Abstract
On February 17, 2022, the Decree by Ministry of Economy and Finance dated January 13, 2022 (the “Decree”) introducing obligations for crypto-assets[1] providers of services supplied in Italy was released on the Official Journal of the Italian Republic[2].
Pursuant to the Decree, these service providers must satisfy certain conditions and timely request to be enrolled into a Register (the “Register”) kept by the Italian competent authority (OAM, Organismo Agenti e Mediatori)[3], otherwise their activity might be considered unlawful and administrative penalties be inflicted.
The new Italian measure attempts to align domestic legislation to the ongoing European Union policy on Anti-Money Laundering/Countering Terrorism Financing (AML/CTF).
Though the Decree pursues monitoring purposes only – therefore, apparently does not pose material requirements – it may nonetheless hurdle crypto-assets providers of services operating as a legal entity – rather than individual – in one or more EU countries other than Italy. Some doubts arise on effectiveness of these new rules in view of the coordination and fine-tunings that might be necessary once the European Regulation on Market in Crypto-Assets (MiCA)[4] is approved.
The Decree is effective by February 18, 2022.
Background
Today’s crypto-assets market capitalization fed by around 8 million transactions[5] is reported worth roughly $2 trillion[6].
This is one of the expected effects triggered by a pervasive adoption of the Distributed Ledger Technology (DLT) and the blockchain – the cutting-edge technological concept behind cryptocurrencies such as Bitcoin and Ethereum – which claim the potential to replicate the traditional financial system by Decentralised Finance (or ‘DeFi’).
There are three central points worth noting about this global phenomenon. First, it primarily serves to issue private (virtual) currencies usually convertible into legal tender (so called “fiat”) through exchange marketplaces. Second, it may cover anonymous transfers of funds. Third, it is a largely unregulated environment.
This landscape is equally at the source of curiosity[7] [8] and concern within the EU. Therefore, policy makers are monitoring developments closely and will eventually take action to mitigate emerging money laundering (ML) patterns and terrorism financing (TF) risks.
According to EU studies[9], the key issue that needs to be addressed in the fight against ML and TF via cryptocurrencies is the anonymity surrounding them, which the existing European legal framework fails to appropriately deal with.
At least at EU level, the fight against ML and TF focuses on the illicit use of cryptocurrencies, not on DLT and blockchain technologies themselves.
The AML/CTF EU legal framework and the EU response to challenges arising from cryptocurrencies
A material downside of criptocoins is that they often serve as a financial enabler to a multitude of illegal and disreputable purposes facilitated by freedom of capital movement within the Union’s integrated financial area and leading to ML and TF[10] [11].
Frequently carried out as they are in an international context, these illegal activities pose a serious threat to the integrity of the EU economy, the financial system, and the security of European citizens[12].
In light of the specific AML/CTF vulnerabilities that have been witnessed in the crypto-assets service providing industry, the Financial Action Task Force (FATF) – the global ML and TF watchdog – recommended[13] the EU policy makers to evaluate broadening the existing legislation to embrace crypto-assets service providers so to facilitate their traceability and to enable exchange of information among appropriate authorities.
To these ends, the EU Parliament revised substantially, among others, the following legislation:
- Directive (EU) 2015/849 on preventing the use of the financial system for money laundering or terrorist financing (4th anti-money laundering Directive, AMLD)[14];
- Regulation (EU) 2015/847 on information on the payer accompanying transfers of funds, which makes fund transfers more transparent, thereby helping law enforcement authorities to track down terrorists and criminals[15].
The 4th AMLD has been amended by Directive (EU) 2018/843[16] (the 5th AMLD) to better equip the Union with tolls to prevent the financial system from being used for ML and for TF activities related to virtual currencies and wallet providers. Changes essentially limit the anonymity behind cryptocurrencies transactions[17]. In this perspective the 5th AMLD includes a definition of virtual currencies and in-scope services, customer due diligence and the duty to report suspicious transactions to Financial Intelligence Units (FIUs). Thereafter, the 4th AMLD has been complemented and reinforced by Directive (EU) 2018/1673 (the 6th AMLD) aimed at giving financial institutions and authorities yet more tools to tackle ML and FT by further widening its scope, clarifying certain regulatory details, and tightening criminal sanctions across the EU.
