European Parliament Passes Bill Requiring Crypto Firms to KYC Non-Custodial Wallets

European crypto firms may soon be forced to implement KYC (Know Your Client) procedures for non-custodial wallets that they transact with.

On March 31, the European Parliament’s Committee on Economic and Monetary Affairs (ECON) approved provisions to Europe’s Transfer of Funds Regulation that restricts Virtual Asset Service Providers (VASPs) from transacting with unhosted wallets without verifying their owners’ identities beforehand.

Further, VASPs will be required to report all crypto transactions worth more than 1,000 EUR to relevant anti-money laundering authorities.

The move follows the inclusion of heavy-handed provisions targeting the crypto sector in the U.S. infrastructure bill last November. If enforced to the extreme, those provisions could require network validators and software developers to collect KYC information on their transactional counterparties — which is impossible in many instances.

Markets Pause

With stormy regulatory clouds gathering over both the United States and Europe, the recent crypto rally appears to have stalled. According to CoinGecko, every non-stablecoin crypto asset ranked among the top 30 by market cap is down over the past 24 hours, while only four of the top 100 have posted a daily gain.

The bill passed by a significant margin in its final vote. Patrick Hansen of Unstoppable Finance tweeted that 93 members of parliament voted in favor compared to 14 against, with 14 abstentions.

The regulations will next be discussed in a trilogue with the European Commission and European Council in mid-April, where the provisions may face stiffer resistance. “The trilogue usually takes a couple of months and offers the last chance to introduce changes,” Hansen said.

“Individual voices from the council and commission make me optimistic that we can still achieve changes… Reminder: This is not the final stage of the legislative process,” he added.

If the legislation passes through the trilogue, crypto businesses will still have nine months to adopt plans to adopt and implement the regulation, and 18 months until they must ensure full compliance.

Coinbase co-founder and CEO, Brian Armstrong, described the legislation as treating “every person who holds crypto differently from fiat.”

“This means before you can send or receive crypto from a self-hosted wallet, Coinbase will be required to collect, store, and verify information on the other party, which is not our customer, before the transfer is allowed,” he said. Armstrong continued that Coinbase will be required to report their customers to authorities “any time [they] receive 1,000 euros or more in crypto from a self-hosted wallet.”

“Imagine if the EU required your bank to report you to the authorities every time you paid your rent merely because the transaction was over 1,000 Euros.”

Brian Armstrong, CEO of Coinbase

Unstoppable Finance posted that transactions between non-custodial wallets and centralized exchanges “would become way more costly and burdensome” due to the data collection requirements.

The team speculated that “smaller crypto companies with fewer resources” may ban transfers to self-hosted wallets to avoid the expenses, harming their competitiveness and driving European users to foreign platforms.

Unstoppable also warned that the databases storing names, home addresses, and other sensitive personal data would become the target of hackers and criminals, which could lead to increased incidents of hacking, phishing, and physical violence targeting crypto users.

Future Implications

In a March 27 thread, Hansen also identified several future threats that could arise should the provisions take effect.

He noted that one year after the legislation takes effect, the European Commission can assess “additional specific measures to mitigate the risks posed by transfers from or to unhosted wallets, including possible restrictions.” This means the commission could potentially move to impose an outright ban on transfers between VASPs and non-custodial wallets in the future.

Hansen added that after three years, the commission will submit a detailed report on the application and enforcement of the legislation, including an evaluation of whether “specific obligation on providers of hardware… and software wallets” is needed. Such a provision suggests that the commission could directly target the likes of Ledger, Trezor, and MetaMask at a later date.

EU Parliament member Paul Tang pushed back against the bill’s many critics, tweeting that the vote “will not be banning anything.”

“Instead, we oblige verification to prevent crime and corruption through unhosted wallets,” he continued. “Crime and corruption aren’t innovation.”