Crypto-Asset Service Providers


Crypto-Asset Service Providers (CASPs)

In the rapidly expanding world of digital finance, Crypto-Asset Service Providers (CASPs) have emerged as pivotal players, facilitating a wide range of services from cryptocurrency exchanges to digital wallets. As the crypto market continues to mature, regulatory bodies worldwide, including the Financial Action Task Force (FATF) and the European Union (EU), are intensifying their focus on mitigating the risks of money laundering (ML) and terrorist financing (TF) associated with virtual assets.

Navigating the AML/CTF Regulatory Landscape

The FATF’s Stance on Virtual Assets

The FATF, a global money laundering and terrorist financing watchdog, has been at the forefront of setting international standards for combating ML and TF risks in the crypto sector. Its recommendations have underscored the need for stringent regulatory measures for CASPs, aiming to eliminate anonymity in transactions and enforce rigorous customer due diligence.

The EU’s Regulatory Framework: MiCAR and AMLR

In response to the FATF’s guidelines, the EU has taken significant steps to create a robust regulatory framework for CASPs. The Markets in Crypto-Assets Regulation (MiCAR) represents a cornerstone in the EU’s approach, setting out comprehensive rules for CASPs operating within the single market. MiCAR aims to ensure market integrity and transparency, requiring CASPs to obtain authorization and adhere to strict operational standards.

Complementing MiCAR, the proposed Anti-Money Laundering Regulation (AMLR) seeks to further harmonize AML and CTF efforts across the EU. It categorizes CASPs as obliged entities, subjecting them to enhanced scrutiny, including the prohibition of anonymous crypto-asset wallets and the enforcement of customer due diligence for transactions exceeding certain thresholds.

Impact on CASPs and the Crypto Market

The evolving regulatory landscape presents both challenges and opportunities for CASPs. Compliance with these stringent regulations requires significant operational adjustments, from implementing advanced KYC (Know Your Customer) procedures to ensuring the traceability of transactions. However, these measures also offer a pathway to greater legitimacy and trust in the crypto market, potentially attracting more institutional investors and fostering wider adoption of crypto-assets.

The Way Forward

As CASPs navigate this complex regulatory environment, staying abreast of the latest AML and CTF regulations will be crucial. The collaborative effort between regulatory bodies and CASPs in developing and adhering to these standards is essential for the sustainable growth of the crypto industry. By embracing transparency and compliance, CASPs can play a vital role in shaping a secure, innovative, and resilient digital asset ecosystem.

FATF Public Statement – Mitigating Risks from Virtual Assets

The Public Statement on „Mitigating Risks from Virtual Assets“ by FATF, dated 22 February 2019, outlines the need for stringent regulation and supervision of Virtual Asset Service Providers (VASPs) to combat money laundering (ML) and terrorist financing (TF) risks associated with virtual asset activities.

FATF’s Position on Virtual Assets and VASPs:

  • FATF acknowledges the ML and TF risks posed by virtual asset activities and emphasizes the need for detailed implementation requirements for effective regulation and supervision of VASPs.

Amendments and Interpretive Note to Recommendation 15:

  • FATF amended Recommendation 15 in October 2018 to clarify the application of FATF standards to virtual asset activities. An Interpretive Note has been added to provide more detailed guidance, set to be formally adopted in June 2019.

Key Provisions of the Draft Interpretive Note:

  1. Definition and Scope: Virtual assets are to be considered as „property“ or „funds“ for AML/CFT purposes, and FATF Recommendations should apply to virtual assets and VASPs.
  2. Risk-Based Approach: Countries must assess ML/TF risks related to virtual assets and VASPs and apply measures proportionate to the risks identified.
  3. Licensing and Registration: VASPs should be licensed or registered, with a focus on preventing criminals from holding significant interests or management functions.
  4. Regulation and Supervision: VASPs must be subject to adequate AML/CFT regulation and supervision, ensuring compliance with FATF Recommendations.
  5. Sanctions: Effective sanctions should be available for VASPs failing to comply with AML/CFT requirements, including sanctions against directors and senior management.
  6. Preventive Measures: Specific qualifications are provided for applying Recommendations 10 to 21 to VASPs, including a designated threshold for conducting Customer Due Diligence (CDD) at USD/EUR 1,000 for occasional transactions.
  7. The „Travel Rule“: Originating VASPs must obtain and hold required originator and beneficiary information on virtual asset transfers and ensure this information is available to beneficiary VASPs and competent authorities upon request.

