28 Mar Anti-Money Laundering Package (AMLR & Travel Rule – Initial Response)
The International Association for Trusted Blockchain Application (INATBA) welcomes the European Commission’s (Commission) Anti-Money Laundering (AML) Package.
We have been actively engaging our 170-member base to assess the impact of the proposed requirements of the Transfer of Funds Regulation recast (TFOFR, or Travel Rule), AML Directive (AMLD) and Regulation (AMLR) and the proposal for an Anti-Money Laundering Authority (AMLA) and to offer feedback. With that in mind, this report focuses on the TFOFR, with additional work planned for the broader AML package.
Our members are supportive of the Commission’s objectives to harmonise EU legislation in this area, to improve the detection of suspicious transactions and activities, and to close loopholes used by criminals to launder illicit proceeds or finance terrorist activities through the financial system.
This document summarises several important issues which we urge policymakers to consider when finalising the TFOFR section of the AML Package. Blockchain technology is aligned with a number of objectives set forth by the EU. In addition, they generate potential income for the Union. As such, policymakers should make an effort to provide effective, yet lean AML/KYC requirements on CASPs.
Harnessing the Power of Blockchain
Blockchain technology allows for immutability of data, linking and hence tracing of data, and finally better auditability of the operations it handles.
Like any other technology, the business model that uses it drives the level of risk and the possibility of circumventing legal obligations. Establishing compliant business models that guarantee transparency to regulators limits drastically both elements. INATBA’s members do not offer or endorse the usage of blockchain technology to obfuscate transactions’ origins or beneficiaries.
Unlike many other technologies, blockchain facilitates the traceability of individual transactions and allows for the industry to be AML-compliant through innovative methods; such as on-chain analytics and seamless, systematic monitoring of crypto-asset transactions, also known as Know-Your-Transaction (KYT).
INATBA members strongly urge policymakers to consider the different capabilities of blockchain technology when setting rules for businesses which have adopted them to execute and trace transactions.
Issue #1: Definitions Which Reflect Industry More Accurately in AMLD, AMLR and TFOFR
The definitions of Crypto Asset Service Providers (CASPs) in the AML Package differ from those of Virtual Asset Service Providers (VASPs) in the Recommendations of the Financial Action Task Force (FATF). These differences cause unnecessary complications and uncertainty for industry stakeholders, particularly for those operating outside the EU.
Further, due to the lacking definitions of various types of wallets in the AML package, uncertainty for industry’s stakeholders will arise. Especially in light of the plan to prohibit CASPs from provision and custody of anonymous wallets (AMLR – Article 58), it is essential to provide the stakeholders with enough clarity. In particular, a clear distinction should be made between all types of wallets listed in the AML package, especially hosted, unhosted and anonymous wallets.
- Instruments and notions not clearly defined must be clarified and harmonised across policy documents.
- Clarify and harmonise key notions such as the definition of a CASP/VASP between the Financial Action Task Force and the AML package, and the definitions of “exchange”, “safekeeping” and “participation” in an offer or sale of crypto-assets necessary for the effective continuation of business operations and understanding of AML requirements by CASPs.
- Any inclusion of transactions from/to unhosted wallets in scope should take into account the existing ecosystem of wallets in the space. The industry needs clearly defined notions of the different types of existing wallets, namely a clear definition for hosted and unhosted wallets, custodial and non-custodial wallets, as well as anonymous and non-anonymous wallets. Definitions should be aligned with the industry’s reality as listed in policy found in EU Member States. INATBA members, in upcoming policy outputs, will provide a list of clear distinctions and definitions of the various wallet types listed in the AML package.
Issue #2: Applying the principle of “same risk, same rules” to AML requirements
The proposed level of AML requirements for CASPs within the TFOFR is harsher than some of those for Traditional Finance (1), particularly when comparing the treatment of wire transfers and crypto-asset transfers on public, permissionless and transparent blockchains, like Ethereum or Bitcoin’s mainnet. Additional requirements imposed through the TFOFR should only be placed on CASPs engaging with networks and crypto-assets of higher AML risk, which protect key information within transactions.
However, it should be noted that public, permissionless blockchain transactions, as opposed to cash-based transactions, are technically fully transparent, visible, verifiable and immutable. The reason behind this is because blockchains automatically record the transactions between multiple parties in a transparent, verifiable, linked, immutable, and secure manner. These features constitute the very nature of blockchain and cannot be limited nor adjusted. These characteristics of blockchain enable tracking and analysing the flow of crypto-assets in detail and trace back their origin well beyond the current owner.
