How will the 5th Money Laundering Directive affect cryptocurrencies?

Image showing bitcoins

The Fifth Money Laundering Directive is set to be transposed into national law by 10 January 2020. The core aim of the 5MLD is to address modern-day money laundering concerns that were not covered in the Fourth Directive. The main changes are focused on enhanced powers for direct access to information and increased transparency around beneficial ownership information and trusts. One of the challenges surrounding money laundering, which was far less of a risk when the Fourth Directive was being drafted, is cryptocurrencies.

What are cryptocurrencies?

A cryptocurrency is a digital asset designed to work as a medium of exchange that uses strong cryptography to secure financial transactions, control the creation of additional units, and verify the transfer of assets. Today there are over 3,000 cryptocurrencies across the world, with Bitcoin being the first one to enter the market and the clear market leader.

The essence of cryptocurrencies is that they rely on a consensus database of maths, secured by strong cryptography that needs immense computer power to add to the digital ledger where the information is stored, known as the blockchain. They are not secured by trust, fingerprints or anything vulnerable to human error, but by millions of computers constantly agreeing with each other.

While there are many different cryptocurrencies, they all work on the same core principles:

  • It is decentralised and doesn’t rely on any government or regulatory oversight
  • It relies on being monitored by peer-to-peer control
  • It is encrypted in a secure string of data

Changes to cryptocurrency regulation under the Fifth Directive

Cryptocurrencies such as Bitcoin and Ethereum have concerned a lot of regulators. Due to the lack of any government regulation and the ease at which money can be transferred without detection, many worry that cryptocurrencies give criminals the tools to transfer illicit funds around the world. As a result of these concerns and the increase in popularity of cryptocurrencies, the 5MLD seeks to add an element of regulation and accountability to cryptocurrencies and those who use them.

Under 5MLD, virtual currencies such as Bitcoin will have a legal definition. Virtual currency platforms and wallet providers will also become regulated entities under the scope of the directive. While many already conduct due diligence and report suspicious transactions, the Fifth Directive will make it a legal requirement. The hope is that the introduction of regulation to cryptocurrencies, effectively bringing the EU in line with regulations introduced by the US in 2013, will help tackle the use of cryptocurrencies to assist in money laundering and terrorist activity.

Key measures introduced by the Fifth Directive

  • A legal definition of cryptocurrency: “a digital representation of value that can be digitally transferred, stored or traded and is accepted… as a medium of exchange”.
  • Cryptocurrencies are considered “obliged entities”, and face the same anti-money laundering regulations applied to financial institutions under 4MLD. This means customer due diligence (CDD) is required for cryptocurrencies the same way it is under the Fourth Directive and suspicious activity reports must be submitted if transactions are made via cryptocurrency.
  • 5MLD actually goes further than 4MLD in its reporting obligations. Under 5MLD, financial intelligence units are given a mandate to obtain the addresses and identities of owners of virtual currency. This is an effort to reduce the anonymity associated with the use of cryptocurrency.
  • The Fifth Directive also regulates the cryptocurrencies themselves. They must now be registered with their local authority, such as the Financial Conduct Authority in the UK and BaFin in Germany.

Upcoming anti-money laundering training

Screenshot of VinciWorks' AML course
AML: Know Your Risk, is one of the courses which will be updated once the Fifth Directive comes into force.

In the coming months, we will be updating all our online AML courses in line with the Fifth Money Laundering Directive. We will also be releasing a new course on the Fifth Directive. The interactive course will cover the key changes to money laundering regulations under the Fifth Directive, will be fully customisable and will include interactive modules. To get more information on our new AML training, complete the short form below.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.