Over the past two years a historic sequence of events unfolded in the Netherlands with respect to the introduction of a crypto registration regime for providers of crypto wallet and crypto exchange services. It is a very interesting episode historically as it bears resemblence with a number of previous/similar episodes where the Dutch central bank hits the breaks and stifles innovation.
What is happening is that the Dutch central bank (DNB) is pushing very strict rules onto newcomers in the payments/crypto market, without having a proper mandate to do so. There is an age-old example of halting the introduction of the credit-card, as well as a 20-years old intervention with DNB stopping mobile innovators with e-money that I will not flesh out right now.
What I will do is describe how over the past couple of years new payment institutions were forced into getting a licence instead of a registration as prescribed under the upgraded PSD2 (EU) directive. This is the relevant backdrop against which it is easier to understand why the crypto-industry faced a similar treatment in 2020.
There was one difference however: this time, one company came prepared and succesfully pushed DNB back (disclosure: I am consulting that company on regulatory/compliance issues).
PSD2-service: access to the account (8) requires a license in NL rather than registration
The brief version of the events that played out in the Netherlands for payment service institutions were the following. The European Commission added 2 new company activities to the list of activities that require further regulation. Service number 7 involved initiating payment transactions on behalf of the customer at another company: this required a full-on registration. Companies offering only acces to the account of customers at other banks or payments companies were subject to a less elaborate registration regime, as outlined in article 33 of the PSD2.
However in the Netherlands, despite a policy existing to not do topping up of Brussels rules, the Ministry of Finance and DNB have a tendency to ignore that policy. So the companies that only required a registration for providing access to the account under the PSD2 were made subject to a licensing regime. The consequence was not just an increase in burders but also unlogical duties being appliced to those players, for example the duty to do transaction monitoring themselves (while they did not initiate or execute any transaction).
In an effort to be the first on the market many companies in the Netherlands tried to convince DNB that the license regime and subsequent market entry rules were illegitimate, but no one dared to take DNB to court. So as we say in the Netherlands, quite some companies had to swallow a melon and make serious extra costs. Still, the episode did quite some harm as to the legitimacy of the DNB supervisor as many legal counsels agreed DNB was evidently overstepping its legal mandate.
The PSD2 registration process for payment institutions in the Netherlands is therefore to be taken into account on the evaluation of what happend to the crypto-industry. As it may have signalled to DNB itself that it could easily ignore European rules with no one in the market complaining, it signalled to the legal/regulatory market that rationally it could not be assumed that DNB would by definition operate within its legal mandate.
Crypto-services: require a registration in the EU but turned into de facto license regime in NL
By end of 2017 and mid 2018, the Dutch Ministry of Finance and DNB were in agreement that a fast transposition of the AMLD5-directive would be needed to bring crypto-companies under the remit of the appropriate supervisory regime. The EU directive and its previous impact assessment was very clear; a license regime would lead to too much credibility/legitimacy of the cryptocompanies, so only a registration regime was to be implemented, with possible license regimes following in a next stage of EU regulation (known as MICA-r).
However, on advice otf DNB, the Dutch Ministry of Finance started transposing the directive and consulted a licensing regime with the market in December 2018. As the actual rules of the license still bore resemblance to the registration regime mentioned in the Directive, the industries comments focused on unworkable technicalities and explanations by the Ministry. The formal legal advice of the Council of State however, was quite explicit and it advised against the introduction of the law as long as a supervisory license mechanism and supervisory rules would be part of it. It stated that the transposition of this EU Directive is not the place for such rules.
In response the Dutch Ministry of Finance changed the law and made a new version. In this new version, the label of the license regime was changed to registration, but the essence became more of a supervisory regime. As a new set of rules the Ministry included further inspections and checks of business plan, organisation, risk management etc originating from the Act on Supervision of the Financial Sector. The actual legal construct includes a detailed evaluation of the company, a revocation of registration when a company is no longer compliant with the rules and a prohibition to operate on the market without a registration. This is a supervisory regime in disguise, which is beyond the necessities of the AMLD5 and goes against the advice of the Council of State.
