On the 9th June 2018, the EU Commission brought crypto-fiat exchanges and custodian wallets under the anti-money laundering regulation vide the Fifth Anti-Money Laundering Directive (5MLD).

This requires cryptocurrency exchanges to perform KYC/Customer Due Diligence (CDD) on customers and fulfil standard reporting requirements. The Directive clearly mentions that while cryptocurrency is broadly considered legal across the member states, cryptocurrency exchange regime and taxation on crypto profits depend upon the regulations of individual member states. The 5th AMLD seeks to bring the unregulated digital currency sector under mandatory anti-money laundering legislation.

This brings the EU bloc on par with some of the leading regulators across the world, including the U.S. and Australia. The law brings legitimacy and regulation to the cryptocurrency industry, while aiming to counter the risks of money laundering and terrorists financing arising from cryptocurrency.

Member states are obliged to transpose the modified regulations into national law by January 20th 2020, latest.


The 5th AMLD defines:

Cryptocurrency as “a digital representation of value that can be digitally transferred, stored or traded and is accepted by natural or legal persons as a medium of exchange”..

Virtual Currency Exchange Platforms (“VCEPs”) as providers engaged in exchange services between virtual currencies and fiat currencies” i.e. crypto-fiat currency exchanges

Custodian Wallet Providers (“CWPs”) as providers of “custodian wallets” or cryptocurrency wallet services; where the service provider holds the users’ private cryptographic keys “to hold, store and transfer virtual currencies”.

Beneficial Owners as “any natural person(s) who ultimately owns or controls the customer, and/or natural person(s) on whose behalf a transaction or activity is conducted.”




Who and what is covered?

Under this Directive, two types of cryptocurrency businesses are covered:

  • virtual currency exchange platforms
  • custodian wallet providers

These are the ‘obliged entities’ under the new law to follow the same regulations as banks and financial institutions.

Such ‘obliged entities’ will be required to implement measures to counter money laundering and terrorist fundraising.  KYC, CDD and transaction monitoring are compulsory obligations to be fulfilled. Maintenance of comprehensive records and reporting of suspicious transactions, are also required.

The 5AMLD makes it obligatory for crypto-to-fiat-exchanges and custodian wallet providers to register with the national agencies. Each of the EU’s 28 member states is covered by the 5AMLD.

Member countries are required to

  • Establish central databases, listing virtual currency users (the identities, wallet addresses), together with self-declaration forms submitted by virtual currency users.
  • Define ‘virtual currencies’ and ‘CWPs’, and lay down the governing AML/CTF regulations.

Special Focus on Risks associated with ML/TF

The EU Directive focuses on the risks associated with the use of virtual currencies, in particular naming

  • proceeds of crime launder through virtual currencies, anonymously and globally,
  • use of virtual currency remittance systems for terrorist or illicit activity financing,
  • the anonymity of virtual currency that enables criminals or terrorists to disguise the origins of proceeds, compromising the work of law enforcement agencies.

EU Guidelines for AML/CTF compliance of crypto businesses in member countries

Each EU member country is obliged to

a)     Maintain a “Register of Ultimate Beneficial Owners” (UBOs) that will contain information of the beneficial owner’s date of birth, country of residence, nationality, and the nature and extent of the beneficial interest held. Registers of UBOs are to be made publicly accessible, and inter-connected at pan-EU level for exchange of information to strengthen their UBO verification mechanisms.

b)     Maintain a PEP List of prominent politically exposed public functions to make easier for smaller compliance teams or SMBs, to identify PEPs while screening risks.

Member states must define a PEP within its national jurisdiction, and also include information from international databases in its list.

c)     Maintain centralised registries or electronic data retrieval systems to identify entities holding or controlling payment accounts, bank accounts, and safe-deposit boxes. The national Financial Intelligence Units (FIUs) of member states are to be allowed direct, access to the registries.




EU regulations for sanctions/PEP screening and beneficial ownership

KYC/Verification of Beneficial Ownership – Prior to any new business relationship or customer onboarding, “obliged entities” are required to perform KYC checks including validating against the corresponding beneficial ownership register in the EU.

“Obliged entities” should notify if any discrepancies are found in the beneficial ownership information on the registers while conducting CDD /KYC.

PEP and Sanctions Screening – Any PEP calls for enhanced due diligence.

Obligations of crypto businesses under 5AMLD

All cryptocurrency “obliged entities” across the EU bloc are to register themselves with the FIU, with complete details of ownership structures. They are to perform the sanctions screening and enhanced CDD measures and check against the EU centralised registries of UBOs, PEP lists and high-risk countries.