How the new EU law on money laundering and terrorist financing may impact on DeFi and NFTs
Background
The European Commission made a significant move to strengthen the Union’s AML/CTF rules on 20 July 2021. The 6th Directive on money laundering and terrorist financing (AMLD6) was proposed to replace the existing Directive 2015/849/EU with the purpose of improving the detection of suspicious transactions and closing regulation loopholes exploited by criminals to launder ill-gained funds. Revision of the Regulation on Transfer of Funds is another important intervention at a legislative level that will make it possible to trace transfers of crypto-assets. Until very recently a core element of the package was the creation of a new centralized EU AML authority that is expected to transform AML/CTF supervision bringing with it all the administrative hurdles that the new FIU cooperation model implies.
News for DeFi and NFTs
In the context of the recent actions of the EU policy lawmakers towards DeFi and NFTs within the MiCA framework, the web3 ecosystem is now facing another piece of prospective regulatory burden. In fact, “compromise amendments” to AMLD6 intend to include decentralized finance within the law’s scope.
Until familiarize ourselves with the draft proposal we are not in a position to criticize particular provisions, however, this article comes more like a reminder that uncertainty and doubts inflicted by the policymakers are not productive above all for the crypto sector growth.
Outlook
In the first instance, owners and operators of NFT marketplaces are expected to be added to the “obliged entities” list. Considering the characteristics of non-fungible tokens, their particular application, collector’s purchase incentive and the way that tokens are traded, NFT entities shall be treated more like a hybrid between art dealers and VASPs, compelled by the 5th AMLD to carry on customer due diligence and apply a risk-based approach to underlying transactions. A reasonable question is whether the existing threshold of EUR 10,000 for art handlers to undertake KYC checks shall apply to NFT dealers.
There would be more obstacles with the collection of the ultimate beneficial ownership information of business clients — another mandatory stage in customer identification program that will be imposed on the NFT actors. Obtaining UBO details is something that customers from the legacy financial world are already used to. On the contrary, web3 businesses would probably face a loss of the clients pressured to disclose information on their ID or corporate structures without having a good reason to do so. A user who connects a web3 wallet and instantly interacts with a NFT/DeFi interface would expect a smooth processing of the order, not a tiresome KYC verification, just to purchase another piece of digital collectable. Therefore, the definition of the proper level under which customers could be served free of mandatory identification is essential.
It should be noted here that relaxed onboarding does not aim at, nor leads to neglect of AML/CTF regulations. Prevention of ML/TF danger is feasible with the help of tech solutions designed for the virtual asset ecosystem:
- blockchain analytics — a software that aggregates and analyzes the vast amount of transaction information produced by transparent blockchains to identify wallets participating in or linked to risky and/or illicit activities.
- geofencing — the use of GPS or RFID technology to create a virtual geographic boundary around a sanctioned location enabling software to block users from those locations from accessing the website/service.
When tuned in accordance with the obliged person’s business model considering the results of the conducted initial risk assessment, software systems effectively resolve the matter of web3 AML compliance. On a geographical basis, persons or transactions with known connections to countries that do not have adequate measures in place to prevent money laundering and terrorist financing (per FATF or EU definition) or countries with reliable data on terrorist support or high levels of corruption shall be systematically blocked. On the other hand, customer risk is mitigated successfully by banning users included in the OFAC SDN list, or UN/EU list of persons subject to international financial sanctions, or previously suspected of being involved in money laundering or terrorist financing.
Wider recognition of AML software as a reliable compliance solution for the new wave of obliged entities becomes necessary for EU policymakers. Otherwise, they face the reputational liability of throwing many decentralized startups or developing companies into the abyss of over-compliance or non-compliance. First choice comes with significant costs and loss of clients, and most importantly it is not reasonable. Second one, clearly unnecessary, would hit hard businesses and make them flee from Europe.
In order to prepare better for upcoming AMLD changes, web3 companies may follow the steps enlisted below:
- Conduct internal AML/CTF risk assessment;
- Implement sanctions compliance programs consistent with EU & OFAC regulations and guidance, as well as industry best practices such as geofencing and blockchain analytics;
- Monitor negative news for DeFi hacks, exploits, NFT scams and other risks to financial markets;
- Build customer due diligence programs in accordance with organization needs and capabilities;
Stay tuned — we will monitor the draft process and publish further a series of educational articles on this topic.
Svetlin Konsulov is a member of Blockchain Lawyers Group. He is a Bulgarian attorney, expert in AML/KYC compliance, privacy and VASP licensing regulations.
If you would like to know more about the Blockchain Lawyers Group visit our Website, join our Discord and follow us on Twitter. Please note that Blockchain Lawyers Group’s members are not affiliated in the joint practice of law; each member is independent and renders professional services on an individual and separate basis.
