A comparative evaluation of regulatory approaches to blockchain cryptocurrencies in the United Kingdom, United States and Hong Kong

1 Title:

A comparative evaluation of regulatory approaches to blockchain cryptocurrencies in the United Kingdom, United States and Hong Kong.

Research Question:

Drawing on lessons learned from the experience of the United States and Hong Kong, to what extent will the UK's implementation of 5AMLD achieve financial stability in relation to the regulation of blockchain cryptocurrencies?

Abstract

The UK recently implemented 5AMLD and made several notable departures from the overarching Directive. This thesis will address the research question above by answering whether the UK’s implementation will achieve Financial Stability (FS). The core objective we must address is on how the UK has impacted FS and whether this can be improved through recommendations based on USA/NY and HK. This will be achieved firstly through a literature review of AMLD criticisms and provisions which we will evaluate considering FS. This will then be followed by comparison of our three jurisdictions before evaluating how well each achieved FS, and finally producing recommendations for the UK approach based on USA/NY and HK. Our key argument throughout will be that AML/CTF regulation must be balanced against FS in terms of preserving market liquidity and measuring the scale of its potential risks so adequate safeguards can be enacted. We will conclude that the UK achieves FS to a higher level than 5AMLD and HK, but that our two recommendations, primarily based on NY, will increases its achievement of FS even further.

2 Table of Contents:

Introduction ... 3

1. Framework: FS ... 5

2. Background of blockchain technology and our cryptocurrency focus ... 7

2.1. Definition ... 7

2.2. Narrowing of our scope to cryptocurrencies... 8

2.3. Current uses of technology and the wider impact this may have on Financial Stability.... 9

2.4. The previous regulations under EU Law (4AMLD) ... 10

2.5. FATF Guidance for a Risk-Based Approach – June 2019 ... 11

3. 5AMLD Directive: Background and flaws ... 12

3.1. Proposed amendments and the goals they intended to meet ... 12

3.2. Expected impact this regulation will have on cryptocurrencies in terms of FS... 16

3.3. How market participants have reacted to this impact: is this justified by the FS upside? 17 4. Jurisdictional comparison: UK, USA and HK... 21

4.1. UK ... 21 4.2. USA ... 23 4.3. HK ... 25 4.4. Comparison ... 27 4.4.1. Scope of Regulation ... 27 4.4.2. Implementation ... 28 4.4.3. Enforcement Mechanisms ... 28

4.4.4. “Registration, “Licensing” and Jurisdiction ... 29

4.5. Evaluation considering FS ... 29

5. Recommendations for the UK ... 33

6. Conclusion ... 34

3 Introduction

This thesis will evaluate to what extent the implementation of 5AMLD in the UK will achieve financial stability (FS), with the USA (New York) and HK used as comparative examples that we can learn from.

The first section builds on our thesis objective and details the FS framework we will evaluate considering. It describes sub-sets of FS from which our evaluation will stem (mechanism for payment and minimisation of risk), the concept of FS, its relevance to 5AMLD, and narrow our scope through establishment of the presumption that economic growth will follow from FS. FS will be linked to 5AMLD through their shared goals of equalising regulation and minimising ‘dark economy’ risks. We finally explain how we will employ the functional method for our comparative analysis.

The second section provides required background knowledge of blockchain for our comparative evaluation. We will define blockchain, in 2.1, through various European level definitions before establishing which one is suited for our discussion. It will then narrow the discussion to purely cryptocurrencies and virtual currencies, in 2.2, as this is the only function of blockchain that has enough developed legislation for us to draw a substantive conclusion from on the impact of regulation. It will do this by providing examples, in 2.3, of how regulation can impact one application of blockchain technology and the implications this may have for FS. It will then briefly comment on 4AMLD, in 2.4, and how this did not apply to cryptocurrencies, with this oversight requiring remedy under 5AMLD. This section will conclude with an outline in 2.5 of the FATF Guidance, which is relevant across all three comparative jurisdictions, and has heavily influenced the development of 4/5AMLD.

The third section begins, in 3.1, by introducing 5AMLD and the four tensions that it was intended to address (anonymity, cross-border reach, scope, and overregulation concerns); these will be commented on from a FS perspective. It will then walk-through the proposed changes and analyse why the chosen route was inevitable. This is followed by discussion on how these changes were implemented and explain why the chosen definition of “virtual currencies” creates a gap that undermines FS. The second part, 3.2, will outline the “Silk Road” as an example of abuse that failure to regulate effectively can have, before proceeding onto how incidents such as this can negatively impact FS if left unchecked. It will then comment on how ECB fears meant this definition was linguistically neutered to prevent excessive legitimisation of cryptocurrencies. The third part,3.3, will highlight the three key practical implications of

4

5AMLD (improving transparency, cross-border verification, and AML/CT rules now applicable) before evaluating market participant fears, such as its unclear border scope, considering FS. It will show that some of these academic and industry fears hold true but that they are mostly remedied by the UK’s implementation.

The fourth section introduces our three comparative jurisdictions, 4.1 to 4.3, before comparing and evaluating them under our FS framework. We will firstly outline the UK’s implementation of 5AMLD, how its background consultations ensured that the gaps shown in section 3 were fully addressed and the unique aspects of its FCA enforcement mechanism. It will secondly outline the USA at both a Federal and State, New York, level. We have chosen the USA as at a Federal level it closely mimics the UK, and thus provides a similar starting point, but its State-level implementation of “BitLicense” creates a divergence that provides a counter-balance to the “registration” only view taken in the UK. Furthermore, its position as London’s main financial rival provides an example of how jurisdictions with similar FS concerns have responded in different manners. It will thirdly focus on the liberal hands-off approach taken in HK, because of its proximity to China, the main source of “mining”, the presence of several key cryptocurrency players, and given its approach contrasts with the UK/USA by focussing on consumer awareness due to its very limited definition of “virtual currencies”. Therefore, we have both a structurally similar and contrasting jurisdiction that we can learn from. The second part of this section, 4.4 to 4.5, will compare similarities and differences between our jurisdictions from four angles. These angles are its “scope of regulation”, “implementation”, “enforcement mechanisms” and whether they chose a “registration” or “licensing” method. This will lead into our third and final part where the three jurisdictions are evaluated using FS as the framework. In particular, how the UK approach achieves FS to a higher level than 5AMLD, the benefits of “BitLicense” and a “Sandbox” approach for FS, how HK’s “opt-in” proposal is flawed for FS and mistakes in NY but that the UK can partially learn from these, and finally that the UK should consider adoption of the USA enforcement standard in some circumstances.

The fifth and final section follows on from the evaluation in prior sections. It concludes by recommending that 1) the UK adopts an incentives-based approach combined with a NY-style “license” and 2) regulatees are split into groups based on their relative risk-level with those of greatest threat exempted from recommendation 1.

5 1. Framework: FS

The objective of this thesis is to determine how the implementation of blockchain cryptocurrency regulation in the UK will impact FS. It will do this from a comparative AML/CTF perspective of FS with the focus centred on whether the implementation of 5AMLD regulations will contribute towards a strong system, in terms of maintaining FS, within the UK. The implications of 5AMLD will be confined to cryptocurrencies and virtual currencies as they are currently the only function of blockchain with developed regulation. They will therefore provide a model for future blockchain innovation, so that FS is preserved without undercutting the technology’s benefits.

