In this blog post, I will share the letter below, which I just sent off to a EU Commission Official from FISMA. I hope the letter speaks for itself as I don't have the time to elaborate/explain. Do note that I did redact the letter slightly by the way, to make the blog post better readable.
It has been a while since we had contact on the infringement of the Dutch government with respect to the AMLD5. I would like to notify you that, based on the evaluation after two years as well as the outcome of a number of legislative procedures and consultations, it seems to me that the infringement complaint might deserve some new attention.
New infringement complaint due to recent legal developments
In particular the human rights/privacy infringement that the current AMLD might already constitute ay not have been sufficiently paid attention to, which I view as a omission, given that we know the EU Court of Justice position with respect to the Data Retention Directive (2014) and most recently, with respect to the PNR Directive (verdict of this week).In addition the European Data Protection Board has made its concerns on the legitimacy and proportionality of the AML regulations very clear. Also, the Dutch Council of State issued an advice on proposed Dutch legislation, which in essence lays out a no to mass surveillance and transaction monitoring in the financial sector.
Considering the legal clarity that has now arisen, I may re-iterate my previous infringement complaint on the Dutch implementation on the AMLD5. I hope that the recent verdict of the EU Court of Justice as well as the additional documentation and information on the Dutch situation will provide a new evidence base which allow the Commission to asess the complaint with an open mind and considering the new evidence provided after two years of the law having entered into force here in the Netherlands.
New local evidence on lack of enforcement in Netherlands
What we can thus now see here in the Netherlands is that large international players are willingly ducking the national legislation with the Dutch central bank being unable to enforce the law and only issuing a mere warning (which in itself does not constitute enforcement action under the supervision law). It is pretty clear that some large nonEU players are biding their time until the MICAR and AMLR arrive and hope to use the EU passport regime while taking the explicit risk to be fined for past wrongdoings and actively deciding to steer clear from registration (using all their means/efforts/lawyers to stall the discussion).
Strategic objective of the EU: don't give away the crypto-market to big tech as you did with the payments market
What the European Commission may be facilitating unwillingly, constitutes the giving away of the EU crypto market to international non EU players, that can be seen to be succesfull in their strategy (see the registration of Binance in France, while under investigation and enforcement action in the Netherlands, UK and a host of other countries). We have seen millions consumer fraud shift among non-regulated players in the Netherlands while these companies use opaque structures to service the Dutch market, channel funds to their systems. Recent articles in the Dutch Financieele Dagblad reiterate the lack of enforcement and damage this does to the existing industry.
Just as the EU regulator gave away the PSD2 market to big tech companies by allowing them to misuse their monopoly position on the 3rd authentication factor (biometrics) and platform dominance to force in the Google/Apple pay type of revenue skimming new payments, the EU regulator may also unintentionally invite non EU crypto players to take over the EU market, if the current infringements of governments (that allow their supervisors to let illegal/unlawful actors to play a waiting game for EU legislation instead of enforcing those players with a strict regime) are not addressed properly.
A need for clear rules / incentive structure upon the shift to licensing regimes for crypto
The EU Commission should be a proponent of a migration regime for new AML and MICA-r regulations where EU companies and non-EU companies that have fully implemented all EU regulations of the EU states since AMLD5 get a preferred fast track treatment for their applications. Those that have not done so should not be able to gain any commercial or legal advantage based on the standard financial supervisor reasoning: let's start with the crypto companies first. Such a procedure would constitute a perverse incentive structure where disobeying EU law pays off.
Instead, those big international crypto companies that have in one or more EU states not complied with the current rules can be clearly considered of insufficient reputation/standing due to this fact. They should pay off their open non-compliance debt by both paying the fines applicable to ducking the rules so far and by being the last in line to receive a license under the new rules. In particular for legislation that seeks to avoid the risks of money laundering / illicit profit making, I fail to see why major actors in the market might be condoned by EU authorities or supervisors for previous, visible transgressions of EU-based local legislation.
I hope the Commission appreciates my point of view and its relevance for a future thriving crypo-market with properly regulated companies of good standing and willingness to comply with EU rules.
with kind regards