Legal Update: Changes to the AML Landscape for Crypto Assets

Concern around the use of cryptoassets in connection with financial crime has intensified in recent years.

A January report by Chainalysis found that $8.6 billion was laundered through cryptocurrency in 2021, a 30% increase over the previous year. Further, Europol findings confirm that the use of cryptocurrency in connection with criminal activity continues to rise. The recent Justice Department arrest of two individuals accused of laundering $4.5 billion in stolen funds from the popular crypto exchange Bitfinex is testament to the potential scale of these concerns.

Regulators have thus intensified their focus on crypto as a potential haven for criminal activity. However, there is not yet a clear consensus globally as to the regulatory perimeter for anti-money laundering (“AML”) requirements in the crypto space, and the scope of AML obligations has varied. The following considers a number of recent developments in the United Kingdom, European Union and United States, in connection with the application of AML regulation to cryptocurrency businesses.

In the UK

By 31 March 31, 22022, many crypto businesses operating in the United Kingdom were required to either obtain registration with the Financial Conduct Authority (“FCA”), the country’s financial regulator, or cease operations in the UK entirely in accordance with requirements under the Money Laundering Regulations 2017. While major UK-based crypto businesses such as Gemini have successfully obtained FCA approval, only 33 firms received FCA approval prior to the deadline, with more than 80 percent of applications being rejected or withdrawn for non-compliance with AML rules. As a result, the FCA on March 30th relaxed the registration requirement for a dozen major crypto firms, which will be authorized to continue operations under a temporary licensure regime for the immediate future.

The registration requirement is coupled with a requirement to produce an “annual financial crime report” identifying various AML risk factors within the reporting business.

The scope of these AML requirements includes all businesses carrying on “cryptoasset activity” in the UK, a definition that includes companies providing exchange platforms or custodian services (such as wallet providers).

This regulatory perimeter sweeps more broadly than the FCA’s asserted competence over crypto assets in its role as a securities regulator, where it has restricted its regulatory reach to certain “security tokens,” excluding popular exchange tokens such as Ethereum. As a result, while many popular crypto products are not subject to regulatory scrutiny as securities, UK-based exchanges are generally subject to AML compliance requirements.

In the European Union

Since 2021, plans have been in the works amongst EU lawmakers to establish a supranational EU anti-money laundering authority and implement a new package of AML regulations.

Presently, each EU Member State has responsibility for implementing AML rules in accordance with the EU’s Anti-Money Laundering Directive 5, which as of 2020 extends the application of EU AML rules to various crypto business, including those “engaged in exchange services between virtual currencies and fiat currencies” and “custodian wallet providers.” Several Member States, including Germany, have gone further, implementing crypto regulation beyond the requirements of existing EU directives.

The suite of proposed new EU regulations includes the Markets in Crypto-Assets Regulation, or MiCA, which clarifies and confirms (though does not substantively modify) the application of key EU AML regulations to crypto assets and seeks to eliminate the “fragmentation” posed by implementation of crypto regulation at a national level by Member States. As of March 25, 2022, MiCA was ready to enter the “Trilogue” stage of negotiation and consideration by the three principal EU lawmaking bodies.

The EU’s proposed new watchdog, which is slated to begin operations in 2024, would oversee the AML activity of EU financial institutions. In February of this year, a bloc of EU lawmakers, including representatives from Germany, have called for this planned watchdog to have explicit oversight over cryptocurrency firms. However, it is not yet clear the extent to which this proposal will be implemented.

In the United States

On March 9, 2022, President Biden signed an Executive Order calling for the US Government to take measures to “mitigate the illicit finance and national security risks posed by the illicit use of digital assets.” Notably, the Executive Order calls for government agencies to “ensure international frameworks […] are aligned and responsive to risks.”

As in the UK, AML requirements in the US extend more broadly than the SEC’s scrutiny of crypto assets as securities. At the moment, many crypto businesses are subject to FinCEN’s AML requirements as “money service businesses” under the Bank Secrecy Act. This includes crypto businesses that transmit any sort of “value that substitutes for currency”. FinCEN has also proposed expanding its reporting requirements for cryptocurrency exchanges, though little has been said in recent months about this rule (which attracted considerable criticism from the crypto industry due to the costs and infeasibility of the proposed record-keeping obligations).

Sam Cadd is an LL.M. candidate in corporation law and serves as a graduate editor of the NYU Journal of Law & Business. She was previously a corporate associate at Slaughter and May in London.