New EU AML/CFT rules for financial institutions and the entire crypto sector


On 20 July the European Commission presented a substantive package of legislation to strengthen the EU’s anti-money laundering and countering terrorism financing rules (AML/CFT). The new rules are expected to be in place and apply by the end of 2025.

The package consists of four legislative proposals:

1. AML Regulation containing directly applicable rules with regard to CDD and beneficial ownership.
2. a new Directive AML6, repealing AML4 (as amended by AML5).
3. a new Transfer of Funds Regulation, amending the 2015 Regulation on the Transfer of Funds to trace transfers of Crypto-Assets.
4. a Regulation establishing a new EU AML/CFT Authority, envisioned to start in 2024.

All Crypto-Asset Service Providers are in scope

Almost all financial institutions and, since AML5, providers of Crypto-Asset exchange services and custodian wallet providers are required to apply AML/CFT measures. These entities qualify as an Obliged entity. The list of Obliged entities will be extended with:

1. all types and categories of Crypto-Asset Service Providers. That includes persons performing the following services in relation to Crypto-Assets: custody and administration, operating trading platforms, exchange services, the execution of orders, placing, RTO and the provision of advice (art. 3 MiCA).
2. Crowdfunding Service Providers falling outside the scope of the upcoming Crowdfunding Regulation (entering into force on 10 November 2021).
3. creditors for mortgage and consumer credits as well as mortgage and consumer credit intermediaries that are not credit institutions or financial institutions.
4. operators for investor residence schemes.

Full traceability of Crypto-Asset transfers

The Transfer of Funds Regulation will extend its scope from banknotes, coins, scriptural money and electronic money to transfers of Crypto-Assets (or: virtual assets). Full information about the sender and beneficiary will have to be included with all transfers. The aim is full traceability of Crypto-Asset transfers. Anonymous Crypto-Asset wallets will be prohibited. These new ‘AML/CFT crypto rules’ will be aligned with the activities covered by MiCA. MiCA aims to regulate Crypto-Assets that currently fall outside the scope of EU legislation, such as MiFID II (although e-money tokens already fall under the Electronic Money directive EMD2).

More UBO requirements

AML6 and the AML Regulation contain even more detailed rules regarding AML/CFT risk management measures, obtaining UBO information and reporting to UBO-registers and FIU. Nominee shareholders and nominee directors are also required to report their status and the persons on whose behalf they are acting. UBO registers will be authorised to verify information provided to it and, on a risk-sensitive basis, ask for additional information. That additional information can consist of board resolutions, minutes of board meetings, power of attorney, contractual agreements and other documentation. General information (i.e. a minimum set of data) in the UBO-register will be accessible for the public, with specific provisions for trusts or similar legal arrangements. Certain non-EU legal entities that have a link with the EU shall also be obligated to register UBO-information.

EU-wide limit of EUR 10,000 on cash payments

Persons trading in goods or providing services, acting in a professional function outside the premises of a credit institution, may accept or make a payment in cash only up to an amount of EUR 10,000 or an equivalent amount in national or foreign currency, whether the transaction is carried out in a single operation or in several operations which appear to be linked.


Should you seek assistance with regard to these new rules, please contact Jelmer Kruijt or your regular contact at VESPER Attorneys.