FS is defined by the Bank of England’s most 2017 Annual Report as “the consistent supply of the vital services that the real economy demands from the financial system”, which breaks down into “providing the main mechanism for paying”, insuring against and minimising risk, and playing a middleman role between savers and borrowers.12 _{Our analysis will focus purely} on the first two elements, as the core function of cryptocurrencies is that the middleman is removed, and this last aspect is therefore not relevant at present. Firstly, “main mechanism for paying” is essential, as a system which prevents (virtual) money flowing will have knock-on implications in activities it is connected to; this is increasingly the case as institutional investors bring cryptocurrencies onto their balance sheets.3 _{Secondly, insuring and minimising risk is} only possible when you a) know the scale of what you must cover and b) requires that the risk is minimised so the costs of this are reduced. This links into AML/CTF regulations as they firstly ensure that cryptocurrencies are equally regulated and not an anomaly within the financial system as they become further integrated, and secondly that risks from pushing cryptocurrencies into the ‘dark economy’ are reduced.

The key function of FS is minimising systemic risks and ensuring that participants are regulated sufficiently so that the overall system can absorb shocks. The Report, at page 22, notes that “eMoney” services may pose a future risk in terms of concentrating failure points to one currency, the independence of the underlying ledgers removing risk prevention safeguards, and that financial stability requires a constant focus on new developments. Furthermore, Mark

1 _{Bank of England, 'Annual Report and Accounts' (BOE, 28 February 2017)} <https://www.bankofengland.co.uk/-/media/boe/files/annual-report/2017/boe

2017.pdf?la=en&hash=E221A208FBD6BF5F95AEF2E468BC2FD135EF8525#page=38> 2 _{Bank of England, 'What is Financial Stability?' (BOE)}

<https://www.bankofengland.co.uk/knowledgebank/what-is-financial-stability>

3 _{Sebastian Sinclair, 'Rising Institutional Investment Setting Pace For Future Crypto Growth' (Coin Desk, 6th} July) <https://www.coindesk.com/rising-institutional-investment-setting-pace-for-future-crypto-growth>

6

Carney noted that although financial stability is not currently threatened, this would change once cryptocurrencies become an effective alternative to fiat currencies. He notes the need for balancing the positives of innovation with the threat they pose to AML/CTF, if standards are not adapted, and that they must be brought into the regulatory system so the risk to financial stability is minimised.45 A 2018 ECB assessment further notes that there is no material risk to the financial stability of the euro area because their combined value is relatively small, but that their increased integration in the wider financial sector may change this.6 Once more, the AML/CTF objective is defined by the ECB as protecting “the stability and integrity of the European financial system”.7 _{We have therefore established that FS may soon be at risk and} AML/CTF regulation must reflect this.

It is accepted practice that economic growth is the counter-side of objectively strong FS but this research will narrow its scope onto the issue of FS alone with the assumption that economic growth will follow as a result.8 _{This is particularly apt as despite cryptocurrencies having a} market capitalisation that rivals major banks, they have historically been subject to almost no regulation and there have been multiple accusations of facilitating money laundering or the financing of terrorists. This will be elaborated on in section 2.

Given the discussion above, FS is an appropriate benchmark for our analysis as it is an underlying policy goal of the implementation of 5AMLD and is of growing importance, given three years have passed since the cited references, with cryptocurrencies usage rapidly growing and raising the threat-level to FS.9 This holds true in other jurisdictions too. In the USA, Governor Quarles has previously noted the need for concern about financial stability in relation to cryptocurrencies if its adoption increased and this has led to suggestions that a more

4 _{Mark Carney, 'The Future of Money' [2018] Bank of England Speeches, [9]-[11]}

<https://www.bankofengland.co.uk/-/media/boe/files/speech/2018/the-future-of-money-speech-by-mark-carney.pdf?la=en&hash=A51E1C8E90BDD3D071A8D6B4F8C1566E7AC91418> accessed 18 July 2020 5 _{Steve Browning, 'Cryptocurrencies: Bitcoin and other exchange tokens' [2020] 8780 House of Commons} Briefing Paper 19

6 _{ECB Crypto-Assets Task Force, ‘Crypto-Assets: Implications for financial stability, monetary policy, and} payments and market infrastructures’ [2019] 223 ECB Occasional Paper Series 4.2

7 _{Yves Mersch, 'Anti-money laundering and combating the financing of terrorism – recent initiatives and the} role of the European Central Bank' [2019] BIS Speeches <https://www.bis.org/review/r191115i.htm> 8 _{William C Dudley, 'Financial Stability and Economic Growth' [2019] Federal Reserve Bank of New York <} https://www.newyorkfed.org/newsevents/speeches/2011/dud110923#:~:text=First%2C%20a%20stable%20fina ncial%20system,prerequisite%20for%20sustainable%20economic%20growth.&text=It%20also%20underscores %20the%20importance,financial%20system%20and%20the%20economy.>

9 _{Jennifer Rudden, 'Bitcoin market capitalization quarterly 2013-2020' (Statista, 1 July 2020)} <https://www.statista.com/statistics/377382/bitcoin-market-capitalization/>

7

proactive regulatory response should be taken so the financial system is future-proofed without harming its potential advantages.10

This thesis will utilise the functional method by comparing current AML/CTF approaches to cryptocurrencies within the UK against the USA and Hong Kong as comparative jurisdictions, for the reasons highlighted in the introduction.

2. Background of blockchain technology and our cryptocurrency focus

This section will define blockchain, establish what this thesis considers a “cryptocurrency” and show how its growing importance justifies discussion of future impact on FS.

2.1: Definition

At the EU level, ENISA defines blockchain as a “public ledger consisting of all transactions taking place across a peer-to-peer network”.11 _{This is supplemented by the European} Commission which defines it as “a technology that allows people and organisation to reach agreement on and permanently record transactions in a transparent way without a central authority”.12

Blockchain’s data structure consists of linked blocks that cannot be changed without its successor/predecessor adapting, and therefore this cryptography ensures transaction integrity without reliance on a trusted central authority (i.e. a traditional bank).13 This security is based on an unique identification hashes which refer to the preceding one and any changes cause collapse of the chain. These blocks each contain confirmed transactions that have been executed at a particular time, and their confirmation is reliant on “miners” solving algorithms which then add them to the preceding block. Thus, trust is maintained through four features: verification of each transaction against pre-set criteria, validation through mining, validation of new blocks by existing nodes against criteria and new blocks based no highest computational effort. The combination of these measures ensures alteration of transactions is not possible and integrity is fully secured without a central authority.

10 _{Michael Held, 'U.S. Regulations and Approaches to Cryptocurrencies' [2019]} <https://www.newyorkfed.org/newsevents/speeches/2019/hel191212>

11 _{ENISA, 'Blockchain' (ENISA Glossary)} <https://www.enisa.europa.eu/topics/csirts-in-europe/glossary/blockchain>

12 _{European Commission, 'Blockchain Technologies' (Europa Policy)} <https://ec.europa.eu/digital-single-market/en/blockchain-technologies>

8 2.2: Narrowing of our scope to cryptocurrencies

Cryptocurrencies and virtual currencies are the primary use of blockchain at present, but there is evidence that usage is shifting towards wider activities.14 These are developing concerns and sufficient regulation has not developed in response yet for substantive analysis. Therefore, our focus will be on blockchain-based currencies and the regulatory responses.

