EU expands rules on crypto-asset transfers
The European Union is taking significant steps to fight money laundering, terrorist financing and other financial crimes. One of the most recent measures is adopting rules on making crypto-asset transfers traceable through REGULATION (EU) 2023/…
According to the Regulation, “Flows of illicit money through transfers of funds and virtual assets can damage the integrity, stability and reputation of the financial sector, and threaten the internal market of the Union as well as international development. Money laundering, terrorist financing and organised crime remain significant problems which should be addressed at Union level.”
What is the regulation?
Under the regulation, EU-based crypto asset service providers (CASPS) and payment service providers must be able to provide verified information about the payer and payee when they transfer crypto-assets. Technically, the transfer of crypto-assets is any transaction that moves crypto-assets from one distributed ledger address or account to another, whether or not the CASP is acting on behalf of an originator or beneficiary and whether or not the originator or beneficiary is the same individual.
The regulation requires virtual asset service providers to obtain, store and share information with their counterparts on the other end of the transaction to ensure that this information is available on request to competent authorities. Such information can be used by law enforcement to trace and prosecute criminals that exploit the financial system and crypto space for crime.
What information is needed?
CASPS must obtain, verify and store the following information of payers and payees:
- Name
- Account Number
- Address, including the country
- Customer identification number or date and place of birth
- Legal Entity Identifier (LEI) if applicable
This information must be verified before transferring funds or crypto-assets. If the information provided by the payer and payee is inaccurate, the CASP must implement a risk-based procedure to assess if the transfer of the funds must be executed, rejected or suspended. CASPs should keep the data for up to five years.
What activities are covered?
- Transfers of funds in any currency sent or received by a payment service provider established in the Union.
- Transfers of funds in any currency sent or received by an intermediary payment service provider established in the Union.
- Transfers of crypto-assets, including those executed by means of crypto-ATMs, where the crypto-asset service provider or intermediary crypto-asset service provider of either the originator or the beneficiary has its registered office in the Union.
What activities are exempted?
- Transfers of funds that are below EUR 1,000
- Transfers of funds that are made to a public authority as tax payments, fines or other levies within the member state
- Transfers of funds between payer and payee that are both service providers and acting on their behalf
- Transfers of funds made by CASPS on their own behalf as either originator or beneficiary
- Transfers of funds that are made through cheque images exchanges
Additionally, if a payment service provider of the payee can track, through the payee, the information of parties involved in the transfer of crypto-assets or if the amount of funds to be transferred does not exceed EUR 1000, an EU member state can choose not to apply this regulation within its territory.
Are nations outside the EU affected?
The regulation is applicable to payment service providers or CASPs established in the EU, regardless of the location of the payer and payee.
If the payment service provider of the payee is established outside the Union and the funds to be transferred do not exceed EUR 1,000 and are linked to other transfers, only the following information of the payee and payer is needed: name and account number.
What are the penalties or sanctions for non-compliance?
Member states shall implement rules on administrative sanctions relating to the breaches of the provision, including but not limited to:
- Repeated or systematic failure by a payment service provider to accompany the transfer of funds with the required information on the payer or the payee
- Repeated or systematic failure by a payment service provider or CASP to retain records
- Failure by a payment service provider or CASP to implement risk-based procedures in breach of Article 8 (Transfers of funds with missing or incomplete information on the payer or the payee) or 12 (Transfers of funds with missing information on the payer or the payee)
- Serious failure by an intermediary payment service provider to comply with Article 11 (Detection of missing information on the payer or the payee) or 12.
Are there data protection measures in place?
There are data protection measures in place when processing personal data under the regulation. Payment service providers and CASPs shall process personal information solely for the purpose of prevention of AML/CTF within the Union. Upon expiry of the five-year retention period, providers must delete the personal data unless otherwise provided for by a member state’s national law.
Bolder solutions
The financial world is evolving, and along with it, the local and international regulatory landscapes. Non-compliance is a big risk for any business owner, fund manager or investor. So, to ensure your business’s sustainability, you must also ensure compliance to remain in good standing with the authorities and the public and continue with your commercial activities.
Bolder Group specialises in providing compliance solutions for companies and funds, including digital assets. To know more about how we can help you amidst this latest regulatory update in the EU relating to cryptocurrency activities, please see which compliance service suit your needs:
AML: Outsourced KYC Compliance – Bolder (boldergroup.com)
AMLCO – MLRO – DMLRO – Bolder (boldergroup.com)
Automatic Exchange of Information – Bolder (boldergroup.com)
Regulatory Services – Bolder (boldergroup.com)
Featured image by RDNE Stock project via Pexels