International Cooperation:

  • FATF emphasizes the importance of international cooperation among supervisors of VASPs, advocating for the prompt and constructive exchange of information across borders.

Consultation and Finalization:

  • The FATF sought private sector comments on specific aspects of the Interpretive Note, with a view to refining and finalizing the guidelines by June 2019.

MiCAR on Crypto-Asset Service Providers (CASPs)

The Markets in Crypto-Assets Regulation (MiCAR) outlines the regulatory framework for crypto-assets within the European Union, with specific provisions for Crypto-Asset Service Providers (CASPs).


  • Crypto-Asset Service Provider (CASP): Defined as any legal entity or undertaking engaged professionally in providing one or more crypto-asset services to clients, permitted under Article 59 to offer such services.
  • Crypto-Asset Service: Encompasses a range of services related to crypto-assets, including but not limited to custody, trading platforms, exchanges between crypto-assets and fiat or other crypto-assets, order execution, placement, advisory, portfolio management, and transfer services.

Authorisation and Operating Conditions

  • Authorisation Requirement: Entities must not offer crypto-asset services within the EU unless authorized as CASPs under Article 63 or fall under specified financial institutions allowed to provide such services according to Article 60.
  • Location and Management: Authorized CASPs must have a registered office and carry out activities in an EU Member State, maintain their effective management within the EU, and have at least one director residing in the EU.
  • Legal Form and Protection: Non-legal entities can only provide crypto-asset services if their structure ensures protection for third parties comparable to that of legal entities and if they are subject to appropriate prudential supervision.
  • Ongoing Compliance: CASPs must continually satisfy the conditions of their authorisation.
  • Prohibition on Misrepresentation: Non-CASPs are forbidden from presenting themselves in a manner that could be confused with authorized CASPs, including the use of misleading names or marketing communications.
  • Authorisation Specifics: The authorising authorities must detail the specific crypto-asset services that CASPs are licensed to offer.
  • EU-wide Operation: Authorized CASPs can operate across the EU, with or without physical establishments, including cross-border services, without the need for a physical presence in the host Member State.
  • Authorisation Expansion: CASPs wishing to expand their service offerings must seek approval from their authorizing authority, updating and supplementing their original application information in line with Article 63 procedures.

MiCAR on Money Laundering (ML) and Terrorist Financing (TF)

MiCAR emphasize the necessity of addressing money laundering (ML) and terrorist financing (TF) risks associated with crypto-assets and the services provided by Crypto-Asset Service Providers (CASPs).

Regulatory Gaps and Risks (Recital 4)

  • Certain crypto-assets fall outside the scope of existing EU financial services legislation, leading to a regulatory gap.
  • This absence of rules exposes crypto-asset holders to various risks, including those related to market integrity and financial crime, prompting some Member States to establish specific rules for crypto-assets.

Broad Definitions and AML/CFT Objectives (Recital 16)

  • Future legislation in the field of crypto-assets aims to be broad, future-proof, and innovation-friendly. It’s crucial that this legislation also supports the fight against money laundering and terrorist financing.
  • Therefore, CASPs should comply with applicable EU AML/CFT rules, aligning with international standards.

Governance and Reputation (Recital 51)

  • Issuers of asset-referenced tokens are required to have robust governance structures and ensure that management and significant shareholders are of good repute, particularly with no convictions in ML/TF or other offences that could affect their integrity.
  • This aims to protect token holders and maintain market integrity.

Protection against High-Risk Third Countries (Recital 77)

  • To protect the EU financial system from ML/TF risks, it’s necessary for CASPs to perform enhanced checks on transactions involving customers and financial institutions from third countries identified as high-risk due to strategic deficiencies in their AML/CFT regimes.

