New European Union proposals to monitor crypto transactions with unhosted wallets could breach the risk-based approach set out by international money laundering regulators, an official from the bloc’s own banking authority has said.
Policymakers from the European Commission also warned any decision to scrap a 1,000-euro threshold for identifying crypto payers would need to be backed by evidence.
On March 31, the European Parliament voted through controversial provisions to identify participants in crypto payments, including transactions with wallets that aren’t hosted by any regulated exchange – leading to warnings from the industry that the bloc could stifle innovation and cramp privacy.
In particular, plans to force large transactions with unhosted wallets to be automatically reported to the authorities could prove overwhelming, the European Banking Authority’s Joana Neto said at an event held Wednesday at the European Parliament in Brussels.
“It’s very resource intensive,” said Neto, who is an anti-money laundering data specialist. “Who’s going to handle this? … If it’s going to be the competent authority, what are they going to do with that information?” A requirement to report missing data to the authorities was “amazing in theory,” but might not be practical, she added.
“The essence of the risk-based approach is not exactly reflected in the draft from the European Parliament,” she continued, referring to the principle of matching data collection to the threat of actual money laundering.
Lawmakers also supported governments in proposing to remove a 1,000-euro threshold that already applies to conventional bank transfers. That means crypto payments, uniquely, would have to identify the participants even if they are of small value.
Some legal experts have warned that such an approach risks legal challenge given privacy concerns, and officials from the European Commission said that approach would need to be justified by lawmakers and governments.
“Our message to the co-legislator is that the solution they must take must be risk based and proportionate,” said Gabriel Hugonnot of the European Commission’s financial crime team. “Are there differences in the risks that justify a different treatment?”
The battle continues to rage on that question, with the industry pointing to figures from Chainalysis that suggest just 0.15% of crypto transactions involve illicit addresses. Some lawmakers, on the other hand, say it’s too easy to break up a large digital payment into lots of smaller chunks to circumvent any regulatory limits.
Hugonnot also appeared to confirm suspicion that current draft rules could spell the end of privacy-enhancing techniques.
“In all the provisions of the anti-money laundering package we are trying to improve the fight against any and all anonymous devices,” Hugonnot said, referring to recent EU proposals to ban large cash transactions and anonymous bearer shares. That suggests there could be no legitimate use for crypto tools like mixers or tumblers, he added.
Hugonnot also hit out at “fake debates” exaggerating the impact of the plans, including denying industry claims that crypto users would need to prove their identity each time they made a payment.
“All the information that is asked [such as the payer’s name and address] doesn’t need to be directly attached to the transfer,” he said, but could be requested by crypto wallet providers separately.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.