We must briefly distinguish between the four primary forms of blockchain.15 Public permission-less and permissioned blockchains, private permission and permission-less blockchains. This research will confine its focus to public permission-less blockchains given its central role in the current two major cryptocurrencies, Bitcoin and Ethereum. This structure requires theoretical equality and this approach means there is no centralised management or authority that can be required by law the report data, keep data, or even respond to legal process. This is subject to two exceptions. Firstly, that “miners” perfect verification or validation but are not exposed to all participants. Secondly, that these transactions are open-to-view and timestamps through the chain mean individual identities can be revealed if addresses are followed backwards.

Cryptocurrencies emerged as a buzzword about the mechanism of cryptography which transforms information so it can only be deciphered by someone who holds a “secret key”. Conflation with blockchain as a whole is common, and over-regulation beyond its borders may infringe the wider benefits of the underlying technology. Multiple definitions have been touted which the European Parliament summarised as:

“a digital representation of value that (i) is intended to constitute a peer-to-peer (“P2P”) alternative to government-issued legal tender, (ii) is used as a general-purpose medium of exchange (independent of any central bank), (iii) is secured by a mechanism known as cryptography and (iv) can be converted into legal tender and vice versa”.16

14 _{Coinmarketcap, 'Top 100 Cryptocurrencies by Market Capitalization' (Coin Market Cap)} <https://coinmarketcap.com/>

15 _{SJ Hughes, 'Gatekeepers are vital participants in AML Laws and enforcement regimes as permission-less} blockchain based transactions pose challenges to current means to follow the money ' [2019] 2764 Maurer School of Law Research Paper

<https://www.repository.law.indiana.edu/cgi/viewcontent.cgi?article=3764&context=facpub> accessed 17 July 2020 [5]

16 _{European Parliament Tax 3 Committee Study, ‘Cryptocurrencies and blockchain: Legal context and} implications for financial crime, money laundering and tax evasion’ [2018] PE 619.024

9

They are therefore a form of virtual currency that are digital assets which utilise encrypted algorithms for the creation, transferring and securing media of exchange.17 The key participants in the cryptocurrency arena are users, miners, exchanges, trading platforms and wallet providers. Cryptocurrency exchanges allow transference of virtual coins for fiat currency, whereas trading platforms provide a direct marketplace to connect coin-owners and seekers. In practice, Bitcoin is the most common usage with at least 124 billion of market capitalisation at present.18 Its differentiating feature is that their creation is automated and limited by the system’s internal algorithm. This removes the need for central authority issuance and intervention. In practice it is anonymous but there are costly methods that can lift this, hence its phrasing as pseudo-anonymous currency. To follow on from our framework, this market capitalisation has historically not had regulation to match. For example, we will see in section 3 how before AMLD5 there was no regulation of market participants involved in cryptocurrencies, and even now under the Directive it is still relatively minor compared to PSD2 requirements.

2.3: Current uses of technology and the wider impact this may have on Financial Stability The regulation of cryptocurrencies is key as it provides a model for preservation of financial stability, once blockchain is extended across the market in other areas. In future, it will allow judgement on whether FS has been preserved at the expense of innovation. The CBI estimates that fifty-eight industries could be completely transformed through the integration of blockchain technology.19 One example of cryptocurrencies having wider systemic implications is cited; OpenBazaar has decentralised the trust formerly reserved for online marketplaces (e.g. Amazon) and switched it to the sellers themselves without the need for a traditional middle-man. This advance is reliant on the data storage that cryptocurrencies provide. Therefore, no fees or restrictions for merchants are required but this also removes a middle-man that would be caught under traditional regulation. Another core, and current example, is Initial Coin Offerings (ICOs), where companies sell crypto-currency backed tokens, a unit of value determined by the offeror, in their companies as a form of crowdfunding, with this now expanded internally into physical retail investments. The Netherlands AFM has warned how

17 _{Travis Gidado, 'The The 5th Anti-Money Laundering Directive and Virtual Currency Regulation in the} European Union ' [2019] Chicago Unbound

<https://chicagounbound.uchicago.edu/cgi/viewcontent.cgi?article=1106&context=international_immersion_pro gram_papers>

18 _{See n(14)}

19 _{CBI, 'Banking Is Only the Beginning: 58 Big Industries Blockchain Could Transform' (CBI Insights, April 2} 2020) <https://www.cbinsights.com/research/industries-disrupted-blockchain/>

10

this already provides a strong avenue for ML/TF as they can be structured in pyramids that allow siphoning of funds from genuine investors into jurisdictions with more limited regulation20; this in turn would affect the liquidity of the cryptocurrency market and threaten one of the FS pillars mentioned in our overarching framework.

Despite this growing importance, academics have commented that firstly Government reluctance will prevent true oversight and integration into the main marketplace with pseudo-anonymity undermining effectiveness; secondly, that Governments’ refusal to lose control over domestic monetary policy ignores that they will without decisive intervention at an early stage.21 The EBA’s report is 2013 raised seventy risks related to virtual currencies but it is their potential facilitation of money laundering that was given the most significance both at the time and by subsequent legislation. The five key areas of concern raised were as follows:

1. That transfer and depositing of virtual currencies is anonymous. 2. Its global nature and lack of jurisdictional checks.

3. Potential source of criminal financing.

4. Illegitimate funds transferred without checks on their origins.

5. Alleged controlling of market participants by criminals and terrorists.

These concerns directly feed into the threat raised to FS and must be borne in mind when evaluating jurisdictions in section 4. For example, 1, 4 and 5 combined could allow illegitimate removal of funds from within the financial system through cryptocurrencies and as such undermine liquidity within the fiat currency system too.

2.4: The previous regulations under EU Law (4AMLD)

Directive (EU) 2015/849 of the European Parliament and the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing or 4AMLD was enacted in response to the Financial Action Task Force (FATF). This is an organisation endorsed by over 180 countries and the cornerstone for international standards. AMLD4 departs from its predecessor by opting for a more targeted and focused

risk-20 _{AFM, 'Initial Coin Offerings (ICO’s): serious risks' (AFM.nl)} <https://www.afm.nl/en/professionals/onderwerpen/ico>

21 _{Michael Pisa and Matt Juden, 'Blockchain and Economic Development: Hype vs Reality' [2017] 107 CGD} Policy Paper Washington DC: Center for Global Development <https://www.cgdev.org/publication/blockchain-and-economic-development-hype-vs-reality>

11

based approach. The new focus was on the prohibition of money laundering and terrorist financing (ML/TF).

However, this does not cover cryptocurrencies as none of the previously mentioned players are included in the list of obliged entities. This led to criticism and the European Commission proposing that cryptocurrencies were included by classing virtual currency platforms and custodian wallets as obliged entities. The EC explicitly noted that although regulation could stifle innovation, as noted by the UK in the 4AMLD discussions, this should be balanced against the legitimacy that 5AMLD would bring them in terms of encouraging the wider public that they are an effective alternative to fiat currencies and not just a tool for ML/TF.22 As such, legitimate providers would benefit from a larger market. This belief is inherent in our framework and encapsulated by the cited sources in section 1 above. These views suggested cryptocurrencies are a threat to FS once this is achieved, and therefore 5AMLD deserves analysis considering FS due to the legitimacy it provides crypto. Yet, this legitimacy argument is not universal as, later noted in section 3, some forms of crypto were banned outright and were fundamentally delegitimatised.