As Regulation (EU) 2015/847 only applies to transfer of funds, meaning of banknotes and coins, scriptural money and electronic money[18], it was felt appropriate to extend its scope to also cover transfers of virtual assets and the traceability of transfers of funds and crypto-assets.
To these purposes, the EU Council elaborated a proposal[19] and agreed on a mandate[20] to negotiate with the European Parliament to update existing rules on information accompanying transfers of crypto-assets and recasting Regulation (EU) 2015/847. The proposal seeks to introduce an obligation for in-scope service providers to collect and make accessible full information about the sender and beneficiary of transfers of virtual or crypto assets, which is what payment service providers currently do for wire transfers. The objective is to ensure the traceability of crypto-asset transfers in order to identify suspicious transactions and, if necessary, blocking them. Moreover, the modifications streamline and clarify the Commission’s proposal, in particular by introducing requirements for crypto-asset transfers between crypto-asset service providers and un-hosted wallets [21] as well as to align existing legislation to the MiCA Regulation.
The proposal is part of a package of legislative proposals to strengthen the EU’s AML/CFT rules, presented by the Commission on 20 July 2021 along the lines of the EU Commission Action Plan of 7 May 2020, encompassing:
- a Regulation on the prevention of the use of the financial system for purposes of ML and TF[22];
- a Directive establishing the mechanisms that Member States should put in place to prevent the use of the financial system for ML/TF purposes, and repealing Directive (EU) 2015/849[23];
- a Regulation creating an EU Authority for AML and CTF (‘AMLA’)[24].
OVERVIEW OF THE ITALIAN DECREE ON CRYPTO-ASSETS SERVICES PROVIDERS
The Italian Decree implements provisions set forth by the Legislative Decree no. 90/2017 and by the Legislative Decree no. 125/2019[25] to align Italian AML/CTF legislations on virtual currencies services providers to Directive (EU) 2015/849 and Regulation (EU) 2015/847 as amended from time to time.
The new rules basically introduce two obligations to in-scope services providers to lawfully perform their activity in Italy. First, they are requested to be enrolled in a Register. Second, they shall accomplish certain Reporting obligations.
In-scope services
The Decree applies to providers of services regarding “virtual currencies”, including e-wallet providers, that carry out their activities in Italy.
The new measures provide for a quite wide definition of its object and relevant players.
According to the Decree, the virtual currency is any digital representation of value, neither issued nor backed by central banks or public authorities, nor necessarily underlying legal tender (Fiat), that is used to purchase goods and/or services or as an investment, and that is transferred, stored, and traded electronically[26].
Furthermore, the Decree identifies as eligible service providers either individuals or entities providing on a professional basis to an unrelated party, even on-line, one or more of the following services:
- services for using, exchanging, storing, converting virtual currencies or digital representations of value;
- services to release or offer virtual currencies;
- services to transfer and set-off virtual currencies;
- any other service ancillary to purchasing, trading or intermediating the exchange of virtual currencies;
- e-wallet services involving safe storage of cryptographic keys on behalf of customers.
From the plain reading of the Decree, it is doubtful whether the mere issuance of virtual currencies itself falls within its scope even where the issuer does not perform in parallel one or more in-scope services.
The Register and the compulsory enrollment for in-scope services providers
Pursuant to the Decree, the OAM should set up within May 19, 2022 a section of the Register currently established for money exchangers [27] to also include in-scope activities of crypto-assets providers.
This section of the Register will include, inter alia, the following information about in-scope service providers:
- identification details;
- tax ID or VAT number (if any);
- the type of services rendered to customers;
- address of the business activity (including any ATMs), and/or the web address for on-line services providers.
The inclusion in the Register is an essential condition that legitimates in-scope service activities in Italy, whose satisfaction varies depending on the nature of in-scope service providers[28]:
- Individuals must have Italian or European citizenship or must otherwise be compliant with immigration laws
- Legal entities must have their legal and administrative seats in Italy or, in case of EU entities, an Italian branch (stabile organizzazione).
