EU-Finanz-Anpassungsgesetz 2019 │ New Challenges ahead for the virtual currency business
On 11 July 2019 the Austrian parliament adopted the EU-Finanz-Anpassungsgesetz 2019 ("EU-FinAnpG 2019") which implements the 5th EU Anti-Money Laundering Directive ("5th AML Directive") into Austrian law and introduces a number of amendments to Austrian laws relevant to the financial market.
In order to implement the 5th AML Directive, amendments to the Austrian Financial Markets–Money Laundering Act ("FM-GwG"), the Beneficial Owner Register Act (WiEReG) and the Act on Gaming (Glückspielgesetz), are necessary. These amendments include changes which will have a significant impact on business with virtual currencies.
New obligations for virtual currency business
The EU-FinAnpG 2019 will extend the scope of the legal requirements regarding anti-money laundering (AML) and know-your-customer (KYC) procedures (set out by the FM-GwG) also to cryptocurrency service providers (which so far have not been in scope of the FM-GwG and anti-money laundering rules). This means that cryptocurrency service providers will – in particular – be required to identify their customers (and the beneficial owners of a customer) if an ongoing business relationship exists or certain thresholds are exceeded for a single transaction. Furthermore, they will be required to report certain suspicious activities and prepare a risk assessment for their activities.
Some cryptocurrency service providers already apply certain AML/KYC checks on a voluntary basis. As these service providers will likely be more familiar with the upcoming requirements than others, such voluntary application of the AML/KYC requirements could become a (temporary) competitive advantage after the AML/KYC requirements will apply on a mandatory basis.
The new legislation will regulate two general types of cryptocurrency businesses:
- providers engaged in exchange services between virtual currencies and fiat currencies, i.e. cryptocurrency exchanges; and
- wallet providers, i.e. cryptocurrency wallet services (where the service holds its users’ private keys).
New definitions both for "virtual currencies" as well as for "service providers with respect to virtual currencies" will be added to the AML/KYC provisions of the Austrian FM-GwG.
A virtual currency means "a digital representation of value that is not issued or guaranteed by a central bank or a public authority, is not necessarily attached to a legally established currency and does not possess a legal status of currency or money, but is accepted by natural or legal persons as a means of exchange and which can be transferred, stored and traded electronically".
Bitcoin, Dash, Ethereum, Litecoin, Tether and many other virtual currencies which are accepted as a as a means of exchange, fall within the scope of this definition. Security tokens will often not qualify as such means of exchange, however, a case-by-case assessment taking into consideration the specific aspects of a token would be needed.
Different from the 5th AML Directive, Austrian AML law (i.e. the FM-GwG) provides a definition of service providers with respect to virtual currencies.
This definition includes
"all service providers offering one or more of the following services:
- services to save private cryptographic keys for holding, storing or transferring of virtual currencies on behalf of a customer (electronic wallet providers);
- exchange of virtual currencies into fiat money and vice versa;
- exchange of one or more virtual currencies into other virtual currencies;
- transfer of virtual currencies; or
- provision of financial services in relation to the issuance and sale of virtual currencies."
In addition to being obliged to apply the AML/KYC requirements of the FM-GwG, service providers falling under the respective definition will be under the obligation to register with the Financial Market Authority ("FMA").
Such registration can be rejected by the FMA in case the FMA (based on the provided information) (i) has specific indications that obligations under the AML laws may not be fulfilled or (ii) has concerns regarding the personal reliability of the managing directors, certain holders of a participation in the service provider (as natural persons), or the service provider itself (if a natural person).
It is unclear how the FMA will assess the above-mentioned requirements and which standards the FMA will apply to such assessment.
The new requirements will apply to service providers with respect to virtual currencies from 10 January 2020 (including the requirement to register their business with the regulator FMA. To enable service providers to react on the new requirements quickly, the FMA permits cryptocurrency service providers to already register from 1 October 2019 on a voluntary basis.
Further to these changes with respect to the cryptocurrency business, the EU-FinAnpG 2019 also introduces other material amendments.
These include inter alia:
- increased diligence requirements for transactions and business relationships with customers from high-risk third countries;
- measures to ensure data quality in the register of beneficial owners and imposing additional sanctions on legal entities;
- broadening of the scope of the register of beneficial owners into a central platform for storing the documents required for the identification and verification of beneficial owners;
- introduction of the right for the general public to retrieve an excerpt from the register of beneficial owners (so far, only certain market participants, such as attorneys-at-law, credit institutions, etc. had access to the register); and
- improving the FMA's cooperation with other national and international authorities for the purposes of preventing money laundering and terrorist financing.
Authors: Martina Hiebl & Matthias Pressler