This debate provoked the implementation of 5AMLD elaborated on in section 3. 2.5: FATF Guidance for a Risk-Based Approach – June 201923

The first FATF involvement concerning cryptocurrencies was in June 2014 which defined them and explored potential AML/CFT Risks.24 This was then followed by the 2015 VC Guidance which was the first part of an approach to address the ML/TF risks of virtual currency products and services.25 These were limited to crypto-to-fiat transactions, and not crypto-to-crypto. This development of products, services and new providers meant that clarification of the standards was required so they still applied widely. These were amended in October 2018, so they explicitly applied to financial activities involving virtual assets, with the amended FATF Recommendation 15 requiring service providers are regulated and subject to effective systems for monitoring or supervision. FATF Recommendations 10 to 21 provide mandatory preventive

22 _{Dr Nikolaos Theodorakis, 'The Use of Cryptocurrencies for Illicit Activities and Relevant Legislative} Initiatives' [2018] <https://theartofcrime.gr/the-use-of-cryptocurrencies-for-illicit-activities-and-relevant-legislative-initiatives/>

23 _{FATF, 'Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers'} (FATF-GAFI, 21 June 2019) <www.fatf-gafi.org/publications/fatfrecommendations/documents/Guidance-RBA-virtual-assets.html>

24 _{Ibid. [6]}

25 _{FATF, 'Guidance for a Risk-Based Approach to Virtual Currencies' (FATF-GAFI, June 2015)} <http://www.fatf-gafi.org/media/fatf/documents/reports/Guidance-RBA-Virtual-Currencies.pdf>

12

measures for those involved in virtual asset activities, such as requiring that all transactions are recorded so their pathway can be reconstructed should further investigation be required. Therefore, crypto-to-crypto interactions were also explicitly covered. This was followed by the adoption of new guidance in June 2019 which included new definitions of virtual assets plus virtual asset service providers. It provided a framework for regulation and supervisory mechanisms that could incorporate crypto products in a meaningful sense.

This subsequent adaptation from the FATF combined with the criticism of 4AMLD noted above, led to the creation of 5AMLD so the former criticisms would supposedly be remedied.

3. 5AMLD Directive: Background and flaws

This section will outline how 5AMLD amended the previous legal framework. It will show how the potential cryptocurrency misuse for AML/CTF was mitigated by requiring participants report suspicious transactions26_{; this gap in 4AMLD was commented on in the previous} section.27 _{As per our framework in section 1 above, this was also intended as an indirect method} of ensuring FS across the European Union (EU). This is of relevance to our comparison with the UK, as we will later show in section 4, because its implementation has already remedied several gaps in 5AMLD that threatened FS.

3.1: Proposed amendments and the goals they intended to meet

The 5AMLD Report summarised four key tensions that it believed 5AMLD must successfully address for the minimization of AML/CTF risks.28 The first is that anonymity must be removed so effective monitoring is possible. As noted earlier, anonymity was never technically present but the new requirements for “know-your-customer” outlined below ensure this information is more accessible. This is essential for ensuring financial stability as it provides a scale for which the potential threat it provides can be measured against. Secondly, 5AMLD must clarify how this will apply to cross-border transactions and interact with international regulations. This is required as only regulation that can be applied in practice will effectively prevent regulatory

26 _{Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive} (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU

27 _{L Haffke and others, 'Cryptocurrencies and anti-money laundering: the shortcomings of the fifth AML} Directive (EU) and how to address them' [2020] 25 Journal of Banking Regulation 125-138

28 _{European Commission , 'REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT}

AND THE COUNCIL on the assessment of the risk of money laundering and terrorist financing affecting the internal market and relating to cross-border activities ' [2019] 370(0) Supranational Risk Assessment

<https://ec.europa.eu/info/sites/info/files/supranational_risk_assessment_of_the_money_laundering_and_terrori st_financing_risks_affecting_the_union.pdf>

13

arbitrage and therefore the undermining of financial stability via headquartering in less robust jurisdictions. Thirdly, the regulation must precisely define who will face sanctions, should they be violated. Once more, a threat can only be minimized should the solution work in practice and this must ensure that participants do not simply set-up under a different name immediately after closure. Fourthly, the regulation must balance the need for financial stability with the benefits that the technology itself can provide if fully utilised in future though different applications. As such, overregulation must not occur.

We will now examine the consultations that preceded 5AMLD and discuss whether these sufficiently took FS concerns into account.

EBA’s 2014 opinion proposed a comprehensive regulatory approach that would precisely target virtual currencies and future-proof their long-term impact on FS by ensuring they were fully integrated before they had become established, while ensuring their innovation outside of the traditional financial services sector was not without checks.29 _{This approach was ignored} but their basic suggestion that virtual currencies are classed as “obliged entities”, and therefore ensuring they are subject to AMLD requirements, was accepted. This was previously not included in 4AMLD, primarily due to a then lack of virtual currency prevalence in the Union, until the “Supranational Risk Assessment” took place in the aftermath of the French terror attacks and the growing risks of an unregulated currency financing terrorist activities was laid bare.30

This resulted in the “Commission’s Impact Assessment” which suggested three regulatory options for 5AMLD that would address this growing threat.31 The first was user-targeted and required either mandatory or voluntary registration of users so anonymity could be lifted when required for combatting financial crime and preserving FS. This was not feasible in practice as there was no real way to force mandatory registration given the high costs of manually lifting anonymity for enforcement, the fact true criminals would simply not comply given the minimal risk they would be caught and that the pseudo-anonymity offered by virtual currencies was key

29 _{EBA, 'virtual currencies' [2014] 08 EBA Opinion}

<https://eba.europa.eu/sites/default/documents/files/documents/10180/657547/81409b94-4222-45d7-ba3b-7deb5863ab57/EBA-Op-2014-08%20Opinion%20on%20Virtual%20Currencies.pdf?retry=1>

30 _{See n(28)}

31 _{European Commission, 'Supranational Risk Assessment ' (EC Europa, 26 June 2017)} <https://ec.europa.eu/newsroom/document.cfm?doc_id=45653>

14

in its growth so this could be considered overregulation without true preservation of FS. One may argue that these risks exists in fiat currencies too and is minimised through constant checks and traceability; however, this is not possible with crypto-currencies as they are not issued by the State themselves who can control their flow and therefore this approach cannot be replicated. The second approach was virtual currency exchange targeted with the option of a) bringing VCEs under AMLD due diligence requirements or b) bringing them under the scope of PSD2 (licensing obligation, minimum capital requirements, safeguarding requirements, and consumer protection rules). Option (a) ensured that risk could be minimised by firstly identifying its scale and secondly that the responsibility and thus costs of disclosure were shifted to VCEs from the regulators, with the issues of incomplete compliance in option one removed by outright closing those that declined. Option (b) would have been in line with the full integration approach proposed by the 2014 EBA opinion but it would, in my view, create overregulation to the point that the FS is only preserved by virtue of destroying the characteristics that make virtual currencies an “effective alternative to fiat currencies” (i.e. their separation from the traditional system and less bureaucratic requirements). The third approach was the same as the second but concerned targeting custodian wallet providers. Member States opted for option 2(a) and 3, with 2(b) explicitly rejected for giving virtual currencies too much legitimacy which they feared would promote their use and thus accelerate the FS cliff-edge that Mark Carney predicted. Nonetheless, stakeholders still welcomed any regulatory oversight as it provided some legitimacy and established their importance within the European financial market. Thus, following the reasoning above, the Commission’s Proposal, at page 67, included VCE and CWP as “obliged entities” within the scope of 5AMLD. This preserved the importance of virtual currencies as a method for payment but also minimised risks without undermining incentive to innovate.

