On 2 July 2019, the Act Implementing Amendments to the Fourth Anti-Money Laundering Directive (‘AMLD5 Implementation Act’) and the Explanatory Memorandum (‘Memorandum’) were filed to the Dutch House of Representatives. The AMLD5 Implementation Act will implement the Fifth Anti-Money Laundering Directive in Dutch legislation. Under the Act, certain crypto service providers now for the first time fall within the scope of the Dutch Anti-Money Laundering and Counter-Terrorist Financing Act (Wet ter voorkoming van witwassen en financieren van terrorisme (‘Wwft’)). This blog addresses the main requirements that crypto service providers must observe in (the course of) 2020, if they offer their services in or from the Netherlands.
For which crypto service providers will the rules apply?
The new rules discussed below will apply to two types of crypto service providers:
- parties that provide wallets in the conduct of their profession or business; and
- parties that offer exchange services between virtual currencies and fiat currencies (such as the euro) in the conduct of their profession or business.
Not all wallet providers fall within the scope of the AMLD5 Implementation Act: it applies only to custodial wallet providers. These are providers that are able to independently access virtual currencies that users keep in their wallets. This is in any event the case where a provider has a user’s private key, also where the private key can be shared with multiple users besides the provider. This restriction also means that providers of wallets that can be managed only by their users, (as yet) fall outside the scope of the anti-money laundering regulations.
The Memorandum clarifies that ‘providers of virtual exchange services’ include providers of physical ATMs that offer such exchange services, whereas it does not, for example, include shop owners who only make such ATMs available.
Providers of custodial wallets and virtual exchange services are collectively referred to below as ‘crypto providers’.
What do the rules entail?
Mandatory registration with DNB
The draft version of the AMLD5 Implementation Act stated that crypto providers had to apply for a license from the Dutch Central Bank (De Nederlandsche Bank, ‘DNB’). However, in the filed version of the Act this license requirement has been relaxed to a registration requirement. To register with DNB, crypto providers must demonstrate, among other things, that they are able to comply with the Wwft. DNB may reject a registration application if the information submitted is incomplete or if it believes that the information is inaccurate.
The registration requirement applies to all crypto providers that offer services in or from the Netherlands, regardless of whether they are already registered in another Member State. However, crypto providers from countries outside the EEA (‘third countries’) cannot register with DNB. That means that these parties will be barred from offering their services in the Netherlands, unless they are based in a third country approved by the Minister.
Suitability and trustworthiness
The crypto provider's policymakers must be suitable and trustworthy. DNB will examine this requirement before registering a crypto provider. To determine whether policymakers are suitable, DNB will assess whether they possess sufficient knowledge and skills and whether they act professionally. To determine whether policymakers are trustworthy, DNB will examine whether their intentions, acts or – in particular – antecedents (if any) prevent them from holding that position. DNB will also examine the trustworthiness of parties with a qualifying holding (a stake of 10% or more) in a crypto provider.
Customer due diligence
To identify cases or potential cases of money laundering and terrorist financing, it is important that crypto providers know who their customers are. In certain cases, therefore, crypto providers must conduct a customer due diligence (‘CDD’) before they start providing their services. The intensity of the CDD to be conducted depends on the risk associated with the type of customer, business relationship, product or transaction. Given that transactions involving virtual currencies carry greater risks, the legislature is of the opinion that crypto providers will have to conduct an enhanced CDD in many cases.
To be able to identify unusual transactions, crypto providers must have a transaction monitoring process in place. With regard to that process, the Memorandum states that crypto providers must not only establish who the customer is, but also what the customer’s projected profile is. That will enable crypto providers to determine the extent to which the customer’s profile deviates from the intended transaction(s) or the transaction(s) performed, and whether the transaction(s) may be unusual. This may be the situation in the case of deviating amounts, times or numbers and/or the use of non-standard technical devices or tools.
Monitoring virtual currency-related transactions may well be the biggest challenge that crypto providers will face, especially where it concerns identifying the origin and destination of the virtual currencies. If crypto providers are not able to monitor this properly, this may result in them not being allowed to offer their services or having to terminate their services.
Reporting unusual transactions
When monitoring transactions, if crypto providers encounter transactions that could be classified as unusual, they must immediately report them to the Dutch Financial Intelligence Unit. Transactions are unusual if they are deemed to be unusual based on subjective or objective indicators. We expect that these indicators will be fleshed out in regulations based on the Wwft for crypto providers.
When do the rules come into force?
The rules addressed above will be incorporated into the Wwft and are scheduled to take effect on 10 January 2020. Crypto providers must ensure that they are registered with DNB no later than 6 months after that, so by 10 July 2020 at the very latest. Crypto providers that operate in or from the Netherlands would do well to make proper preparations and to contact DNB in a timely fashion.
If you have any questions about the new rules, please feel free to contact us. Our Blockchain & Tokens Group consists of experts in financial regulatory law, corporate law, privacy, liability law, tax and compliance, as well as other areas of law.