New European regulation will oblige crypto service providers to perform KYC

European parliament regulators voted in favor of the MiCA (Markets in Crypto-Assets) regulation and the FATF (Financial Action Task Force) regulation by the end of 2022. The new requirements have a direct impact on the operation of companies that issue cryptocurrencies or provide related services.

What is MiCA about?

It is an important step towards establishing a consistent and common regulatory framework for the European cryptocurrency market. It defines the regulations that companies that carry out activities related to crypto assets, the CASPs (Crypto Asset Service Providers), also called VASPs in the United States (Virtual Asset Service Providers), must comply with to operate in the 27 markets of the union.

The main objectives sought by the EU with the MiCA regulation are:

1. Contribute to technological development: promoting the reception of transformative technologies through the security provided to entrepreneurs and investors by clear international regulations.
2. Consumer protection: transparency and information requirements, with the aim of ensuring that consumers have access to clear and accurate information on the CASP.
3. Transparency: reporting requirements to the authorities, with the objective of ensuring compliance with the CASP.
4. Financial stability: solvency and risk management requirements for CASPs, with the objective of ensuring the stability and solvency of these markets.
5. Liability of CASPs for damages caused by negligence or malpractice.

The TFR regulation (EU 2015/847) is the transposition of the recommendations of the international body that defines the mechanisms for protection against money laundering and terrorist financing (FAFT or FATF in English, Financial Action Task Force) to the European regulatory framework.

Recommendation 16 of the FATF, known as the “Travel Rule”, requires CASPs to identify, store and share originator and beneficiary data for transactions up to a limit of 1,000 euros.

• 1,000 must be collected from the originator (name, account number, address, national identity number, date and place of birth, and user number) and the beneficiary (name and account number).
• For transactions under 1,000 euros, the originator and beneficiary (name and account number or unique transfer identifier) must be collected.

Does the regulation affect you?

If you are a company conducting a crypto asset-related activity in the European Union (so-called CASP companies), you are affected.

Non-EU crypto asset companies conducting business for EU clients must also comply with the requirements. NFT products, which fall outside the regulation as they are considered unique non-exchangeable assets, do not.

What are the implications?

CASP will be obliged to do due diligence on all clients in order to share information when the client performs a transaction:

• Identify the client (name, address, date of birth, place of birth, etc.)
• Verify that the customer is not a sanctioned person.
• Store personal and ML/TF (Money Laundering/Terrorist Financing) prevention data
• Transfer the data together with the transaction

Depending on whether the CASP is conducting the transaction on behalf of an originator or a benefactor, it will be required to collect and transfer personal and ML/TF information, or receive data from the originator and check the receiving data.

How can a CASP ensure compliance?

The most efficient way to comply with the new requirements imposed by TFR is through a KYC and AML process during the client registration process. In this way, the CASP already has the necessary data to allow customers to operate as freely, quickly and efficiently as expected.

A solution such as Alice Onboarding enables CASPs to achieve simple and frictionless compliance by collecting, verifying and storing the customer’s personal information during the onboarding process itself, while at the same time performing anti-money laundering screening with regulatory databases.

Alice Onboarding enables CASPs to be fully compliant by performing a complete KYC/AML process within Europe and in compliance with GDPR.