific focus on the Travel Rule to respond to FATF’s June 2021 findings that countries and the private sector face particular challenges in this area.

Additionally, the report explores relevant emerging risks and market developments, including those related to decentralised finance (defi), non-fungible tokens (NFTs) and unhosted wallets.

David Carlisle, vice president of policy and regulatory affairs at Elliptic, a UK-based blockchain analytics company, welcomed the FATF’s focus on risks associated with defi.

"The report makes clear that the FATF is concerned that the growing ability of criminals to access defi platforms that currently operate largely outside of regulation presents a major risk,” he said.

“The FATF sees the lack of comprehensive Travel Rule compliance across the industry as a major risk that could make crypto increasingly vulnerable to risks such as sanctions evasion.”

Carlisle added that cross-chain bridges in defi are increasingly being used to launder money and are also the target of hacks.

In 2022 alone, according to Elliptic data, more than $1bn has been stolen from hacks of cross-chain bridges.

A cross-chain bridge is a channel that connects two separate blockchain networks. In June this year, more than $100m was stolen from the cross-chain bridge between the Harmony and Ethereum blockchains.

Lazarus Group, a cybercrime outfit backed by the North Korea state, is suspected of launching the attack.

Both FATF and Carlisle recommend that private sector entities invest in technological solutions that can improve surveillance and interoperability between jurisdictions, especially with regard to unhosted wallets and cross-chain bridges.

To assist, FATF said it will continue to raise awareness of these issues through the G7, the G20 and other high-level policy bodies, and will conduct a further review on progress and challenges to implementation by June 2023.

Our premium content is available to users of our services.

To view articles, please Log-in to your account, or sign up today for full access:

Opt in to hear about webinars, events, industry and product news

Still can’t find what you’re looking for? Get in touch to speak to a member of our team, and we’ll do our best to answer.
No items found.