EU AML Rules Ban Anonymous Accounts, Privacy Coins

European Union anti-money laundering (AML) rules will ban anonymous crypto accounts and privacy coins like Monero (XMR) by 2027.

New AML regulations specifically forbid credit institutions, financial institutions and crypto asset service providers (CASPs) from maintaining or working with anonymous accounts or anonymity-enhancing cryptocurrencies, according to the AML Handbook, recently published by the European Crypto Initiative (EUCI).

“The anonymity of crypto-assets presents significant risks of misuse for criminal purposes,” the EUCI wrote in its handbook. “Anonymous crypto-asset accounts and other anonymising instruments hinder the traceability of transactions, complicating the detection of suspicious activity and the application of effective customer due diligence measures.”

To meet “robust” AML and countering the financing of terrorists (CFT) requirements, CASPs will not be allowed to offer or maintain anonymous accounts or “any mechanism that enables enhanced obfuscation of transactions, including through anonymity-enhancing coins.”

The handbook notes that these restrictions do not apply to hardware or software providers, or to makers of self-hosted wallets, as long as they don’t have access to or control of those wallets themselves. Existing anonymous accounts will have to undergo customer due diligence before they can be used when the rules take effect.

The guidelines are not all crypto-related. Anonymous bank and payment accounts, passbook accounts and safe-deposit boxes must follow the same AML rules.

The EU's Markets in Crypto-Assets (MiCA) regulation took effect at the end of last year, providing an extensive regulatory framework for the cryptocurrency industry.

Meanwhile, the crypto industry has been focusing more and more on privacy. Recently, Ethereum cofounder Vitalik Buterin proposed privacy pools and supported the Railgun privacy protocol.

Extra oversight

CASPs have to take extra care with self-hosted wallets, per the EUCI’s AML Handbook.

Aside from verifying the identity of the user, CASPs will be required to collect additional information about the origin and destination of crypto assets. Enhanced monitoring will involve “conducting continuous oversight of transactions linked to self-hosted addresses,” and other “necessary controls to prevent money laundering and terrorist financing.”

The guidelines also note that the EU’s Anti-Money Laundering Authority (AMLA) plans to select up to 40 CASPs for direct supervision by July 1, 2027, with at least one located in each member state. This is described as a first round of enhanced oversight selection, so more are likely to follow.

Each of these CASPs will operate in at least six member states with a minimum of 20,000 customers and have a total transaction volume of 50 million euros. The goal is to ensure that only CASPs with “substantial operations presence in multiple jurisdictions are considered for direct supervision.”

Since MiCA took effect, Tether’s USDT, the largest stablecoin by market cap, has been delisted for EU-based users across major centralized crypto exchanges, as the stablecoin evidently is not compliant with the new regulatory regime in Europe.

Earlier this week, onchain investigator ZachXBT identified a crypto theft, which ended up being a phishing scam that resulted in over $330 million in BTC stolen from one individual. The attacker quickly swapped the stolen BTC for XMR, causing the price of Monero’s native token to spike over 50%.