The European Commission published a new directive draft last week proposing to extend strict anti-money laundering (AML) regulation to both virtual currency exchange services and custodial wallet providers. Intended to counter “money launderers, tax evaders, terrorists, fraudsters and other criminals,” the directive could mean that many Bitcoin companies in the E.U. will have to apply know your customer (KYC) types of checks on their users.

The proposal, which particularly focuses on terrorist financing, intends to restrict the anonymous use of virtual currencies, presumably referring to bitcoin and altcoins.

According to the draft published by the executive arm of the European Union:

“Transactions with virtual currencies benefit from a higher degree of anonymity than classical financial fund transfers and therefore entail a risk that virtual currency may be used by terrorist organizations to conceal financial transfers. Possible further risks relate to the irreversibility of transactions, means of dealing with fraudulent operations, the opaque and technologically complex nature of the industry, and the lack of regulatory safeguards.”

As such, the European Commission recommends that existing anti-money laundering regulation should apply to virtual currency services, and, in particular, to exchanges and custodial wallet providers.

The European Commission writes:

“[T]o prevent misuse of virtual currencies for money laundering and terrorist financing purposes, the Commission proposes to bring virtual currency exchange platforms and custodian wallet providers under the scope of the Anti-Money Laundering Directive. These entities will have to apply customer due diligence controls when exchanging virtual for real currencies, ending the anonymity associated with such exchanges.”

If adopted, Bitcoin companies will be required to collect their customers’ identity documents; something several of them already do, though it is currently not mandatory. (In some cases financial partners ‒ such as banks ‒ do require Bitcoin companies to apply KYC in order to get an account.) Additionally, Bitcoin companies will need to monitor transactions on their platforms and report suspicious activity.

Interpretation

The proposal does not go into detail explaining which kinds of services will be affected. It’s clear that the directive would apply to Bitcoin exchanges and wallet services that control customer funds. Whether it also includes exchanges or wallet providers that do not hold onto private keys, or not all private keys in case of multisig-addresses, is not as clear. (EDCAB’s Siân Jones thinks it might; Coin Center‘s Jerry Brito thinks not.)

The European Commission, which says that the directive is drafted in accordance with “relevant virtual currencies market players,” including “exchange platforms, wallet providers [and] a representative group of virtual currency stakeholders,” maintains that the regulation should not hamper virtual currency adoption – and perhaps might even further it.

The draft proposal reads:

“The proposed measure has no negative effects on the benefits and technological advances presented by the distributed ledger technology underlying virtual currencies. […] The credibility of virtual currencies will not rise if they are used for criminal purposes. In this context, anonymity will become more a hindrance than an asset for virtual currencies taking up and their potential benefits to spread.”

Individual Users

For now, the directive targets only exchanges and wallet providers – not individual Bitcoin users. Toward the end of the document, however, the European Commission acknowledges that regulating exchanges and wallet providers may ultimately not suffice to prevent nefarious use of virtual currencies. After all, Bitcoin users can run wallet software on their own computer or smartphone, thereby not requiring any wallet provider at all.

The draft therefore suggests that addresses may have to be tied to individual users at some point in the future as well:

“The inclusion of virtual exchange platforms and custodian wallet providers will not entirely address the issue of anonymity attached to virtual currency transactions, as a large part of the virtual currency environment will remain anonymous because users can also transact without exchange platforms or custodian wallet providers. To combat the risks related to the anonymity, national Financial Intelligence Units (FIUs) should be able to associate virtual currency addresses to the identity of the owner of virtual currencies. In addition, the possibility to allow users to self-declare to designated authorities on a voluntary basis should be further assessed.”

The proposal must still be approved by the European Parliament and member states, and could be enforced as soon as January 1, 2017. Once approved, EU member states are expected to implement national laws based on the directive. The proposal is still in its draft-stage, however, meaning there is still room for alterations based on input from individual member states.