Everything About Cryptocurrency Regulation in Europe and America

Cryptocurrency regulation consists of a collection of laws and rules aimed at giving cryptocurrency investors a safe and trustworthy way of engaging with digital currencies by integrating cryptocurrency into our economies through established regulations that protect investors and limit the risk of losing capital.

Bitcoin's launch in 2009 was an opportunity for the common user to say to traditional financial institutions: "I don't need banks anymore. I can do everything a bank offers, using Bitcoin." At that time, cryptocurrencies had virtually no governmental regulatory oversight. Projects in the DeFi space operated on their own terms, and did not register or request regulatory approval before launching. The rise of cryptocurrencies has resulted in a market value of over US $2.5 Trillion by 2021, and as such, governmental authorities started taking a close look at this rapidly growing market space, as evidenced by Binance's US $4.3 Billion fine imposed in 2023 for violations of anti-money laundering statutes.

The Importance of Regulation in the Cryptocurrency Market

The fact of the matter is that the cryptocurrency market is becoming increasingly chaotic, without any regulation in place. Criminals had free rein to defraud investors of their funds, which is the primary reason why regulations will benefit both the investor and the economy. There are several reasons why regulations will be beneficial to both investors and the economy:

Protection to Investors: In 2022, over US $20.1 billion was lost to fraudulent activity in cryptocurrencies. This is an increase of 65 per cent over the prior year according to data from Chainalysis. Much of the loss of capital was attributable to fraudulent initial coin offerings (ICOs), Ponzi schemes, and hacks on cryptocurrency exchanges.

Combatting Crime: Money laundering and illegal transactions conducted with cryptocurrency have often been associated with the illegal activities of terrorists, drug cartels, and organized crime. Thus, cryptocurrency regulators are requiring compliance with 'Know Your Customer' (KYC) and 'Anti-Money Laundering' (AML) regulations similar to those found in traditional banking institutions. The financial crash with FTX in the summer of 2022 caused users to lose over 8 billion dollars, providing an example of a failing market through a lack of regulatory control over major industry players. The fall has led regulators in different parts of the world to specify what they need to see from trading platforms, including proof of a reserve, a formal audit, and an easy ability to access liquid capital.

Without regulatory supervision, it would appear the crypto marketplace offers little chance of success or security for anyone.

Major Goals & Objectives of Regulation

While the goals of regulating blockchain technologies in Europe and North America may be similar, the methods of achieving these goals in each region are very different.

Licensing & Acceptance: For example, under the MiCA regulations, the EU has enabled many crypto companies to operate throughout Europe by granting a single license for the entire EU zone.

Risk Management: Among others, regulators will enforce the separation of client funds and proprietary funds, undertake audits on behalf of the exchange, and maintain a liquid capital pool.

Consumer Rights: Regulators will require white papers to be transparent to consumers, include appropriate risk disclosures, and require UK exchanges to register with the FCA if they offer securities.

Anti-Crime: Regulators will enforce the Travel Rule, requiring all exchanges to share the identity of the sender and the recipient of each transaction. Therefore, an exchange is obligated to monitor and stop any suspicious activity from becoming a crime or financial crime and freeze any potentially illicit asset.

Support of Innovation: In order to encourage the growth of new ideas, many regulators will introduce "regulatory sandboxes" for innovators to test their products and services under controlled conditions.

Key Legislative Frameworks and Regulations in Europe

Key Regulators

ESMA: A European regulator charged with overseeing the European securities market and implementing MiCA for security tokens.

FCA (England): Regulates exchanges, requires exchanges to register and comply with Anti-Money Laundering (AML) and Know Your Customer (KYC) requirements, and limits how much yield is advertised.

BaFin (Germany): The most stringent national regulator for the cryptocurrency industry in Europe, it requires companies to obtain licenses for virtually all of their activities, including storage and custodial services.

AMF (France): Allows exchanges to register on a voluntary basis and assists exchanges with obtaining access to banking services.

