The European Union is set to outlaw decentralised mixers and compel cryptocurrency firms to closely monitor users, dealing a significant blow to the anonymity offered by decentralized finance (DeFi)

By Kyriakos Christofidis
Assistant Director, Complyport

A cryptocurrency mixer enhances transaction privacy by pooling and mixing funds from multiple users, making it difficult to trace the original source of the cryptocurrency. Users deposit funds, which are then mixed with others’ and withdrawn, obscuring the transaction history. However, while mixers enhance privacy, they can also be used for illicit activities.

According to the proposal of the Anti-Money Laundering Regulation (AMLR) and based on the explanatory memorandum of the European Commission which was adopted by the European Union Committees on Economic and Monetary Affairs and on Civil Liberties, Justice and Home Affairs on 19 March 2024, additional requirements will be imposed to obliged entities in the near future as way of mitigating the negative effects of cryptocurrency mixers.

Offline wallets

This change also removed the initiative to introduce identity checks for offline wallets accepting funds. Consequently, crypto-exchanges in the EU will now require Know Your Customer (KYC) verification for their clients to complete any transaction.

CASP Implications

1. The adopted text of the AMLR, requires Crypto-Asset Service Providers (CASPs) to implement mitigation measures corresponding to the identified risks, which may include identifying and verifying the identity of the sender or recipient of a transfer made from or to a non-custodial address.
2. Under the new laws, CASPs are also obligated to apply risk mitigation measures to transfers between their platform and offline wallets where users store their private keys. This entails, at the very least, verifying the identity of the owner of the exchange wallet to which funds from the offline storage wallet were sent.

Anonymity

The legislation also prohibits the use of tools that enable anonymity, including privacy tokens. Additionally, offering crypto-mixing services, which obscure transaction history, will no longer be permitted. Obliged entities are required to verify the identity of users, monitor transactions, and gather more information about both senders and recipients.

For crypto transfers below €1,000, service providers must conduct basic KYC to authenticate their users. However, for transactions exceeding €1,000, customer due diligence measures are necessary, involving longer-term monitoring of user behavior and identity in addition to the standard KYC.

MiCA (Markets in Crypto-Assets Act)

These proposed regulations complement MiCA by further reinforcing its existing prohibitions on CASPs, particularly regarding providing accounts to anonymous users or using privacy coins, which by design obscure transaction details.

Tighter Restrictions

Furthermore, the new legislation restricts cash payouts to €10,000, with EU Member States having the freedom to set lower limits. Additionally, anonymous cash payments exceeding €3,000 are now prohibited.

The Anti-Money Laundering Regulations (AMLR) are anticipated to become fully operational in approximately three years, around 2027, following the receipt of all necessary approvals. However, the obliged entities are expected to start adjusting their workflows, procedures and systems to be able to comply with these requirements.

MAP S.Platis can provide comprehensive advisory support to Crypto-Asset Service Providers. Please contact us for more information on our related services.