Wider scope of entities captured by AMLR
Perhaps the most significant aspect is the widening of the scope of entities that are captured within the AMLR. While the original Commission text sought to bring cryptoasset service providers (CASPs) within the scope of the AMLR, the ECON and LIBE Committees have broadened this further and included Non-Fungible Token (NFT) platforms, noting in a recital that NFT platforms are not covered in the current definition of a CASP and in order to close the gap and mitigate associated risks, they should be included within this framework as obliged entities. This will be of concern to NFT platforms who late last year were left in limbo as trilogues on MiCA battled over the inclusion of NFT platforms within the scope of MiCA, ultimately deciding to leave them out unless they fulfilled certain criteria. Left unchanged, NFT platforms will be considered obliged entities and will have to comply with the requirements under the AMLR, which could be quite burdensome and disproportionate.
In addition to NFT platforms, the Committees included in a recital that Decentralised Autonomous Organisations (DAOs) and other Decentralised Finance (DeFi) arrangements should also be subject to Union AML/CFT rules. The Committees noted that in circumstances where ‘they perform or provide for or on behalf of another person crypto-asset services which are controlled directly or indirectly, including through smart contracts or voting protocols by identifiable natural and legal persons’, the arrangement or the DAO would be considered a CASP and would fall within the remit of MiCA and the AMLR. While this is not in the legal part of the text and pre-supposes the level 2 work of MiCA as well as the report the Commission are due to write, it shows the Parliament’s intention and should act as an indicator of the substance over form approach discussed in MiCA.
Also of note is that the Committees added high-level professional football clubs (with an annual turnover of at least EUR 7 000 000), sports agents in the football sector, and football associations in Member States which are members of the Union of European Football Associations, to the list of obliged entities under the AMLR. According to the related recital, this follows a FATF report of July 2009 on money laundering through the football sector and a Commission report to the European Parliament and Council of July 2019 on AML/CFT risks relating to cross-border activities which highlighted the high risks posed by transactions relating to professional football.
Tighter due diligence obligations
On the matter of due diligence obligations, the Committees have again sought to tighten up requirements. The agreed text notes that when credit or financial institutions are involved in or carry out occasional transactions involving cryptoassets that amount to EUR 1,000 or more, they will need to apply customer due diligence measures. Furthermore, the Committees include requirements for CASPs to apply enhanced customer due diligence for transactions that involve self-hosted wallets and ‘have in place appropriate risk managements systems, including risk-based procedures, to identify and assess the risk of money laundering and financing terrorism’. While there is an emphasis on a risk-based approach, there are concerns from industry that this is an onerous measure that will, in effect, limit CASPs accepting self-hosted wallets.
In addition, Article 30a of the Committees’ text puts in place specific enhanced due diligence measures for correspondent relationships with non-EU entities providing cryptoasset services. Where cryptoasset services are executed with a respondent entity not established in the EU, CASPs, in addition to the customer due diligence already required, will need to follow a specific set of additional rules.
Reduced threshold for accepting or making payments in cash and new rules for crypto payments
The AMLR includes provisions on limits to large cash payments under Article 59. The Committees have reduced the threshold for accepting or making a payment in cash for a good or service to EUR 7,000, down from EUR 10,000. At the same time as doing this, the Committees introduce a new article, Article 59a, for the equivalent rules for crypto, ‘payments in crypto-assets without the involvement of a crypto-asset service provider’ i.e. transactions with a self-hosted address. The limit for this is EUR 1,000. This has raised some questions from a level playing field / technology neutral perspective as to under what grounds the thresholds are so different and why the Committees did not opt to align this with cash.
Prohibition on certain activity
Finally, the Committees’ text seeks to prohibit certain activity. Firstly, credit and financial institutions shall be prohibited from entering into or continuing correspondent relationships with unregistered and unlicensed entities providing cryptoasset services i.e., an entity that is not established in any jurisdiction or does not have a central contact point or substantive management presence in any jurisdiction. A non-exhaustive list of these entities will be kept at the new EU Anti-Money Laundering Authority (AMLA). Secondly, the Commission shall present a report within two years of the Regulation becoming applicable on the need and proportionality of extending the prohibition on anonymous accounts to the provision by cryptoasset service providers of privacy wallets, mixers and tumblers.
The next stage is for the text as voted through by the ECON and LIBE Committees to be voted on in Plenary at the European Parliament. After this has passed through, which we expect to be the case, the text will enter trilogues. Here the Commission, Council and Parliament text will be put side by side and negotiated until there is a single compromised text which will become the AMLR. No doubt, many of the issues highlighted above will be discussed during trilogues and the Hogan Lovells team will keep clients updated on any developments.
Authored by Lavan Thasarathakumar and Eimear O’Brien.