Legal Framework

MiCA (Markets in Crypto-Assets): A regulation of the European Union effective from 2024. It classifies tokens as asset-referenced stablecoins, e-money, and utility tokens. As part of its requirements, MiCA stipulates that companies must produce a white paper, obtain a Crypto-Asset Services Provider (CASP) license, implement investor protection measures, and ban all forms of market manipulation.

GDPR (General Data Protection Regulation): A regulation on the protection of personal data, which applies to all organisations that process client data within the cryptocurrencies sector.

AMLD5 (5th Anti-Money Laundering Directive): Provides tighter regulations on Anti-Money Laundering, Know Your Customer (KYC) documentation and monitoring requirements, and introduces the Travel Rule for transactions over €1,000.

AML/KYC Licensing and Requirements

In Europe, all cryptocurrency exchanges must verify three levels of customer information:

• Tier 1: Basic identification information (name, email address, and phone number) with limited transaction volumes.
• Tier 2: A passport, selfie, and proof of residence, allowing higher transaction volumes.
• Tier 3: Source of funds verification, through video call with an operator.

In order to obtain a CASP licence, companies must select a country, prepare an AML/KYC business plan and documents, and pass a regulatory audit. Obtaining a licence can take anywhere from 3 to 12 months, depending on the types of companies, with costs ranging from €50,000 for smaller companies up to €500,000 for larger exchanges.

ICOs and Crypto Exchanges

ICOs must publish a white paper and submit information to a regulatory authority. Tokens classified as securities based on the Howey Test must be registered with the SEC. All exchanges must keep client money in a separate account and provide proof of reserves, as well as insuring user assets. Coinbase and Kraken possess European-approved licences and comply with these regulations, while Binance is restricted from operating in many countries as a result of not having any licences.

Overarching Legislative Framework and Guidelines in the United States

The United States has a framework in place for regulating the use of cryptocurrencies and tokens through its various regulatory bodies. These bodies include:

The Securities and Exchange Commission (SEC)
The SEC considers the majority of tokens (cryptocurrencies) to be securities and requires that any cryptocurrency or token that is deemed a security must be registered with the SEC, and all activity involving securities must report to the SEC regularly. Some examples of SEC action against companies that failed to properly register tokens include Ripple and Coinbase.

The Commodity Futures Trading Commission (CFTC)
The CFTC regulates Bitcoin and Ethereum, as well as other cryptocurrency commodities. The CFTC also provides oversight of trading and trading platforms that do not have a license, such as BitMEX and Binance.

The Financial Crimes Enforcement Network (FinCEN)
FinCEN is responsible for enforcing the Bank Secrecy Act (BSA) and the Anti-Money Laundering (AML) and Know Your Customer (KYC) provisions of the BSA. FinCEN has defined all businesses that deal with cryptocurrencies or tokens as Money Service Businesses (MSBs) and, accordingly, holds all cryptocurrency businesses to the same standards as traditional MSBs. All MSBs are required to register and report to FinCEN.

Legislative Efforts and Precedents

The Howey Test defines how the SEC classifies tokens as securities. In the state of New York, the BitLicense is the state regulation for cryptocurrency businesses, and there are strict requirements that must be met by businesses operating under the BitLicense, including maintaining a minimum capital level of $100,000 and implementing rigorous AML policies.

Anti-Money Laundering (AML), KYC, and Compliance Obligations

FinCEN requires that all institutions send FinCEN their data for all transactions of $3,000 or more.

FinCEN has requirements that all MSBs must comply with all sanctions that are enforced by the Office of Foreign Assets Control (OFAC).

All MSBs must file Suspicious Activity Reports (SARs) with FinCEN at least once every 30 days. In calendar year 2022, 54,000 SARs were filed, a 40% increase compared to 2021.

Regulatory Activities Regarding Decentralised Finance (DeFi) Protocols and Cryptocurrency Exchange Platforms

The regulators are facing challenges with decentralised finance (DeFi) protocols because they are not legally recognised as legal entities (and therefore have no employees), making it nearly impossible for regulators to enforce KYC regulations. This was seen in the case of the Tornado Cash founder and in the recent investigation of Uniswap. While there have not yet been any formal charges against the founder of Tornado Cash or Uniswap, questions continue to surround both DeFi platforms.

