1. The EU AML Package
On July 20th, 2021, the European Commission unveiled a package of legislative proposals to strengthen EU AML/CFT, approved by EU Parliament on April 24th, 2024, and by Council on May 30th, 2024. The Package consists of:
- a Regulation establishing a new EU Anti-Money Laundering Authority, operational from 2024, with broad investigative and sanctioning powers in AML/CFT matters;
- a Regulation recasting Regulation No. 2015/847/EU on fund transfers, intended to make crypto-asset transfers more transparent and fully traceable;
- a Regulation on anti-money laundering obligations applicable to the private sector;
- the Sixth Directive on AML/CFT.
2. The new European Anti-Money Laundering Authority (AMLA)
The Package's most innovative contribution is the creation of a European Anti-Money Laundering Authority (AMLA), with the aim to eradicate the limitations that have emerged from the system adopted so far, based on a decentralized architecture. A supervisory role looms over this new entity, with direct responsibility for the riskiest intermediaries and indirect responsibility for the others, for which control based on national scrutiny remains. In addition, the AMLA will play a central role in assisting the FIUs (Financial Intelligence Units) operating in the various Member States of the European Union. With the introduction of the new EU authority, AML supervision will be put in place in a harmonious and synergistic manner at the European level, resulting in joint interventions, no longer anchored in a generic collaboration between the actors involved, which until now has been declared, but not implemented. AMLA is also given regulatory power, to be exercised mainly through drafting regulatory and implementing technical standards, guidelines and recommendations aimed at a wide and diverse audience, namely supervised entities, AML supervisors and FIUs. The AMLA action will come to light in 2024 and, according to the EU Commission's proposal, should be fully armed by the end of 2025 to start direct supervision at the dawn of 2026.
The first objective is to create an effective and efficient integrated supervision model, with more articulations than the one currently in place. It makes imperative, in first instance, a critical review of the current architecture of AML supervision at the domestic level and, therefore, the adoption of the changes necessary to finally achieve the launch of single supervision, emancipated from the parochial action of loose cannons. In fact, although the head of the new set-up is a single entity, the AMLA, the control activity will be extruded in a widespread manner through of an integrated network of AML/CFT "vigilances", in which several actors (Anti Money Laundering Authorities and FIUs), with different institutional configurations in their respective countries and different domestic cultures of control, will be called upon to interact with each other much more closely than they have done so far. For the new set-up to function smoothly, it will therefore be necessary to trace in marble the lines of the area of competence pertaining to each actor: first, it will be necessary to identify the intermediaries to be subjected to direct supervision by AMLA. In this regard, the level of riskiness of the aforementioned entities rises to a general criterion, but the methodology to be adopted by the AMLA to concretely assess the extent of risk is still being defined and will require special attention so that a timely and analytical reading of the idiosyncratic money laundering risk of individual European entities can be achieved. Moreover, it will be necessary to provide quantitatively and qualitatively adequate resources to enable the appropriate performance of tasks by each actor. On this point, the enhancement of the specialized skills of the staff will be diriment, to overcome possible, but physiological, initial frictions within the integration process, arising from differences, even if only cultural and identity ones, between countries. This need will be even more relevant for the teams that will supervise intermediaries falling under the direct responsibility of the AMLA, which will be composed of staff from national authorities, to bring national voices within that scheme as well.
3. The new regulatory framework on fund transfer in the crypto sector
Regarding the Package's innovations in the regulatory framework on fund transfers, they are of equal importance. The new set-up stands on a single "rulebook" for all entities that are subject to AML supervision in the various European countries: the most relevant constraints are introduced by a Regulation and are, therefore, of direct and immediate application, without the interposition of a diaphragm represented by transposition within the national legislation. Among the most significant new developments worthy of mention is the expansion of the scope of regulatory recipients, within which crowdfunding firms and crypto-asset service providers (CASPs) are included. Due to their distinctive characteristics, such as decentralized, dematerialized management and pseudonymity, virtual currencies lend themselves to dangerous criminal misuse.
In particular, the decentralized structure deprives supervisory and investigating authorities of an important institutional interlocutor, necessary for the purposes of preventing and suppressing money laundering. What's more, dematerialized management results in a rarefaction of the spatial perimeter within which transactions are carried out by users, who, not only can operate from any country, with relevant issues in terms of transaction tracking, but are also assisted by a condition of pseudonymity, because their identity is surrounded an (almost) unbreakable blanket of anonymity. It must, then, be remembered that cryptocurrencies, and, more generally, their underlying protocols, rebel against the logic of traditional finance and that cyber space, since its genesis, has aspired to integrate a "lawless reality," free from the interference of external controls.
