European Union lawmakers have agreed a way forward on regulating the traceability of crypto assets being traded in the bloc.
The rules are intended to curb the use of crypto for money laundering and terrorism financing by bringing in compliance requirements for crypto service providers, such as trading platforms.
The provisional agreement on a new EU bill on crypto transaction traceability was reached earlier this week after negotiations involving the European Parliament and Council. Further steps to passing a pan-EU law remain — including a number of committee votes — but there's now firm momentum turning the legislative wheels.
Commenting in a statement yesterday, MEP Ernest Urtasun (Greens/EFA, ES), a co-rapporteur for the parliament's economic and monetary affairs committee, said: “This new regulation strengthens the European framework to fight money-laundering, reduces the risks of fraud and makes crypto-asset transactions more secure.
“The EU travel rule will ensure that CASPs [Crypto-assets service providers] can prevent and detect sanctioned addresses and that transfers of crypto-assets are fully traceable. This regulation introduces one of the most ambitious travel rules for transfers of crypto assets in the world. We hope other jurisdictions will follow the ambitious and rigorous approach the co-legislators agreed today.”
In another supporting statement, MEP Assita Kanko (ECR, BE), the co-rapporteur for the parliament's civil liberties, justice and home affairs committee, added: “For too long, crypto-assets have been under the radar of our law enforcement authorities. Terrorists used crypto for fundraising, to access to child pornography and criminals laundered their proceeds through it. This has really harmed people’s lives and raised doubts about the crypto sector.
“Today, we have taken a big step to address these problems. It will be much harder to misuse crypto-assets and innocent traders and investors will be better protected. The extended travel rule will make that world safer”.
The agreement reached extends the so-called ‘travel rule', which already applies in traditional finance, to cover transfers in crypto assets — requiring that information on the source of the asset and its beneficiary travels with the transaction and is stored on both sides of the transfer.
EU lawmakers decided there should be no minimum limit — meaning all crypto transactions that involve CASPs will need to comply with the travel rule, regardless of how much or how little cryptocurrency is being moved.
That toughens up the Commission's earlier proposal — removing a €1,000 limit for anonymous transactions the EU's executive had originally suggested.
“Crypto-assets service providers (CASPs) will be obliged to provide this information to competent authorities if an investigation is conducted into money laundering and terrorist financing,” said the parliament in a press release.
“As crypto-asset transactions easily circumvent existing thresholds that would trigger traceability requirements, Parliament negotiators assured that there is no minimum thresholds nor exemptions for low-value transfers, as originally proposed.”
Prior to releasing crypto assets to beneficiaries, providers will be required to verify that the source of the asset is not subject to restrictive measures or sanctions, and there are no risks of money laundering or terrorism financing. So the law will bring in a ‘know your customer' style compliance requirement for crypto platforms wanting to do business in the EU.
The co-legislators also agreed that additional crypto legislation which is still being negotiated — aka the Markets in Crypto-assets (MiCA) rules — will provide for the establishment of a public register for non-compliant and non-supervised CASPs, with which EU CASPs would not be allowed to trade.
The incoming rules will also cover crypto transactions from un-hosted wallets (i.e. wallets maintained by a private user) — when they interact with hosted wallets managed by CASPs.
The negotiators agreed that in a scenario where a customer sends or receives more than €1,000 worth of crypto to or from their own un-hosted wallet, the CASP will need to verify whether the un-hosted wallet is “effectively owned or controlled by this customer”.
“The rules do not apply to person-to-person transfers conducted without a provider, such as bitcoins trading platforms, or among providers acting on their own behalf,” the parliament added.
The EU has an existing legal framework to protect personal data — which could raise questions about whether a new law mandating transfers of personal data of those carrying out crypto transactions risks undermining other legal requirements on data processors operating in the region to adequately secure and protect people's information.
But, per the parliament, the co-legislators factored in data protection considerations by agreeing that “if there is no guarantee that privacy is upheld by the receiving end, [personal data such as data and address] should not be sent”.
How that will work in practice remains to be seen.
More EU rules for crypto are on the way — via MiCA — which is set to contain a package of measures against market abuse and manipulation, and is being billed by legislators as the world's first comprehensive regime for crypto assets.
As part of the package, The Guardian reports that EU lawmakers have also agreed on future environmental disclosures for CASPs — such as requiring they report the energy consumption and environmental impact of crypto assets.