For further details on the development of the law you can read this article, then see an update of January 2020 because something interesting happened. By mid-december the government websites by accident displayed this letter of the central bank that fully confirmed its intentions to push for a license regime and license access conditions for crypto companies. FTM, the investigative journalists, published a full article on it by end 2019 that details the wording games used by regulator and supervisor to hide a license regime behide the wording: 'registration'. An English version of events can be found in this article.
The article raised quite some concerns in the Senate where the Ministry of Finance very explicitly and repeatedly explained: no no, it's not a license regime, but a registration regime. There is a huge difference between the two, a registration is being done while a license is being granted. So with this assurance the market hoped that supervisor DNB would change its course. The market assumed that the supervisor would take note of parliamentary discussions and guidance/explanation of the regulator.
DNB applied de facto license regime/application process leading to court case / market pushback
In practice De Nederlandsche Bank did not alter its previous course or any of its intentions and applied the full on registration procedure for payment institutions to crypto companies. It forgot about its obligation to register companies in 2 months, forced the application of risk frameworks that were used in the trust office market and came up with a self-invented interpretation of the Sanctions law that was beyond the rules. This latter requirement meant that crypto companies, in order to be registered, had to fullfill an ex-ante requirement of asking screenshots/video's of customers software wallets for each transaction to be made.
Grudgingly the market complied to the illegitimate requirement with one crypto company Bitonic, taking the measure to court. The interesing fact was that they filed a complaint against a positive decision of granting the registration with the request to the judge to kick out the illegitimate registration requirement on those screenshots.
Now to cut a long story short: the court case attracted an online viewing of many thousands and lead to the judge ordering DNB to redo its homework. Finding out that it was impossible to explain how a square could have the form of a circle, DNB had to withdraw its requirement but only did so for this single company (although half a year ago, the market is still waiting on clarification whether the requirement will also be lifted for them).
What actually happened in the Netherlands is that DNB was already anticipating stringent FATF rules that suggest that product introduction or licensing moments are the moment in time to exert pressure onto crypto-companies to make them do what supervisors want. In this case, the FATF rules are not yet adopted in Europa, so the central bank figured it could use an age-old Sanctions law to the same effect.
The market however had already witnessed DNB overstepping its boundaries, turning EU registrations into Dutch licenses with undue requirements so Bitonic as one of the players came prepared and called DNB's bluff. And next up will be a discussion on supervisory costs for crypto-companies where the whole market will do so again.
Historic pattern
The historic pattern at play here is the interplay between regulators and market, fuelled by media incidents and publications. When in the 1970s credit cards appeared in the EU market and markets were mainly national, it only took national consensus between market players and central banks to keep one of the players (Visa) out of the market.
Later on, when EU rules dictated that all cards had to be allowed an fair competition would need to be in place, the central bank mainly stuck to its legal remit. For some time in the 1990s the central bank also assisted in analysing the market and promoting innovation, opening up the closed EFTPOS structure in the Netherlands in the process. Still, when instructed by European powers that be it succumbed to the request to exempt European mobile operators from the application of e-money rules in 2002/2003, to the detriment of small innovators in the market.
Other than that, the legality regimes were most prominent as the basis for DNBs action (or inaction). Supervision was done so prudently that during crises the central bank didn't act convincingly and fast enough. Under media and political pressure, the course of the central bank became more politically inspired. It had to be seen as interventionist and proactive and whether or not this was fully based on legal rules was a consideration that moved to the background.
Even the European Banking Authority noticed this and very politely didn't name the offendors FINMA and DNB by name, while this remark was directed at them:
164. The EBA has since observed that, in the absence of an EU‐wide approach, there are indications that Member States, in anticipation of a forthcoming FATF Mutual Evaluation or to attract VASP business, have adopted their own VASP AML/CFT and wider regulatory regimes. As these regimes are not consistent, this creates confusion for consumers and market participants, undermines the level playing field and may lead to regulatory arbitrage. This exposes the EU’s financial sector to ML/TF risk.
If history is any guide however, it may require more than one law suit to make DNB change course, so keep a close watch on the Netherlands because it appears as if -as in the Muppet lab- the future of tomorrows crypto regulation is being made here today.