One of the biggest threats associated with virtual currencies (or cryptocurrencies) is their potential use for money laundering and terrorist financing purposes. With the adoption of the 5th Anti-Money Laundering Directive ( “AMLD5”) on 30 May 2018, the European Union attempts, amongst other things, to address this issue.
Senders and recipients of virtual currencies can usually carry out these transactions anonymously.
Distributed ledgers (e.g. blockchains) on which these operations are carried out offer an anonymous yet (in principle) safe technical channel. There is no need to associate a specific identity to a virtual wallet or a transaction. Technically, no prior identification is required.
Besides, virtual currency transactions are not confined to specific jurisdictions. They are accepted roughly everywhere and do not require any centralised intermediary. Having Internet access is sufficient to send virtual currencies to the other side of the world.
These features of virtual currency transactions render the control on, and the interception of, these operations particularly tricky.
This is why, since a few years already, public authorities, notably at the European level, have been feeling the need for a new regulatory approach.
In its opinion (2014/08) of 4 July 2014 on virtual currencies, the European Banking Authority (“EBA”), advocated for a whole set of measures to address the risks of virtual currencies.
These measures included for instance:
- the compulsory creation/licencing of a “scheme governance authority” for each virtual currency which would be in charge of its integrity;
- the extension of the market abuse and AML rules to virtual currency transactions;
- the enactment of specific rules of conduct for market participants.
Taking into account the complexity and the highly resource-intensive nature of the proposed comprehensive regulatory approach, and the urgent need for a quick regulatory response to virtual currencies, the EBA recommended, in the short run, to extend the personal scope of the AML Directives to the virtual currencies exchange providers (the “VCEPs”), i.e. providers engaged in exchange services between virtual currencies and fiat currencies).
AMLD4 and virtual currencies
Triggered by the November 2015 Paris attacks, the European Commission proposed to amend the 4th Anti-Money Laundering Directive (the “AMLD4”) even before its transposition date (in principle on 26 June 2017). Its proposal consisted of bringing the following two entities under the scope of AML rules by the beginning of 2017:
- the VCEPs; and
- the custodian wallet providers (the “CWPs”), i.e. entities that provide services to safeguard private cryptographic keys on behalf of their customers, to hold, store and transfer virtual currencies.
Finally, the AMLD4 was not modified prior to its transposition, notably because the EBA itself advocated for an extension of the initial deadline (to allow both public authorities and businesses to adapt) in a second opinion on virtual currencies (2016/07) of 11 August 2016.
Nevertheless, these discussions paved the way for the changes brought by the AMLD5.
Regulatory approach of the AMLD5
One of the main innovations of the AMLD5 is to give a legal definition to virtual currencies.
Art. 1, (2), d) of the AMLD5 defines a virtual currency as “a digital representation of value that is not issued or guaranteed by a central bank or a public authority, is not necessarily attached to a legally established currency, and does not possess a legal status of currency or money, but is accepted by natural or legal persons, as a means of exchange, and which can be transferred, stored and traded electronically”.
Following the abovementioned propositions, the approach of the European legislator to regulate the use of virtual currencies consisted of including VCEPs and CWPs in the list of obliged entities regulated by AML rules.
Consequently, these new obliged entities will become subject to regulatory requirements similar to those of banks, payment institutions and other financial institutions.
For instance, they will be required to implement necessary customer due diligence controls, to monitor transactions and to report any suspicious activity to the relevant national authorities (i.e. the Financial Intelligence Processing Unit in Belgium).
The new obliged entities will also be subject to a registration obligation.
Through these obliged entities, the European legislator hopes that competent authorities will be able to monitor the use of virtual currencies.
However, the EU legislator admitted that this new approach would not entirely fix the problem of anonymity attached to cryptocurrency transactions since users can still execute these transactions without VCEPs and CWPs, thereby bypassing the new regulatory framework (recital 9 of AMLD5).
Only the beginning of the virtual currency regulation?
The AMLD5 must be implemented into national law before 10 January 2020.
However, the EU legislator is already aware of the fact that this new regulatory framework will not be sufficient to tackle AML issues in relation to virtual currencies. By 11 January 2022, the EU Commission has been mandated to examine and, as the case may be, draft legislative proposals regarding self-declaration by virtual currency owners and regarding the maintaining by the Member States of central databases registering users’ identities and wallet addresses.
It is likely that, sooner than later, other European legislative initiatives will come to cover other aspects of virtual currencies, e.g. the licencing of “scheme governing authorities”, or the use of virtual currencies as payment or investment means.
Besides, it is worth noting that the Member States do not necessarily wait for European initiatives and that some (fragmented) measures have already been adopted at national levels.
For instance, the FSMA issued a ban on the sale of derivatives products whose values derive from virtual currency to retail clients.
Existing regulations could also apply to virtual currencies. Though many legal uncertainties remain, the FSMA considers that some initial coins offerings can be subject to the rules of the law of 16 June 2006 on public offers (see its Communication 2017/20 of 13 November 2017).