Organizational Requirements for CASPs (Recital 81)

  • CASPs must adhere to stringent organizational requirements, ensuring that their management and significant shareholders are fit, proper, and of good repute, particularly with no ML/TF convictions.
  • CASPs should also maintain strong internal controls, risk management practices, confidentiality measures, and record-keeping systems to detect and prevent potential market abuse and ensure compliance with AML/CFT regulations.

Application for Authorization and Compliance (Article 18)

  • CASPs must describe their internal control mechanisms and procedures to ensure compliance with anti-money laundering (AML) and counter-terrorist financing (CTF) obligations under Directive (EU) 2015/849 when applying for authorization.
  • This includes detailing cooperation arrangements with specific CASPs to uphold AML/CTF standards.

Management and Ownership Criteria (Articles 18(5) and 62(3))

  • CASPs must ensure that members of their management and significant shareholders have no criminal record related to AML/CTF, fraud, or professional liability.
  • They must collectively possess appropriate knowledge, skills, and experience to manage the CASP effectively and be of good repute.

Notification Requirements for Financial Entities (Article 60(7))

  • Financial entities providing crypto-asset services must notify competent authorities about their operations, including their internal control mechanisms and risk assessment frameworks for managing AML/CTF risks, along with their business continuity plans.

Internal Control Mechanisms (Article 62(2)(i))

  • CASPs must have internal control mechanisms and policies to identify, assess, and manage risks, including those related to money laundering and terrorist financing, as part of their application for authorization.

Consultation with AML/CTF Authorities (Article 63(6))

  • Before authorizing a CASP, competent authorities may consult with AML/CTF authorities and financial intelligence units to verify the applicant’s compliance with AML/CTF regulations, especially if the CASP operates in or relies on third parties from high-risk third countries.

Withdrawal of Authorization for Non-compliance (Article 64(1)(f))

  • Authorization can be withdrawn from CASPs that fail to maintain effective systems to detect and prevent money laundering and terrorist financing, in accordance with Directive (EU) 2015/849.

Governance and Repute (Article 68(1) and (2))

  • CASP management and significant shareholders must be of good repute, with no convictions related to money laundering, terrorist financing, or any other offences that could compromise their integrity. They must also demonstrate adequate knowledge and commitment to their duties.

Operating Rules for Trading Platforms (Article 76)

  • CASPs operating trading platforms must implement operating rules that include AML/CTF compliant customer due diligence processes for admitting crypto-assets to the platform. Their trading systems must be robust enough to prevent abuse for money laundering or terrorist financing purposes.

Commission Staff Working Document – Impact Assessment

The Commission Staff Working Document highlights the need for aligning EU legislation with the Financial Action Task Force (FATF) standards regarding Crypto-Asset Service Providers (CASPs).

Background and Need for Regulation

  • CASPs, including cryptocurrency exchanges and custodian wallet providers, are recognized by the FATF as entities that should adhere to Anti-Money Laundering and Countering Financing of Terrorism (AML/CFT) rules. The EU’s Digital Finance Package already addresses the regulation of CASPs, necessitating coherence in their regulation.

Alignment with FATF Standards

  • The FATF’s October 2018 standards introduced a broader definition of crypto assets and virtual asset service providers than the current EU Anti-Money Laundering Directive (AMLD) definitions. The EU aims to align its legislation with these standards by:
    1. Expanding the AMLD’s scope to include crypto-assets activities not yet covered.
    2. Updating the definition of crypto assets in EU AML/CFT legislation.
    3. Revising licensing and registration requirements for CASPs.
    4. Modifying the fit and proper tests for senior managers of CASPs.

Proposed Changes in EU Legislation

  • The proposed regulation on Markets in Crypto-assets (MICA) includes:
    1. A comprehensive definition of ‚crypto-asset service‘ reflecting the FATF standards.
    2. A definition of ‚crypto-asset‘ as a digital representation of value or rights using distributed ledger technology.
    3. Licensing and registration obligations for CASPs, requiring them to be legal entities with a registered office in an EU Member State and authorization from the competent authority.
    4. Fit and proper test requirements for senior managers and main shareholders of CASPs to ensure AML/CFT compliance.

