Contents
Better control of service providers' activities
AML-CFT crypto: MiCA and TFR complement each other
Transaction traceability: progress amid uncertainty
Pseudonymity and anonymity: the difficult reconciliation with customer identity
Self-hosted wallets: a loophole?
Decentralized Finance (DeFi): innovative, but...
What technological solutions are available?
Adopted in 2023 and effective in December 2024, the EuropeanMiCA(Markets in Crypto-Assets) regulation governs issuances and services related to crypto-assets that fall outside existing regulations on financial instruments and products.
Better control the activities of service providers
MiCA covers the issuance, public offering, and admission to trading of crypto-assets, as well as the provision of related services. It establishes transparency and information requirements, authorization and supervision rules for crypto-asset service providers (CASP), and measures to prevent market abuse (insider trading, manipulation). The MiCA regulation imposes severalobligationson crypto-asset service providers, particularly in terms of prudential safeguards (sufficient capital) and governance (review of operational processes, risk management, information storage, business continuity, etc.). While MiCA does not directly cover anti-money laundering and counter-terrorist financing (AML-CFT), it nevertheless laysthe foundations for the supervision of actors, which is essential for AML-CFT . This is why the TFR (Transfer of Funds Regulation) complements MiCA by ensuring the traceability of cryptocurrency transactions.
AML-CFT crypto: MiCA and TFR play off each other's strengths
The TFR, in force since the end of 2024, extends the FATF (Financial Action Task Force)Travel Rule to transfers of crypto-assets made by PSCA. This rule aims to eliminate the anonymity of capital movements by requiring financial intermediaries (including CAPS) to ensure that key information about the originator and beneficiary accompanies the transaction.
The TFR puts significant pressure on PSCA, which must adapt their compliance systems with several restrictive measures:
– Verify customer characteristics (KYC)
The issuer's PSCA is responsible for verifying the identity of its customer (issuer) using KYC (Know Your Customer) procedures to identify and verify customer identities (name, address, account number or wallet address, etc.) before executing transfers or making crypto-assets available when the transfer amount exceeds a certain threshold. etc.), before executing transfers or making crypto-assets available when the transfer amount exceeds a certain threshold.
– Check the information
For each crypto-asset transaction, the beneficiary's PSCA is required to verify the receipt and the completeness and accuracy of the information transmitted by the issuer's PSCA.
– Manage missing or incomplete information
If the beneficiary's PSCA receives a transfer with missing or incomplete information, it must implement risk management procedures. It may be forced to reject the transaction or freeze the assets pending receipt of the necessary information, especially when the amount transferred is significant.
– Retain data
PSCAs are required to retain the information collected for a specified period and make it available to authorities in the event of an investigation. These obligations strengthen the AML-CFT framework by aligning the requirements for crypto-assets with those already applicable to traditional money transfers.
Transaction traceability: progress amid uncertainty
Despite the ambitions of MiCA and the TFR, the very nature of blockchain and crypto-assets poses major challenges for traceability and AML-CFT compliance. The crypto world is characterized by the anonymity of transactions (which is increasingly regulated), the rise of decentralized finance, and the presence of self-hosted wallets, which escape the direct control of crypto-asset service providers (CASP).
Pseudonymity and anonymity: the difficult reconciliation with customer identity
While blockchain is inherently transparent (all transactions are public), wallet addresses are "pseudonymized." PSCAs must therefore establish the link between these addresses and the customer's real identity (KYC), a task made complex by the existence of anonymization mechanisms (such asmixersortumblers) and certain crypto-assets designed for confidentiality (privacy coins). Admittedly,the ACPRpoints out that "pseudonymity is not anonymity: it allows for a certain degree of transaction traceability, which leads to forms of self-regulation on blockchains. " However, the regulatory authority adds, "the lack of user identification is likely to weaken the fight against money laundering and terrorist financing."
Self-hosted wallets: a loophole?
Interaction withself-hosted wallets, which are outside the direct control of PSCA, makes it difficult to apply theTravel Ruleand obtain information about the sender or recipient. These are wallets that users control directly, without the involvement of a PSCA. The problem is that the TFR does not apply to transfers made exclusively between individuals using their own wallets.
Decentralized Finance (DeFi):innovative, but...
DeFioperates via autonomous smart contracts without a central intermediary. According to the APCR, it is defined as "a set of services on crypto-assets, comparable to financial services and performed without the intervention of an intermediary, via automated contract execution (orsmart contracts)and blockchain technology, whicheliminate the need for trusted third parties such as financial institutions." Thus, unlike traditional financial systems, DeFi transactions are not regulated. In the event of fraud or dispute, there is no central authority to intervene. In addition, there is the issue of cyber protection for specialized platforms such as Balancer, which was hacked at the end of 2025, resulting in estimated losses of $129 million incryptocurrencies. Between 2020 and 2024, DeFi hacks resulted in estimated losses of$59 billion.
What technological solutions?
To meet MiCA and TFR requirements, CCPs must rely on technological solutions to automate processes that help ensure compliance with legislation:
– Blockchain analysis tools
Specialized platforms (e.g., Chainalysis, CipherTrace, etc.) analyze transactions on the blockchain to identify the origin and destination of funds, detect suspicious patterns, and assess the risks associated with an address or transaction (e.g., whether it is linked to illicit activities, funds from "mixers," or high-risk countries).
– Travel Rule solutions Travel Rule
Dedicated software solutions enable PSCA to securely and compliantly exchange the required information on the sender and recipient (personal data) for each crypto-asset transaction, in accordance withTravel Ruleregulations and data protection requirements.
– Digital onboarding (KYC/KYB)
In the field of crypto-assets, linking customers' real identities to their activities is a key challenge for AML-CFT compliance. Digital onboarding platforms for KYC (Know Your Customer) and KYB (Know Your Business) are proving particularly effective in automating and securing the collection, verification, and storage of identity data.
Some solutions, such as those offered by AP Solutions IO, go even further by offeringcomplete automation of thedatadetectionand remediationprocess, daily updates of lists, and exhaustive screening of customer databases, as well as an augmented intelligence engine capable of identifying, rating, and scoring the risk level of each customer.
– Real-time transaction monitoring
Advancedtransaction monitoringsystems continuously assess transaction risk based on a multitude of criteria (amount, frequency, counterparties, use ofmixers, etc.) and automatically generate alerts for suspicious activity reports. TheAP Monitoringsolution meets this need with real-time identification of suspicious transactions using an augmented artificial intelligence engine and scenario configuration based on activity and context.
Strengthen your MiCA & TFR compliance today. Discover our solutions for securing your crypto transactions.
