On January 16, 2024, the European Banking Authority (EBA) extended its existing guidelines on money laundering (ML) and counter-terrorist financing (CTF) risk factors to cover crypto-asset service providers (CASPs). The amended guidelines highlight ML/CTF risk factors and mitigating measures that CASPs need to consider, representing an important step forward in the EU’s fight against financial crime.
The European Banking Authority is a regulatory agency of the European Union and is tasked with implementing a standard set of rules to regulate and supervise banking across all EU countries. The EBA is focused on promoting a stable and effective European financial system. To that end, it has recently extended Anti-Money Laundering guidance to crypto, in recognition of the fact that CASPs can be used for illicit financial activities.
The goal of the amendments is to help CASPs identify these risks and understand how they can implement measures to effectively mitigate them. They emphasize understanding customer profiles, product offerings, delivery channels, and geographical factors that influence ML/CTF risks. Based on these risk factors, CASPs can develop understanding of their customer base and identify which part of their business or activity is most vulnerable to ML/CTF. The guidelines also explain how CASPs should adjust their mitigation measures, including through the use of blockchain analytics tools.
The evolving regulatory landscape signals a shift from viewing compliance tooling as optional to considering it a necessity for CASPs. While the amended guidelines do not mandate specific tools, the amendments’ explicit recommendation to integrate advanced blockchain analytics tools emphasizes their crucial role in identifying and mitigating ML/CTF risks.
CertiK's SkyInsights is a compliance and risk management tool that is designed to help crypto and virtual asset service providers meet the evolving standards set by regulatory authorities around the world.
SkyInsights is an all-in-one intelligence platform, enabling CASPs to monitor threats, mitigate risks, and ensure compliance with regulatory standards and requirements.
If you want to try out the interface before reading on, get a risk score for any Ethereum or BNB Chain wallet for free with the SkyInsights demo.
The guidelines require that CASPs have appropriate procedures and systems in place to monitor all types of transactions and crypto-assets. Additionally, amendments to Guideline 4.60 draw attention to red flag indicators of unusual transactions. These include transactions that are more frequent than usual or transactions involving small amounts without an obvious economic rationale. In this context, the need for detailed transaction monitoring systems becomes evident.
The customizability of compliance tools, like SkyInsights, adapts to CASPs’ needs, offering real-time transaction monitoring, transaction alerts, and an intuitive interface that supports the creation of custom parameters and monitoring groups. CASPs can set specific thresholds based on their risk analysis and identify these “unusual” transactions as defined by the EBA.
The EBA also amends guidelines on enhanced Customer Due Diligence (CDD), pushing for more frequent and in-depth assessments using crypto-asset investigation tools. CASPs are encouraged to apply advanced analytics tools to assess risks, particularly in transactions involving self-hosted addresses, as it allows the CASP to trace the history of transactions and to identify potential links with criminal activities, persons, or entities.
SkyInsights enhances risk identification beyond standard screenings, with information drawn from the Office of Foreign Assets Control (OFAC), Politically Exposed Persons (PEP), and Watchlists. The SkyInsights platform leverages databases with billions of data points managed by CertiK that cover scams, attacks, and malicious actors, providing CASPs with an invaluable resource for identifying potential links to criminal or illicit activities.
Navigating the regulatory and compliance standards can be challenging for CASPs without specialized compliance tooling. Engaging with a provider like CertiK allows CASPs to focus on their core business, confident that compliance is in the hands of experts.
The European Banking Authority is standardizing how Crypto-Asset Service Providers across the EU should implement Anti-Money Laundering/Counter-Terrorist Financing (AML/CTF) measures in line with the risk-based approach. Effective December 30, 2024, the updated guidelines will incorporate crypto-asset services within the EU's regulatory framework, mandating CASPs to adhere to AML/CTF regulations and oversight. This alignment with international standards aims to effectively manage and mitigate the risks associated with money laundering and terrorist financing in this sector.
This initiative by the EBA marks a shift in the regulatory landscape, a trend mirrored globally as authorities strengthen guidance on crypto activities, particularly in AML/CTF. In 2023, South Korea legislated to regulate cryptocurrency markets, aiming to enhance investor protection, with enforcement starting in July 2024. Turkey is also moving in a similar direction. Turkish Treasury and Finance Minister Mehmet Şimşek recently outlined upcoming crypto regulations, focusing on defining key crypto terms legally, licensing trading platforms, and aligning with the Financial Action Task Force (FATF) standards.
These developments in South Korea, Turkey, and the EU via the EBA reflect a global move toward tighter control and regulation of the cryptocurrency sector. As these regions intensify regulatory measures for virtual asset services, it becomes increasingly important for crypto and virtual asset service providers globally to establish and maintain stringent compliance frameworks. Blockchain analytics and compliance tools like SkyInsights are essential in identifying and addressing risks linked to money laundering and terrorist financing. Looking ahead, we can anticipate further developments as more regulatory authorities around the world begin issuing similar guidance, making it imperative for service providers to address compliance standards sooner rather than later.