We will now outline how this was achieved through 5AMLD so we can fully understand the UK’s implementation which will be detailed in section 4.1.

The proposal was implemented by including “providers engaged in exchange services between virtual currencies and fiat currencies” and “custodian wallet providers” as “obliged entities”.32 CWP is defined as “an entity that provides services to safeguard private cryptographic keys on

15

behalf of its customers, to hold, store and transfer virtual currencies”.33 _{Virtual currencies are} defined by Article (1)(2)(d) as:

“a digital representation of value that is not issued or guaranteed by a central bank or a public authority, is not necessarily attached to a legally established currency and does not possess a legal status of currency or money, but is accepted by natural or legal persons as a means of exchange and which can be transferred, stored and traded electronically.”

This definition undermines the pursuit of FS as it excludes investment and utility based crypto tokens, which means that a key requirement of preserving FS, determining the full scale of cryptocurrency prevalence, will not be met. Academic commentary has divided this definition into five conditions.34 _{Firstly, “digital representation[s] of value” issued by public authorities} are excluded which may cause issues in future as Government issued currencies gain traction. Secondly, any representation that holds the legal status of currency of money is excluded. Thirdly, there is no need for an attachment to a legally established currency. Fourthly, it must be capable of being “transferred, stored and traded electronically”. Fifthly, Article (1)(2)(d) requires that virtual currencies “must be accepted by natural or legal persons as a means of exchange”. This fifth requirement has caused confusion as it can be interpreted in a wide and restrictive sense. The former interprets it as “are accepted as a medium in an exchange” which theoretically covers all types of tokens as it is irrelevant what they may be exchanged for. However, academics and the UK cryptoassets taskforce favour the more restrictive view due to Recital 10 not including any of these potential uses. Thus, the fifth condition is that “only tokens that are accepted by natural and legal persons as an intermediary asset in trade without their traders’ own interest or their own use” are classed as virtual currencies. Therefore, only currency, and not investment or utility, tokens are covered. This has knock-on implications for the coverage of cryptocurrency exchanges as it defines them as “providers engaged in exchange services between virtual currencies and fiat currencies”. Therefore, neither investment nor utility exchanges are covered, and the new regulation has created a gap in its attempts to minimise the FS risks mentioned earlier.

33 _{ibid. [Art 3. (19)]}

34 _{Ekaterina Kashina, 'Current Challenges and Possible Solutions for Anti-Money Laundering Regulation of} Virtual Currencies in the EU and the UK' [2019] Dissertation Institute of Advanced Legal Studies <https://sas-space.sas.ac.uk/9311/1/Kashina%2C%20E%20-%20IALS%20-%202019%20Dissertation%20ICGFREL.pdf>

16

3.2: Expected impact this regulation will have on cryptocurrencies in terms of FS

Leading on from the core tensions above, there are numerous real-world examples of how the current system has been abused, such as the “Silk Road”. The “Silk Road” was initially an illegal online market place within the dark economy for everything from drugs to child pornography, it was closed down but then reopened in 2013 utilising bitcoin for preserving anonymity of its transactions, it has since been shut-down but this was only possible due to a mistake in their blockchain code that allowed theft of the cryptocurrencies and it has

reopened multiple times with the protocol mistake corrected, thus the owner’s cannot be identified.35 Nevertheless, Nakamoto has noted how public blockchains can allow association of transactions for the identification of individuals, which may not have been possible had these illicit activities taken place in cash.36 Furthermore, as Travis notes, there are many examples of money laundering still occurring across EU banks despite high regulation and constant attention of financial actors to potential issues.37 _{Therefore, preservation of FS will} not automatically follow if the risk of cryptocurrencies is minimised in isolation, but this discussion on wider FS methods is beyond the scope of this paper. Lastly, he comments that the greatest challenge will be differentiation between innocuous transfers from illicit ones with a more sophisticated method than currently required by AMLD5.38

As explained in the framework, AMLD5 must bring cryptocurrencies into the existing regulatory framework so the risks they pose to FS are reduced. Firstly, AMLD5 had a key goal of targeting tax evasion through cryptocurrencies and lack of accessible information for empowered authorities to act upon. Unlike AMLD4, cryptocurrency actors are now classified as “obliged entities” and therefore, if requirements are complied with, there will be information for authorities to act. For example, if funds are transferred via a CWP or VCT then the due diligence requirements remove the difficulties of deciphering the former pseudo-anonymity. However, this does not include those using hardware and software wallets or acting through a P2P network unless they voluntarily self-declare. One suspects the targets of AML and CTF regulation will forget to declare their criminal actions. Therefore, 5AMLD leaves a gap for misuse that could have implications for FS if abused. Secondly, previous ECJ caselaw has confirmed that “virtual currencies” should be treated the same as any other means of payment

35 _{Russell Brandom, 'The Silk Road 2 has been hacked for $27 million' (The Verge, 13 February )} <https://www.theverge.com/2014/2/13/5409340/the-silk-road-2-has-been-hacked-for-2-7-million> 36 _{Satoshi Nakamoto, 'Bitcoin: A Peer-to-Peer Electronic Cash System' [undated] 1 Bitcoin.org} 37 _{N(17) [13]}

17

and thus VAT is not payable when they are converted to fiat currencies. As such, one could argue this would provide an avenue for cross-border tax evasion through selective conversion tactics which would once more undermine FS by diluting taxation revenues which flow through the overarching system.39

In practical terms, this inclusion means those stakeholders affected must apply customer due diligence. This entails the removal of anonymity and reporting of suspicious transactions. As mentioned earlier, this would theoretically remove the uncertainty which prevents true insuring of risks against threats to FS and ensure that the moment they cross into widespread use can be effectively determined so further action may be taken. It is unclear how this will address the other key concern raised by Mark Carney, that points of failure may be concentrated to one virtual currency as this inclusion sits aside the existing infrastructure without dictating their function. Nonetheless, given the early stage of their development, this level of intervention would arguably stifle innovation and is not yet suitable. This borderline endorsement of virtual currencies by classifying them as “obliged entities” has raised concerns from the ECB who issued a statement believing it may indirectly promote usage and consequently the possibility that their effectiveness reaches the level of threatening FS is increased.40 These ECB fears led to minor adaptations in the definitions of VCE and CWP, with the need for “licensing” instead changed to “registration” so the level of public endorsement was limited. It is unclear whether this word change had any real impact in practice given the benefits of virtual currencies still remain and if anything the fear of the ECB is exactly what virtual currencies sought to achieve by shifting power to the people. Arguably, a full endorsement by the ECB of cryptocurrencies might have helped remove their allure more than this piecemeal approach.

3.3: How market participants have reacted to this impact: is this justified by the FS upside? This section will first address the European Commission’s Factsheet on 5AMLD, followed by the fears it has provoked in market participants before finally discussing whether this is justified by the FS it allegedly supports.

39 _{Handelsblatt, 'Bitcoins remain tax free' (Handelsblatt.com, 22 October 2015)}

<https://www.handelsblatt.com/finanzen/maerkte/devisen-rohstoffe/cyber-waehrung-bitcoins-bleiben-steuerfrei/12483674.html?ticket=ST-8605619-iISSMyt97TQhUX4s3OOf-ap2>

40 _{ECB Crypto-Assets Task Force, ‘Crypto-Assets: Implications for financial stability, monetary policy, and} payments and market infrastructures’ [2019] 223 ECB Occasional Paper Series 4.2

18

The European Commission’s factsheet41 _{summarises the nine changes that AMLD5 had. The} three key changes relevant to cryptocurrencies market participants and put in context of their impact on FS are:

1. Firstly, it will “improve transparency on the real owners of companies” by mandating public registers for legal entities so money laundering/terrorist financing can be targeted.