It is also not excluded that some virtual currencies should be considered as “electronic money” in the meaning of Directive 2009/110/EC.
* * *
 Member States had committed to transposing the AMLD4 before the transposition deadline. Belgium finally transposed the AMLD4 in the law of 18 September 2017.
A RISK-BASED APPROACH, YOU SAID?
The new Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) N° 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC (the “AMLD4”) has been implemented into Belgian legislation by a law of 20 July 2017 on the prevention of money laundering, terrorist financing, and on the limitation of the use of cash (“wet tot voorkoming van het witwassen van geld en de financiering van terrorisme en tot beperking van het gebruik van contanten”/“loi relative à la prévention du blanchiment de capitaux et du financement du terrorisme et à la limitation de l’utilisation des espèces”) (the “New AML Law”).
The Belgian legislator chose to draft a brand new law, repealing the previous AML law of 11 January 1993 (the “Old AML Law) instead of simply amending it. This decision should have a positive impact on the structural coherence and the lucidity of the new law.
It is most certainly welcome, given that the New AML Law is far longer than the Old AML Law (192 v. 45 articles)!
The new risk-based approach
Among the many changes brought by the new legislation, the adoption of a risk-based approach consecutive to the 2012 FATF recommendations has garnered significant attention.
The risk-based approach assumes that the risks of money laundering (“ML”) and terrorism financing (“TF”) may take various forms. Hence, the responses to these threats cannot be uniform and must be differentiated on a case-by-case basis.
According to the Council of Europe, “countries, state authorities, as well as the private sector should have an understanding of the ML/TF risks to which they are exposed and apply AML/CFT measures in a manner and to an extent which would ensure mitigation of these risks”.
Accordingly, businesses/individuals subject to the New AML Law will have to proceed to a global assessment of the AML/TF risks they are facing and formulate efficient and adequate measures.
Even though the New AML Law has not entered into force yet, the Belgian National Bank has already anticipated these changes, e.g. regarding entities which apply for a license as payment institutions.
Other major changes
As for the risk-based approach, the New AML Law also implements many other changes brought by the AMLD4.
It is worth noting the following modifications:
- The definition of politically exposed people (often referred to as “PEPs”) will be broadened. It will now encompass not only national persons who are or who have been entrusted with prominent public functions residing abroad but also those residing in the country;
- Member States will have to set up a central register which identifies the ultimate beneficial owner of companies and other legal entities (this register is often referred to as the “UBO register”);
- The providers of gambling services will become subject to AML requirements;
- Payments/donations in cash will be capped to 3,000 EUR. In this regard, AMLD4 authorised Member States to choose any threshold inferior to 10,000 EUR.
- The EU Commission has the task to identify a list of so-called “high-risk third countries”. It has done so in the Delegated Regulation (EU) 2016/1675. Member states must provide for enhanced customer due diligence measures for the obliged entities to apply when dealing with natural persons or legal entities established in high-risk third countries
The violation of obligations deriving from the AML legislation will also be more severely sanctioned than in the past.
When it comes to financial institutions, the maximum fine equals the higher amount between 5,000,000 EUR and 10% of the total annual turnover according to the latest available accounts approved by the board of directors.
Under the Old AML Law, the highest pecuniary sanction was 2,000,000 EUR.
These higher sanctions and the link with the total annual turnover is a general observable trend in European law (see also: the relevant provisions of the General Data Protection Regulation).
Entry into force and AMLD5
The New AML Law shall enter into force on the 10th day after its publication in the Belgian Gazette (which has not yet occurred at the time of drafting this article).
With the transposition of MiFID II and PSD II into national law in early 2018 and the application of the General Data Protection Regulation as from 25 May 2018, businesses active in the financial sector will face many regulatory challenges in the coming years.
These challenges are likely to increase as the European Union is already developing a 5th AMLD, revising AMLD4.
* * *
Do you want to find out more about the implications of the new AML legislation for your activity in a Belgian or more general context? Do not hesitate to contact our experts: email@example.com
 The FATF (Financial Action Task Force) is an inter-governmental body which sets standards and promotes effective implementation of legal, regulatory and operational measures for combating money laundering and terrorist financing.
ENTRY INTO FORCE, ON 3 JULY 2016, OF THE NEW ADMINISTRATIVE REGIME ON MARKET ABUSE MAR REGULATION
In June 2014, Regulation 596/2014 on market abuse (the so-called MAR Regulation, hereinafter the “Regulation”) and Directive 2014/57/EU on criminal sanctions for market abuse (hereinafter the “Directive”) were published in the Official Journal of the European Union.
The Regulation repeals the former European framework, in particular Directive 2003/6 on insider dealing and market manipulation (market abuse). The new Directive completes, for its part, the Regulation by requiring the Member States to provide for harmonized criminal sanctions regarding market abuses.
Read more here.