Irish Crypto Law Development: New Legal Obligations

PUBLISHED: 7th May 2021

Your crypto business may now be regulated…

The Fifth Anti-money Laundering Directive ((EU) 2018/843)) has been implemented into Irish law.  This Directive is also known as AMLD V or MLD5.

This will have an impact on some crypto businesses that qualify as virtual asset service providers (VASPs) as they will now be required to register with the Central Bank of Ireland (CBI) and comply with other regulatory obligations.

AMLD V was implemented through the Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Act 2021, which made changes to the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (2010 Act).  The changes applicable to VASPs came into force on 23 April 2021. 

This means that VASPs have three months from 23 April 2021 to register with the CBI.  Failure to register with the CBI as a VASP is a criminal offence.  Additionally, VASPs now have money laundering and terrorist financing (ML/TF) obligations under the Act.  Changes in the ownership of VASPs must also be approved by the CBI.

In this article, we discuss which crypto businesses must register with the CBI as VASPs and the implications of the 2010 Act for VASPs.

Who qualifies as a VASP?

VASPs must register with the CBI within three months of 23 April 2021.  The Act defines a VASP as a person who provides one or more of the following activities for, or on behalf of, another person:

1.     Exchanges between virtual assets and fiat currencies (e.g. exchanging Bitcoin for Euro or vice versa).

2.     Exchanges between one or more forms of virtual assets (e.g. exchanging Bitcoin for Ether).

3.     Transfers of virtual assets (e.g. transfers from one crypto wallet or account to another).

4.     Custodian wallet provider (e.g. storing private keys).

5.     Participation in, and provision of, financial services related to an issuer’s offer or sale of a virtual asset or both (e.g. providing financial services for ICOs and IEOs).

So, if a crypto business provides any of these services then it will be a VASP under the 2010 Act and will have to be registered as a VASP with the CBI. 

However, “virtual assets” under the Act only includes those crypto-assets that can be both:

1.     digitally traded or transferred; and

2.     used for payment or investment purposes;

...but it does not include digital representations of fiat currencies, securities or other financial assets.

Accordingly, this definition excludes stablecoins that represent fiat currencies (e.g. Tether) and crypto-assets that tokenise securities (e.g. shares or bonds) or other financial assets (Excluded Virtual Assets).

This means that if a crypto business is only involved with Excluded Virtual Assets then it may not have to register the CBI.  We say “may not have to register with the CBI” because there may be other regulatory obligations under other pieces of law that may require registration with the CBI.

How to register with the CBI

To register with the CBI, an applicant must firstly submit a pre-registration form requesting a CBI institution code from VASP@centralbank.ie.  Once an applicant has received their institution code they can then apply for registration as a VASP by filing a registration form with the CBI (CBI Form). 

The CBI Form will require the following supporting documentation:

1.     An Individual Questionnaire (IQ) for each partner or shareholder who has a 25% or greater ownership interest in the applicant or has a significant influence who is not a Pre-Approval Controlled Function (PCF).

2.     An IQ for each person who proposes to hold a PCF if that person has not already been approved to that PCF by the CBI.

3.     A copy of the applicant’s ML/TF policies, procedures, risk assessment, and training plan.

4.     A business plan setting out the applicant’s proposed activities, transaction flows, projections and any outsourcing arrangements envisaged.

5.     A copy of any other required documentation specified in the CBI Form.

Importantly, registration with the CBI will only be successful if:

1.     The applicant’s ML/TF policies and procedures are effective in combatting ML/TF risks associated with its business model; and

2.     The applicant’s management and its beneficial owners are fit and proper individuals. 

In respect of the latter point, this means that the CBI may reject an application where any of those individuals has, for example, been convicted of an ML/TF offence, another similar offence, or has difficulties with creditors.

A sample CBI Form is available here.

What if a VASP does not register with the CBI?

It is a criminal offence to carry on the business of a VASP, claim to be a VASP, or represent that a person is a VASP without a registration with the CBI.  The criminal penalties for failing to register are:

1.     On summary conviction to a class A fine or imprisonment for a term not exceeding 12 months or both; or

2.     On conviction on indictment, to a fine not exceeding €500,000 or imprisonment for a term not exceeding five years or both.

What ML/TF obligations does a VASP have?

The Act imposes ML/TF obligations on a VASP as a “designated person”, including:

1.     Conducting a business risk assessment to identify and assess ML/TF risks particular to the business of the VASP.

2.     Conducting a customer risk assessment to determine the type of customer due diligence (CDD) that will apply.

3.     Performing CDD including identifying and verifying the identity of customers, customer’s beneficial owners, and persons claiming to act on behalf of a customer.

4.     Reporting suspicious transactions to the Financial Intelligence Unit and Revenue.

5.     Having ML/TF policies and procedures, training staff on ML/TF obligations, and recording ML/TF compliance.

What obligations does a VASP have regarding its beneficial owners?

Registered VASPs have an obligation to take reasonable steps to determine whether its beneficial owners are fit and proper persons.  This means ensuring that shareholders in the VASP (if it is a company) do not have, for example, ML/TF offences, other related offences, or have difficulties with their creditors.  In other words, a VASP must conduct due diligence on its beneficial owners to verify that they are prudent law-abiding persons.  VASPs should document this due diligence exercise.

Failure to do this may amount to a criminal offence the penalties of which are:

1.     On summary conviction, to a class C fine; or

2.     On conviction on indictment, to a fine not exceeding €100,000.

VASPs also have an obligation to notify the CBI if they suspect on reasonable grounds that a beneficial owner is not a fit and proper person.

What if a person wants to acquire or increase their ownership in a VASP?

A person that wants to acquire or increase a beneficial interest in a registered VASP must obtain the prior approval of the CBI (Proposed Acquirer).  This involves notifying the CBI of the intended size of the ownership to be acquired or increased (Acquisition Notification).  Only CBI approved transactions will be valid.

The Acquisition Notification must include information:

1.     On the Proposed Acquirer.

2.     The persons to be responsible for the management of the Proposed Acquirer (where applicable).

3.     How the proposed acquisition will be financed.

4.     The structure of the resulting group.

5.     Any other information required by the CBI to assess the transaction.

In assessing whether to grant approval, the CBI will consider, for example, the influence the Proposed Acquirer will have on the VASP, the suitability of the Proposed Acquirer, and the financial soundness of the transaction.

How can we help?

We have extensive experience advising financial institutions under the Act.  We also have experience advising on crypto transactions.

We can help crypto businesses to address their ML/TF obligations and clarify the requirements of the 2010 Act.  In particular, we can assist with:

1.     Determining whether a crypto business qualifies as a VASP.

2.     Completing and filing IQs.

3.     Advising on the PCF approval process.

4.     Drafting and filing the CBI Form.

5.     Drafting and/or reviewing ML/TF policies and procedures.

6.     Conducting a due diligence exercise on beneficial owners.

7.     Completing and filing an Acquisition Notification.