Researchers commissioned to assess the risks and possible responses to virtual currencies (VCs) and terrorist financing made the recommendation in their report for the European Parliament's Special Committee on Terrorism (90-page / 1.80MB PDF).
New rules adopted last month by EU law makers will subject VC exchanges to anti-money laundering (AML) and customer due diligence requirements in respect of VC-to-fiat currency trading once they take effect. Those rules, set out in the Fifth EU AML Directive (5AMLD), should be extended further to apply to exchanges that facilitate VC-to-VC trading, the new report said.
"Given the speed at which VC innovations are accelerating, it is important that the EU prepare now for undertaking further regulatory measures," the report said. "As a priority, the EU should expand on 5AMLD’s regulation of VC-to-fiat exchange platforms and take steps to regulate VC-to-VC exchange platforms. This can assist in mitigating the risks posed by illicit actors who seek to swap cryptocurrencies such as Bitcoin for more highly-anonymised cryptocurrencies."
Litigation expert Jennifer Craven of Pinsent Masons, the law firm behind Out-Law.com, who specialises in civil fraud matters, said the regulation of VC platforms should be seen as encouraging, "particularly in view of the rapid changes seen in this market, the introduction of new cryptocurrencies at an increasingly fast pace and the current trend in the rise of their popularity".
"Regulation may also help to mitigate the risk of fraud in this area, which is heightened by the difficulties in tracing lost cryptocurrencies because of their anonymous nature," Craven said. "However, given the challenges presented by virtual currencies and that ultimately their characteristics make them attractive to fraudsters, the message remains that businesses and investors should continue to proceed with restraint when purchasing cryptocurrencies."
In their report, the researchers from British defence and security think tank the Royal United Services Institute also called on regulators to give businesses more guidance to help them address VC risks.
"Regulators should also draft guidance that takes a nuanced approach to characterising the risks VCs pose in different contexts and for different purposes," they said. "For example, the illicit finance risks the traceable cryptocurrencies such as Bitcoin present is generally not as significant as that presented by privacy-focused alt-coins."
"Regulators could provide detailed guidance that indicates the nature of CDD (customer due diligence) and KYC ('know your customer') measures VC exchanges should apply where they encounter users of cryptocurrencies with high levels of anonymity. By providing the private sector with a clear view of the nature of risk, regulators can ensure that private sector effort is directed at mitigating those risks that are most pressing," they said.
National governments across the EU were also called upon to ensure that regulatory requirements are backed up by "meaningful enforcement", including a willingness "to impose sanctions, such as fines and revocation of licences".
"The experience of the US suggests that comprehensive AML/CFT (countering the financing of terrorism) regulation around the VC industry, supported by meaningful enforcement action, can mitigate exposure to illicit finance risks," the report said.