2. Secondly, these registers will be interconnected at an EU level so Member States are interconnected, and MS will be required to put in place verification mechanisms, so this information is accurate.

3. Thirdly, AML and CT financing rules have been extended to cryptocurrencies. Thus, cryptocurrency providers are now required to “identify their customers” and “report any suspicious activity to the Financial Intelligence Units”. This means wallet providers are now subject to FATF Recommendation 16 which requires the need for financial institutions to provide not only information about the originator of the payment, but the beneficiary too. AMLD5 implemented this by bringing currency exchanges under the purview of “obliged entities”.

If we take our framework as true, then the first change will directly address the requirement that scale is determined so appropriate safeguarding can be taken for the minimization of risk. The second change will ensure that this can be completed on a cross jurisdictional level and that the possibility of regulatory arbitrage by market participants is reduced. Lastly, the benefits of the third change have been commented on fully in the previous sub-section. Despite the clear benefits these changes provide for FS, there has been backlash from market participants.

For example, Elliptic, a key blockchain consultancy group, has noted how there is significant divergence in the implementation of 5AMLD, such as the UK going beyond the Directive in some aspects which will be discussed in section 4.1.42 In particular, they raise criticisms from their clients that there is no clarity on which standard should be followed given the inherently cross-border nature of cryptocurrencies and that the costs of risk assessments will stifle growth

41 _{Vera Jourava, 'Strengthened EU rules to prevent money laundering and terrorism financing' [2018] European} Commission Fact Sheet <https://ec.europa.eu/newsroom/just/document.cfm?action=display&doc_id=48935> 42 _{David Carlisle, '5AMLD January Deadline: Three Steps That Service Providers Need To Take To Be} Prepared' (Elliptic, 20 November 2019) <https://www.elliptic.co/our-thinking/fifth-anti-money-laundering-directive>

19

in the sector. However, this criticism assumes that the uncertainty cannot be redressed by complying with the highest standard present and that the costs cannot be mitigated through equally innovative solutions. Elliptic has already achieved this through analytics which automatically apply risk rules, so customer activity is flagged in line with implemented 5AMLD regimes. Therefore, this intervention has minimal cost and its uncertainty can be removed by increasing its level of safeguarding with FS.

Another prominent critic is Pat Rabitte whose article cites three different companies who left Europe rather than comply with the Directive.43 The main reasons provided are that the need for compliance will increase costs beyond reasonableness, that the information will reduce the “customer experience” and that regulation-lite alternatives are available in the USA and HK. The increase in costs has already been debunked, and the later comparative section will show these two alternative jurisdictions offer equally invasive requirements. Regarding reducing the “customer experience” this rests on the assumption that identity was already hidden, and that FS does not require this is curtailed slightly so it can thrive in the long-term. We have previously shown how cryptocurrencies are only pseudo-anonymous and that the risk of AML/CTF could be reduced if implemented. Therefore, there is little compelling reasoning beyond the initial hysteria presented. A more substantive example of the regulation stifling innovation can be found in terms of privacy coins, such as Monero, which randomly select signatures for full anonymity or “cryptocurrency tumblers”. These have been banned in practice as new requirements cannot be complied with by their inherent nature. However, given this is essential in terms of preserving FS and represents a niche part of the marketplace, it is not a strong enough reason to undermine the regulation overall. This focus of the Directive is noted by the FATF themselves who summarise the objective of 5AMLD as “ensur[ing] that criminals and terrorists can be identified once law enforcement are aware that they’re involved”.44 _{This can be contrasted with the market participants quote that 5AMLD creates a} “system that keeps billions in poverty, kills innovation and provides an excuse for the banking system to lock out the competition”.45 _{It is difficult to see how any of these predictions will be} caused in practice given improvement of FS ensures poverty is minimised by reducing the

43 _{Pat Rabitte, 'European 5AMLD regulation an epic fail for blockchain start-ups' (150sec, 30 January )} <https://150sec.com/european-5amld-regulation-an-epic-fail-for-blockchain-startups/13695/>

44 _{Rachel Mcintosh, 'Is 5AMLD Causing Crypto Companies to Shut Down & Relocate?' (Finance Magnates,} 14th February) <https://www.financemagnates.com/cryptocurrency/news/is-5amld-causing-crypto-companies-to-shut-down-relocate/>

45 _{Edan Yago, 'There’s a Bigger Scam Than Anything in Crypto, It’s Called KYC/AML' (Coin Desk, 27 July )} <https://www.coindesk.com/theres-a-bigger-scam-than-anything-in-crypto-its-called-kyc-aml>

20

likelihood of systemic crashes, and that this regulation still allows innovation and their usage, subject to requirements that are far less strict than the Basel regulations for traditional financial institutions.

The most nuanced argument presented by market participants is that of Sara De Vido.46 She acknowledges the social need for minimising AML/CTF and therefore FS, but that AMLD5 has several unintended practical flaws. Her first criticism of its unclear border scope has been addressed in the previous paragraphs. Her second two criticisms can be combined as the regulation not addressing virtual to fiat currency transactions or ICOs exclusion despite their growth. It must be noted that both these gaps have been addressed by the UK implementation, but we will show how this oversight would otherwise have impacted FS if left untouched. The ICO safeguard envisioned by 5AMLD is that those involved would will be “custodian wallet providers” and therefore caught, but this requires provisions of “services to safeguard private cryptographic keys on behalf of its customers, to hold, store and transfer virtual currencies”. As such, if crypto markets just switch their process to manual entering of their keys on an ad-hoc basis with no storage, then this safeguard fails, and they are excluded. This risk is further compounded by Valentina Covolo’s research which suggests crypto-to-crypto currency exchanges are most at risk of money laundering as they allow conversion of digital assets into completely anonymous brands of virtual currencies.47 _{However, she also notes that there are} limits to an EU-centric regulation, with the majority of miners within China and thus beyond the scope of 5AMLD; therefore a proportionate approach was taken so only those that could be affected were listed. Nonetheless, this highlights a key gap in 5AMLD that could undermine FS if not remedied.

Section 3 has outlined the logic behind 5AMLD and how it is not a panacea but has left several holes which prevent true addressing of the risks that may cause future FS risks. The next section will compare the UK implementation of 5AMLD, which fixed several of the gaps highlighted above and thus improved its pursuit of FS, with the USA and HK approach.

46 _{Sara De Vido, 'All that Glitters is not Gold: The Regulation of Virtual Currencies in the New EU V} Anti-Money Laundering Directive' [2019] 38(1) DPCE Online

<http://www.dpceonline.it/index.php/dpceonline/article/view/643>

47 _{Valentina Covolo, 'The EU Response to Criminal Misuse of Cryptocurrencies: The Young, Already Outdated} 5th Anti-Money Laundering Directive' [2019] 15 University of Luxembourg Law Working Paper

21 4. Jurisdictional comparison: UK, USA and HK 4.1: UK

This sub-section will outline how the UK implemented 5AMLD, the Financial Conduct Authority’s (FCA) role and how its recent consultation ensured 5AMLD’s gaps were addressed, but that some FATF recommendations remain absent.

