EU lawmakers have been spammed with hundreds of emails from the crypto community attempting to influence a key committee vote on Thursday (31 March) regarding the information requirements on the transfers of cryptocurrencies.
The legislation is a recast of the regulation on information accompanying transfers of funds, with a view of including virtual assets such as crypto that were so far outside the scope of EU legislation, despite entailing similar risks.
The European Commission presented the proposal in July 2021 as part of a broader legislative package on countering money laundering and the financing of terrorism. The result of the proposal would be to extend the obligations of financial institutions related to transfers of funds to crypto payments.
The transparency and traceability obligations would apply to Crypto-Asset Service Providers, which would have to record their clients’ name, address, date of birth and account number, and the name of the intended recipient for each transfer.
In the European Parliament, lawmakers from the economic affairs (ECON) and civil liberties (LIBE) committees have agreed on adding provisions that would require service providers not only to collect but also to verify the personal data of the people making or receiving the transfer.
The verification requirement would apply to every crypto transfer. The €1,000 threshold, which applies to financial institutions, was removed as the market value of crypto assets is so volatile that the transfer’s value might change before the transaction is concluded. Another reason was the technique of ‘smurfing’, which consists of automatically moving large amounts in several small transactions.
Patrick Hansen, head of strategy at Unstoppable Finance, said on Twitter that this double standard is unjustified. The argument is that, if anything, anti-money laundering requirements for cryptocurrencies should be less strict since they are based on blockchain technology that can be used to track back transactions.
The measures target unhosted wallets, which store crypto assets directly on a computer without anyone else being involved. When transactions with an unhosted wallet go above €1,000 over time, they must be reported to the relevant authority. Unhosted wallets that have already been verified once will not need to be rechecked.
Identity verification measures
The concern from the crypto community is also that crypto companies might have to refuse transactions with unhosted wallets, as they will have no way to verify their identity. Even if they did, though, the reporting and verification requirements are seen as disproportionate.
For Hansen, all this verification data might become ‘honeypots’ for hackers. At the same time, the Parliament’s text has removed the possibility of private companies storing the data after five years unless there are ongoing legal proceedings.
The MEPs’ crackdown on unhosted wallets is intentional. In March, Guillaume Valette-Valla, the director of France’s anti-money laundering body Tracfin, told lawmakers that unhosted wallets were being used to fund terrorism and child sexual abuse.
EU lawmakers consider that money coming from there is more likely to have a criminal origin as virtually all dark web marketplaces use hosted wallets to execute payments. Therefore, the idea is to shed light on when the regulated and unregulated sectors interact.
“The identity of unhosted wallet-holders needs identification – just like you need to identify yourself when you deposit money at the bank,” said centre-left lawmaker Paul Tang.
Moreover, the Parliament’s text gives the Commission the power to introduce additional measures after one year to mitigate the risks related to unhosted wallets, including restricting transactions.
“If adopted, this revision would unleash an entire surveillance regime on exchanges like Coinbase, stifle innovation, and undermine the self-hosted wallets that individuals use to securely protect their digital assets,” wrote Paul Grewal, Coinbase’s chief legal officer in a blog post.
While the crypto community mobilised to counter these legislative measures, the US crypto exchange platform Coinbase took a particularly aggressive stance by calling on all its clients to send emails to MEPs and set up an automated system.
“There is no precedence for this kind of surveillance regime,” said the email Coinbase sent to its customers, stressing that if banks were subject to this kind of scrutiny, they would push back as they are doing now.
“The US tech giant Coinbase has been orchestrating a flood of identical emails to MEPs to intervene with the vote on Thursday,” said leftist MEP Martin Schirdewan. “A billion-dollar corporation like Coinbase is not interested in the privacy of EU citizens or the effectiveness of EU law enforcement.”
As a result, MEPs are receiving hundreds of emails – more than 600 at the time of publication. However, this kind of approach might, in fact, prove counterproductive. The EU Council also tried to deal with hosted wallets but did not go as far as the Parliament.
“This is a sector that wants to be taken seriously and become an important part of the economy but refuses to take responsibility,” a parliamentary official told EURACTIV.
[Edited by Nathalie Weatherald]