EU AML/CTF Action Plan: Missing Links to Regulatory Harmony

Significant differences in the implementation of EU AML/CTF Directives across Member States have enabled regulatory arbitrage and hindered both international supervision and cooperation. In response to these issues, the EU Action Plan proposes to achieve the harmonised and effective implementation of the EU AML/CTF framework through six primary initiatives:

1.         Ensuring the effective implementation of the existing EU AML/CTF framework

2.         Establishing an EU single rule book on AML/CTF

3.         Bringing about EU level AML/CTF supervision

4.         Establishing a support and cooperation mechanism for FIUs

5.         Enforcing Union-level criminal law provisions and information exchange

6.         Strengthening the international dimension of the EU AML/CTF framework

Overall, the Action Plan’s proposed measures are likely to be effective as they address several underlying issues. Notably, the establishment of a single rule book with key provisions brought into a directly applicable Regulation would reduce the scope for differences in the framework’s implementation across jurisdictions. This regulatory harmony is a prerequisite to the effective implementation of the framework and would support each of the other measures proposed in the Action Plan.

However, given that the framework lags behind the FATF Recommendations in certain areas, the Action Plan would still leave scope for regulatory arbitrage giving rise to ML/TF risks, particularly in relation to cryptoasset activity. Whereas crypto-to-fiat exchanges and custodian wallet providers are the only cryptoasset businesses within the scope of the EU’s framework, the FATF Recommendations also apply to crypto-to-crypto exchanges, Initial Coin Offerings (ICOs), and cryptoasset ATMs. Further, depending on their nature, decentralised exchanges and applications, custodian escrow services, issuance, and trading brokerage services, and order-book exchanges which match buyers and sellers may be subject to the FATF’s Recommendations.

In light of the disparities between the FATF Recommendations and the EU framework, the application of AML/CTF requirements to cryptoasset activities will continue to vary greatly across EU Member States. While some countries align their national AML/CTF regime with the FATF Recommendations, others fall short, with some only meeting the minimum requirements of the EU framework. Criminals may exploit these discrepancies to prevent detection of money laundering by transacting using unregulated cryptoassets and businesses in jurisdictions with weaker AML/CTF regimes.

While some countries are in the process of drafting new legislation to meet the FATF Recommendations, others seem content with meeting the EU requirements. Without EU harmonisation of the FATF Recommendations, Member States will continue to take their own approaches to implement the Recommendations. Vulnerabilities would then persist in the EU AML/CTF framework as the differences in implementation enable regulatory arbitrage and impede supervision and cooperation across borders.

Table 1: Cryptoasset Activity Regulated Under National AML Regimes

Due to the risks identified, the EU should go further than the Action Plan and align the EU AML/CTF framework with the FATF Recommendations relating to cryptoasset activity. This could be done by amending the framework to adopt the definition of a Virtual Asset Service Provider (VASP) used by the FATF, and to incorporate the FATF Recommendations applicable to VASPs. Alternatively, the EU could add the operators of cryptoasset ATMs, crypto-to-crypto exchanges, and ICOs to the list of obliged entities under the framework, with updated requirements for cryptoasset businesses in line with the FATF Recommendations.

Full alignment of the framework with the FATF Recommendations would require more stringent AML requirements to be imposed. In relation to cryptoasset businesses, the most significant of these is the requirement to collect and send beneficiary and originator information when conducting cryptoasset transactions above 1,000 euros (FATF Recommendation 16, the ‘travel rule’). Regulatory harmony in the implementation of the travel rule is especially important as a single VASP which does not comply with the travel rule could prevent the audit trail of transactions from being traced any further than the non-compliant VASP.

This issue may even arise with VASPs which purport to comply with the travel rule, yet supply inaccurate information on their customers, as their counterparty VASPs are under no obligation to verify the accuracy of travel rule information they receive. Since the VASP transferring customer information is uniquely responsible for verifying its accuracy, strict requirements and common minimum standards relating to identity verification must be in place to protect against the use of inaccurate information to avoid identification.

Overall, the Action Plan offers a targeted approach to addressing major underlying issues in the EU's AML/CTF framework, with the key objective of regulatory harmony setting the foundation for effective implementation across the Union. As such, the proposed measures should substantially mitigate a range of ML/TF risks, in particular, due to enhanced regulatory harmony which facilitates international cooperation and supervision. However, as discussed above and in our response to the Action Plan consultation, various cryptoasset activities that may pose risks remain outside of the framework despite being within the scope of the FATF Recommendations.

With regard to these risks and opportunities for regulatory arbitrage, the Action Plan should be complemented by measures to address the remaining discrepancies between the FATF Recommendations and the EU framework with respect to cryptoassets. Regulatory harmonisation in this area would require significant efforts by public and private entities alike, especially to achieve compliance with the FATF travel rule. However, the alternative of continued regulatory fragmentation in an industry characterised by high risks would likely turn out to be more costly in the long run.

‍