Crypto Possessions can be cast-off to launder money obtained through drug trafficking or cyberattacks means that both regulators and “crypto” companies must work to develop an environment that makes it difficult or prevents criminals from achieving their goal. Carrying out this task correctly implies reducing or eliminating the incentives to carry out this type of act.


Today, let’s not brand the slip-up, observing with the rule does not have to be synonymous with endless bureaucracy , annoying customers or duplication of processes. At the same time, we can comply with regulations and mitigate risks, without being invasive with our clients.

The Regulation Of Crypto Possessions

On June 15, 2020, the Draft Law was published that transposes the EU Directive 2018/843 on the prevention of money laundering and financing of terrorism (PBC/FT) -V Directive- and modifies Law 10/2010. This European Directive incorporates new measures aimed at reinforcing the preventive systems of the member countries.

In this sense, the Draft Law advances in the reinforcement of the money laundering and terrorist financing control system, incorporating the new community provisions and including additional improvements in the current regulation to increase the effectiveness of the prevention mechanisms.

In general terms, the Regulator’s effort to:

  • Consider regulated entities for businesses associated with virtual currencies
  • Consider the use of new technologies to improve the money laundering and terrorist financing control system.

In this sense, and as already anticipated in the text of the V Directive and the previous FATF (Financial Action Task Force) publications, providers of buying and selling services (fiat to crypto), exchange (between cryptos) and custody become Obliged Subjects.

In this Regard, the text Defines Virtual Currency

For cryptocurrency service providers to meet the standards for professional and commercial honorability, they need to register with the Bank of Spain. The way these responsibilities are carried out varies due on the unique characteristics of the asset. The crypto variable alters the way duties are carried out, therefore the new obliged subjects have to take problems and uncertainties into account.

Crypto Possessions With Higher Than Average Risk?

Certain activities represent a higher than average risk in terms of ML/TF, such as Private Banking services or money transfer and currency exchange operations that exceed certain thresholds.

Although the Draft Bill does not explicitly state that this activity should be considered high risk, the FATF, in its June 2019 publication “Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers “, does It includes the need for both the crypto service providers themselves, as well as those who interact with them, to build robust and reinforced measures to mitigate the above-average ML/FT risk that this activity presents.

Where Do The Funds Come From Crypto Possessions

All regulated entities should identify and know their clients. Before knowing the origin of your bitcoins or ethers, it is important to know who the client is, verify that he is who he claims to be and know what he does . Likewise, we must know if the client the condition of politically exposed person (PEP) or is included in any sanctioned list. For this, we will contrast the data of our clients. At the beginning and periodically during the business relationship, against the lists published by the competent authorities.

Based on all this information, we will establish the ML/TF risk of our client. In case this risk is higher than acceptable, we will not start the business relationship with it.

The Regulator will Require us to Comply with this Obligation

Although there is currently no clear guidance or established best practices in this regard, which makes this task extremely difficult. At KPMG we understand that to duly comply with what is require and. Above all, to protect the entity itself from the risks associate with ML/TF, the following priorities must be establish:

  1. Correct application of due diligence measures to customers .
  2. Due diligence on the risk associated with the source wallet and its related ones, to be able to associate a risk to the wallets from which the funds come.

How To Detect Suspicious Operations Carry Out By My Clients?

As part of the application of due diligence measures. Continuous monitoring of the business relationship must be carry out, carrying out periodic reviews of the operations carried out by the client, together with the updated information/documentation of knowledge of the same.

The regulations require that regulated entities have procedures and controls for the detection of suspicious operations. In this regard, adequate alerts must be define by type of client, interveners and amount of the operations carry out. To ensure their proper parameterization and correct operation, these controls must be review periodically.

Unlike in Other Sectors of Activity Crypto Possessions

Credit institutions, payment institutions, insurance companies, etc. The activity related to virtual currencies does not have a catalog that defines what is suspicious when operating with crypto assets. In this sense. Although the offer of solutions for the detection of suspicious operations on crypto. Operations is not as wide as that existing for traditional operations. There are alternatives on the market to take into account.

Among them we would like to highlight KPMG Chain Fusion,

A set of advance analytics capabilities, built on leading crypto asset infrastructure and data products. To streamline the ability of financial services firms. Fin Techs and organizations in other sectors to deliver capabilities and services of institutional quality crypto-assets.

This solution offers, among others. Functionalities in the area of detection of suspicious operations. Allowing organizations (purely crypto businesses or institutions that offer crypto and fiat services) to monitor fiat-type transactions, crypto assets and even both .

For this reason, it is necessary for the Regulator. Together with crypto companies and experts in the field, to collaborate in defining what should be consider. Suspicious and to what degree and in designing solutions that allow detecting and determining when clients have operational behaviors. anomalous


Entities that do not adequately comply with their AML/CFT obligations may be sanction. In this regard, outside our borders figures have been reach that exceed 2,000 million dollars . In Spain, although the economic sanctions are considerably lower. They can reach figures of several million euros . Putting the viability of the business at risk and considerably damaging the company’s image.

However. We must not comply with AML/CFT regulatory obligations for fear of possible sanction. Correctly carrying out these obligations and hindering or preventing the objective of laundering funds. Implies reducing the incentive to commit a large number of crimes such as drug. Arms or human trafficking.

The importance area is to be accurate and efficient, whether we are “crypto” or fiat.