Centralised cryptocurrency exchanges operate under a cloud of uncertainty in the United States—a good example is Coinbase. Coinbase is registered as a Money Services Business (MSB), but it has not registered as a broker-dealer, which has resulted in disputes between Coinbase and the SEC.

Comparison of Regulation — Europe and the United States

Unifying Regulatory Framework: Europe is implementing the MiCA legislation beginning in 2024; however, in contrast to Europe, in the United States there is no unified regulatory framework. Each State has its own regulation of cryptocurrencies and tokens, resulting in significant regulatory ambiguity.

The regulatory environment across Europe and North America differs greatly regarding cryptocurrencies. As shown on this infographic, here is a summary of what you should know:

1. Regulators: The primary regulators for cryptocurrency transactions in Europe are the European Securities and Markets Authority (ESMA) and individual nations' financial regulators — whereas in North America, the Securities Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) regulate most of the crypto-related activities, and all three of these agencies have some jurisdiction over cryptocurrency trades, including the Financial Crimes Enforcement Network (FinCEN).
2. Token Classification: In Europe, there are classifications for Stablecoins, e-money and utility Tokens, which provide some clarity around how a token will be treated from a regulatory perspective. In North America, the definitions of these terms are less clear, with most tokens being classified as securities, although this may change.
3. License to Operate as an Exchange: An entity seeking to operate as an Exchange in Europe must register with their local financial authority and be issued a CASP licence. In North America, an entity must register with FinCEN as a Money Services Business (MSB), plus obtain licences from the various state regulators where they plan to operate.
4. Travel Rule: Transmitters of crypto funds must comply with the Travel Rule and report their transactions to regulators. The threshold for compliance is 1,000 Euros in Europe and 3,000 Dollars in North America.
5. Regulation of DeFi: The European market currently does not have clear regulations for DeFi, but North America is beginning to apply the same rules it has for generally accepted securities to DeFi products.

Stablecoins are currently regulated heavily in Europe. There is no unified federal agency regulating the use of stablecoins in North America.

Proof of Reserves is a requirement for Exchanges operating in Europe. Exchanges that want to operate in North America should obtain proof of reserves but do not currently have the same requirements.

Fines for Non-Compliance: The maximum fines in Europe are 5 million Euros or 3% of the total revenue of the business, while there are virtually no limits on how much a business can be fined in North America (i.e., Binance, which received a fine of 4.3 billion dollars).

Licensing Timeline: Businesses that want to obtain a licence to operate as an Exchange can expect to wait 3–12 months for their application to be approved in Europe, and between 6–24 months in North America.

Cost of Obtaining a Licence: The cost of obtaining a business licence to operate as an Exchange in Europe will cost about 50,000 to 500,000 Euros, while the cost of obtaining a business licence to operate as an Exchange in North America will cost between 100,000 and over 1,000,000 dollars.

Regulatory Philosophy: The EU is based on a permission-based regulation philosophy, while the USA's regulatory philosophy is primarily based on enforcement.

Privacy Tokens: Privacy Tokens have been delisted from many jurisdictions in Europe and are currently banned in New York State.

Tax Treatment: Taxation in Europe occurs at the national level, while taxation in North America occurs at the Federal and State level.

Impact on the Industry

Centralised Exchanges are provided an opportunity to operate legally within their markets at the cost of compliance with a large number of regulations that incur excessive costs. DeFi products will operate under a similar pressure and risk of sanction.

Recent regulatory changes allow institutional investors to benefit from a plethora of new tools, while retail investors continue to face challenges related to KYC compliance and limitations on access to cryptocurrency exchanges. In order to take advantage of the innovative tools available to institutional investors, the following practical recommendations are offered:

Crypto Exchanges:

1. Take action – Obtain a license to operate legally in your jurisdiction.
2. Incorporate Anti-Money Laundering and Know Your Customer (AML/KYC) policies into your business operations.
3. Separate your client's funds from your proprietary funds.
4. Publish a proof of reserves document to show customers you are following proper procedures.

