Essentials

How AML Regulations Are Changing in 2023

AMLBot Team

7 min read
How AML Regulations Are Changing in 2023

Organized crime's motivation is the money perpetrators stand to make out of it. By cutting their access to financial systems, crime rates can witness a steep decline. Regulators around the globe are constantly working on designing relevant legislation to prevent the flow of crime-related funds within their financial systems.

Criminals are known to launder their ill-gotten proceeds through banks, money transfer services, and investment tools to make the funds seem legit. Therefore, regulators push out anti-money laundering (AML) regulations and laws that financial entities must implement to stay operational. The enforcement of these laws by regulators is in a bid to make all aspects of the global financial systems resistant to funds financing or originating from criminal activity.

Although the formation of AML legislation began decades ago by various jurisdictions, the prevention of money laundering has been a cat-and-mouse game. Technological advancements and the emergence of newer asset classes offer new avenues for criminals to launder their funds.

Consequently, AML legislation is often modified to cover newer areas of the larger financial system exposed to risky activity. With digital payment methods and cryptocurrency witnessing large-scale adoption, criminals are utilizing these channels too. To bridge the regulatory gaps left by these developments, several jurisdictions are formulating newer and more robust AML legislation which are expected to enter into force in 2023.

Overview of Changes to AML Regulations In 2023

Most AML regulations related to traditional finance are well-formed because of the decades of work already behind them. Beyond minor tweaks to make traditional finance regulations more effective, many amendments to existing AML regulations are centered around digital assets and the businesses in that sector.

The crypto industry needs such changes. For instance, look at the funds scammed within the crypto industry. 2022 alone reported around $3.8 billion stolen. Billions more were used to facilitate other criminal activity, making safety in the industry the need of the hour. Well-designed regulations will provide that.

Virtual Asset Service Providers (VASPs), like exchanges and custodians, are already subject to regulations in jurisdictions like the US, the UK, and the EU. Well-rounded AML programs, influenced by AML regulations, include customer due diligence (CDD), continuous monitoring of customers with frequently updated know-your-customer (KYC) policies, and transaction screening.

However, the changes in AML regulations dictate the enhancement of AML procedures and controls to prevent money laundering incidents. So, businesses and institutions need to pay greater attention to certain aspects of their AML procedures and make necessary tweaks.

AML Regulatory Changes in the EU

new AML regulatiory in EU

The EU is not too far behind with its implementation of the AML Package as of 2020. Such package consists of 4 new pieces of legislation such as:

  1. AML Regulation (AMLR)
  2. Regulation establishing a new EU AML/CFT supervisory authority (AMLAR).
  3. A sixth EU AML Directive (AMLD6)
  4. A revised Regulation 2015/847/EU on transfer of funds, extending its obligations to certain crypto-assets

28 March 2023 was a big step forward to the full implementation of the AML Package. EU Parliament committees voted on their proposals for the remaining ¾ of the AML Package - the Anti-money Laundering Regulation (AMLR), the 6th AML Directive (AMLD6) & the AML Authority Regulation (AMLAR).

New EU AML laws are greatly focusing on cryptocurrency sectors by requiring VASP to implement AML/KYC procedures, prohibition of working with anonymous accounts or wallets, introducing a threshold for crypto transfers of 1000 euros reaching which the customer shall be identified and introducing Travel Rule for VASPs. Along with this, the AML Package imposes some AML requirements for DAOs and other DeFi arrangements “to the extent they perform/provide for or on behalf of another person crypto-asset services controlled directly or indirectly, including through smart contracts or voting protocols”, etc. Interesting fact to mention that NFT platforms might become subject to AML rules as well.

Furthermore, MiCA regulation is about to be published in the EU. This means once it is officially published, 18 months later it will enter into force. According to MiCA stablecoin issuers in the EU will fall into the VASP category, making them responsible for implementing AML controls and procedures relevant to their line of business. Also, stablecoin issuers must maintain transparency of their reserves with their regulators, proving they can always honor customer withdrawals and remain solvent.

AML Regulatory Changes in the US

The US is implementing major changes to its AML frameworks through the Anti-Money Laundering Act, 2020 (AMLA). Before the act, the jurisdiction's AML legislation relied on the Bank Secrecy Act of 1970 and The Patriot Act of 2001. So, AMLA is much needed in recent times and extensively addresses asset classes like cryptocurrency.

However, the amendments made to AMLA in 2023 fill gaps that allow nefarious actors to launder funds. For instance, VASPs should establish their client companies' rightful ultimate business owners (UBOs) and assess their risk profiles. This is more so needed when shell companies are accepted as clients, owing to the regulatory nightmares they pose. The goal is for VASPs to identify how far money trails extend and the true nature of the risks they are exposed to by taking on certain clients.

The recent amendments also need VASPs to indulge in periodically updating client information. This is a measure for VASPs to keep track of the evolving risks that may occur during ongoing client relationships. The amendments come on top of VASPs needing to establish robust CDD and KYC procedures.