The UK first announced its intention to include cryptocurrency exchanges into the scope of AML regulation in a ‘call for information’,48 which led to a final report three years later in 2018.49 The UK implementation primarily differs from 5AMLD by firstly adopting a wider definition of virtual currencies which includes crypto-assets as a whole, and secondly defining that “illicit activity” does not purely exist between fiat and crypto exchanges.50 4AMLD was previously implemented through the Money Laundering Regulations 2017, and 5AMLD is a series of amendments enacted through the Money Laundering and Terrorist Financing (Amendment) Regulations 2019. It amends the 2017 Act, The Terrorism Act 2000, The Proceeds of Crime Act 2002, and The Companies Act 2006. Under these Acts, “obliged entities” are labelled as “relevant persons” and “know-your-customer” requirements are implemented in full from 5AMLD.51 New additions within the UK framework52 include high-risk factors where there is a need for enhanced due diligence (e.g. transactions with parties in specified high-risk third countries).53

In preparation for the transposition of 5AMLD, HM Treasury sought consultation from market participants on their intended implementation, which closed on 1st May 2020.5455 The goal was to ensure that the UK’s system remained “comprehensive, responsive to emerging

48 _{HM Treasury, ‘Digital currencies: responses to the call for information’ [2015]}

<https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/414040/digit al_currencies_response_to_call_for_information_final_changes.pdf>

49 _{HM Treasury, ‘Cryptoassets Taskforce: final report’ [2018]}

<https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/752070/cryp toassets_taskforce_final_report_final_web.pdf>

50 _{See n(34)}

51 _{Vinciworks, 'The Money Laundering and Terrorist Financing (Amendment) Regulations 2019' (The} VinciWorks Blog, 30 December) <https://vinciworks.com/blog/the-money-laundering-and-terrorist-financing-amendment-regulations-2019/>

52 _{FCA, 'Money Laundering Regulations' (FCA, 6 March 2020)} <https://www.fca.org.uk/firms/financial-crime/money-laundering-regulations>

53 _{Explanatory Memorandum to The Money Laundering and Terrorist Financing (amendment) Regulations 2019} 54 _{HM Treasury, ‘Digital currencies: responses to the call for information’ [2015]}

<https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/414040/digit al_currencies_response_to_call_for_information_final_changes.pdf>

55 _{Lisa Lewis, 'HM Treasury responds to consultation on implementing AMLD5' (BN Blog Network, 27} January) <https://www.regulationtomorrow.com/eu/hm-treasury-responds-to-consultation-on-implementing-mld5/>

22

threats, and in line with evolving international standards set by the FATF”. In response, participants requested at 2.12 that 5AMLD was implemented alongside the latest FATF Standard on crypto assets. In particular, the responses at 2.13 note that 5AMLD leaves “clear loopholes for illicit actors to exploit other pieces of infrastructure supporting the exchange of crypto assets”. This is remedied by extending the definition of so all activity involving exchange, security and utility tokens will be captured. The consultation suggested that non-custodian wallets remain absent from the scope of legislation. Instead, the legislation also goes further and exchanges between crypto assets are also brought within the scope of the MLRs, along with the use of crypto asset ATMs at any level (2.17 and 2.18). Peer-to-peer exchange services, including activities such as ICOs, were also brought into scope when there is a centralised entity facilitating a transaction between two people. This may be changed in future if strong evidence on its negative effects emerges. The FATF recommendation that firms should obtain originator and beneficiary information when conducting crypto-asset transfers is absent. The UK Government “accepts difficulty of compliance with the FATF standard requiring countries to ensure that firms obtain, hold and transmit required originator and beneficiary information, immediately and securely, when conducting crypto-asset

transfers”. Therefore, it will only mandate this once a globally recognised compliance method is determined (2.24/25).

Compliance was required from 10th January 2020, with a transition period until January 10th 2021 for existing crypto-asset businesses. Any parties captured under this expanded scope must register with the Financial Conduct Authority (FCA). These new requirements include identification and assessment of ML/CTF, and customer due diligence when entering business or transactions. The MLR amendments grant the FCA several additional powers. Regulation 74B allows appointment of a skilled person review to prepare a report. Regulation 74C provides a power of direction so failures can be remedied or prohibit certain actions. Regulation 60A and 74A requires disclosure of exemption from the Ombudsman Scheme and the power to enact reporting requirements at its discretion. Enforcement procedures are fully stated on their website. These include powers of investigation and guidelines on how

financial penalties will be applied. They are the same as in other non-crypto-asset cases.56 The FCA’s role is limited to registration supervisions and enforcement, as cryptoassets are not specified assets under FSMA 2020. Therefore, customers cannot benefit from the

56 _{FCA, 'The FCA's Guide to Enforcement Chapter 2' (FCA Handbook, July 2020)} <https://www.handbook.fca.org.uk/handbook/EG/2.pdf>

23

Financial Ombudsman Service, unless they involve regulated security tokens and are

consequently specified assets.57 This expanded role includes vetting of owners, structures and securing registration payments of £2000 or £10000 depending on asset size. The FCA’s approach is risk-based and those who pose the greatest threat will receive enhanced supervision, with “belief of serious misconduct” mandating an investigation. 4.2: USA

Regulation within the USA is divided between the Federal and State levels. In the absence of State regulation then Federal applies.

As of June 2019, the USA adopts a “technology-neutral regulatory and supervisory framework” for “digital financial assets”, which are defined as activities within the digital financial service ecosystem. This includes “digital currencies” which are supervised under existing AML/CFT regulatory provisions.58 _{The Bank Secrecy Act gives FinCEN power to} regulate VCEs and administrators who control a virtual currency storage unit, which is defined as someone who accepts or transmits a convertible virtual currency.59 _{These are} classified as Money Services Businesses (MSB) and must conduct a comprehensive

assessment of AML risks.60 This includes written policies, an assigned officer to day-to-day compliance, training for affected personnel and an independent review to monitor and maintain these prior three requirements. Following confusion over whether ICOs were included, a 2019 response was published but it failed to provide the answer.61 There are general rules that apply and the main one is that transactions of $3000 or higher are caught by the “travel rule”, as per FATF Recommendation 16, which requires the identity of customers, original parties and beneficiaries are verified.62

57 _{FCA, 'Cryptoassets: AML / CTF regime' (FCA, 1 July 2020)} <https://www.fca.org.uk/firms/financial-crime/cryptoassets-aml-ctf-regime>

58 _{FATF, 'Recommendations' (FATF-GAFI, June 2019)} <https://www.fatf-gafi.org/media/fatf/documents/recommendations/RBA-VA-VASPs.pdf > 23

59 _{FinCen, 'Application of FinCEN's Regulations to Persons Administering, Exchanging, or Using Virtual} Currencies' (FinCen, 18 March 2013)

<https://www.fincen.gov/resources/statutes-regulations/guidance/application-fincens-regulations-persons-administering> 60 _{GLI 'Blockchain Laws and Regulations USA' (Global Legal Insights)}

<https://www.globallegalinsights.com/practice-areas/blockchain-laws-and-regulations/usa>

61 _{FinCen, 'Application of FinCEN's Regulations to Certain Business Models Involving Convertible Virtual} Currencies' (FinCen, 9 May 2013) <

https://www.fincen.gov/resources/statutes-regulations/guidance/application-fincens-regulations-certain-business-models> accessed 18 July 2020 62 _{PYMNTS, 'FinCEN Head Warns AML Crypto Rules Will Be Strictly Enforced' (PYMNTS, 18 November)} <https://www.pymnts.com/news/regulation/2019/fincen-head-warns-aml-crypto-rules-will-be-strictly-enforced/>

