You can find this position in PDF format here
The European FinTech Association (EFA) welcomes the efforts of the European Commission, Council, and European Parliament on the proposed anti-money laundering package which will ensure a harmonized European framework to prevent money laundering and counter-terrorist financing (ML/TF) in the EU. Any regulation, however, should be future-proof, remain technology-neutral, and ensure a level playing field.
Currently, a file that is being discussed in trilogues and is part of the AML package is the Transfer of Funds Regulation which will be expanded to cover the crypto-asset sector. The EFA supports this approach as it is also suggested by global guidance from the Financial Action Task Force (FATF), and will safeguard the EU from possible ML/TF risks emerging from the fast-growing crypto-asset space.
With this policy statement, the EFA would like to raise certain suggestions in regard to the EU’s ongoing efforts to finalize the Transfer of Funds Regulation. As with any regulation, it is necessary to ensure that all market participants operate on a level playing field, and that future innovation derived from crypto-assets and blockchain technology is protected.
The issue the EFA would like to raise under the transfer of funds regulation is the treatment of unhosted wallets. As is currently being proposed in the European Parliament’s position, Crypto-asset Service Providers (CASPs) would need to both acquire and verify information for transfers occurring from unhosted wallets to hosted wallets.
While the EFA supports the inclusion of these types of transfers in the proposed regulation, we would like to point out the need that the regulation should be practical and take into account the operational realities that are present in the Crypto-asset space today. In this context, the EFA is aligned with FATF recommendations as they take into account the functional limitations on the type of information that can be collected and verified from unhosted wallets.
As unhosted wallets are not obliged entities this implies that there is an absence of a trusted counterparty. This means that the only immediate source of information on the originator of a crypto-asset transfer is from the European customer of a CASP. This adds a heavy burden on a European investor as they would need to provide that information before they can access their crypto-asset funds. In parallel, CASPs would find it very difficult to actually verify this information, particularly if it relates to all transfers, and not on a risk-based approach - which further adds a burden on European investors.
The EFA would therefore like to suggest that unhosted wallets should be treated in line with the guidance of the global standard-setting body FATF, taking into account the functional limitations and operational realities of these types of transfers, specifically that a CASP should be required to collect but NOT be required to verify information from the customer on the unhosted wallet because:
- No mechanism exists for verifying the information the customer is giving about unhosted wallets;
- Those ‘bad actors’ which this process is intended to identify will themselves by definition not be a reliable source of this information (and as in point 1 no mechanism exists to independently verify such information);
- CASPs should be encouraged to utilise blockchain analytics to assess the risk of transfers to any unhosted addresses. Such data is far more effective at targeting ‘bad actors’;
- Going beyond current FATF recommendations in this regard would not only be ineffective, but would also place the EU at a serious disadvantage to other jurisdictions who will be FATF travel rule compliant, but will not be placing such a burden on CASPS regarding withdrawals to unhosted wallets.
This would also reduce the risk of circumvention of EU infrastructure via non-EU providers, and thus bring the riskier unhosted wallets into the regulated space where a high-standard ML/TF risk management procedure can take place. Furthermore, it will also not unfairly treat legitimate European citizens who own unhosted wallets.
In parallel, it is necessary to avoid the possibility of de-risking, which refers to decisions taken by financial institutions not to provide services to customers in certain risk categories. As identified in the European Banking Authority’s findings, while de-risking can be a legitimate risk management tool, it can also lead to ineffective ML/TF risk management. Through a risk-based approach, where CASPs can act as trusted gatekeepers applying risk-based procedures, de-risking would be avoided leading to effective law enforcement, and achieving broader ML/TF objectives in the EU.
The EFA believes that by taking this approach would ensure an effective and robust regulatory framework to tackle ML/TF in the EU, while also fostering future innovative technologies, such as the case for crypto-assets.