AML Regulatory Changes in the UK

The UK’s AML regulations are eerily similar to that recommended by the EU to its member states. That is unsurprising because the UK was a former bloc member. Before the nation split away, it collectively implemented the EU’s 5th AMLD with other members.

The FCA (Financial Conduct Authority) is changing in tune with the EU’s 6th AMLD. One is the imposition of FATF’s Travel Rule on VASPs in 2023. The UK’s Travel Rule imposition will remain similar to the EU’s except for some details. For example, senderciary information must be relayed from one VASP to another when the equivalent of 1000 Euros or more is transacted. In addition, transactions with sparse or no information regarding those involved must be delayed until all the requirements are met.

The FCA is known to be one of the world’s strictest financial regulators, approving only a few of the applicants that want to register as VASPs in the jurisdiction. Thanks to the regulator, the UK is turning out to be one of the safest jurisdictions for cryptocurrency users. The HM Treasury, UK’s finance ministry, issued a list of consultations earlier this year that will impact its second phase of crypto regulations. It also issued calls for evidence over various aspects of the crypto industry and decentralized ledger technology.

The FCA will enforce the consultations in the coming year or two. However, it offers crypto businesses a glimpse of what to expect if they want to operate in the jurisdiction. Like MiCA, the HM Treasury’s consultations consider a wide variety of cryptocurrencies by their function to be regulated. While phase 1 covered fiat-backed stablecoins, the newer consultations seek to reduce financial risks brought by algorithmic stablecoins and other crypto-backed assets.

Other important aspects the consultations touch on are firms lending crypto assets and fiat collateralized by crypto assets. Such firms will need to receive licensing to operate their services. Other activities needing specific registration are cryptocurrency exchange, custody, and intermediation. While a standard license was sufficient for such activities previously, the consultations suggest individual licenses for each type of activity. VASPs indulging in several kinds of activities need to be approved for all.

Impact of Changes to AML Regulations

Impact of Changes to AML Regulations

Users don’t need to worry about the source of their cryptocurrency and the wallets they interact with. In addition, enhanced CDD and KYC procedures implemented by VASPs will weed out wallets associated with illegal activity. As a result, not only are users likely to interact with clean funds, but they can remain safe from scammers and cybercriminals using the same platforms as them.

Crypto businesses will witness heightened benefits as they comply with the reforms in AML legislation. Enhanced AML procedures and controls will reduce the chances of nefarious activity on their platforms. In addition, the transparency associated with crypto transactions will lead to easier detection and prevention of criminal activity.

Therefore, crypto businesses can steer clear of the associated reputational damages. Moreover, they can breed greater trust amongst users tired of being wary of the scams and fraudulent activities on crypto platforms.


The need for change in existing AML policies and procedures will create additional expenses for operating businesses. Enhanced AML protocols will need additional resources like technology, personnel, and time for businesses to put aside.

Strategies For Complying with New AML Regulations

However, complying with AML regulations is the way to go – not only to protect businesses' interests but also to help create a safer crypto ecosystem. Despite the confusion associated with regulatory changes, VASPs can stay ahead and make sure they remain compliant.

The first step is to understand the regulations issued by the relevant regulator. Certain aspects may get technical. Professional assistance in clarifying and creating the AML policies and procedures is recommended.

The policies and procedures must be sound enough to address all regulatory requirements. That includes setting up in-depth CDD and KYC architecture capable of adequately verifying customer identities, conducting risk assessments for every potential customer, updating their risk profile frequently, and monitoring user transactions continuously.

These processes require the right kind of resources and infrastructure. For instance, personnel with adequate training are needed to ensure absolute compliance. Certain tasks and processes get executed better and with increased efficiency through automation. AML-related software is on the rise, and choosing the right ones can make processes cost-efficient and help detect fraudulent transactions and behavior faster.

Such capability is needed to prevent users and platforms from witnessing damages and legal troubles. When such transactions get detected, their details and that of the users involved must be reported to the authorities. Conversely, relevant, precise, and detailed accounts regarding users and their transactions must be maintained to be handed over at the behest of authorities.

Furthermore, a business's employees themselves can be involved in fraudulent activities. Therefore, adequate supervision from the AML officer, if present, or higher-ups is necessary. Employees must also be educated about the dos and don'ts to prevent compliance issues arising from negligence and failure to act appropriately.

Conclusion

Financial crimes exploit the lack of regulations around newer asset classes like cryptocurrency. As a result, regulators worldwide are gearing up to revise AML regulations and beef up the entire financial system's resistance against criminal financing.

VASPs must be ready to implement the upcoming regulations to stay compliant and avoid punitive action. Staying up to date with AML legislation will also help in making the crypto ecosystem very safe for users and businesses themselves.

To understand how your jurisdiction's regulatory updates affect your business and what you need to do to stay compliant, contact AMLBot's team here.