The European Union is still tinkering with the contents of its fourth money-laundering directive, having made some new suggestions for the regulation of virtual currency firms. The European Banking Authority wants it to move in the same direction but more slowly.

In the wake of last year's attacks on Paris, the various organs of the European Union decided to add to the text of that governmental club's fourth money-laundering directive as a gesture against terrorist finance. On 5th July this year one of them proposed to bring custodian wallet providers (CWPs) and virtual currency exchange platforms (VCEPs) into the directive's ambit as "obliged entities," the EU term for reporting entities. The idea was to require CWPs and VCEPs to evolve policies and procedures to detect, prevent and report money laundering and terrorist financing and to be subject to registration or licensing requirements that include tests to ensure that their managers are 'fit and proper' to do their jobs.

EU countries are legally obliged to enshrine the directive in their laws by 26 June next year. According to some news that the EBA has heard, all of them have resolved to do so by December this year. The regulator has also read something that it thinks (although it is not certain) might be a proposal by one of the EU's main organs for an amendment to the directive to move that legal obligation to 1 January this year.

Against this hazy background, the EBA believes that the EU should give EU countries, regulators, VCEPs and CWPs more time to conform to the amendments, especially in view of the fact that the AML/TF regime for these virtual currency facilitators does not yet exist. To that end, it wants the EU to align the transposition deadline for these new amendments with the currently applicable transposition deadline, i.e. 26 June 2017, at the very earliest.

To add further to the fog of uncertainty, the EBA has stated that it can only voice its opinion on the matter with permission from an EU statute, namely articles 9(2), 34(1) and 56 of Regulation (EU) No 1093/2010, despite the fact that all EU citizens including its own employees have, for now at least, the right of free speech.

The EBA complains: "The proposed amendments come at a time when most member states are still consulting on changes to their national legal and regulatory framework, which risks exacerbating the already considerable legal uncertainty for both national authorities and obliged entities (including credit and other financial institutions) and creates significant resource pressure, as member states and competent authorities will be required to create and implement a licensing and registration regime as well as decide on a supervisory approach for entities that have so far been outside of the directive. CWPs and VCEPS, too, would be required in a very short time frame of less than six months to implement policies and procedures to be compliant with the directive as transposed by member states."

Just as importantly, the EBA wants the EU to clarify the status of VCEPs and CWPs. The proposed amendments are limited to subjecting these businesses to 'MLD IV,' as the directive is known. The EBA is worried that risks arising from fraudulent or failed transactions and insolvency remain unaddressed. Also, it is worried that consumers and business partners of VCEPs and CWPs may not be aware that the new regulations-to-be do not "include or imply consumer protection or prudential safeguards, including capital requirements, calculation of own funds, safeguarding requirements, separation of client accounts, and the extensive authorisation liability." In other words, they might begin to comply with non-existent regulations.

Muddles about the meaning of the amendments may, in the ECB's eyes, be further exacerbated by VCEPs and CWPs (either deliberately or inadvertently) describing themselves as 'regulated' or 'authorised,' thereby implying that non-existent regulatory safeguards are in place. The risk of misrepresentation is not hypothetical but has already materialised in jurisdictions where the same legal entity that carries out VC transactions also carries out regulated payment services under the existing EU payment services directive. In other words, bodies authorised by national regulators are also carrying out unregulated VC transactions while telling everybody that they are authorised/regulated to do so. The EBA is also fearful that this failure on the part of the regulators to tell firms about their true obligations will bring those regulators into public disrepute.