Deciphering Crypto—Part 3-Taking Aim at Cryptoassets—the Fifth Money Laundering Directive of the EU and the UK AML Regulations 2019

Deciphering Crypto—Part 3-Taking Aim at Cryptoassets—the Fifth Money Laundering Directive of the EU and the UK AML Regulations 2019

In the third part in a legal series on cryptocurrencies, Will Glover and Angharad Hughes, barristers at 3 Temple Gardens, continue their series of articles in the developing area of cryptocurrency regulation. They highlight the key issues around privacy and the regulation of cryptoassets for money laundering purposes and provide some commentary for healthy debate on the issues arising from the Fifth Money Laundering Directive (MLD5) and UK anti-money laundering (AML) regulations.

Should not law-abiding private citizens be entitled to privacy in relation to asset ownership? Does the extension of that privacy to include anonymity increase the risk of illicit exploitation by organised crime and terrorist organisations? The issue of asset privacy is contentious. The EU’s Fifth Money Laundering Directive (Directive (EU) 2018/843, also known as 5MLD) comes down firmly on one side in seeking to strip away the anonymity contained within ownership structures: including certain trusts and corporate entities. Unsurprisingly, the Directive also takes aim at the anonymity of cryptoassets, although the EU prefers the term, ‘virtual currencies’. It seeks to do so via the novel imposition of regulations for crypto exchanges and custodian wallet providers who provide services in respect of cryptoassets.

Exchange providers—SI 2017/692, reg 14(A)(1) vs article 1(1)(c) of MLD5

The definition of exchange providers in the Money Laundering, Terrorist Financing and Transfer of Funds (information on the Payer) Regulations 2017, SI 2017/692 (Regulations) captures businesses who exchange cryptoassets for money or other cryptoassets including by automation (think ATMs) and whether as creator or issuer. The UK government made it clear in the explanatory memorandum to the Regulations that this is intended to capture initial coin offerings. Whereas the MLD5 only defines exchange providers more generally as those engaged in exchange services between virtual and fiat currencies.

Wallet providers—SI 2017/692, reg 14(A)(2) vs article 1(2)(d) of MLD5

In the UK Regulations, wallet providers are businesses who provide services to safeguard, or safeguard and administer (1) cryptoassets on behalf of their customers (services related to the asset), or (2) private cryptographic keys on behalf of customers to hold store and transfer cryptoassets (services relating to the keys). MLD5 does not contain the additional term ‘administer’, it focuses on safeguarding, neither does it deal with services related to cryptoassets themselves, only services related to the cryptographic key. It remains to be seen whether in practice this additional application will capture any different entities in the UK. The explanatory memorandum to the Regulations is silent on the reason for this subtle twofold application.

Cryptoassets—SI 2017/692, reg 14(A)(3) vs article 1(2)(d) of MLD5

In the UK a cryptoasset is:

 ‘a cryptographically secured digital representation of value or contractual rights that uses a form of distributed ledger technology and can be transferred, stored or traded electronically’

 MLD5 sought to capture:

‘a digital representation of value that is not issued or guaranteed by a central bank or a public authority, is not necessarily attached to a legally established currency and does not possess a legal status of currency or money, but is accepted by natural or legal persons as a means of exchange and which can be transferred, stored and traded electronically’

The MLD5 definition, while more verbose, is in fact narrower; focusing on both the form and nature of the asset. Whereas the Regulations focus only on form, which should lead to wider application. As shown through the use of emphasis above, the UK regulations have adopted (1) digital representation of value and (2) the fact that they can be transferred, stored and traded electronically—without including the additional qualifiers suggested by MLD5.

The wider UK definition of cryptoassets, exchange providers and wallet providers, when taken together with the use of the word ‘cryptoasset’ rather than ‘virtual currency’ is indicative of an intention to capture more kinds of crypto products or tokens than MLD5. Indeed, paragraph 7.9 of the explanatory memorandum to the Regulations explains that it is the intention of the UK authorities to broaden the scope of application beyond MLD5’s ‘virtual currencies’ while still constraining the application of the regulations to those assets using distributed ledger technology (or read decentralised peer-to-peer transaction verification).

The impact on crypto-businesses

Those captured by the definitions above are now regarded as ‘relevant persons’ which means that for the first time, like other financial institutions, crypto businesses must comply with the AML Regulations. The requirements imposed by the Regulations are onerous but exist to try to prevent the exploitation of cryptoasset and other businesses by money launderers and terrorist financiers. There are multiple requirements, too extensive for a full exposition in this piece. Crypto businesses should obtain legal advice in respect of their obligations in order to properly understand the full suite of measures required for compliance. The headline points however are highlighted below:

  •  registration: All new cryptoasset businesses must register immediately with the Financial Conduct Authority (FCA) before trading whereas those already in existence must register by 10 January 2021
  • fit and proper person: Registrants should have adequate skills and experience, a good history of compliance and not have certain criminal convictions
  • customer due diligence: Crypto businesses are required to perform customer due diligence on new and existing customers to identify the owners of assets. In certain circumstances enhanced due diligence is required
  • disclosure: Crypto businesses must tell customers where they are not protected by the Financial Services Compensation Scheme or the Financial Ombudsman’s Service
  • suspicious activity reports: Crypto businesses must now comply with the SARs regime of reporting suspicions of money laundering to the National Crime Agency
  • reporting requirements: Crypto businesses can be asked to compile a report to set out their compliance with the Regulations. The FCA can make directions to mandate or prohibit activity to ensure compliance with the Regulations
  • enforcement: Businesses who do not comply with the Regulations may be subjected to investigations, suspension from trading and criminal prosecutions

The advent of regulation will inevitably impact the way in which crypto businesses operate in the UK. It will probably lead to a decrease in the number of new entrants to this sector which in turn may stifle and suffocate innovation. Conversely, this may represent a renaissance for the crypto sector. Many crypto businesses already require customers to verify their identities. For those more developed businesses, this development will help to enhance the ‘legitimacy’ of the sector in the eyes of consumers, thereby improving competition against more traditional financial institutions.

Will Glover is a barrister at 3 Temple Gardens. He has been instructed on matters relating to serious fraud, corruption and corporate offending. His recent instructions include defence work at the pre-charge stage of a Serious Fraud Office investigation, as well as trials involving the alleged mis-selling of alternative investment products and a high value counterfeit currency conspiracy.

Angharad Hughes is a barrister at 3 Temple Gardens. She came to the Bar with experience in financial and complex crime, civil recovery and fraud obtained at a top-tier firm. She was recently instructed to assist a team bringing a private prosecution on behalf of a corporate entity. She is also the founder of Griffin-LAW a pro-bono project advancing social mobility at the Bar.

This article was first published in LexisPSL Corporate Crime in 3 June 2020.

Related Articles:
Latest Articles:
About the author: