Back to All Blog Posts

EU passes landmark crypto regulation, MiCA, in lock step after
cementing decried, dreaded virtual value AML ‘travel rule’

The Skinny:
•   European Union lawmakers Thursday passed what many are calling a landmark set of rules to create an expansive, creative and rigorous regulatory framework for virtual value, including financial crime compliance duties, for crypto assets, service providers and currency exchanges.
•   In a whirlwind 48 hours for the crypto world and following two years of debate, European Union policymakers finalized two massive and entwined legal and regulatory initiatives that will shape crypto oversight across the bloc and the rest of the world for decades to come.  
•   The first is a broad overarching regulation covering the crypto asset sector, the Markets in Crypto-Assets (MiCA) rule, and the second requiring exchanges to share customer details: the “Travel Rule.” The rules are meant to protect consumers, counter fraudsters and promote market integrity – a move that could have prevented recent high-profile sector meltdowns.

By Brian Monroe
April 20, 2023

European Union lawmakers Thursday passed what many are calling a landmark set of rules to create an expansive, creative and rigorous regulatory framework for virtual value, including financial crime compliance duties, for crypto assets, service providers and currency exchanges.

In a whirlwind 48 hours for the crypto world and following two years of debate, European Union policymakers finalized two massive and entwined legal and regulatory initiatives that will shape crypto oversight across the bloc and the rest of the world for decades to come. 

The first is a broad overarching regulation covering the crypto asset sector and the second is a thorny fincrime compliance tangle requiring virtual exchanges to capture and share customer details, called the “Travel Rule.”

After two days of widely-watched rubber stamping, the EU Parliament reached a final agreement on the Markets in Crypto-Assets (MiCA) proposal, which covers issuers of unbacked crypto-assets, and so-called “stablecoins,” as well as the trading venues and wallets where crypto-assets are held, according to EU officials.

“MiCA is arguably the world’s most comprehensive legal framework for crypto-assets,” said Ari Redbord, the Head of Legal and Government Affairs at TRM Labs, a blockchain intelligence company.

Prior to joining TRM, he was the Senior Advisor to the Deputy Secretary and the Undersecretary for Terrorism and Financial Intelligence at the United States Treasury

To read the original post and be part of the conversation, click here.

The update “requires crypto-asset service providers (CASPs) to take action related to consumer protection, the environment, anti-money laundering (AML), stablecoins and other areas,” Redbord said.

This updated regulatory framework is designed to bring “clarity and harmony” across EU member states, making it more difficult for criminals and scofflaw exchanges to game AML defenses and give regulators more power to enforce failings if crypto exchanges have weak “window dressing” programs.

This crypto travel rule proposal is part of a broader EU package of legislative proposals to bolster the bloc’s AML defenses, originally presented by the Commission in July 2021.

What many consider the centerpiece of the package is a proposal to create a new EU-wide authority to fight money laundering, currently spearheaded by the European Banking Authority (EBA).

The EU is “making it more difficult for criminals to misuse crypto currencies for criminal purposes,” by cementing recommendations 15 and 16 of the Financial Action Task Force (FATF), the global money laundering and terrorist financing watchdog.

The update “especially timely in the current geopolitical context,” according to EU policymakers, noting that with sanctions orchestrated by the EU, U.S. and its allies, against Russia for its war in Ukraine, leaky crypto portals can open evasion avenues for blacklisted individuals, corporates and regions.

To read the full release, click here.

Crypto ‘Travel Rule’ flies further than global watchdog, eschews monetary threshold

The expanded rules are also a further bid to prevent the embarrassment of bloc bank examiners that have been excoriated in the face of multi-billion dollar Baltic and Nordic money laundering scandals.

In all, MEPs approved the initiatives 529 votes to 29 with 14 abstentions.

MiCA, they say, is the first piece of EU legislation for tracing transfers of crypto-assets like bitcoins and electronic money tokens.

The text – which Parliament and Council negotiators provisionally agreed to in June 2022 – aims to ensure that crypto transfers, similar to other bank and money transmitter transfers, can always be traced and suspicious transactions blocked and reported to law enforcement authorities.

One key sticking point for MiCA was the “travel rule,” where information on the source of the asset and its beneficiary will have to “travel” with the transaction and be stored on both sides of the transfer – a challenge with crypto built on the idea of anonymity and moving money around the globe quickly and easily.

The EU travel rule also goes beyond recommendations by global AML watchdog, the Paris-based Financial Action Task Force (FATF).

“All CASPs will need to comply with the Travel Rule and share relevant originator and beneficiary information for ALL crypto transfers, with no de minimus threshold,” said David Carlisle, Vice President of Policy and Regulatory Affairs at Elliptic, a blockchain analytics firm, in analysis of the new rules.

