Thread
1/ I hate to ring the alarm bell again, but the EU Parliament leaves us no choice 🚨🚨
This time it concerns a crackdown on unhosted wallets in the upcoming crypto AML regulation (TFR).
The ECON committee vote is on Thursday and the draft includes some absolute red flags 👇
This time it concerns a crackdown on unhosted wallets in the upcoming crypto AML regulation (TFR).
The ECON committee vote is on Thursday and the draft includes some absolute red flags 👇
2/ Background: The EU Commission’s AML package includes a revision of the Transfer of Funds Regulation (TFR) that will extend the obligation of financial institutions to accompany transfers of funds with information on the payer and payee to crypto assets.
3/ Initial proposal from the EU commission
eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52021PC0422
Initial draft report from the EU Parliament www.europarl.europa.eu/doceo/document/CJ12-PR-704888_EN.pdf
eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52021PC0422
Initial draft report from the EU Parliament www.europarl.europa.eu/doceo/document/CJ12-PR-704888_EN.pdf
4/ It is the EU implementation of the so-called FATF travel rule that basically says that crypto service providers (exchanges, custodians etc) have to share personal information (name, address etc.) of their clients for transactions between one another.
www.fatf-gafi.org/media/fatf/documents/recommendations/Updated-Guidance-VA-VASP.pdf
www.fatf-gafi.org/media/fatf/documents/recommendations/Updated-Guidance-VA-VASP.pdf
5/ The EU Parliament is currently discussing and amending that proposal.
And the latest draft compromise before the vote on Thursday introduced/aggravated some absolute red flags.
First red flag 🚩
And the latest draft compromise before the vote on Thursday introduced/aggravated some absolute red flags.
First red flag 🚩
6/ Different from the initial proposal that only required to collect (not verify) personal data from transfers made from/to an unhosted wallet, the draft now requires to “verify the accuracy of information with respect to the originator or beneficiary behind the unhosted wallet” 
7/ But it doesn’t say how exactly a crypto service provider should be able to verify the unhosted counterpart🤨
The consequence of this, imo, is that most crypto companies won’t be able or willing to transact with unhosted wallets anymore in order to stay compliant.
The consequence of this, imo, is that most crypto companies won’t be able or willing to transact with unhosted wallets anymore in order to stay compliant.
8/ Second 🚩
For every crypto-transfer from an unhosted wallet over 1k EUR, companies are obliged to inform the “competent AML authorities”.
For ALL these transactions, even if there is no sign/suspicion of money laundering.
This is an absolute violation of privacy rights.
For every crypto-transfer from an unhosted wallet over 1k EUR, companies are obliged to inform the “competent AML authorities”.
For ALL these transactions, even if there is no sign/suspicion of money laundering.
This is an absolute violation of privacy rights.
9/ Third 🚩
One year after entry into application, the EU commission will assess the need of “additional specific measures to mitigate the risks posed by transfers from or to unhosted wallets, including the introduction of possible restrictions”
One year after entry into application, the EU commission will assess the need of “additional specific measures to mitigate the risks posed by transfers from or to unhosted wallets, including the introduction of possible restrictions”
10/ This means that the EU Commission might be prohibiting transfers from/to unhosted wallets entirely, as was already suggested by some members of the Parliament in an earlier draft - see Art 18 b on page 45 here:
www.europarl.europa.eu/doceo/document/CJ12-AM-719852_EN.pdf
www.europarl.europa.eu/doceo/document/CJ12-AM-719852_EN.pdf
11/ Forth 🚩
While the FATF travel rule only requires these measures for transactions over a certain amount (1k$) and the TFR for fiat (wire transfers etc) only requires the information sharing for transfers over 1kEUR, the draft sets no minimum threshold for crypto transfers.
While the FATF travel rule only requires these measures for transactions over a certain amount (1k$) and the TFR for fiat (wire transfers etc) only requires the information sharing for transfers over 1kEUR, the draft sets no minimum threshold for crypto transfers.
12/ That means that soon every single satoshi transaction that is not purely P2P will have to be accompanied by the sharing of personal information. 
13/ This is a totally unjustifiable double standard. If anything, the AML requirements for #cryptocurrency should be lower, since blockchain-based transfers offer new and additional ways to track and monitor.
Warned about this a few weeks ago:
Warned about this a few weeks ago:
14/ There are more problematic passages in the text (e.g. blacklist for entities without legal entity), but these are the main ones to focus on imo.
15/ This proposal cracks down on unhosted wallets & creates huge data honeypots for hackers.
It will lead to a system that is very close to SWIFT today, where every crypto transfer (except real P2P) is accompanied by a transfer of personal information.
It will lead to a system that is very close to SWIFT today, where every crypto transfer (except real P2P) is accompanied by a transfer of personal information.
16/ The regulation is led by @ernesturtasun from the Greens in the ECON & @Assita_Kanko (Conservatives) in the LIBE committee.
Reminder: These are not the final rules. After the vote on Thursday, final negotiations with the EU Commission & Council (trilogues) will start.
Reminder: These are not the final rules. After the vote on Thursday, final negotiations with the EU Commission & Council (trilogues) will start.
17/ What is concerning is that this time, different from the POW-ban in the MiCA regulation, the Council (member states) seems to be on the same page with the EU Parliament on these issues (no threshold for crypto transfers, crackdown on unhosted wallets etc.).
