Controversies surrounding application of money-laundering regulations generate legal uncertainty for businesses operating in the field of digital currencies.
Bitcoin does not exist in a legal vacuum, as we discussed in our report on virtual currencies. But often the law is not tailored to suit the specific nature of cryptocurrencies. In Poland, the Payment Services Act and the Foreign Exchange Law are a good example. It’s pretty clear that under the current state of the law, these acts do not apply to bitcoin and similar digital currencies. But there are many other regulations that raise doubts in this respect. These include anti-money-laundering (AML) regulations.
Why apply AML regulations?
AML regulations are designed to prevent introduction into legal circulation of money (or other assets) derived from illegal sources or intended for financing criminal activity (e.g. terrorism).
Experience with cryptocurrencies going back several years has shown how convenient a tool they are for criminals. Bitcoin and other cryptocurrencies are commonly used, among other things, as a medium of exchange and a settlement unit on illegal markets on the “dark net.” With decentralisation, the high degree of anonymity (or “pseudonymity”), and speed of transactions between any points of the globe, cryptocurrencies are ideal for covering the traces of their true origin and for financing illegal activity.
For example, funds obtained through cybercrime (e.g. fraudulent alteration of the account number of the recipient of a bank transfer) may quickly be converted into bitcoin on one of the many exchanges. The ability to track the funds further (who received the funds next and their final destination) is greatly hindered or blocked completely. There are also cryptocurrency “laundries” on the Internet organising numerous transfers of funds to created address, and splitting and recombining the funds multiple times—again making it extremely difficult to determine where the illegally obtained funds have gone.
For these reasons, it has been proposed that AML regulations, requiring identification of the customer, verification of the parties’ identity, and registration of suspicious transactions, be applied to businesses operating in the area of cryptocurrencies. This refers in particular to exchanges and similar firms that convert traditional currency into digital currencies and thus serve as an interface between traditional money and digital currency systems. They act as the gateway through which funds deriving from crimes, for example, may flow into or flow out of the financial system.
Extending AML regulations to such firms is being considered in numerous countries around the world (such as Australia and the UK), and in the US this has already happened. The Financial Action Task Force has also issued recommendations on this matter.
In the European Union, numerous voices have been raised seeking to subject bitcoin exchanges and other such firms to AML regulations. For example, in an opinion issued in 2014, the European Banking Authority concluded that EU legislators should consider recognition of digital currency exchanges as institutions covered by the 3rd AML Directive (2005/60/EC).
The 3rd AML Directive lists the entities subject to this regulation (under the Polish act implementing the directive, they are referred to as “obligated institutions”). The list of these entities is long, but it does not appear that bitcoin exchanges and other entities intermediating in the trade in cryptocurrencies as part of their main business can be regarded as obligated institutions.
A new, 4th AML Directive was adopted in May 2015. EU member states are required to implement it into national law by 26 June 2017, when the repeal of the 3rd AML Directive will also take effect. However, the 4th AML Directive changes little from the viewpoint of businesses operating in the field of cryptocurrencies. Digital currency exchanges are still not included among obligated institutions.
But a gap-filling provisions already included in the 3rd AML Directive (Art. 4(2)), under which member states “shall ensure” that coverage of the directive be extended to other entities “which engage in activities which are particularly likely to be used for money laundering or terrorist financing purposes,” has been retained.
The approach taken in Poland’s implementation of the 3rd AML Directive (the Act on Combating Money Laundering and Financing of Terrorism) tracks the EU legal framework described above. Thus bitcoin exchanges are not included among obligated institutions, at least so long as they do not qualify as a payment institution, bank or other institution deemed by the act to be an obligated institution.
The act does regard entities conducting currency exchange as obligated institutions. It is commonly recognised today that “currencies” for purposes of this regulation should be understood to mean only cash or bank money (and not for example cryptocurrencies), although there is a risk that this interpretation could change in the future.
Legal framework still unclear
The lack of formal coverage of cryptocurrency exchanges and similar firms by the AML regulations does not change the fact that they are entities particularly exposed to the occurrence of money laundering via the services they offer.
It should also be borne in mind that even though the AML regulations do not cover cryptocurrency exchanges, transactions conducted via these exchanges could still violate the criminal prohibition against money laundering (Penal Code Art. 299 §1). In such cases, it cannot be ruled out that managers or staff of cryptocurrency exchanges could be charged as accessories to the crime of money laundering.
Exchanges and other entities intermediating in cryptocurrency trading thus find themselves in a delicate situation. On one hand they are not covered by AML regulations, but on the other hand they are exposed to the risk of participating (even unawares) in the money-laundering process, for which they could face criminal liability. This state of affairs generates great uncertainty on the market, and could for example bring them into conflict with banks, which might demand that they voluntarily comply with AML regulations, e.g. by identifying their customers.
Some legislative intervention is therefore required. The most likely scenario is that the AML regulations will be extended to cover bitcoin exchanges, even though the 4th AML Directive does not expressly require this. The issue is thus left up to the discretion of Poland’s lawmakers.