“This goes beyond the FATF‘s Standards, which only require Travel Rule on transfers over EUR 1,000,” he said.

To read the original post and be part of the conversation, click here.

CASPs in the EU will need to also “ensure that they can comply with the Travel Rule for any transaction where the direct transfer is made to another CASP and must also adhere to the EU’s General Data Protection Regulation in the process,” according to Carlisle.

The law would also cover transactions above €1000 from so-called self-hosted wallets – a crypto-asset wallet address of a private user – when they interact with hosted wallets managed by crypto-assets service providers.

The rules do not apply to person-to-person transfers conducted without a provider or among providers acting on their own behalf.

The rules even go further than some jurisdictions’ requirements when it comes to transferring funds through banks and money remitters.

In the U.S. for example, banks must capture customer details for transactions more than $10,000, while money services businesses have a sliding scale of typically between $1,000 and $3,000 to capture information on the individuals involved before sending the money.

As for next steps, the texts will now have to be formally endorsed by Council, before publication in the EU Official Journal, entering into force 20 days later, likely May or June.

Its rules tied to stablecoins will come into force in July 2024, but providers will have more time to align programs with other requirements which won’t come online until January 2025, according to published reports.

Uniform EU market rules for crypto-assets meant to protect customers, hamper scammers

The EU plenary also gave its final green light, 517 votes to 38 with 18 abstentions, to new common rules on the supervision, consumer protection and environmental safeguards of crypto-assets, including crypto-currencies (MiCA).

The draft law agreed informally with the Council in June 2022 includes safeguards against market manipulation and financial crime.

MiCA will also fill a persisting oversight gap, capturing crypto assets that are not regulated by existing financial services legislation.

Now, firms issuing and trading crypto-assets, including asset-reference tokens and e-money tokens, will be subject to a host of requirements around transparency, disclosure, authorization and supervision of transactions.

The tacit goal is that consumers across the EU would be better informed about the “risks, costs and charges” linked to crypto trading and exchange operations.

Pulling the lens back, the more rigid and formal legal framework is crafted to support market integrity and financial stability by regulating the public offers of crypto-assets.

That move is vital to go after fraudsters who are simply putting a virtual value theme on classic trading schemes – where they hype up supposed initial coin offerings (ICOs) with buzzwords aplenty to lure and dupe the unsophisticated investor with a classic Ponzi scheme.

To read the full release, click here.

License to thrill: More rules under MiCA, but also more power to expand across bloc

While some crypto firms may be cringing when viewing the gap between what their compliance programs are and what they need to be – for those who have championed countercrime and market rules, they could be rewarded with expansion opportunities.

“The money shot [of MiCA] however is the creation of a ‘passportable’ license,” Redbord said.

Under MiCA, when looking to extend operations across EU countries, CASPs must obtain approval from regulatory authorities in an EU country.

“Once local authorities have approved a crypto business according to EU regulations, the CASP would then be able to extend operations to other EU countries without having to obtain additional licenses — so-called ‘passporting,’” he said.

That is a rare bit of news for the virtual value which is in the midst of deepening “crypto winter” that has seen many crypto coins plummet precipitously in recent weeks, along with contributing to the implosion of major exchanges and some of the bank connected to them.

Some high-profile examples include FTX, which many of its top leaders indicted, along with banks crumbling, including Silvergate Bank, Silicon Valley Bank, Signature Bank and others. 

The most popular cryptocurrency, Bitcoin, has shed about 70 percent of its value since hitting an all-time high of roughly $69,000 in November, according to media reports.

The overall market capitalization of crypto assets has dipped to less than $1 trillion from its November 2021 peak of $3 trillion, according to CNBC analysts.

Currently, the overall value of crypto sits at about $1.2 trillion, according to CoinGecko.

Why EU Travel Rule upgrade could be central to fincrime fight

While many crypto firms may be thinking more about survival than compliance, the EU Travel Rule was a critical step to plug a vulnerability abused by criminals, many looking to use crypto to monetize schemes, scams and cyber-enabled frauds.

Some of the key issues, according to critics, is that prior to the finalization of the Travel Rule, EU exchanges could be dealing with a foreign exchange that did not have to collect such information.

The potential result: the transaction would be held up until a full AML know-your-customer or due diligence exercise is performed – or worse transactions would be allowed with little to no customer details or risk rating performed.

A core persisting challenge, though, is not just a matter or will for exchanges to capture and share information to comply with AML rules, but a matter of technical roadblocks.

As it stands now, there is no industrywide set of sharing standards and frameworks to capture, share and safeguard sender and beneficiary information, while also respecting privacy-conscious users drawn to pseudo-anonymous crypto transactions.

This is the case even though finding an answer to this dilemma has been a concerted effort by many of the brightest minds in the crypto world.

