The first Anti-Money Laundering Directive (AMLD) was adopted in 1990 to prevent money laundering within the financial system of the EU. This law is constantly being revised to reduce the risks associated with money laundering and terrorist financing. The fifth and last AMLD was introduced as the European Central Bank (ECB) claimed that AMLD 4 failed to effectively address recent trends in money laundering and terrorist financing, which have spanned multiple jurisdictions and fallen both within and outside of the traditional financial sector. AMLD 5 not only amends the 4th directive, but it also adds new provisions to the European legal system.
Overview of AMLD 5
The major changes to the directive are presented below :
- Extending the directive scope to include virtual currencies. Virtual currency exchange platforms (“providers engaged in exchange services between virtual currencies and fiat currencies” [3, art 2, para. 1g] / exchange operators) – “VCEPs” and custodian wallet providers – “CWPs” (an entity that provides services to safeguard private cryptographic keys on behalf of its customers, to hold, store and transfer virtual currencies.” [3, art. 1, para. 2d] / custodies) will be included as “obliged entities” subject to EU regulations. This means that VCEPs and CWPs now will face the same regulatory requirements as banks and other financial institutions.
- Enhanced cooperation and information exchange between the EU financial intelligence units (FIUs). AMLD 5 requires Member States to implement centralized automated mechanisms at a national level to identify payment accounts and bank accounts held by a credit institution, thereby creating a central source for identifying all bank accounts for an individual [3, art. 1, para. 19]. Furthermore, the fifth directive reserves the right for each member of the EU to define and develop a central registry or data retrieval system for compliance.
- Beneficial ownership registers. The main provision of AMLD 4 was the requirement for beneficial ownership registers, whereby member states will be required to obtain and hold adequate, accurate and current information on corporate and other legal entities, including trusts and similar legal arrangements, incorporated or administered within their respective member state [4, art. 3, para. 6]. AMLD 5 requires the implementation of these registers within 18 months of the implementation date.
- Resolving anonymity issues regarding prepaid cards. EU member states will be required to identify a customer in the case of remote payment transactions where the amount paid is more than €50. After 36 months from AMLD 5 being entered into force, identification shall be applied to all remote payment transactions. Moreover, the maximum amount stored on prepaid cards was reduced from €250 to €150 [3,art. 1, para. 7a] and the same limitations were made for monthly payment transactions.
- Developing a coherent EU approach to high-risk third countries (e.g., Afghanistan, Iraq, Iran, Syria and DPRK). The AMLD 5 will require member states to apply a specific list of enhanced due diligence (EDD) measures for transactions involving entities on a list of high-risk countries as defined by the European Commission.
- Prohibition of anonymous bank accounts and bank cells. Nameless bank accounts, savings accounts or safe deposit boxes will be abolished with the AMLD 5.
The AMLD 5 was published in the Official Journal of the European Union on June 19, 2018  and entered into force on July 6, 2018 and according to the First Vice President of the European Commission – Frans Timmermans, these new rules “will bring more transparency to improve the fight against money laundering and terrorist financing across the European Union” . Moreover, AMLD 5 was proposed as an “action plan” against terrorist attacks in Paris (2015) and Brussels (2016) and as a reaction to Panama Papers scandal (2016) , and in order to keep pace with recent trends in money laundering and terrorist financing more effectively. The full list of following deadlines is presented in below.
