The European Banking Authority (EBA) is stepping up its game in the crypto space. With its new Regulation (EU) 2023/1113, open for feedback until February 26, 2024, the EBA is extending its regulatory reach, which initially kicked off in 2015, to include certain crypto-assets. This move is all about getting a better handle on tracing crypto transactions and reducing risks like money laundering and terrorist financing.
Here's what's on the table:
Filling in the Blanks: The guidelines zoom in on spotting and fixing missing or incomplete info in crypto transactions.
Tailored Procedures: They're setting up ways to deal with transfers that are missing key details.
Risk-Based Approach: This is a big one. The guidelines give Payment Service Providers (PSPs), their intermediaries, and Crypto-Asset Service Providers (CASPs) some room to align their compliance efforts with their operational scale and risk exposure.
In this article, we dive into these guidelines, explore how they might impact various players in the crypto scene, and see how they stack up against broader EU regulations and global standards.
The EBA isn't just throwing rules at the wall to see what sticks. They've thought this through, addressing complex tech issues like:
If the proposed guidelines become official, the workload for Payment Service Providers (PSPs) and Crypto-Asset Service Providers (CASPs) is set to increase dramatically.
To illustrate, under the new regulations, CASPs will have to dive deeper into data collection. This includes classifying customer transactions by the types of goods or services, identifying the nature of the transaction – whether it's for personal or business purposes, and scrutinizing transaction patterns to figure out the reasons behind payments and receipts.
The complexity doesn't end there. CASPs must navigate the diverse protocols in the crypto and blockchain arena – some are open-network, some are closed-network, and others don't favor any particular network. Not all of these protocols work well together, so CASPs will find themselves juggling multiple protocols to facilitate smooth transactions with each party involved. This juggling act is crucial to meet the EBA's Travel Rule requirements, which aim to prevent data integration snags and compliance slip-ups.
Moreover, CASPs are expected to up their game in ensuring seamless and compatible information transfer in line with the heightened data requirements. They'll need to accurately convey extensive details, including names, addresses, countries, personal document numbers, customer IDs, and even birth dates and places of the parties in the transaction.
The scenario gets even more intricate with self-hosted wallets. Previously, CASPs only needed to record wallet addresses and verify ownership for transactions above 1,000 Euros. Now, they have to individually track each transfer, whether it's to or from a self-hosted wallet, identify the parties involved, prove ownership, and implement necessary safeguards.
Overall, CASPs are looking at a significant ramp-up in responsibilities. This necessitates more advanced technological solutions and a more thorough approach to gathering and transmitting information. They'll have to be extra vigilant in their operations, as every aspect will demand closer attention. The enhanced obligations could lead to higher compliance costs and potential delays, especially initially due to the complexity and newness of these requirements.
Under the potential new rules, non-EU parties involved in transactions with EU-based counterparts would face broader data disclosure requirements.
This involves providing basic location information like the country name, postal codes, cities, states, provinces, and even down to the level of municipalities, street names, building numbers, and names.
In instances where the provided name, account number, address, and other official documents don't clearly identify the parties involved, an extra layer of information would be necessary. This means that Crypto-Asset Service Providers (CASPs) would also need to gather and disclose personal details like the date and place of birth of the individuals participating in the transaction.
So, any non-EU crypto firms doing business with EU counterparts will need to be ready to share a lot more data.
As we're in the consultation phase, it's a waiting game to see if these guidelines strike the right balance between tight security and fostering innovation in blockchain technology. For now, it's a matter of watching and waiting as the situation unfolds.
VASPs need a Travel Rule Solution to comply with the FATF Travel Rule. Have you zeroed in on it yet? Check out Veriscope, the only frictionless crypto Travel Rule compliance solution.
Follow us on X (Formerly Twitter), LinkedIn, Telegram, and Medium for up-to-date news from the world of crypto regulations. To keep up-to-date on all things crypto regulations, sign up for our newsletter.