A communication must timely be filed electronically with OAM by in-scope service providers and those who are already running in-scope activities in Italy, within July 18, 2022.
The OAM will assess whether the in-scope provider satisfies the mentioned requirements and it may approve or reject applications for registration within 15 days from the date of filing.
Reporting obligations
In-scope service providers must file, on a quarterly basis, a report showing, among others, customer personal data such as surname and name, place and date of birth, place of residence, tax identification number / VAT number (if any), reference of the ID.
Additionally, they have to report data on transactions involving each customer including all services performed such as their balance, the number and value of transactions flows e.g. fiat-to-crypto or crypto-to-fiat, crypto-to-crypto.
Based on input data received from in-scope service providers, the OAM will cooperate with other Italian authorities (e.g. the MEF, the Italian Financial Intelligence Unit, the Bank of Italy, the Tax Police, etc.).
Under certain conditions, in-scope service providers may be obliged to also report cross-border virtual currency transactions equal to or exceeding € 15.000 to the competent tax authorities[29].
Penalties
Should in-scope service providers fail to enroll with in the Register, their activities may be held abusive by the authorities which may inflict administrative penalties ranging from € 2.065 to € 10.329.
Ordinary administrative sanctions apply to other violations, such as of reporting obligations. Severe repeated violations of the ordinary AML/CTF rules may result in the cancellation of the ability to carry out activities in Italy.
Preliminary Comments
The new statutory obligations might significantly impact legal entities carrying out in-scope services, in one or more EU country other than Italy. Higher administrative burden would be suffered by in-scope service providers that do not meet the minimum presence within Italy (a Permanent Establishment) to be enrolled in the Registry (so-called proxy requirement).
However, this proxy requirement -implying at least assets/employees in Italy – may raises doubts.
The requirement was designed for money exchangers, with tangible offices/employees and tangible money to exchange; therefore, it appears relatively excessive burden to fully digitalized service providers such as those under discussion. In other words, this requirement seems to exceed what is necessary to achieve the objectives of the Decree, which is monitoring cryptocurrencies transactions and countering ML and TF.
Moreover, given the upcoming approval of the MiCA Regulation, as part of the widen Digital Finance package developed at EU level, conflicts may arise between the authorization requirements set forth under the MiCA and the Italian rules.
Least but not least, the compulsory establishment in Italy may trigger domestic tax obligations and liabilities upon in-scope services providers which, from a number of perspectives, may be inconsistent with international and domestic tax principles.
[1] Unless otherwise specified, crypto-assets, cryptocurrencies, cryptocoins are used alternatively in this article to refer to private virtual coins other than tokens or crypto securities generated by a blockchain systems such as Bitcoin and Ethereum.
[2] See, Gazzetta Ufficiale n. 40 del 17 febbraio 2022.
[3] OAM is the body for the management of the lists of agents in financial activities and brokers in Italy.
[4] See, proposal for a regulation of the European parliament and of the council on Markets in Crypto-assets, and amending Directive (EU) 2019/1937, COM/2020/593 final.
[5] See, https://www.statista.com/statistics/730838/number-of-daily-cryptocurrency-transactions-by-type/ showing average daily transactions on the blockchain in Bitcoin, Ethereum and 13 other cryptocurrencies.
[6] See, https://coinmarketcap.com as at 17.02.2022.
[7] The European Council (EC) recognizes valuable potential to blockchain-based systems up to the point it is funding internal analysis and research projects on how to exploit it (See, https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/EBSI ).
[8] The central banks are investigating the opportunity to issue virtual currencies backed by banking systems. One of the most prominent EU projects is being carried out by the European Central Bank (ECB) jointly with the EC. They are reviewing a broad range of policy, legal and technical questions relating to the possible introduction of a digital Euro as a Central Bank Digital Currency (CBDC) and considering this in the context of their respective mandates and independence provided for in the Treaties (See, https://ec.europa.eu/info/files/210119-ec-ecb-joint-statement-digital-euro_en ). Moreover, the ECB and six other central banks (Bank of Canada, Bank of England, Bank of Japan, Federal Reserve, Sveriges Riksbank and Swiss National Bank) together with the Bank for International Settlements (BIS) are exploring the possibility to introduce a CBDC for the public (“general purpose” or “retail’’ CBDC) (See, https://www.bis.org/publ/othp42.htm ). This doesn’t mean that central banks will necessarily issue a CBDC, but rather that they will get ready to possibly issue it.