- January 10, 2020 – Registers of Corporate and Legal Entities (Article 30)
- March 10, 2020 – Registers of Trust Arrangements (Article 31)
- September 10, 2020 – Centralized Automated Mechanisms, Member States should set up centralized automated mechanisms allowing the identification of holders of bank and payment accounts and safe-deposit boxes (Article 32a)
- March 10, 2021 – Interconnection of Registers, Central registers should be interconnected via the European Central Platform (Article 30-31)
- December 31, 2021 – Real Estate Register Interconnection Report (Article 32b)
Cryptocurrencies and AMLD 5
The fifth directive names cryptocurrency as virtual currency and defines them as follows: “a digital representation of value that is not issued or guaranteed by a central bank or a public authority, is not necessarily attached to a legally established currency and does not possess a legal status of currency or money, but is accepted by natural or legal persons as a means of exchange and which can be transferred, stored and traded electronically.” [3, art. 3, para. 18]. In 2014, EBA (European Banking Authority) claimed that cryptocurrencies are especially vulnerable to criminal misuse because they make transacting parties rather anonymous and are not limited by jurisdictional borders and until AMLD 5, these transactions have not been regulated . In other words, the fifth directive:
- Considers VCEPs and CWPs as “obliged entities” and this view includes obligations to register with national anti-money laundering authorities, implement customer due diligence controls, regularly monitor virtual currency transactions, and report suspicious activity to government entities (same requirements as for banks and other financial institutions in the EU). It is interesting that these obligations look very similar to anti-money laundering rules posed upon virtual currency exchanges in the United States , which consider cryptocurrency exchanges as entities subject to the Bank Secrecy Act 1970 and require registration as a Money Services Businesses (MSB) with FinCEN;
- Obligates member states of the EU to create central databases that comprise identity information and wallet addresses of cryptocurrency users who interact with VCEPs or CWPs. Furthermore, it authorizes national FIUs (Financial Intelligence Units) to access these databases if it will be necessary;
- Optimizes the regulatory framework of EU member states regarding cryptocurrencies by defining the main terms and instructing member states. For example, definitions of CWPs, VCEPs and virtual currency/cryptocurrency, that were performed before, were taken from AMLD 5.
Therefore, under the new legal framework, Europol could much easier gather the information about suspicious cryptocurrency transactions by requiring central databases to provide all information about the owner of certain wallet and then by utilizing special software (e.g., Elliptic, Chainalysis, Crystal), track all funds flows and after that, if it will be necessary, start a standard investigation.
The main implications of the enactment of AMLD 5 for EU’s CWPs and VCEPs can be summarized as follows:
- CWPs and VCEPs will be regulated as “obliged entities”, hence they must meet the same AML and KYC standards as banks and other financial institutions in the EU;
- All addresses and transactions will be absolutely transparent for FIUs;
- Such terms as CWP, VCEP, and cryptocurrency finally get necessary legal definitions.
The Response of Cryptocurrency Companies
According to Chainalysis (transaction auditor, whose clients are include giants such as Binance, Bitstamp, EUROPOL, and Barclays), the implementation of AMLD 5 will be positive for the digital assets industry, because the new legal framework will attract institutional investors, which had low-risk appetite due to the absence of fully-fledged regulation . Moreover, Ulli Spankowski, the director of digital technology at Stuttgart Stock Exchange, confirmed that AMLD 5 had a positive effect on the interest of traditional financial institutions in cryptocurrencies .
Nevertheless, we can observe several examples of companies that left the EU or closed down because of the introduction of AMLD 5.
- Deribit – provides a platform for digital assets futures and options trading, has moved from the Netherlands to Panama ;
- KyberSwap – one of the biggest non-custodial exchanges, changed its jurisdiction from Malta to the British Virgin Islands ;
- BottlePay (platform for Bitcoin payments), Simplecoin (a crypto mining pool), Chopcoin (bitcoin gaming platform), have all closed due to AMLD 5 .
EU and US approaches to regulating cryptocurrency
The regulatory approaches in the European Union and the United States are largely similar when speaking about cryptocurrencies. Both the EU and US recognize the significance of cryptocurrency regulation in fighting against terrorist financing and money laundering. Companies that provide digital assets services face the same rules as financial institutions (e.g. banks) when it comes to KYC, AML, and suspicious activity reporting. Moreover, members of the EU and the states in the US have the right to implement stricter laws in their domestic legislation.However, both jurisdictions seek to balance monitoring so as not to limit innovation. However certain differences exist, as described below:
- Both legislations have different definitions of companies that provide crypto services. In the EU such companies are defined as “obliged entities” (AMLD 5), while in the United States companies that provide digital assets services are defined as “covered financial institutions” (FinCEN). Nevertheless, these terms have the same aim, which is to make crypto service providers comply with the established banking rules in each regulatory jurisdiction.
