A new EU Directive and what it brings

Just a couple of months ago, EU Council published the 5th Anti Money Laundering Directive (5AMLD) in the EU Official Journal. This new directive updates financial investigation methods and regulations to be in line with current technologies available for financial crimes, particularly targeting terrorism financing and tax evasion.

A few changes of this legislation are worth highlighting:

  1. Establishing legal control over virtual currencies (crypto) exchanges and suppliers and applying corresponding laws and regulations.
  2. Increasing due diligence requirements for transactions with high risk countries.
  3. Facilitating financial crime investigations by streamlining the process of retrieving essential information by various competent authorities, such as tax and anti-corruption authorities, asset recovery offices or financial intelligence units (FIUs).

Points 1 and 2 are straightforward and aim to mainly increase or establish control over financing methods that are known for terrorism financing and tax evasion. The last point does not solely constitutes of preventive measures, but also focuses on investigation of existing crimes. But how does the Commission expect to “streamline the process”? By using two new types of registries, each varying slightly in data items recorded and parties involved.

National Registers & Beneficial Ownership Registries 

Each country has to first create a national registry of bank accounts – an automated database updated by all financial institutions that links names and bank accounts of all residents of that country. Specific national authorities will have direct and unrestricted access to these databases, and they will cooperate with their counterparts in other EU Member States in order to improve Financial Crime investigations.

A second requirement is to establish a centralised registries of beneficial ownerships, which hold a wider data set – at the very least name, date of birth, nationality, residence and details on beneficial interest held. The latter refers to any information on beneficial ownership of assets within a legal entity or trust.  Government of each Member State can decide to keep more detailed records on a national level.

Another important requirement with respect to beneficial ownership registries – they have to be interconnected with a Central European Platform. This would allow authorities to easily cross-link account ownership of a specific individual across EU27, to identify cases of terrorism financing or tax evasion. On a technical side, this implies that each country might need to adopt standards of registry databases and format of data stored as prescribed by the Commission.  Also, despite each country is given a degree of authority to adopt their own requirements as to what data to register, member states should somehow reach a consensus on provided data items.

Figure 1: Data flow for national centralised and beneficial ownership registries

An opportunity

So, registries with private or public access, sharing of ledger information, trustworthiness in provided data… Sounds familiar to the fundamentals of Distributed Ledger Technology (DLT), doesn’t it?

  • The immutability property of DLT provides a guarantee that supplied data has not been manipulated or forged within the system.
  • Permissioning of a particular network allows to limit access to relevant institutions with permission to update the ledger, whilst still keeping a “read only” access to other participants.
  • Options to design public/private system would segregate what audience can access information in the first place.
  • Scalability would benefit the expansion of the national registries to the interconnected platform.
  • Validation nodes would allow to allocate decision control to responsible authorities, for example directly to government of a given Member State.

All this sounds very promising, but what are the drawbacks? One of the major issues is the scale of the project: building a DLT platform involving institutions across the EU27, with full access to authorities in each country and partial (and hence permissioned) access to any member of public – that’s a massive installation cost with considerable complexity. Each country will have to take into account their own technical standards, legacy systems and heterogeneous legal considerations (Data Retention, Access, Scope) that would affect the EU’s ability to implement. If you add into the equation the risk-adverse approach to technology that governments often wisely follow, the challenge is apparent.

A suitable DLT on offer?

If we were to ignore these challenges and wager on DLT, which one would we choose? Not every platform has the properties required by the specifications of the Directive. Platforms like Ethereum are mature and developed, but they lack node sharing privacy. Some platforms require mining and use proof of work consensus, which are unnecessary for this particular use case. On the other hand, ledgers using R3 Corda or Hyperledger Fabric have permissioned access and offer more sophisticated consensus methods for transaction validation, making both options suitable candidates. The default notary nodes used for consensus allow to allocate validation to specific party, for example government or EU Commission, and are only present in R3's Corda, which makes Corda the most suitable DLT platform to build on defined registries with.

Recalling that one of the motivations to issue the Directive is to address technological progress, it would be logical to at least consider potential solutions based on developing technologies. DLT sounds like a suitable candidate for aforementioned registries, especially considering the long term interconnection objective. As discussed above, R3 Corda seems to be the most appropriate choice, based on the different platforms’ specifications. Yet, a final decision to take a bold and innovative or more conservative and risk adverse approach is down to the EU Commission and regulators.