Last week, the European Parliament’s Committee on Economic and Monetary Affairs (ECON) and the Committee on Civil Liberties, Justice and Home Affairs (LIBE) voted in favor of a regulatory update that could compromise the exchange platforms’ ability to deal with noncustodial crypto wallets. Should the regulatory project make it to the legislation phase in the upcoming months, it would place severe disclosure requirements on transactions between noncustodial wallets and crypto exchanges in the European Union — a process whose signs are visible in other parts of the globe as well.

What happened

On Thursday, March 31, ECON and LIBE members voted on the Anti-Money Laundering (AML) regulatory package, which seeks to revise the current Transfer of Funds Regulation (TFR).

The revised version of the TFR brings several legal threats to “unhosted,” or self-custodied, wallets. It would require crypto service providers to “verify the accuracy of [the] information concerning the originator or beneficiary behind the unhosted wallet” for every transaction made between a service provider (typically, a crypto exchange) and an unhosted wallet.

It can be difficult, if not impossible, for crypto service providers to verify each “unhosted” counterpart. Hence, as crypto advocate Patrick Hansen from blockchain firm Unstoppable DeFi warned, to stay compliant and not compromise their legal position in the European market, some companies might want to block transactions with self-custodied wallets altogether if they face such surveillance and disclosure requirements. Smaller companies might find the potential costs of compliance too high and leave the market to established players, which would lead to further market centralization.

The legislation would also oblige crypto companies to inform “competent AML authorities” ‘of any transfer worth 1,000 euros (about $1,010) or more made to or from an “unhosted” wallet, a surveillance threshold that is even lower than that of fiat banking operations.

The next step for the legislation is the announcement at the plenary session of the EU Parliament, which, according to Hansen, could take place sometime in April. Should it remain unchallenged there, the legislation will make its way to the trialogue negotiations between the European Parliament, the European Commission and the Council of Europe. These negotiations could take months, but their conclusion will mark the draft becoming law. After that, the crypto industry would have from nine to 18 months to come in full compliance with the legislation.

A part of a larger trend

With its increased activity on the crypto regulation front, the European Union isn’t alone in its suspicion of noncustodial wallets. Apart from the local initiatives to impose tighter scrutiny on every crypto transaction, for example, in the Netherlands and Switzerland, U.S. regulators have set their sights on noncustodial wallets in recent years.

In 2020, the U.S. Financial Crimes Enforcement Network (FinCEN) proposed a rule that would synchronize the recording and record-keeping requirements for digital assets to those of fiat transfer funds. In the proposed framework, any transactions to or from “unhosted” wallets exceeding $10,000 would require banks and money service businesses to verify the identity of the customer (including name and physical address) and to file this information with FinCEN.

Following this, in 2021, the international Financial Action Task Force (FATF) drafted guidance with recommendations for virtual asset providers (VASPs) to classify the transfers to and from “unhosted” wallets as higher-risk transactions, with respective scrutiny and limitations to be applied. The new FATF guidance is also aimed at extending the scope of the Travel Rule to VASPs if a virtual asset transfer involves a self-custodied wallet.

Both proposals faced harsh criticism from the crypto industry stakeholders and were eventually delayed. In January 2022, however, the Department of the Treasury reintroduced the proposal to tighten the grip over noncustodial wallets in its new regulatory plan.

To resist or to adapt?

“Seven years ago, I forecasted that these regulations were coming, it was just a matter of when and under what conditions,” Justin Newton, CEO of compliance solutions provider Netki, commented to Cointelegraph. The firm provides KYC/AML technology and develops remote identity verification solutions for blockchain businesses. Newton pointed out that both the FATF guidance and the legislation in Singapore emphasize both-ends transaction verification.

U.S. President Joe Biden’s executive order on crypto highlights the consolidatory dynamic in crypto regulation, which will likely bring FinCEN’s unfinished business back into the spotlight at some point. “Sooner rather than later,” Newton added. He further commented:

“The Biden Executive order specifically spoke about bringing U.S. regulations in line with global standards, and this EU proposal is in line with FATF guidance. The EU vote should trigger U.S. companies to start embracing KYC compliance to get ahead of impending regulations in the states.”

Considering this, Newton believes that the regulators won’t leave the industry any room to ignore their demands. It might be more productive to seek a compromise on the matter, especially given that the problem has its technological solutions. The main threat to privacy isn’t a counterparty knowing who you are, but the fact that on-chain transaction transparency allows both the institutional third parties and curious individuals to track and de-anonymize your activity:

“Fortunately, newer technologies such as Lightning see this level of on-chain transparency as a bug rather than a feature, and we can hope for better privacy for our crypto transactions than is available on most blockchains today.”

What’s next?

While the new rules around “unhosted” wallets will require crypto services providers to adapt, they might be less of a threat to the industry than some stakeholders currently believe. By integrating existing off-the-shelf compliance solutions that equally value privacy, crypto can relatively seamlessly embrace compliance while preserving financial freedoms. Newton said:

“These new rules highlight the need to select compliance solutions that have the vision to see these new rules coming and have built their platforms to be prepared. Today, that means including noncustodial wallets in your Travel Rule solution. Tomorrow, it will be privacy coins and layer-2 networks such as Lightning. The taxman is coming as well, so any Compliance Communications Protocol should be prepared to support those new rules.”

But behind any optimism, problems that can’t be resolved in a win-win fashion remain. In addition to small market players who may not necessarily be in a position to adopt high-end compliance solutions, the tightening scrutiny could undermine global financial inclusion. After all, what regulators call “unhosted” wallets is an essential tool for the underbanked and the financially underserved globally.