Today the EU parliament voted in favor of three major pieces of anti money laundering (AML) legislation. Crypto payments for goods and services in excess of €1,000 must be subject to AML. And the legislation expands the definition of crypto asset service providers (CASPs) to pull in NFT platforms.
A previous report from The Block stated that the new legislation covers decentralized autonomous organizations (DAOs) and DeFi platforms. However, a spokesperson for MEP Damien Careme told Ledger Insights that he believed today’s legislation still relies on the crypto asset service provider definition specified in the Markets in Crypto-Asset Regulations (MiCAR). It just expands it to NFTs which are explicitly excluded by the first version of MiCAR.
The definition of a crypto-asset service provider (CASP) under MiCAR is a little loose, but Ledger Insights discussions with lawyers indicated it would depend on whether a DeFi protocol can be shown to be centrally controlled. If it is truly decentralized, it will not be considered a CASP. That should mean it is out of scope for AML subject to the unpublished wording of today’s legal text.
Apart from today’s AML legislation, MiCAR has a separate crypto-asset companion regulation for AML, which has already been voted on by parliament. This AML companion legislation has an exclusion clause for so-called P2P transactions. The text defines a P2P transaction as one not enabled by a crypto-asset service provider (CASP). Hence where a DeFi protocol is sufficiently decentralized, transactions with the DeFi protocol are excluded.
How could DeFi protocols be considered CASPs?
So when might a DeFi protocol fall under the EU’s AML legislation?
“Regulators would tell you if we can identify the person running the protocol, that is the person we’d see as the crypto asset service provider,” said Diego Ballon Ossio of Clifford Chance. “If the protocol is decentralized, regulators may struggle in tying the level control to a particular user or jurisdiction that’s running the protocol. Because chances are it is truly decentralized, and the users changing the algorithm are all over the world.”
The large DeFi protocols were founded by organizations, usually with a suffix of ‘Labs’ in their name, but later the protocols became more decentralized. So Aave Labs founded Aave, and there’s Uniswap Labs and Compound Labs.
Ballon Ossio noted the difficulty in identifying a DeFi Labs company as clearly being a CASP is one of the reasons that MiCAR is described as not intended to target DeFi.
However, he believes enforcement could be another matter. If you ask regulators in various jurisdictions whether the Labs company is a CASP you’re likely to get different responses. Some will see them as a controlling entity to the extent they keep sufficient governance tokens.
“The question is can you prove it, make a case, bring an enforcement action?” he added. “You have layers of regulatory decision making that might prevent anything happening to the protocol. But the fundamental principle of whether it is out of scope because it’s a protocol is something I think that regulators will push back on.”
However, none of the Acts and Regulations are final, so things could still change.
MiCAR and its companion AML legislation have been through the trilogue process and are up for another vote on April 19.