The EU is in the process of implementing the FATF travel rule. After the Commission presented an oppressive but tolerable draft, the European Parliament tightened up sharply: It overturned minimum amounts and demanded discrimination against wallets. With this, Parliament is attacking what stands for crypto more than anything else – the option to keep your keys and therefore your money yourself.
The EU is about to pass another regulation to regulate cryptocurrencies. This is to implement the Travel Rule of the Financial Action Task Force (FATF) to prevent money laundering and terrorist financing.
The EU Commission drafted the regulation last summer . The planned regulations burden the industry with oppressive requirements and invade the privacy of citizens significantly. However, they remain within the scope of what was to be expected and probably also unavoidable.
“This is not an invitation to debate.”
While the FATF publishes its guidelines as a “proposal”, they do not tolerate discussion or contradiction . Anyone who defies the orders of the supranational body against money laundering risks ending up on the FATF’s gray or black lists alongside the well-known rogue states.
The Travel Rule is the core of the crypto regulation proposed by the FATF and by far the biggest regulatory challenge for the industry so far. So far, Germany , Estonia , South Korea , Japan , Switzerland and other countries have implemented the order – sometimes with significant differences in interpretation. Now the EU wants to make the regulation binding throughout the Union.
The Commission is trying to put together a regulatory package that satisfies the FATF and creates a reasonably uniform legal framework, but at the same time gives the industry room to breathe and member states some room for interpretation. The regulation is a huge challenge for the industry but, hopefully, manageable.
Parliament tightens up
However, the European Parliament now steps in between. It requires numerous draft tightenings, including huge discrimination against real wallets.
Keeping the keys to crypto assets oneself is the very core of crypto and the crowning glory of monetary consumer protection – and Parliament is trying to make citizens hooked on this by hook or by crook.
Parliament’s ECON committee will vote on the draft on Thursday. One can hope that the pragmatic forces will prevail over the fanatical forces.
Here we take a closer look at what the Commission is proposing and how Parliament wants to tighten it up.
Obligations for Service Providers
The obligations mentioned in the draft are the usual ones that we encounter in every implementation of the travel rule. They are aimed at service providers who are already subject to supervision, but systematize and expand their anti-money laundering obligations.
The aim of the travel rule is to generate a connection between addresses and identities that is as seamless as possible. Prosecutors and tax investigators should be able to quickly and easily find out who owns every crypto address.
To this end, the EU obliges crypto service providers who send or receive transactions for their customers: A service provider who executes a transaction to another service provider must collect, store and transmit the following information: name, account number, address, ID number , sender’s date and place of birth, and recipient’s name and account number.
It is the responsibility of the receiving service provider to verify that the information is accurate before crediting the amount to its customer. If the information is incomplete, the recipient must refuse payment until they have received and verified the necessary information.
In general, crypto service providers must develop stricter methods to identify money laundering and terrorist financing risks and report corresponding transactions to financial monitoring. Missing information in a transaction should be included in this evaluation.
The EU Commission is aware that the requirements are strict: they burden the industry with oppressive, labour-intensive requirements that are sometimes almost impossible to implement. They lead to an overload of the financial supervisory bodies, which are already often overwhelmed, and they bully completely honest citizens with severe invasions of privacy.
Therefore, the Commission defines some exceptions. If the transaction amount is less than 1,000 (and does not belong to a series of transactions that exceed 1,000 euros), the information is limited to names and account numbers and the recipient is exempt from checking it. This is at least a small relief that will save companies a lot of work.
Also excluded are transactions between “natural persons who act as consumers” and do not use a service provider.
ECON and LIBE have objections…
Two committees of the European Parliament have now dealt with the draft: the Committee on Economic and Monetary Affairs (ECON) and the Committee on Civil Liberties, Justice and Home Affairs (LIBE) . In an almost 60-page document , they propose numerous changes.
Each and every one of these proposals is aggravating, confirming a downright anti-bitcoin stance that Parliament has already demonstrated in an attempted proof-of-work ban on cryptocurrencies .
The two most serious points concern the exceptions for small amounts and the use of your own wallet. Especially the latter threatens to become painful.
As described above, the Commission is trying to limit the damage to companies and the efforts of the supervisory authorities by limiting the information and control obligations for transaction amounts of less than 1,000 euros. Parliament agrees to these exceptions per se – but demands another exception for cryptocurrencies:
Because “transfers of crypto assets are different for many reasons.” They are borderless and global, users can use numerous addresses and wallets, and the coins flow around the world much faster than a bank transfer. That sounds great and shows why technology is so vastly superior to banking. But Parliament fears this will allow criminals to circumvent surveillance.
Therefore, it would like to overturn any kind of minimum threshold. Regardless of the amount – if the European Parliament has its way, the service providers involved should collect, send and check all data for every transaction.
But what weighs most heavily is what Parliament writes about so-called “unhosted wallets”. This simply means wallets where users manage the keys themselves.
The term wallet does not even appear in the Commission’s draft, since the regulation is explicitly not aimed at users but at service providers. Parliament is now trying to force service providers to discourage their users from using their own wallets.
If a service provider receives transactions through a wallet or pays them out to one, the information obligations should also apply. The service provider should “obtain and store the necessary information about the sender and recipient from his customer.” The necessary information here, as described above, means not only the name, but also the date of birth, the ID number and so on.
After all, the service provider only has to check this information insofar as it concerns its own customers. Here Parliament is apparently making a compromise with the pragmatic.
However, if there is evidence that the information about the other party involved – the wallet – is inaccurate, missing or incomplete, the service provider should consider refusing the payment and reporting it to the regulator. The same applies if there are other suspicions, including someone depositing more than 1,000 euros from their own wallet.
The FIU as a victim
It’s hard to overstate the devastating impact of these proposals: service providers will need to collect data from their own wallets for all deposits. The users have to provide data that they do not have in case of doubt – such as the place of birth or the ID number of the sender or recipient. If this data is missing, a suspected case arises. A suspicious case also arises if a user deposits more than 1,000 euros through their own wallet.
The result will be hopelessly overworked regulators. In Germany, this is the FIU (Financial Intelligence Unit) at customs . This authority is already considered to be overburdened by a flood of suspicious activity reports, of which less than one percent lead to a criminal judgment – while the FIU fails to identify and prevent major money laundering scandals such as Wirecard in good time.
Data protectionists, on the other hand, are already criticizing the huge data pool of personal data that is collected at the customs FIU.
Both problems will in any case become much worse with the implementation of the travel rule. There will be many more suspicious activity reports when data is missing or law-abiding users transfer coins from non-compliant exchanges. This is inevitable. Parliament’s proposals, however, lead to excessive reporting. They will effectively render the FIU inoperative, and the result will not be less money laundering, but more.
What to do?
Parliament will vote on the law on Thursday. It is obvious that not every parliamentarian is behind the proposed amendments. For example, one can hope that Stefan Berger , a member of the ECON committee for the CDU, is against the tightening.
It may make sense to go directly to the websites of Parliament and the ECON Committee to write to the MPs there.