Further, adoption of blockchain technology does not suffer from legacy technology or database siloes, which might prevent the ability to analyse transactions in aggregate. Any CASP which is an inscope entity under AMLD/R is thus required to comply with the same level of AML risk management as other financial service institutions. Crypto-asset transactions that proceed to or from VASPs that are not obligated under European AML/CFT Regulations can be monitored in further detail, similarly to traditional finance, and therefore do not entail increased risk.
As a result, the legal requirements for blockchain transactions should be in no case wider than for Traditional Finance. Imposing stricter compliance standards for blockchain transactions – as proposed in the draft legislation – would not only be overly onerous and difficult to implement, but also hardly justifiable on grounds of equal treatment.
To conclude, the scope and weight of these requirements will induce disproportionate compliance costs and burdens for the industry. The principle of “same services/activities, same risks, same rules and same supervision” should be applied in order to ensure consumer protection and market integrity. Regulation should be neutral regarding technological developments and business models.
- The low Customer Due Diligence (CDD) thresholds and high requirements, such as the 1,000 EUR proportional transaction thresholds, should, at least, be aligned with Traditional Finance requirements. With that stated, this does not take into account the existing transparency provided by blockchain technology which should lift transaction thresholds to higher figures.
- In order to take the improved transparency of blockchain technology into account, CASPs should be obliged to conduct Know-Your-Transaction (KYT) on each crypto-asset transaction that exceeds the value of the stated threshold. However, if a crypto-asset transaction below the stated threshold is received or sent to an unhosted wallet or a VASP that is not obliged under European regulation, EU-based CASPs should be obliged to perform KYT procedures (e.g., proof of origin, flow analysis).
- INATBA members suggest that policymakers should utilise existing risk appropriate frameworks in the treatment of transactions to wallets. Depending on the risk environment and services that these CASPs offer and the environment they operate in, different AML requirements should be used. An example could be the level of customer due diligence that is imposed by the AMLD. INATBA members are keen to provide more information to policymakers on these risk-appropriate frameworks for different types of crypto-assets, CASP services and blockchain analytics results on the addresses participating in each transaction.
Issue #3: Exchange consumer information accompanying transfers of funds across multiple CASPs while protecting privacy
Under the proposed TFOFR requirements, as well as under the conventional AMLR policy logic, CASPs are required to each on-board and perform customer due diligence on their customers (CDD), and then exchange information under the Travel Rule.
To gather, transfer and store information on transfers for both beneficiary and originator CASPs causes excessive compliance burdens which can be overcome with blockchain technology in ways not available to financial market participants before. These burdens can also be limited by a cross-CASP information request system.
Market participants which protect customers’ privacy and only share necessary information, or even evidence of the existence of this information, should be encouraged. These market participants should follow KYC/AML requirements without unnecessarily sacrificing privacy. To achieve this, proposed requirements should be adaptable to the diversity of business models and technology solutions found within the blockchain industry.
Relevant Industry Innovation:
- A passporting regime, where once consumers are CDD-ed on the beneficiary or originator CASPs, removing the need for subsequent identification procedures by other CASPs is supported by our members. The requirements placed on CASPs regarding the information that needs to accompany transfers of all sizes should not duplicate the information already available and visible on the blockchain. Through such a passporting system, each party within a transaction would have a unique identifier with an independent value that cannot be forged on the blockchain, and identification can be provided while preserving privacy, meaning that CASPs can protect their customer’s privacy rights while complying with Data Protection and AML requirements.
- The above points can be achieved through the application of existing technologies, like blockchain analytics and ID NFTs, that are currently being explored by innovative market participants. These technologies can be effective in achieving a global KYC/AML process, and INATBA members urge policymakers to review their effectiveness within the market.
- Passporting KYC/AML data can help ensure that sanctions, like the ones imposed on Russia in recent times, will be effective with crypto-asset transfers.
(1) Article 11-b. ii of Directive (EU) 2015/849 (AMLD5) states: “Member States shall ensure that obliged entities apply CDD measures in the following circumstances: […] (ii) constitutes a transfer of funds, as defined in point (9) of Article 3 of Regulation (EU) 2015/847 of the European Parliament and of the Council (1), exceeding EUR 1 000.”