Stricter AML Rules for European Cryptocurrency Companies to Take Effect

Cryptocurrency companies newly established in Europe have been cautioned about the introduction of more stringent anti-money laundering (AML) rules set to take effect from the start of the new year. These regulations aim to bolster the European Union’s framework against money laundering and terrorist financing, with significant implications for crypto-asset service providers (CASPs).

The European Banking Authority (EBA) announced that existing CASPs would be granted a longer transition period, referred to as a “grandfathering” period. “Crypto-asset service providers that provided their services in accordance with applicable law before 30 December 2024, may continue to do so until 1 July 2026,” the regulator confirmed. Despite this extended grace period, companies operating under the current regime will be required to apply for a new CASP license to maintain compliance and continue operations beyond the 2026 deadline.

The EBA outlined several key changes that will be introduced as part of the new AML framework for CASPs and related entities. Among these, CASPs, issuers of asset-referenced tokens (ARTs), and issuers of e-money tokens (EMTs) will need to seek formal authorization to operate within the EU. To secure this authorization, they must demonstrate robust AML controls that align with the updated regulatory requirements.

Once authorized, all CASPs and EMT issuers will be required to adhere to the EU’s AML/CFT (countering the financing of terrorism) rules. This includes conducting a thorough assessment of their money laundering (ML) risks and implementing comprehensive internal policies and controls designed to mitigate such risks effectively.

For issuers of ARTs that are not classified as CASPs, the EBA clarified that they would not be subject to specific AML/CFT systems and control requirements. However, these issuers remain responsible for ensuring that neither they nor the broader sector is exposed to significant money laundering risks.

The new rules also impose enhanced traceability requirements on CASPs. These providers must include detailed information about the originator and beneficiary in crypto-asset transfers to ensure such transactions can be tracked. Additionally, CASPs are mandated to adopt specific measures to address risks associated with transfers involving self-hosted crypto-asset addresses.

Explaining the rationale behind these measures, the European Banking Authority emphasized the heightened risk of crypto-asset businesses being exploited for illicit purposes. “The new rules are being introduced due to the risk of crypto-asset businesses being abused for money laundering and terrorist financing purposes,” the EBA stated.

As the European Union prepares to enforce these stricter measures, both newly-formed and existing cryptocurrency businesses operating in the region are urged to prepare for compliance. The updated regulations reflect the EU’s ongoing commitment to strengthening the integrity and security of its financial system while addressing emerging risks in the rapidly evolving crypto-asset sector.

By fLEXI tEAM