Last month, the European Commission published a draft directive proposing to extend anti-money laundering (AML) regulation to both virtual currency exchange services and custodial wallet providers. The draft suggests that many Bitcoin companies operating within the European Union will need to apply know-your-customer (KYC) types of checks on their users, to be enforced by 2017.
Phrasing of the directive left some uncertainty over its extent, however —in particular over what are considered “wallet providers offering custodial services of credentials necessary to access virtual currencies.”
For clarification, Bitcoin Magazine reached out to E.U. representatives.
Speaking to Bitcoin Magazine, the E.U. representatives (who preferred not to be mentioned by name or quoted directly) explained that the concept and motive of the proposal is straightforward.
From the perspective of the European Commission, virtual currencies present a problem as they allow money to circulate easily, and it's difficult to know who's transacting with whom. To address this, the E.U. wants to set up checkpoints: Custodian wallet providers and exchange services would be required to monitor transactions on their platform and report suspicious activity.
Within that context, the representatives acknowledged that the proposed regulation should not apply to any services that happen to hold onto customer private keys. There is, for instance, no intention to regulate Lightning Network nodes or mining pool operators.
Custodial wallet providers, under the provision, are wallet providers that hold onto at least one private key for customers. Naturally, that includes wallet providers that hold full control over users' private keys, such as Circle and Xapo. But it also includes services that hold onto a single key in a multi-signature setup, even if they can't spend on behalf of customers, such as GreenAddress or Blocktrail. Wallet providers that do not hold any private keys at all — like Mycelium or Blockchain — would not fall under the provision.
The E.U. representatives also indicated there might be further discussion on a potential minimum threshold. Under the current proposal, any custodial wallet provider, as well as exchange service, would be required to apply AML/KYC checks on customers — even for trivial amounts. The representatives indicated this may be reconsidered to perhaps introduce a minimum threshold under which no identity verification would be required. (But this is not guaranteed.)
Another part of the draft directive that garnered attention is a paragraph pertaining to future research. Specifically, the European Commission suggests that users and Bitcoin addresses may have to be able to be linked to prevent nefarious use of the digital currency.
The draft directive reads:
“The inclusion of virtual exchange platforms and custodian wallet providers will not entirely address the issue of anonymity attached to virtual currency transactions, as a large part of the virtual currency environment will remain anonymous because users can also transact without exchange platforms or custodian wallet providers. To combat the risks related to the anonymity, national Financial Intelligence Units (FIUs) should be able to associate virtual currency addresses to the identity of the owner of virtual currencies. In addition, the possibility to allow users to self-declare to designated authorities on a voluntary basis should be further assessed.”
Speaking to Bitcoin Magazine, the E.U. representatives acknowledged that these ideas will be further assessed — but not any time soon. Specifically, a report scheduled for 2019 will explore the options and potentially make recommendations.
Moreover, as specified in the draft, the intent at this point is merely to allow users a voluntary choice to self-declare addresses. The E.U. representatives confirmed that there are as of yet no plans to make non-declaration illegal. The representatives suggested that users may choose to self-declare their addresses, however, in order to increase the credibility and use of virtual currencies, as their anonymous nature can be seen as a threat.
The legislative proposal is currently in the preliminary discussion phase; there may still be modifications at both the European Parliament and the European Council levels. At least one initiative, coming from the Netherlands, has been started to adjust the proposal, most importantly removing KYC/AML requirements for wallet providers.