Overall, while not perfect, great progress has been made through such initiatives, including potential regulatory workarounds such as the “Travel Rule Information Sharing Architecture,” or TRISA.

Even so, EU lawmakers concluded that the how of sharing information is not as important the formalized rules in place to do it – quickly.

MEPs broadly believed the end would justify the means, stating they could be setting the pace for the rest of the world when it comes to fincrime crypto compliance.  

“This new regulation strengthens the European framework to fight money-laundering, reduces the risks of fraud and makes crypto-asset transactions more secure,” said Ernest Urtasun (Greens/EFA, ES), co-rapporteur for ECON, in a statement as the new rules took shape.  

“The EU travel rule will ensure that CASPs can prevent and detect sanctioned addresses and that transfers of crypto-assets are fully traceable,” he said.

“This regulation introduces one of the most ambitious travel rules for transfers of crypto assets in the world. We hope other jurisdictions will follow the ambitious and rigorous approach the co-legislators agreed today.”

Will MiCA, EU Travel Rule send crypto rule ripples across the globe?

Will that happen? Only time will tell.

One region, particularly one as large as the EU, adopting stronger crypto rules is a boon in the fight against financial crime – but criminals will just work through other areas with weaker digital coinage oversight and AML rules.

But that brings a further query to the fore: could other countries follow suit – forcing criminals away from large economies into smaller and riskier economic pools willing to engage in crypto transactions with few questions and lax controls?

For the EU crypto industry, MiCA is a “true game changer,” said Patrick Hansen, Director of EU Strategy & Policy at technology payments company, Circle, in analysis of the new rules.

“Until now, crypto companies in the EU had to knock at every single national regulator’s door if they wanted to serve the entire EU market.”

To view the full Circle report, click here.

Some countries like France, Germany, or Austria have formalized crypto licensing regimes in place, while others like Ireland have grafted on AML registration obligations, he said.

Even so, many countries “didn’t have any regulatory frameworks in place for crypto businesses,” Hansen wrote.

Navigating the cumbersome and burdensome national regulatory patchwork of 27 different rulebooks became a very costly and frustrating endeavor.

Under MiCA, the same binding EU requirements will apply to all 27 member countries and the “passportable” license solves jumping through regulatory hoops in each member country.

“With MiCA in force, offshore, unregulated companies will no longer be able to target EU consumers pro-actively,” Hansen said.

In tandem, the rules under which foreign businesses can onboard EU customers that act on their own initiative are expected to be stricter than for other financial service providers in traditional markets, something that could have potentially warded off implosions like the recent FTX meltdown, he said.

But that begs the question: will businesses evade the EU for fear of being captured by stronger rules, or will more regions raise their standards to be in line with the bloc?

“Undeniably, MiCA will play a huge role in how other jurisdictions, especially those without much experience in financial regulation and supervision, think about their own crypto-asset framework,” Hansen said.

The EU market is the single largest internal market in the world with 450 million relatively wealthy consumers, according to the Circle report.

By the sheer heft and influence of its market, MiCA will likely persuade many companies around the world to adopt identical operating standards, “possibly on an international scale in order to maintain globally streamlined operations and products,” he said.  

Stefan Berger, the German MEP who was the lead architect of the regulation, said it would put the EU “at the forefront of the token economy”, and would “restore the trust that was damaged by the FTX case,” according to the report.

Several other members speaking in support of MiCA also mentioned the catastrophic collapse of FTX.

Financial commissioner Mairead McGuinness even said that had FTX been under EU jurisdiction, pointing to rules within MiCA, which require companies to disclose conflicts of interest and not use client funds, “many of its practices would not have been permissible.”

See What Certified Financial Crime Specialists Are Saying

"The CFCS tests the skills necessary to fight financial crime. It's comprehensive. Passing it should be considered a mark of high achievement, distinguishing qualified experts in this growing specialty area."


(JD, Washington)

"It's a vigorous exam. Anyone passing it should have a great sense of achievement."


(CFCS, Official Superior

de Cumplimiento Cidel

Bank & Trust Inc. Nueva York)

"The exam tests one's ability to apply concepts in practical scenarios. Passing it can be a great asset for professionals in the converging disciplines of financial crime."


(CFCS, Royal Band of

Canada, Montreal)

"The Exam is far-reaching. I love that the questions are scenario based. I recommend it to anyone in the financial crime detection and prevention profession."


(CFCS, CAMS Lead Compliance

Trainer, FINRA, Member Regulation

Training, Washington, DC)

"This certification comes at a very ripe time. Professionals can no longer get away with having siloed knowledge. Compliance is all-encompassing and enterprise-driven."

Director, Global Risk
& Investigation Practice
FTI Consulting, Los Angeles