European crypto regulation is enriched with new rules regarding the fight against money laundering.
Yesterday, the European Parliament definitively approved the new AML package, which will also be formally adopted by the Council of the European Union, and which will enter into force in the summer of 2027.
The problem of non-custodial wallets
The new rules are the ones that triggered strong protests last month due to an alleged ban on non-custodial wallets.
Instead, there is no evidence that such regulations prohibit non-custodial wallets, although they do make it more difficult to use them when it comes to transactions, for example, to and from exchanges.
These are new regulations that actually apply to all “obligated entities” (OE), even those that are not crypto. Among these, however, there are also the so-called CASPs, that is, providers of services related to cryptocurrencies, although there are also non-financial institutions, such as football teams or gambling services.
The important thing is that the new rules only apply to VASPs, i.e. service providers, while they do not concern hardware and software providers, including non-custodial wallet providers who do not have access or control over users’ assets.
In other words, unlike what was said a month ago, these rules do not apply at all to non-custodial wallets. However, they do apply, for example, to all transactions between non-custodial wallets and obligated entities such as centralized exchanges.
The new crypto regulation against money laundering
In reality, the new EU anti-money laundering rules simply formalize procedures that should already be implemented from now on.
In particular, the new European crypto regulation, the MiCA, will come into full force in the second half of 2024, so these rules will actually have to be complied with even before their formal and definitive entry into force in 2027.
The new regulations are called AMLR (Anti-Money Laundering Regulation), and will apply to all CASPs regulated by MiCA, so all crypto exchanges that want to provide their services legally to residents in the European Union.
In fact, they will simply be required to follow all normal KYC/AML standard procedures, such as customer due diligence (CDD), as already required by the current AMLD5.
The most controversial point is perhaps article 58 of the AMLR, which formalizes and specifies the absolute prohibition by CASPs of providing anonymous accounts. In reality, this is not a novelty, but the formalization and clarification that all CASPs operating in the EU will necessarily have to impose KYC (identity verification) on all customers.
In addition, there is a ban on exchanges providing services related to anonymous privacy coins (such as Monero), although this ban was already included in MiCA.
Transactions to and from non-custodial wallets
The most critical point of the new EU AMLR in the crypto sector is related to transactions to and from non-custodial wallets.
First of all, it must be specified that the new rules will only apply to transactions between an obligated entity, such as CASPs (for example exchanges), and non-custodial wallets, and not to P2P transactions between two non-custodial wallets.
These rules only apply to registered and regulated entities that provide crypto services, and not to software producers or the software itself. This effectively excludes non-custodial wallets and their users from having to follow these rules.
However, when a user using a non-custodial wallet decides to make a transaction to or from a CASP, they will be required to comply with the AMLR, even if they do it to or from a non-custodial wallet.
Article 31b of the AMLR imposes on VASPs measures of “risk mitigation”, including for example on-chain analysis and the collection of additional data on the origin/destination of funds. This will in fact require exchanges to also collect information on transfers to or from non-custodial wallets, such as the name of the sender or recipient.
What had scared many was the fact that in the first version of the AMLR, the obligation of KYC was included even for senders and recipients of transactions to and from CASPs, while in the final version of the text approved yesterday, this rule has been replaced by a less stringent one, linked to actual risk and not generic.
In the final version of the text, the highly contested rule that would have prohibited CASPs and any seller from accepting transactions from non-custodial wallets of amounts exceeding €1,000 has also been removed.
In fact, the new regulations do not explicitly impose usage limits for non-custodial wallets, even when it comes to transactions to and from obligated entities, as long as the lawful origin of the funds can be demonstrated.