[9] See, European Parliament (2018), “Cryptocurrencies and blockchain – Legal context and implications for financial
crime, money laundering and tax evasion”, accessible at https://op.europa.eu/en/publication-detail/-/publication/631f847c-b4aa-11e8-99ee-01aa75ed71a1
[10] See, S. Foley, J. Karlsen and T. Putnis (2019), “Sex, Drugs, and Bitcoin: How much illegal activity is financed
through cryptocurrencies?” at https://www.uts.edu.au/about/uts-business-school/ourresearch/research-impact/sex-drugs-and-bitcoin
[11] See, footnote 5.
[12] See, Europol (2021), “Cryptocurrencies – Tracing the evolution of criminal finances”, Europol Spotlight Report series, Publications Office of the European Union, Luxembourg accessible at https://www.europol.europa.eu/cms/sites/default/files/documents/Europol%20Spotlight%20-%20Cryptocurrencies%20-%20Tracing%20the%20evolution%20of%20criminal%20finances.pdf . See also Europol, “From suspicion to action: Converting financial intelligence into greater operational impact”, 2017. According to Europol around 1% of the EU’s annual Gross Domestic Product is ‘detected as being involved in suspect financial activity’.
[13] See, FATF Recommendation 15 on new technologies (‘FATF Recommendation 15’), FATF Recommendation 16 on wire transfers (‘FATF Recommendation 16’).
[14] See, Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC (OJ L 141, 5.6.2015, p. 73).
[15] See, Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 2015 on information accompanying transfers of funds and repealing Regulation (EC) No 1781/2006 (OJ L 141, 5.6.2015, p. 1). Regulation (EU) 2015/847 was adopted to ensure that the FATF requirements on wire transfers services providers – i.e. the obligation on payment service providers to accompany transfers of funds with information on the payer and the payee – were applied uniformly throughout the Union.
[16] See, Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU (OJ L 156, 19.6.2018, p. 43–74).
[17] See, Directive (EU) 2018/843, Whereas no.8 and 9.
[18] See, Article 2, point (2), of Directive 2009/110/EC.
[19] See, Proposal for a regulation of the European parliament and of the council on information accompanying transfers of funds and certain crypto-assets (recast). COM/2021/422 final.
[20] See, https://data.consilium.europa.eu/doc/document/ST-14259-2021-INIT/en/pdf
[21] Cryptocurrencies can be stored in hosted and un-hosted wallets. A hosted wallet (also known as custodial wallet) involves an intermediary (a host) e.g., the exchange service providers. In such a case, the value stored in the wallet belongs to the account holder whilst the funds are controlled by the wallet provider/host -under account holder instructions. The un-hosted wallet (also known as self-hosted or non-custodial wallet) implies that funds stored are directly controlled and managed by an individual and no intermediaries are involved – in other words it is like cash in a pocket. Users of un-hosted wallets can directly interact with a digital currency system without the involvement of a financial institution, service provider or another intermediary. These are the reasons why un-hosted wallets easily prevent traceability and therefore AML and CTF compliance.
[22] See, COM/2021/420 final.
[23] See, COM/2021/423 final.
[24] See, COM/2021/421 final.
[25] Mentioned Legislative Decrees introduced para 8-bis and 8-ter into Article 17-bis of the Legislative Decree no. 141/2010.
[26] See, Article 1, para 2, lett. f) of the Decree, and Article 1, para 2, lett. qq) of the Legislative Decree no. 90/2017.
[27] See, Article 17-bis, paragraphs 8-bis and 8-ter, of the Legislative Decree no. 141/2010.
[28] See, Article 17-bis of the Legislative Decree no. 141/2010.
[29] See, Law Decree no. 167/90 as amended by Legislative Decree no. 90/2017.