EU opens door for cryptocurrency exchanges to apply AML rules

On 19 June, the fifth Anti-Money Laundering Directive (5AMLD) was published in the Official Journal of the European Union. The Directive has important implications for virtual currencies and further toughens EU rules around information on the beneficial ownership of companies and trusts. The Directive will enter into force on 9 July 2018 and Member States will have until 10 January 2020 to amend their national laws to conform with the new Directive.

What is 5AMLD?

5AMLD is not a ‘free-standing’ law. Rather, it makes several amendments to the EU’s fourth Anti-Money Laundering Directive (4AMLD). The Commission first published its proposals for the fifth Directive in mid-2016, while Member States were still in the process of implementing the fourth Directive.

Such rapid amendment of new legislation might seem unusual. However, the timing of 5AMLD reflects a political desire to further strengthen EU law on anti-money laundering and combating the financing of terrorism (AML / CFT) in response to the Panama Papers scandal which broke in late 2015 and to the November 2015 terrorist attacks in Paris and March 2016 Brussels bombings. 

5AMLD makes several changes to 4AMLD the most important of which fall into the following areas: (i) regulation of virtual currencies; (ii) information on beneficial owners; (iii) use of prepaid cards; (iv) powers of financial intelligence units (FIUs) and supervisors; and (v) due diligence for high risk countries.

On a related note, EU law makers recently concluded trilogue discussions on a proposed Directive on countering money laundering by criminal law and that Directive is expected to be adopted shortly.

Virtual currencies

5AMLD widens the EU’s regulatory perimeter for AML/CFT controls and expressly brings providers of exchange services between virtual currencies and fiat currencies (i.e. platforms used to exchange money for cryptocurrency) as well as custodian wallet providers into scope. Both providers are brought within the ‘obliged entity’ definition under 4AMLD and new definitions for both virtual currencies and custodian wallet providers are established.

The Directive also requires Member States to subject such providers to registration. Until now, by falling outside the regulatory perimeter virtual currency exchange providers and custodian wallet providers faced no EU law obligations to identify suspicious activity. The EU’s extension of the regulatory perimeter is designed to prevent criminal groups from exploiting the anonymity of virtual currency-based transactions and to improve national regulators’ monitoring of the users of virtual currencies while at the same time not hampering technical progress or development.

Beneficial owners

5AMLD makes some important changes to EU rules on the recording and disclosure of the beneficial ownership of both corporate entities, trusts and similar legal arrangements. Notably, the Directive now requires Member States to impose sanctions on companies or trusts that breach their basic obligation to hold adequate, accurate and current information on their beneficial ownership.

The Directive significantly broadens access to beneficial ownership information. For corporate entities any member of the general public is now required to be granted access. For trusts, access to beneficial ownership information is extended beyond regulators, FIUs and regulated entities conducting due diligence to any natural or legal person that can demonstrate a legitimate interest (a concept that Member States will be required to define in their national laws in terms that should not be limited to pending litigation but which should be flexible enough to facilitate preventive work in AML / CFT by the authorities, NGOs and investigative journalists).

Information on beneficial ownership of trusts and similar arrangements is now required to be recorded in a central register in all cases (previously, under 4AMLD, the central registration obligation was only triggered where the trust generated tax consequences). Member states will also be required to define which local legal arrangements should be considered as similar to trusts by virtue of their functions or structure.

Information on beneficial ownership of both corporate entities and trusts will be required to be accessible on a cross-border basis throughout the EU by requiring national central registers to interconnect with one another via the ‘European Central Platform’ established under the Company Law Directive.

Prepaid cards

In a bid to prevent the use of prepaid cards in financing terrorist attacks, the Directive lowers the thresholds at which customer due diligence measures for e-money instruments can be waived. The maximum balance and maximum monthly transaction limit is reduced from €250 to €150 while the upper threshold at which due diligence requirements can be waived for the redemption of cash or withdrawal of monetary value from prepaid cards is lowered from €100 to €50. 5AMLD also prevents EU banks and financial institutions from accepting payments carried out with anonymous prepaid cards issued in third countries unless the cards meet requirements that are equivalent to EU rules.  

Financial intelligence units and supervisory powers

5AMLD aims to give FIUs completely unfettered access to information from any ‘obliged entity’ including the newly in-scope virtual currency exchange providers and custodian wallet providers. Notably, the Directive now provides a basis on which FIUs can obtain information from any obliged entity even where no prior report has been made by the FIU.

5AMLD also aims to improve the exchange of confidential information between AML / CFT regulators and banks’ prudential regulators. The importance of improving information sharing between different types of regulators and the potential implications of prudential regulators lacking AML/CFT supervisory powers were brought into sharp relief early in 2018 following the sudden collapse of Latvian Bank ABLV. 

Enhanced due diligence for high risk countries

5AMLD imposes stricter due diligence requirements for business relationships or transactions that involve high-risk third countries. These include requirements to obtain additional information on the customer and beneficial owner, sources of funds and wealth, reasons for the transaction as well as a requirement to obtain senior management approval in order to establish or continue the relationship. The Directive also contemplates that Member States may impose additional restrictions on conducting business relationships or transactions with counterparties from high risk countries and could potentially require EU banks and financial institutions to review, amend and if necessary terminate correspondent banking relationships with institutions in high risk third countries.

Brexit implications

The Directive will enter into force while the UK is still a Member State. Its implementation deadline will expire during the anticipated transition period following withdrawal and, as such, it is expected that the UK will implement the Directive in full. However, it is not clear how the UK’s post-Brexit status as a third country may affect the ongoing interconnection of the UK’s beneficial ownership registers with those in EU27 states.