Most countries copy and paste the Financial Action Task Force (FAFT) recommendations for anti-money laundering (AML) and counter terrorist financing (CTF) into their law. FATF is about standard setting, without universal application of the same standards one country may become the weakest link and a money laundering target.

The question is whether the EU will copy and paste the FATF 26 June 2015 virtual currency report into the new EU Directive.

If so, then all cryptocurrency operators, apart from those dealing in centralised Virtual Currencies – a centralised Virtual Currency has a single issuer who controls the payment system, will need to apply Enhanced Due Diligence (EDD) measures.

This will have a significant impact on cryptocurrency intermediaries.

FATF states (emphasis added):

When assessing the ML/TF risk of convertible VC, the distinction between centralised and decentralised VC will be one key aspect. Due to anonymity and the challenges to conduct a proper identification of the participant, convertible decentralised VCPPSs in general may be regarded of higher risk of ML/FT which would require the application of enhanced due diligence measures.

What does that mean for crypto-exchanges?

Under the current AML rules in the EU, EDD is applicable in non-face-to-face situations, which means it would be applicable to crypto-exchanges, as most provide online services.

The crypto-exchange would start by identifying and verifying the identity of a customer as part of its standard Customer Due Diligence (CDD) requirements. In addition, for EDD, it would also have to obtain further identity documentation or data from customers, certify customer’s documents and ensure that first payment comes from customer’s bank account.

But it doesn’t stop there.

The fourth anti-money laundering directive (4AMLD) is about to come into force, so if you want to future-proof your crypto business then you need to be thinking about 4AMLD compliance. Under 4AMLD, European Supervisory Authorities (ESAs) have set out the following general EDD requirements:

· Increasing amount of CDD information requested; looking at adverse media searches, the background of beneficial owner, intended business purpose

· Verifying the source of funds: “verifying the source of wealth and the source of funds may be the only adequate risk mitigation tool. The sources of funds or wealth can be verified, among others, by reference to VAT and income tax returns, copies of audited accounts, pay slips, public deeds or independent media reports.

· Increasing frequency of reviews on customers.

A priority policy for crypto-exchanges and other cryptocurrency intermediaries should be to determine whether the EU Commission intends to define standard cryptocurrency exchange activity as higher risk, by default, and therefore requires EDD measures. If so, the next policy objective should be to find out how the ESAs will define the ‘sector specific’ EDD measures required for Virtual Currency.

Thomas Oliver Matthews