Introduction of the „Travel Rule“

  • The FATF’s „travel rule“ for CASPs, similar to the one for financial institutions‘ cross-border wire transfers, is proposed to be incorporated into EU law. This rule would extend the obligations of the Wire Transfer Regulation to crypto asset transfers, with appropriate data protection safeguards.

Alternatives and Justification

  • The alternative to updating EU legislation to include these rules is maintaining the status quo, which is considered sub-optimal due to the potential for diverging national regulations and the challenges CASPs might face in cross-border operations. Aligning with FATF standards and the scope of the MICA regulation ensures clarity and consistency in regulatory requirements for CASPs, mitigating AML/CFT risks and facilitating their operation across the EU.

Proposal AML Regulation (AMLR)

The proposed EU AML Regulation (AMLR) includes specific provisions concerning Crypto-Asset Service Providers (CASPs) to strengthen anti-money laundering (AML) and counter-terrorist financing (CTF) controls within the crypto-asset sector.

Extension of AML/CFT Framework to CASPs (Recital 11)

  • Directive (EU) 2018/843 was a pivotal legal instrument that initially extended AML/CFT regulations to encompass certain crypto-asset services, specifically targeting providers engaged in exchange services between virtual currencies and fiat currencies, as well as custodian wallet providers.
  • Acknowledging the rapid technological advancements and updates in FATF standards, there’s a recognized need to revisit and update this regulatory framework to better address emerging risks.
  • The Regulation on Markets in Crypto-assets (referenced as a proposal needing insertion) represents a significant step in updating the legal framework, setting forth requirements for CASPs seeking authorization to operate within the single market. This regulation broadens the definitions of crypto-assets and CASPs to cover a wider range of activities, ensuring a more comprehensive regulatory scope.
  • CASPs covered under the Markets in Crypto-assets Regulation are also intended to fall under the purview of the AMLR, reinforcing the objective to mitigate potential misuse of crypto-assets for money laundering or terrorist financing.

Prohibition of Anonymous Crypto-Asset Wallets (Recital 93)

  • The inherent anonymity associated with crypto-assets poses a significant risk of exploitation for criminal activities.
  • Anonymous crypto-asset wallets, in particular, complicate the traceability of transfers and the identification of suspicious transactions, challenging the effective application of customer due diligence measures.
  • To address these challenges and enhance the effectiveness of AML/CFT regulations in the context of crypto-assets, the AMLR proposes to explicitly prohibit CASPs from providing and maintaining anonymous crypto-asset wallets.
  • This measure aims to improve the transparency and traceability of crypto-asset transactions, reducing the risk of their misuse for illicit purposes.

Obliged Entities (Article 3)

  • CASPs are explicitly classified as obliged entities under the AMLR, which means they are subject to regulatory obligations designed to prevent money laundering and terrorist financing.
  • This inclusion underscores the recognition of the potential risks associated with crypto-assets and the need for regulatory oversight of CASPs.

Customer Due Diligence (Article 15(2))

  • CASPs, along with credit and financial institutions, are required to apply customer due diligence measures under certain conditions.
  • These include initiating or executing occasional transactions involving the transfer of funds or crypto-assets exceeding EUR 1,000.
  • This provision aims to ensure transparency in transactions and the identification of parties involved, thereby mitigating the risks of financial crimes.

Prohibition of Anonymity (Article 58(1))

  • The AMLR strictly prohibits CASPs from maintaining anonymous accounts, passbooks, safe-deposit boxes, or crypto-asset wallets.
  • This prohibition extends to any accounts or services that could facilitate the anonymization of customer account holders.
  • The regulation mandates that owners and beneficiaries of any existing anonymous instruments undergo customer due diligence measures before these can be utilized in any manner.
  • This measure is intended to eliminate anonymity in financial dealings involving crypto-assets, thereby reducing the potential for these instruments to be used for illicit activities.