Trading

EU Parliament Adopts AML Laws Regulating Bitcoin Based On Questionable Assumptions

The European Parliament adopted a new AML law package which increases the reporting requirements of crypto asset service providers (CASPs) when sending and receiving ‘anonymous’ payments between self-hosted wallets and custodial service providers, in addition to limits on cash transactions and the establishment of a ‘central watchdog’ agency, which will develop regulatory technical standards.

Under the new laws, EU CASPs will need to perform customer due diligence on transactions originating from self-custodial wallets for transactions below 1000 EUR, and implement additional KYC measures for transactions above 1000 EUR. The laws further regulate the operation of no-KYC custodial software service providers and the use of privacy coins, effectively banning CASPs from offering privacy assets. Self-custodial software and hardware providers are exempt from the regulations.

The resolution, adopted by the European Parliament on wednesday, assumes that “[t]he anonymity associated with certain electronic money products exposes them to money laundering and terrorist financing risks,” and “[t]he anonymity of crypto-assets exposes them to risks of misuse for criminal purposes.”

While lawmakers seemed to have no issues putting numbers to overall money laundering activity in the original proposal – ranging between 2-5% of global GDP – as well as to their own inefficiencies – almost 99% of criminal profits escape confiscation – those looking for numbers corroborating “the increasing use of crypto-assets (such as Bitcoin) for money-laundering purposes” are left with a link to Investopedia, explaining what Bitcoin is.

Everybody knows: Crypto is for money launderers. But can anybody prove it?

With the new law package, EU AML/CFT frameworks are updated to align with updated recommendations issued by the Financial Action Task Force – an intergovernmental body established by the G7 in 1989 to tackle money laundering and terrorist financing.

According to FATF procedures, FATF recommendations are informed by AML and CFT assessments performed by FATF regional bodies (FSRBs), the IMF, and the World Bank to “produce objective and accurate reports of a high standard in a timely way,” “[e]nsure that there is a level playing field, whereby mutual evaluation reports (MERs), including the executive summaries, are consistent, especially with respect to the findings, the recommendations and ratings,” and “[e]nsure that there is transparency and equality of treatment, in terms of the assessment process, for all countries assessed.”

The latest EU FSRB 2021 annual report, released in April 2023 performed by the EU Commission’s MONEYVAL, opens with a introduction by the chair, who highlights that “It is well known that money launderers have been abusing cryptocurrencies from their inception a decade ago, initially to transfer and conceal proceeds from drug trafficking. Nowadays, their methods are becoming ever more sophisticated, and larger in scale.”

But MONEYVAL’s report appears to fail to back its claims with sufficient data points, merely making note of the progress of implementation of virtual asset regulations. The report highlights that “a 2022 typologies study will be dedicated solely to cryptocurrency money laundering trends,” suggesting that no such study existed at the time of writing.

The MONEYVAL typologies report on money laundering and terrorist financing risks in the world of virtual assets seems to give no conclusive answers on the significance of cryptocurrencies in AML/CFT efforts either; Instead, it analyzes the application and effectiveness of existing AML regulations via working groups.

Notably, the typologies report states that “at the national level, the sector risk analysis heavily relies on the answers received by the authorities from the private sector itself, with very little action taken towards the verification of the facts by the supervisor.” It further notes that risk assessments “lack in depth.”

The latest IMF report on policies for crypto assets makes similar statements hinting towards a lack of verifiable data on the risks of cryptocurrencies in terror financing, anti-money and financial abuse, stating that “such impacts have not been studied specifically in relation to crypto-assets“. A new IMF report released this week, which attempts to analyze cross border-flows in Bitcoin, states that “measuring Bitcoin cross-border flows is challenging, and currently only possible with a series of non-trivial assumptions.”

The IMF’s 2024 global financial stability report in contrast does cite specific data, but places the overall amount of cryptoassets received by ransomware hackers at approximately $1100 Million – a mere 0.061% of crypto’s $1.8 Trillion market capitalization.

The World Bank’s 2023 report on lessons learned from the first generation of money laundering and terrorist financing risk assessments found that “some new issues were not covered in the last NRA, such as VA [virtual asset] […]”, and that it should be ensured that “authorities and private entities provide more data for input” and “assess more risks such as VASPs.”

A World Bank 2022 publication on national assessments of money laundering risks makes no mention of cryptocurrencies at all, beyond finding that virtual currencies should be “studied further”. The paper “Illicit Transaction Flows: Concepts, Measurement and Evidence” published in the World Bank Research Observer in 2020, makes no mention of virtual assets, bitcoin or cryptocurrencies either.

Papers published by the World Bank on crypto asset adoption do not provide much more insight into the impacts of cryptocurrencies on AML/CFT efforts either – The papers “Crypto-Asset Activity around the World” and “What Does Digital Money Mean for Emerging Markets and Developing Economies?” simply re-refer readers to existing FATF recommendations.

The World Bank paper “Decrypting New Age International Capital Flows” cites a single academic paper on the effects of cryptocurrencies on money laundering, claiming to have found that “approximately one-quarter of bitcoin users are involved in illegal activity.” While there are many scientific papers attempting to assess the significance of cryptocurrencies in illicit transaction flows, academics broadly question the accuracy of applied methodologies, claiming to have found error rates of over 92% in commonly applied heuristics. Particularly methods based on user behavior are argued to be “the most unreliable”, concluding that their application should not be used to warrant intense investigative measures.

Assessing Proportionality: National Security vs. Human Rights

Estimates of illicit transaction volumes range between 0.34% in all on-chain transaction volume in 2023 and 46% of all bitcoin transaction volume in 2019, highlighting the apparent lack of a conclusive understanding of the significance of cryptocurrencies in enabling the facilitation of illicit transactions.

In a 2024 National Risk Assessment, the Swiss federal police classifies such “tremendous lack of data” as an “inherent risk”, citing “insufficient figures and statistics”. The assessment highlights that the lack of data on cryptocurrency financial flows is “not unique to Switzerland”.

The assessment highlights statements made by the ECB, which “pointed to a lack of reliable statistics” on financial flows associated with cryptocurrencies. It further highlights statements made by the IMF, finding that “significant data gaps continue to make it difficult to assess the true extent of VA [virtual assets] use in the financial system, which also hampers risk analysis by financial authorities”. It notes that the IMF has recommended to initiate an international exchange of statistical data on cryptocurrency transactions to “address the lack of data” as early as 2019.

Seemingly echoing MONEYVAL’s concerns on the evaluation of suspicious transaction reports, the assessment finds a survey conducted among national police and prosecutors to gather quantitative information on criminal proceedings in cryptocurrency transactions and qualitative assessments of the challenges of cryptocurrency for the work of law enforcement to be “fragmentary” and “of limited relevance”.

Cybersecurity experts warn of the risks of cryptocurrency deanonymization tactics in relation to established fundamental rights, finding that future regulatory concepts may collide with fundamental rights such as the right to freedom of association, the right to privacy and the right to informational self-determination, the right to freedom of expression, and the right to freedom of information as established in the Charter of Fundamental Rights of the European Union as well as the European Convention on Human Rights.

As governed by article 5 of the Maastricht Treaty, actions applied by the European Union “shall not exceed what is necessary to achieve the objective of the Treaties.” It is questionable how MEPs have issued an informed vote on the proportionality of the EU’s new AML laws when no conclusive data on the significance of cryptocurrency in anti-money laundering and counter terrorist financing efforts appears to exist.

 This is a guest post by L0la L33tz. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.