The Fifth Anti-Money Laundering Directive: Extending the Scope of the European Union’s Regulatory Authority to Virtual Currency Transactions
On April 19, 2018, the European Parliament (“EP”) adopted the European Commission’s (the “Commission”) proposal for a Fifth Anti-Money Laundering Directive (“AMLD5”) to prevent terrorist financing and money laundering through the European Union’s (“EU”) financial system. The Commission proposed this directive on July 26, 2016 to build upon and amend the Fourth Anti-Money Laundering Directive (“AMLD4”) – before all 28 member states even implemented AMLD4.
Under AMLD4, the EU sought to combat money laundering and terrorist financing by imposing registration and customer due diligence requirements on “obliged entities,” which it defined as banks and other financial and credit institutions. It also called for the creation of central registers comprised of information about who owns companies operating in the EU and directed that these registers be accessible to national authorities and obliged entities. However, the European Central Bank warned that AMLD4 failed to effectively address recent trends in money laundering and terrorist financing, which have spanned multiple jurisdictions and fallen both within and outside of the traditional financial sector. As a result, and in response to recent terrorist attacks in Europe and to the Panama Papers, the EP has adopted AMLD5 to more effectively keep pace with these recent trends.
Although AMLD5 contains several important provisions, including a proposed public registry of beneficial owners of legal entities, we focus here on how AMLD5 addresses, for the first time, the potential money laundering and terrorist financing risks posed by virtual currencies.
This amended directive reflects the coordination of four distinct bodies: (1) the Commission, which serves as the EU’s executive body and represents the interests of Europe as a whole; (2) the EP, which represents the EU’s citizens and is directly elected by them; (3) the Council of the European Union, which represents governments of the individual member countries; and (4) the Financial Action Task Force (“FATF”), an independent, inter-governmental body that developed in 2012 and last updated in 2018 a comprehensive framework of measures for EU countries to implement to combat money laundering and terrorist financing.
In response to these recommendations, the Commission, EU, and Council have created five directives that elaborate upon the measures advocated by the FATF. In contrast to EU regulations and decisions, directives are not binding on member states. Rather, they articulate goals for member states to implement through their own laws.
The AMLD5 reflects the following core goals for member states to implement by the end of 2019:
- Enhancing transparency about the beneficial owners of companies operating in the EU by making public central registers for legal entities;
- Guaranteeing that all member states have centralized national bank and payment account registers or central data retrieval systems;
- Expanding the authority of the EU Financial Intelligence Units (“FIUs”), increasing their access to centralized bank account registers, and facilitating their cooperation across nations through interconnected registers;
- Addressing the risks of virtual currencies and pre-paid cards being used for terrorist financing and money laundering; and
- Enhancing safeguards for financial transactions involving high-risk, non-EU countries.
The Amended Directive Subjects Virtual Currency Exchanges – for the First Time – to EU Regulations
As the Commission has explained, recent terrorist attacks have “brought to light emerging new trends, in particular regarding the way terrorist groups finance and conduct their operations.” Chief among these trends is the use of virtual currencies to facilitate terrorist financing and money laundering. In 2014, the European Banking Authority warned that virtual currency transactions are particularly vulnerable to criminal misuse because they (1) permit transacting parties to remain anonymous; and (2) are not confined to jurisdictional borders. Until this point, however, the EU has not regulated virtual currency transactions.
AMLD5 responds to these risks through several key amendments. First, the amended directive has expanded the scope of the directive by including virtual currency exchange platforms (“VCEPs”) and custodian wallet providers (“CWPs”) as “obliged entities” subject to EU regulations. This reflects a significant expansion of “obliged entities” which, under AMLD4, were limited to more traditional entities such as financial institutions, accountants, and tax advisors.
As the Commission has explained, VCEPs function as electronic currency exchanges that trade virtual currencies for fiat currencies. It has described CWPs as holding virtual currency accounts on behalf of their customers – effectively serving as banks offering a current account on which fiat money can be deposited, stored, and transferred. As “obliged entities,” VCEPs and CWPs now will face the same regulatory requirements under the amended directive as banks and other financial institutions. These include obligations to register with national anti-money laundering authorities, implement customer due diligence controls, regularly monitor virtual currency transactions, and report suspicious activity to government entities. These obligations are similar to the AML obligations posed upon virtual currency exchanges in the U.S., which, as we have blogged, represent money services businesses (“MSBs”) subject to the Bank Secrecy Act and required to register as MSBs with FinCEN.
By imposing these requirements on VCEPs and CWPs, the amended directive enables FIUs to amass key information necessary to monitor and detect terrorist financing and money laundering through virtual currencies. Moreover, AMLD5 provides FIUs with direct access to information held by obliged entities – including VCEPs and CWPs – regardless of whether these entities have filed suspicious transaction reports.
Second, AMLD5 increases transparency of virtual currency transactions executed without VCEPs or CWPs. As the Commission has recognized, including VCEPs and CWPs as obliged entities “does not entirely address the issue of anonymity attached to virtual currency transactions, as a large part of the virtual currency environment w[ould] remain anonymous because users can also transact without these providers.” As a result, the revised directive proposes that member states create central databases comprised of virtual currency users’ identities and wallet addresses – not just those using VCEPs or CWPs – as well as self-declaration forms submitted by virtual currency users. In addition, AMLD5 directs member states to authorize national FIUs to access the information in these databases.
Third, AMLD5 streamlines member states’ regulatory frameworks for virtual currency by defining key terms and instructing member states to implement these definitions into their AML legislation. For example, the amended directive defines “virtual currency” as a “digital representation of value that is not issued or guaranteed by a central bank or a public authority, is not necessarily attached to a legally established currency and does not possess a legal status of currency or money, but is accepted by natural or legal persons as a means of exchange and which can be transferred, stored and traded electronically.” It also defines a CWP as an “entity that provides services to safeguard private cryptographic keys on behalf of their customers, to holding, store and transfer virtual currencies.