European Money Laundering Regulation: Who’s Affected and What You Can Do

Since we originally published April of 2019, we have worked with exchanges to implement BlockchainIntel's risk scoring API for cryptocurrencies. As the deadline for all EU member states to implement its provisions into their national law was January 10, 2020, this article describes (1) how the Fifth Money Laundering Directive (5AMLD) specifically applies to cryptocurrencies and cryptocurrency exchanges (2) ways to address reporting requirements, including new requirements for reporting on anonymized transactions.

“We see that crypto-assets are here to stay. Despite the recent turbulence, this market continues to grow.”

- Valdis Dombrovskis, Vice President of the European Commission, September 2018

As evidence of the E.U.’s confidence in crypto-assets or digital assets, the E.U. has continued to improve classification of crypto assets and determine if existing financial regulation can be applied or if new rules need to be developed.

On the other hand, according to Interpol, criminals used cryptocurrency to launder as much as $5.5B in 2017 in Europe.

“Money launderers have evolved to use cryptocurrencies in their operations and are increasingly facilitated by new developments…”

- Europol 2018

The E.U.’s recognition that crypto-assets are here to stay as well as concerns over illicit transactions involving crypto-assets have paved the way to EU’s 5th Anti-Money Laundering Directive (5AMLD). Under this directive, fiat-to-cryptocurrency exchanges and custodian wallet providers, will, for the first time, need to comply with EU anti-money laundering rules. The U.S. and other parts of the world are likely to follow as governments continue to recognize that digital assets are here to stay. These are ways crypto exchanges and wallet providers will be affected by 5AMLD:

• They need to carry out identity checks on their customers, as well as their customers’ beneficial owners (where applicable).
• They need to report suspicious transactions, perform customer due diligence (CDD) and submit suspicious activity reports (SAR).
• They need to register with the authorities in their respective countries, e.g. Financial Conduct Authority for the UK.
• 5AMLD goes further than 4AMLD in imposing reporting obligations by giving Financial Intelligence Units (FIU) the authority to obtain the addresses and identities of owners of virtual currency, including addresses used in anonymized transactions.

The goal of the directive is to help reduce the anonymity associated with cryptocurrency transactions. The reality is that cryptocurrency exchanges and wallet providers have a number of ways to track transactions and comply with new regulation, including addressing special cases such anonymized transactions.

While tracking cash through a currency exchange is virtually impossible, tracking digital assets through a currency exchange can be done with the right product.

Here are examples of how Blockchainintel (1) tracked currency that was exchanged for another currency and (2) flagged cryptocurrency transactions that were anonymized.

In this example, BlockchainIntel tracked stolen Dash that was then exchanged into Bitcoin. BlockchainIntel was then able to trace the exchanged Bitcoin to a series of Bitcoin transactions that appeared to take place in locations around the world. Some of these locations were highly unusual given the origin of the funds (e.g. Republic of Moldova and Russia).

Using a risk score, companies can immediately flag addresses with transaction histories associated with fraud and stop transactions with criminal entities. The reasons for a high risk score (e.g. known scam and transaction locations) provide further detail which organizations can use to take immediate action, evaluate and/or report.

One of the new requirements of 5AMLD is to report on transactions that have been anonymized. Some coins have privacy features that are thought to make it harder to identify transactions and therefore comply with laws resulting from 5AMLD. Dash is an example of a cryptocurrency that offers a PrivateSend feature to obscure the origin of funds. This feature is actually used in a small percentage of Dash transactions. In addition, PrivateSend transactions can be identified using the same product described above. In the example below, you can automatically detect when a Dash address has PrivateSend transactions associated with it. If regulators want to know you can stop transactions with these addresses, then you can show how transactions can be stopped when an address’s risk score is 8 with an indicator code of C2 — PrivateSend transaction.

Putting in place transaction monitoring solutions can help automate the effort of stopping unwanted transactions, identifying and reporting on suspicious activity, and performing customer due diligence. Using a solution that can trace funds through currency exchanges and privacy features can provide organizations with an edge in compliance as more nations publicly acknowledge digital assets are here to stay.

For more information on the product described in the examples above, see BlockchainIntel or email contact@blockchainintel.com