24

The US Department of Treasury’s Financial Crimes Enforcement Network (FinCEN) regulates as “money transmitters” any person engaged in the business of accepting and transmitting value, whether physical or digital, that substitutes for currency (including convertible virtual currency, whether virtual-to-virtual, virtual to fiat, or virtual-to-other value) from one person to another person or location by any means. In practice, this requires that money transmitters must register themselves and keep AML programs, recordkeeping, and reporting measures. The physical location of the entity is irrelevant, and the only requirement is business activity in whole or substantial part within the USA. This includes foreign-located persons or services whose activities impact US residents (e.g. if they buy a foreign located cryptocurrency while within the USA). Enforcement actions include seeking forms of relief, such as cease and desist orders, injunctions, disgorgement with prejudgment interest, and civil money penalties for wilful violations or imposing criminal sentences involving forfeiture and imprisonment.63

Further regulations may be specified at a State level and range from the need for licenses to capital reserve requirements. We will now focus our attention on New York.

New York’s key distinguishing feature is the introduction of a “BitLicense”. The NY Department of Financial Services (DFS) requires that anyone engaged in certain cryptocurrency related activities registers with them.6465 It fulfils this role alongside supervision of 1500 other financial institutions and subjects them to the same supervisory principles. This was implemented through Virtual Currency Regulation 23 NYCRR Part 200 under the New York Financial Services Law. This is mandated should their business engage in cryptocurrency activity that involves residents, is physically located within or involves the State in some form.6667 Anyone involved in Virtual Currency Business Activity (VCBA) must first secure a license. This definition of VCBA includes receipt or sending of virtual currencies, storage of them in any capacity, exchanges or exerting any control over them. However, it explicitly excludes those simply developing related software or those who use virtual currency only for the purchase or sale of goods, services or for investments. The “BitLicense”

63 _{Ibid. [30]}

64 _{Michael Sackheim and Nathan Howell, 'Virtual Currency Regulation Review' [2019] 2 The Law Reviews 23} 65 _{Department of financial services, 'Bitlicense FAQs' (DFS)}

<https://www.dfs.ny.gov/apps_and_licensing/virtual_currency_businesses/bitlicense_faqs> 66 _{Department of financial services, 'BitLicense FAQs' (DFS)}

<https://www.dfs.ny.gov/apps_and_licensing/virtual_currency_businesses/bitlicense_faqs>

67 _{Averie Brookes, 'US Regulation of Blockchain Currencies: A Policy Overview' [2018] 9(2) Intellectual} Property Brief 75-104

25

application is submitted online and the requirements for acceptance are listed alongside each section of the form, any gaps will be flagged via personal email after submission with guidelines on next steps. This system only covers virtual currency activities and if fiat currencies are also involved then one must also hold a traditional money transmission license under New York Banking Law Article 13-B.

A 2020 Cryptocurrency Act is currently proposed before Congress but remains in draft form and is therefore beyond the scope of this research. It would divide responsibilities for enforcement between different specialist agencies depending on which crypto product is involved. This Act goes beyond any other jurisdiction and is an interesting avenue for future comparative research.68

4.3: HK

Please note that this section was written before the enaction of the recent security law and international sanctions that occurred in response.69 _{One fears that the formerly liberal regime} will be eroded as China exerts its control further, with non-Governmental cryptocurrencies a threat to the mainland’s control of funds within the market and because its crypto brokerage systems are reliant on the US dollar system to settle and clear transactions. Therefore, this comparison is time limited to pre-January 2020.

HK is the home of numerous cryptocurrency exchanges which include the world’s largest players.70 It is based on the “one country, two systems” principle which means it has a high degree of autonomy, but is still subject to occasional involvement from mainland China.71 The “Basic Law of Hong Kong enshrines various free market principles” and there are no laws or regulations that directly deal with cryptocurrencies or their related businesses. However, enforcement action has been taken under existing legislation and new regulatory regimes introduced to protect investors’ interests.

The Hong Kong Monetary Authority (HKMA) initially classed cryptocurrencies as “virtual commodities” not legal tender, but in 2018 this was expanded through the introduction of a

68 _{Sygna, 'What is cryptocurrency act of 2020?' (Sygna Bridge 2.0)} <https://www.sygna.io/blog/what-is-cryptocurrency-act-of-2020/>

69 _{David Pan, 'Hong Kong’s National Security Law Could Threaten Local Crypto Brokerages' (Coin Desk, 8} July) <https://www.coindesk.com/hong-kongs-national-security-law-could-threaten-local-crypto-brokerages> 70 _{'Hong Kong Cryptocurrency Exchanges' (FX Empire)}

<https://www.fxempire.com/crypto/exchanges/bitcoin/hong-kong>

71 _{GLI, 'Blockchain & Cryptocurrency Regulation ' (Global Legal Insights, 2020)}

<https://www.globallegalinsights.com/practice-areas/blockchain-laws-and-regulations/hong-kong#chaptercontent2>

26

class titled “virtual assets” which are defined as “digital representation[s] of value”. In practice, the Government and regulatory authorities’ approach has been passive, with their campaigns focussed on informing consumers that they should only invest if they understand the potential risks. For example, a campaign reminding consumers that they should “exercise due diligence to understand the features and associated risks” of bitcoin investment.72 _The regulation covers ICOs, with the People’s Bank of China outright banning them, but there is no regulation of private possession or transfer between private individuals on the presumption of good faith.

From an AML/CTF perspective, the principal legislation enacted is the Anti Money Laundering and Counter Terrorist Financing Ordinance (Cap.615) (AMLO) which is applicable to “financial institutions” plus “designated non-financial business and

professionals”. This creates a licensing regime for “money service operators”. If a business deals primarily with cryptocurrencies, such as an exchange, then they are not caught by AMLO unless they partially operate with a regulated business (e.g. a fiat bank). Despite this, anecdotal evidence suggests that most cryptocurrency businesses voluntarily apply the customer due diligence measures required under Schedule 2 of AMLO.73 AMLO imposes a duty to report suspicious transactions, through various criminal statutes, and failure to comply can lead to fines or imprisonment.74 _{Exchanges are only caught by legislation should they} trade products defined as a security, with bitcoin and other cryptocurrencies not included under this definition. If applicable, then “Know-Your-Customer” requirements also apply, and large international transactions may be subject to additional direct scrutiny from the Chinese Government.

The effectiveness of this regime is summarised in the 2018 FATF report which determined “robust screening” screening in place prevents abuse of financial institutions through virtual assets but that there is a gap in terms of Designated Non-Financial Business and Professions (DNFBP) as they are excluded from the scope of the AMLO regulations. In terms of

72 _{Enoch Yiu, 'HKMA chief warns of money laundering risks associated with bitcoin and digital currencies'} (South China Morning Post, 18 September 2017)

<https://www.scmp.com/business/banking-finance/article/2111649/hkma-chief-warns-money-laundering-risks-associated-bitcoin> 73 _{See n (71)}

74 _{Drug Tracking (Recover of Proceeds) Ordinance (Cap, 405); Organised and Serious Crimes Ordinance (Cap.} 455); United Nations (Anti-Terrorism Measures) Ordinance (Cap. 575).