By: Gauci-Maistre Xynou (Legal | Assurance)
Ever since the creation of Bitcoin, cryptocurrencies have been applauded and welcomed for constituting an innovative method of payment without any recourse to financial institutions and their entailing bureaucracy.
While honest individuals rejoiced at cryptocurrencies’ legitimate benefits; ranging from an increased degree of privacy and confidentiality to less transactional costs, cybercriminals saluted the decentralised networks and perceived anonymity behind cryptocurrencies for presenting them with the perfect crypto cleansing opportunity to launder money in an unprecedented and largely unregulated sector in the financial industry.
Regulating cryptocurrencies and bringing them within the scope of anti-money laundering/counter terrorism financing (AML/CFT) regulation is on the agenda of regulatory authorities as wrongdoers are increasingly resorting to utilising cryptocurrencies in their operations. In fact, according to a recent report, in the first three quarters of 2018, the amount of cryptocurrencies stolen when compared to the cryptocurrencies stolen in all of 2017 increased by more than double. Furthermore, it has been observed that in 2018, 97% of criminal bitcoin payment received by leading cryptocurrency exchanges flowed into countries with weak anti-money laundering regulation; hence the need for regulation becomes even more pertinent.
Regulating a payment method originally intended to bypass any Big Brother surveillance comes as no easy task, particularly in light of the following key challenges shrouding cryptocurrencies:
- Anonymity/Pseudonymity: the pseudonymous nature of cryptocurrencies place the regulation of cryptocurrencies in direct conflict with due diligence and any ow Your Customer (‘KYC’) obligations since tumblers/mixers serve to provide users with a good degree of anonymity.
- Cross-border nature: blockchain networks are not limited by jurisdictional borders, hence rendering any local regulation almost futile.
- Lack of a central intermediary: decentralized public blockchains lack having a third party responsible for the adherence of AML/CFT regulation.
European institutions and regulatory authorities across the board are considering possible means to effectively regulate cryptocurrencies. This may necessitate a number of courses of action, which particularly include: improving and strengthening regulation; implementing efficient transaction monitoring capable of identifying money-laundering patterns; and placing third-party ID providers under state supervision.
In its 2019 report, the European Banking Authority (EBA) advised the European Commission to take the latest recommendations issued by the Financial Action Task Force (FATF) into consideration[5]. Apart from defining virtual assets and virtual asset service providers, the latest 2018 updates to the FATF Recommendations, advise countries and financial institutions alike to identify and assess the money laundering or terrorist financing risks posed by new technologies, hence catering not only for virtual assets, but for any other technologies still in their infancy.
On a European level, a considerable milestone has been achieved by virtue of the fifth Anti-Money Laundering Directive (“5AMLD”) for adding providers engaged in exchange services between virtual currencies and fiat currencies, and custodian wallet providers to the list of obliged entities. While being a major step in addressing the need to regulate cryptocurrencies, considerable blind spots are ultimately still blatantly visible as a number of key players within the crypto market still go unregulated. Hardware and software wallet providers, coin offerors and users resorting to peer-to-peer transactions are just a few examples. The 5AMLD is to be transposed by 10 January 2020, with the first report of the Commission on the implementation of the said directive to be drawn up by 11 January 2022. Meanwhile, a rather free-for-all situation persists.
In addition to being at the forefront in recognising the need to regulate cryptocurrencies, Malta has actually gone beyond the requirements of the 5AMLD. Through the enactment of the Virtual Financial Assets Act (the “VFA Act”) back in November 2018, VFA issuers as well as all VFA service providers are deemed to be subject persons. Furthermore, the creation of the role of the Virtual Financial Asset Agent (the “VFA Agent”) is particularly significant from an anti-money laundering perspective. This is because it is intended to serve as the first buffer to ensure that only fit and proper VFA issuers and VFA service providers are able to respectively register a whitepaper and to be licensed.
The Prevention of Money-Laundering and Funding of Terrorism Regulations (the “Regulations”) have been amended to expressly bring all three VFA operators (VFA agents, VFA issuers and VFA service providers) within its scope. The Financial Institutions Analysis Unit (the “FIAU”) has issued a consultation document on the ‘Application of Anti-Money Laundering and Countering the Funding of Terrorism Obligations to the Virtual Financial Assets Sector’ which are intended to act as sector specific guidance to VFA operators in addition to the general Implementing Procedures – Part 1.
In what has been perceived as being rather encompassing, in addition to catering for ML/FT risks, the VFA framework (comprised essentially of the VFA Act, the Malta Digital Innovation Authority Act, and the Innovative Technology Arrangements and Services Act), the Maltese regulator also provides for cyber risk as well as investor protection and transparency risk.
In conclusion, national legislation accompanied by comprehensive European AML/CFT framework regulating all crypto key players, while desired, is far from being the be-all and end-all since the borderless nature of cryptocurrencies, makes any national and European regulation rather ineffective and insufficient. It is high time that international cooperation is resorted to.