It can be noted that the extension of AML/CFT obligations to exchangers and wallet providers are insufficient measures because they are easily circumvented: cryptocurrency transactions can take place in a totally peer-to-peer, making the intermediation of service providers related to the use of virtual currency or to electronic wallet management service providers entirely eventual, even unnecessary. There is undoubtedly a need for legislative acceleration to cover the distance that still separates regulatory development from an initial, but only provisional, milestone. In fact, the harmonization of rules also includes internal controls, due diligence, suspicious transaction reporting and data retention. Contributing to the strengthening of the regulatory framework is the proposed amendment to Regulation 2015/847/EU on the transfer of funds in cryptoassets: the revision action gravitates around the need to associate the identification data of "originator" and "beneficiary" with the transfers, aimed at increasing the transparency and traceability of the transfers themselves, so as to enable their "reconstruction," consistent with the European regulation on crypto-asset markets, which is still being defined.
In this regard, it should be noted that, with reference to the crypto-asset sector, an obligation looms over all service providers for crypto-assets to carry out due diligence on their customers, as well as to report suspicious activities. This is because, and this is easily guessed, obliged entities, such as financial institutions, banks, real estate agencies, asset management services, gambling houses and merchants, play a central role as gatekeepers in the AML/CTF framework, as they enjoy a privileged position to detect suspicious activities. Under the agreement, service providers for crypto assets will also have to take customer due diligence measures when performing transactions of EUR 1,000 or more. Further pivotal intervention of the code is the provision of an extension of the list of entities subject to the obligations contained therein, to all types and categories of cryptocurrency-related service providers, increasing modernity and attention to new technological trends, as well as the degree of alignment between EU legislation and the FATF Recommendations.
Changes were introduced in the Council's position to broaden the spectrum of obliged entities, outline greater harmonization of beneficial ownership provisions, and align the definition of high-risk third countries with the FATF lists in a timelier manner through automatic transposition to the list issued by the Commission. It turns out that person-to-person crypto-asset transfers, carried out without the involvement of service providers, or those where the transferor and transferee are providers of crypto-asset transfer services on their own behalf, are not subsumed within these measures. One viable route in the direction of greater legality of cryptocurrencies is self-regulation by the platforms themselves. Given, prima facie, the counter-intuitive nature of such a measure, those in the industry who engage in, for example, trading and exchange activities, could benefit in terms of trustworthiness and reputational implications: presenting a focus on transparency of the identification data of transacting parties may present itself as a catalyst for customers, incentivizing them to comply with the subject identification facility and producing, with prismatic effect, a benefit intended to propagate throughout the system. The measures envisaged also include the need to ensure adequate resources for FIUs and supervisory authorities, the preservation of accurate and up-to-date information on the beneficial ownership of corporate structures and trusts, encouraging, coherently with the measures envisaged in the AML Package, the promotion of vertical cooperation between competent authorities and obliged entities, including through forms of public-private partnership (PPP). In fact, the models currently transplanted in Member States, in the absence of an unambiguous and harmonized definition across jurisdictions, take heterogeneous forms and articulations and, depending on the nature and confidentiality of the information rendered, are assisted by different safeguards in terms of data protection. In accordance with the 2020 Action Plan and following a public consultation in 2021, the European Commission published guidelines on October 27, 2022, aimed at sharing - against the broad spectrum of PPP structures and types - best practices related to public-private coordination, to better understand and accelerate their development.
4. The Sixth Directive on AML/CFT
The last innovation introduced by the Package is the Sixth Directive, which contains some interventions, relating to areas in which it is necessary to preserve a margin of flexibility, in part to enhance the differences that exist between different jurisdictional contexts. Within the Sixth Directive converge rules concerning national and supranational risk assessment procedures, on the identification of "at risk" third countries, on the transparency of "beneficial ownership" and on the establishment of national registers useful for analysis and control. The Directive includes several provisions to encourage the convergence of the powers and procedures of action of the FIUs of individual countries, to enable the conduct of joint and coordinated analyses in particularly complex cases and to strengthen cooperation. The whole package is now at an advanced stage of discussion, but the changes at the regulatory level will be applicable only from 2026, thus three years after the Directive and Regulations come into force.
5. Conclusion
While the AMLA and the new Package aim to address serious shortcomings in the current supervisory regime and to undertake several diriment tasks aimed at enhancing law enforcement strategies against money laundering and terrorist financing across the EU, the actual impact of such measures will depend on several and different factors, including the implementation of its ambitious goals and the balance between enhancing standards and preserving regulatory flexibility. The initiative reflects the EU’s commitment to combating financial crime more effectively and its awareness about the loopholes in the legal system, but its success will require careful management to avoid unintended consequences, such as increased compliance burdens or decreased regulatory flexibility in well-regulated jurisdictions.