Understanding the EU AML Directives for Crypto Businesses
June 3, 2024

Money laundering is a global issue that has for long called for regulatory bodies to put in place legislation (known as Anti-money laundering regulations) to punish criminals and prevent financing of criminal activities. Because cryptocurrency is global in nature, can be anonymous and easily crosses borders, it has been a matter of necessity to put regulations in place to prevent money laundering via crypto exchanges and custodian wallets. 

The EU has adopted a robust legislative framework to fight against money laundering, terrorist financing and crime.This legislative framework also works in tandem with other regulations, such as the Markets in Crypto Assets Regulation (MiCAR). If you were ever wondering what the effects of updates to the AML regulation means, this article is for you.

The updated AMLD and AMLR6 bring crypto assets, exchanges and wallets under the supervision of the European Union. Because financial institutions play a huge role as gatekeepers in the anti money laundering and terrorist financing framework, the crypto sector has been brought under the huge umbrella.

In 2014, the Financial Action Task Force (FATF) published a cryptocurrency AML guide (which has since been updated) in which it recognizes cryptocurrencies as virtual assets. Virtual Assets Service Providers (VASPs) have the responsibility of compliance to the regulation. These VASPS include cryptocurrency exchanges, stablecoin issuers, custodial wallets, and on a case-by-case basis, some DeFi protocols and NFT marketplaces.

Why are crypto projects considered money laundering risks?

  1. Anonymity/Pseudonymity: Crypto users make faceless transactions regularly and there’s a higher rate of anonymous/pseudonymous transactions in comparison to traditional non-cash payment methods. Anonymous funding through virtual exchanges presents a higher risk of money laundering.
  2. Decentralised nature: There’s no central authority to monitor or regulate transactions. This lack of oversight makes it difficult to track suspicious activity and prevent money laundering schemes.
  3. High volatility: The high volatility inherent in virtual assets can look attractive to money launderers. They can convert illicit funds into crypto and potentially disguise the source of the funds through a series of transactions before converting back into cash.

Key Features of the AMLR

  1. Cooperation between EU states: The AMLD6 mandates improved collaboration, sharing of information in the fight against money laundering and cross-border financial crime. 
  2. Identification and corporate responsibility: Grey areas have been made clearer in the updated regulation. There’s an expansion of criminal liability, precise definition of offences and stricter punishments for crimes. Individuals and legal entities can be held responsible for their lack of supervision when their (in)actions give way to bad actors.
  3. Enhanced due diligence with high-risk 3rd world countries: All obliged entities are mandated to carry out enhanced KYC and due diligence in transactions involving high-risk third world countries. Their shortcomings in their national anti-money laundering and terrorist financing measures might pose a threat to the EU market integrity. 
  • The EU high-risk list is also linked to the Financial Action Task Force (FATF) black list. The countries on these lists have been unified and individuals/entities from these countries will be subject to stricter compliance checks and security measures.

Unimplemented EU AML Updates

1. A Central Supervisory Authority: A new central authority, the Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA), has been established. The AMLA will play a crucial role in:

  • Centralized Coordination: It will oversee and coordinate the activities of national authorities across the EU, ensuring consistency in AML/CFT practices.
  • Improved Information Sharing: The AMLA will facilitate the exchange of financial information amongst member states, vital for law enforcement to track suspicious activity.
  • Regulatory Framework: The AMLA will introduce a unified AML/CFT regulatory framework across the EU. This "single AML rulebook" ensures clear and consistent rules for all member states.
  • Direct Supervision: The AMLA has the power to directly supervise high-risk financial institutions or those requiring immediate action to address AML/CFT risks.
  • Intelligence Sharing: The AMLA will promote greater cooperation between national financial institutions and intelligence agencies. This will improve the 

2. Strengthening Supervision of Obliged Institutions: Previously, the European Banking Authority oversaw cooperation between national supervisory authorities. Under AML6, the AMLA takes on this responsibility. The AMLA will establish a comprehensive regulatory approach, including specific guidance, technical standards, and recommendations. This approach will be risk-based, meaning the level of supervision will depend on the specific institution's risk profile and the country's overall money laundering and terrorist financing risk. Local regulators will be responsible for implementing this risk-based approach, determining the frequency and content of inspections for obliged institutions (e.g., banks, financial institutions). Each year, national supervisory authorities will submit annual audit plans to the AMLA for review.

Practical Steps to Stay Compliant

Because crypto businesses and projects are obliged entities under the EU AMLR, all the above features apply to legal matters that concern these projects too. It is essential that crypto exchanges and custodial wallet providers comply with these AML regulations. 

  1. Review and update your existing policies to ensure they’re aligned with AMLR requirements.
  2. Invest in employee training so they can recognize and react appropriately to red flags.
  3. Maintain an effective process for reporting suspicious activities to the appropriate authorities.
  4. Be alert and engage in continuous improvement.

Deconstructing the KYC Process in Crypto

The Know-Your-Customer (KYC) process usually consists of three components; customer identification, due diligence and continuous monitoring.

  1. Customer Identification: You need to verify that the customer is who they say they are. This can be verified through reliable and independent documentation. Most processes verify the customer’s legal name, address, date of birth.
  2. Due diligence: This process assesses the risk a customer presents and assigns risk ratings by conducting background checks and a review of the customer’s transaction history. The AMLR mandates VASPs to conduct due diligence when carrying out transactions amounting to €1000 or more.
  3. Continuous monitoring: As the name implies, you regularly review transactions for signs of suspicious activity. Suspicious activity reports (SARs) are filed when anything is noticed.


Many regulatory changes are incoming to the crypto industry, and it is easy to drown in the sea of trying to understand them. Having an experienced blockchain lawyer on board might be the game changer you need to always stay afloat and successful. At Sali Blockchain and Crypto Regulations, we can offer advice and help you build a legal framework. Schedule a free consultation call with us today.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form. Please try again