Projects and Startups:

1. Determine what type of tokens you plan to create and then select a jurisdiction in which to do so.
2. Create a high-quality white paper that outlines your vision and business plan.
3. Avoid making promises of unrealistic returns for your tokens.

Traders:

1. Only conduct trading activities on regulated exchanges.
2. Store your crypto assets in cold wallets.
3. Verify that the tokens you are interested in are properly registered.
4. Keep up to date with current legislative developments.

At ASCN.AI, we understand the need to automate the tracking of the many innovations that are occurring in the crypto space to help businesses better navigate the ever-changing regulatory landscape.

ESG and Sustainability Reporting

As environmental concerns continue to be at the forefront of society, crypto assets such as Bitcoin that consume large amounts of energy have become targets for media coverage. It is estimated that the annual electricity consumption of Bitcoin alone is approximately 120 TWH, which is comparable to the total electricity consumption of several countries. Due to these concerns, the European Union is beginning to require companies operating in Europe to disclose their carbon footprints and to encourage companies to transition to more energy-efficient technologies, such as Proof of Stake (PoS). Ethereum is an example of how a blockchain network can dramatically reduce its electricity consumption by over 99.95% when transitioning to PoS.

Central Bank Digital Currencies (CBDC)

CBDCs are digital currencies that are issued by central banks. Countries such as China and the European Union are currently developing CBDCs, which have the potential to replace stablecoins and redistribute the market for crypto assets. At the same time, regulators are also tightening their control over the crypto market through the introduction of new digital surveillance mechanisms.

Future Legal Changes

The Financial Action Task Force (FATF) has announced plans to coordinate global AML/KYC regulations and establish a Travel Rule for international transactions by 2026.

NFT Regulation: NFT regulation has not yet been determined, but at this time regulators are debating whether to classify them as a commodity or a security.

Tax Optimization: There is currently no comprehensive taxation regime for the use of cryptocurrency. Although, through the use of exchanges, there is the potential for automated tax calculations.

AI Regulation: As more crypto assets are developed, regulators will need to develop and implement regulations that govern the use of AI agents in relation to cryptocurrency, such as in the European Union's proposed AI Act which is expected to be implemented by 2025, which also includes the control of liability.

Frequently Asked Questions (FAQs)

What do I need to do to launch a cryptocurrency business in the United States (U.S.) and European Union (EU)?

1. EU: In order to launch a cryptocurrency business in the EU, you must first register a company in Europe. Although there are many possible jurisdictions, the most popular choices are Lithuania, Estonia, or Malta. Next, you will need to obtain a Cryptocurrency Asset Services Provider (CASP) license. The application process can take anywhere from three to twelve months and can cost anywhere from €50,000 and upward. Once you have obtained the desired license, implemented AML/KYC and have established a connection to the banking system, you will then be able to trade legally in all of the 27 EU countries.
2. U.S.: To establish a business in the U.S., it is common practice to first register your company in Delaware. Next, you will need to obtain a Money Services Business (MSB) license from the Financial Crimes Enforcement Network (FinCEN) as well as obtain the necessary licenses for each state (application processing time varies from six to twenty-four months at a cost of $100,000 or more). Finally, the business must determine whether its tokens are security or not, and must also comply with the Travel Rule, as well as sanctions imposed by the U.S. Treasury Department.

What process do I need to follow to comply with AML/KYC regulations?

Three-level identification must be completed in order to meet AML/KYC requirements (Tier 1–3). First, businesses can utilize AI tools to monitor suspicious activity such as Chainalysis and Elliptic. Second, businesses must file suspicious activity reports (SAR) on a regular basis. Finally, businesses must comply with the Travel Rule and other applicable regulations when conducting international transactions.

What are the possible fines for AML/KYC non-compliance?

Fines in the EU can be as high as €5 million or 3% of turnover, revocation of license, and possible criminal liability.

In the U.S., fines can reach into billions of dollars and can be accompanied by prison sentences and asset freezes, as seen in the cases of Binance and Ripple.