To date, the cryptocurrency market has been largely unregulated, making it a breeding ground for financial crime. In 2021, in the US, it’s thought some $8.6 billion worth of cryptocurrency was laundered by cybercriminals. These numbers have brought crypto into global regulators’ spotlights, and the EU has issued its proposal to regulate crypto assets.
The FTX scandal is a recent example of why regulation is needed in the cryptocurrency market. A lack of knowledge about crypto – what it is, how it works, and who is using it – has contributed to increased risks across the entire financial system. Regulators are now tuned into this risk and taking action.
The defining characteristic of cryptocurrencies is that they aren’t usually issued by a central authority, making them largely immune to government intervention and regulation. But cryptocurrency has the potential to upset financial stability and to perpetuate financial crime, with vast sums of money laundered through crypto assets. Regulatory attention has therefore become inevitable and necessary.
In October 2022, the EU’s committee for Economic and Monetary Affairs began assembling its regulatory framework, by overwhelmingly voting to approve new Markets in Crypto-Assets (MiCA) regulation - a world-first in crypto-investing regulation and expected to become law in 2024.
Sverker Tornhagen, Industry Practice Lead at Moody’s Analytics KYC, says - “98% of ransomware uses crypto. A government's ability to investigate crypto-related crimes is limited in countries where crypto is unregulated. The crypto sector needs legitimacy and credibility to progress in the wider financial market. Increased, harmonized regulation should have a positive effect on this industry, strengthening it for the future.”
There has been an urgent need for EU-wide regulation of crypto markets for some time. Currently, consumer rights in crypto are very limited, particularly if transactions take place outside the EU. Crypto assets are not protected by the Financial Services Compensation Scheme (FSCS) and that means consumers are vulnerable to losing their money with no comeback.
The European Commission has been working on something like MiCA since 2018, when it announced its fintech action plan. The ambition was to make the crypto market safer for consumers and easier to access.
It is now hoped the new regulation, which will apply to all EU member states, will do more to protect crypto investors while still encouraging innovation. The EU, of course, also wants to bring about more financial stability in the crypto market. When MiCA passes into law, crypto providers will be able to sell their products across the EU, providing they satisfy the specific safeguarding requirements.
MiCA covers a range of areas including disclosure, transparency, authorization, and transactional supervision. It defines a crypto asset as “a digital representation of a value or a right which may be transferred and stored electronically using distributed ledger technology or similar technology.”
The regulation will apply to any crypto firm seeking to do business in the EU. The regulations will be enforced by competent authorities designated by each member state, overseen at union level by the European Securities and Markets Authority and the European Banking Authority.
While the MiCA covers most crypto assets, it’s still vague as to how non-fungible tokens (NFT) will be treated, but this is something likely to be addressed by lawmakers soon.
What introduction of MiCA means is that crypto-asset providers will have to meet anti-money laundering (AML) and know your customer (KYC) compliance standards in a similar way to those met by traditional financial services providers and fintechs today.
Under the new rules, crypto-asset providers will also be liable if they lose an investor’s crypto-assets, addressing consumer rights issues.
MiCA sets out the requirement for due diligence procedures that should be applied to all customers, including what evidence is needed to prove the identity and legitimacy of an investor. Customer identities must be established and verified using independent sources, and any suspicious activity needs to be reported to authorities without delay.
The new regulations also include measures to deal with corruption and insider trading, which has started to become a concern for asset providers. In September 2022, the brother of a former product manager at Coinbase pleaded guilty to committing insider trading in cryptocurrency assets having used confidential information about which crypto assets were scheduled to be listed on Coinbase’s exchange.
Tornhagen adds. “Regulators in the EU have agreed that MiCA would provide one of the most comprehensive regimes for digital assets to date. It also means the industry’s regulatory burden will increase and the relationship with the regulatory authorities will change and become more intense compared to now. It is going to be a big adaptation that requires a certain type of culture and competence in companies that may not exist today.”
Comprehensive regulation of crypto assets has not been seen to date, and while many reputable crypto wallets and asset providers have taken a stance of acting as though they were regulated, the introduction of MiCA will see clear AML and KYC compliance standards pass into law. It will undoubtedly change the crypto landscape for providers and consumers – and it will hopefully curtail criminal activity in the sector.
It’s likely the new regulations will pave the way for further rules governing decentralized finance. And it’s expected other countries, such as the UK and India, will follow the EU’s lead. And in the US, policy makers are lobbying the treasury to do more in the area, particularly in the wake of the FTX collapse.
With greater consistency of KYC standards across the crypto industry, the fight against money laundering and terrorist financing moves forward again. The proposed legislation, and the changes it is designed to bring, could also help rebalance the disruption and controversy that has beset the crypto market.
Moody’s Analytics automates KYC and AML processes for financial services providers and fintechs around the world. We can orchestrate a digital workflow of compliance data checks to verify identities and ownership information; flag risks related to individuals or corporate entities for any product anywhere in the world; and support a process of continual monitoring or perpetual KYC.
To discuss your approach to automating KYC and AML compliance, or continual risk monitoring, please get in touch – we would love to hear from you.