- AMLD 5 focuses on regulation of VCEPs and CWPs, whereas the United States federal regulatory regime refers to services exchanging or transmitting crypto regardless of fiat currency involvement .
- The United States has two levels of regulation (federal and state), hence providers of crypto services are obligated to guarantee both levels of compliance, however it is possible to be free from local laws in some states. While, in the EU each level of regulation has to be equal or stricter than AMLD 5.
- In the EU, the data protection laws apply to the processing of personal data collected for AML and counter-terrorism financing purposes under AMLD 5, which means that VCEPs and CWPs are required to provide appropriate measures to protect the information that they collect about their customers. No federal privacy or data collection rules have been enacted in the US, although privacy laws have begun to appear in certain states of the US .
- AMLD 5 obliges EU members to make public registry information on beneficial owners available, which should be integrated at EU level to promote cross-border collaboration and information access by regulators and FIUs. On the contrary, the USA’s states may soon follow and create in future a national database that tracks the beneficial ownership of entities .
Nowadays, with the introduction of AMLD 5, digital assets companies (CWPs and VCEPs) in the EU qualify as “obliged entities” that must be licensed by a national financial services authority (e.g., Germany’s BaFin, or the UK’s FCA) and perform the same KYC/AML requirements as a bank or other financial institutions.
In addition, they are obligated to store personal data of their clients along with their digital assets addresses/wallets and transactions to provide this information to FIUs if it will be necessary. AMLD 5 is not destructive for the industry, because regulatory bodies require crypto companies to comply with the same AML/KYC standards as from other financial institutions to prevent terrorist financing and money laundering. Cryptocurrency industry will be joined to the existing financial system with accepting common laws to continue its development, it was just a matter of time. Similar KYC/AML requirements for cryptocurrency companies had been existing in the USA for several years, however, the United States is currently considered one of the most crypto-friendly jurisdictions.
- 2020: The Year of EU Regulation of Crypto-Assets? // Lexology URL: https://www.lexology.com/library/detail.aspx?g=7cad051e-fdd9-4195-ba0c-1f70e2c18966 (accessed: 01.04.2020).
- Another crypto firm moving out of the EU in response to 5AMLD, this time non-custodial exchange KyberSwap // The Block URL: https://is.gd/bJlnao (accessed: 01.04.2020).
- Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU // Official Journal of the European Union. 2018 . OJL 156. Vol 61.pp. 43–74 .
- Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC // Official Journal of the European Union. 2015. L 141. Vol 58.pp. 73–117.
- Dutch Derivatives Exchange Deribit to Move to Crypto-Friendly Panama // CoinDesk URL: https://www.coindesk.com/dutch-derivatives-exchange-deribit-to-move-to-crypto-friendly-panama (accessed: 01.04.2020).
- EBA Opinion on ‘virtual currencies’ PDF // EBA URL: https://is.gd/72397n (accessed: 06.01.2020).
- EU: 5th EU Anti-Money Laundering Directive published // Global Compliance News URL: https://globalcompliancenews.com/eu-5th-anti-money-laundering-directive-published-20180716/ (accessed: 06.01.2020).
- Europe’s New AML Rules Made Crypto More Attractive to Institutions, Says Boerse Stuttgart Exec // CoinDesk URL: https://is.gd/nwdUIY (accessed: 01.04.2020).
- European AML Regulations Follow the US Path With a Six-Years’ Delay // CoinTelegraph URL: https://cointelegraph.com/news/european-aml-regulations-follow-the-us-path-with-a-six-years-delay (accessed: 09.01.2020).
- Statement By First Vice-President Timmermans // European Commission URL: https://ec.europa.eu/commission/presscorner/detail/en/STATEMENT_18_3429 (accessed: 06.01.2020).
- What European Cryptocurrency Exchanges Need to Know about 5AMLD // Blog of Chainalysis URL: https://blog.chainalysis.com/reports/5amld-cryptocurrency-exchanges-europe (accessed: 01.04.2020).