The metaverse opens up new spaces and opportunities for virtual content, in particular the use of virtual assets – whether these are cryptocurrencies or other tokens such as NFTs. The widespread use of cryptoassets brings with it considerable challenges for obliged entities in terms of the anti-money laundering rules. And it is not only financial service providers who make it possible to trade in cryptoassets that are faced with increased due diligence obligations.
Increasing importance and regulation
Recent years have seen cryptoassets become increasingly relevant of in the context of anti-money laundering law. In 2020 alone, the Financial Intelligence Unit (“FIU”) received around 2,050 suspicious activity reports, with the obliged entities pointing to “irregularities in connection with cryptocurrencies” as the reason for reporting. Cryptocurrencies have become a focus of anti-money laundering legislation, not least on the back of the implementation of the Fifth Anti-Money Laundering Directive (AMLD5). The aim of legislators is to adjust existing anti-money laundering measures so as to target cryptoassets more specifically; these measures include the German Regulation on Enhanced Due Diligence for the Transfer of Cryptoassets (Verordnung über verstärkte Sorgfaltspflichten bei dem Transfer von Kryptowerten, the “KryptoWTransferV”) as well as the planned revised version of a European regulation on information accompanying transfers of funds and certain cryptoassets.
This concerns obliged entities under anti-money laundering law who have direct contact with cryptocurrencies, e.g. cryptocurrency bureau de change companies, cryptocurrency exchanges or financial service providers, but also non-financial companies that have to deal with the challenges anti-money laundering legislation poses regarding the use of cryptocurrency in their business.
Potential risks of cryptoassets?
Using blockchain technology, assets in crypto form can be transferred on the internet just as quickly and safely as (other) information. Transfers of cryptoassets can be performed without involving traditional (central) intermediaries. It is not essential for the parties to the transaction to be identified or authenticated. This allows decentralised and pseudonymous transfer of digital tokens as part of financial transactions. It is precisely this somewhat anonymous transfer that makes it more attractive to criminals, allowing them to abuse virtual currencies for money laundering and related offences. The reason why cryptocurrencies lend themselves so well to money laundering is essentially down to three characteristics of the virtual payment system: It is (i) decentralised, (ii) pseudonymous and (iii) global.
Transfer of cryptoassets and application of the travel rule
The aim of the Wire Transfer Regulation (Regulation (EU) 2015/847) is to ensure full traceability, thereby countering the risk of funds being transferred largely anonymously. To achieve this goal, it imposes verification and monitoring obligations on the payment service providers of both the payer and the payee and on intermediary payment service providers. So far, the list of obligations only applies to transfers of funds in the form of “banknotes and coins, scriptural money or electronic money” and as a result not to virtual assets.
The EU Commission is however planning to revise the Wire Transfer Regulation (proposal COM (2021) 422 final) so that it treats transfers of virtual currencies in the same way as transfers of traditional monetary assets, because the former equally involve money laundering risks. What is known as the “travel rule” will also apply to virtual asset service providers (“VASPs”). This rule stipulates that VASPs must also record, store and transmit full and complete information about the sender and the recipient at both ends of the transfer whenever virtual assets are transferred. They must ensure, in particular, that the name and account number (if any) of the payee are transmitted. The scope of the Regulation extends to cryptoasset transfers from or to payment service providers, virtual asset service providers or intermediary payment service providers established in the European Union.
In introducing the KryptoWTransferV, the German legislator already ordered that the scope of application of the Wire Transfer Regulation be extended to include transfers of cryptoassets in order to bridge the time until the EU legislative procedure has been completed. The KryptoWTransferV applies exclusively to German credit and financial service institutions as well as branches and subsidiaries of foreign institutions located in Germany, and lays down enhanced due diligence obligations for these. If these entities act as cryptoasset service providers within the meaning of section 2, no. 5 KryptoWTransferV for both the sender and the recipient, the requirements of the Wire Transfer Regulation must be observed:
- The cryptoasset service provider acting on behalf of the payer must provide the payee’s cryptoasset service provider with the name, address and account number (e.g. the public key) of the payer and the name and account number of the payee. Before transferring funds, the payer’s cryptoasset service provider must also verify – on the basis of documents, data or information it obtains from a reliable and independent source – the accuracy of the information provided by the payer (Articles 4 and 6 Regulation (EU) 2015/847).
- The cryptoasset service provider for the payee must ensure that it receives and stores the information about the payer and the payee and that effective procedures are put in place to make sure that this is done. In addition, it must also introduce effective risk-based procedures to determine whether a transfer for which information about the payer and/or the payee is missing or incomplete, can be executed, rejected or suspended and whether the transfer is a reportable, suspicious one (Articles 7 and 8 Regulation (EU) 2015/847).
If not all parties acting on either side are cryptoasset service providers, e.g. if “unhosted wallets” are being used, the obliged entities must ensure that information on the payer and the payee (name and address) of the transfer is collected to ensure the transfer is traceable. The obliged entities must identify and assess the risk of abuse associated with the transfer in terms of money laundering and terrorist financing , and take risk-appropriate measures (section 4 KryptoWTransferV).
It is not only obliged entities which handle cryptoassets by virtue of the very nature of their business that must comply with the obligations in this regard under money laundering law. Even for non-financial companies such as goods traders, some of whom enjoy exemptions, the use of virtual assets can give rise to (further) obligations under anti-money laundering law. While the use of cryptocurrencies does not automatically render a transfer suspicious or result in relevant obligations, the presence of further risk factors can easily lead to identification requirements under anti-money laundering law due to the (latent) increased risk potential of cryptoassets. The pseudonymity of cryptoasset transactions may mean that obliged entities face significant challenges, especially when it comes to meeting their identification obligations. If the obliged entities do not sufficiently comply with their identification and reporting obligations, the transaction cannot proceed; a violation of the identification and reporting obligations can result in significant fines. Non-financial companies that use/accept cryptoassets must also put systems in place to prevent abuse.
If transfer are carried out through a regulated cryptoasset service provider in accordance with the KryptoWTransferV (or the future revised version of Regulation (EU) 2015/847), the travel rule would mean that obliged entities would be in a closed system (loop) and therefore largely be able to rely on the information already within that system. If transfers from unhosted wallets are to be accepted, then this would (most definitely) require the implementation of suitable verification procedures.
It is not only because of the technical innovations that cryptoassets pose challenges for obliged entities under anti-money laundering legislation. German and European legislators are also pushing ahead with plans for stricter regulation, in order to keep abreast of developments. Due to the money laundering risks posed by cryptoassets, further changes to the law can be expected in the future.
In particular, companies that facilitate trading in cryptoassets and those that use or intend to use virtual currencies should therefore
- determine whether they are subject to special government anti-money laundering regulations in relation to cryptoassets,
- comply with legal requirements that apply specifically to cryptoassets, and
- adapt their own risk-based procedures, to bring them in line with both the legal and technical requirements for cryptoassets.
Our expert Digital Economy group is happy to help assess specific plans, discuss individual aspects in depth or answer any questions you may have.