Italy is set for the launch in May of a register of crypto-asset service providers
How will a government decree on digital currencies strengthen safeguards against money laundering and terrorism financing?
The Italian Official Journal has published (17 February 2022) the Decree of the Italian Ministry of Economy and Finance (13 January 2022), which concerns the procedure, content and timing of the registration that all digital currencies (known as "crypto currencies") service providers and digital wallet services providers – collectively crypto-asset service providers (CSPs) – are required to complete before commencing their operations in Italy.
The registration is recorded in a special section of the public online register of persons acting as crypto service providers and is held by Italy's authority for financial agents and brokers, Organismo Agenti e Mediatori (OAM). The register will be operational from 18 May 2022.
The Decree implements provisions of article 17-bis, paragraphs 8-bis and 8-ter, of Legislative Decree no.141 of 13 August 2010 (L.D. 141/2010, as subsequently amended and supplemented), introduced by Legislative Decree no. 90 of 25 May 2017, together with the extensions of anti-money laundering (AML) reporting obligations to CSPs, as defined under art. 1, paragraph 1, letters ff) and ff-bis) of Legislative Decree no. 231/2007 – the AML Regulation.
In accordance with article 17-bis, paragraph 8-ter, the Decree establishes the procedures and timeframe within which a CSP must communicate the start of business in Italy to the OAM and introduces further obligations for these operators. The requirements and fulfilments under the Decree are, therefore, additional to those indicated by the AML Regulation.
The registration is an essential condition (or a blocker) for the legitimate exercise of the activities by the CSP and must be completed, in principle, before the activity is performed in Italy.
According to article 1, recalling the definitions already provided by AML Regulation, the Decree applies to:
- "providers of services related to the use of digital currency", i.e. any person, natural or legal, offering to third parties, on a professional basis and also on-line, services concerning digital currencies, and, namely, their (i) use, exchange custody, conversion into fiat currencies or in other digital representations of value, including those convertible in other digital currencies, and (ii) issuing, offering, transferring and offsetting, or any other service useful to purchase, trade or brokerage of such digital currencies;
- "digital wallet services providers", i.e. any person, natural or legal, offering to third parties, on a professional basis and also online, services concerning safeguard of private cryptographic keys for the purpose to own, store, and transfer digital currencies."
The requirement of professionalism (that is, "non-occasionality"), is essential for the applicability of the obligations provided for by the Decree, and, therefore, persons performing these activities on their own and not on a professional basis are excluded from its applicability.
Article 1 of the Decree also defines "digital currency" as "a digital representation of a value, not issued or backed by a central bank or a public authority, not necessarily linked to a fiat currency, to be used as a means of exchange for the purchase of products and services, or for investment purposes and transferred, traded and stored electronically".
- The content of the application. The most relevant point of the Decree is, therefore, represented by the introduction of the obligation for CSPs to apply for the enrolment in the register. This is effected by means of a specific communication to the OAM which must indicate, among other things: (i) the details of the CSP; (ii) if the CSP is registered in another EU Member State, the address of the Italian local branch; (iii) a registered certified email address to allow exchange of communication between OAM and the CSP; (iv) information on the type of services offered and the way in which that are offered.
- The obligation to create the register and the application. The register will be operational from 18 May 2022. However, under article 4 of the Decree, all CSPs already operating in Italy, including online, at such date and in possession of the legal requirements, by way of derogation from the normal procedure, will have 60 days from 18 May within which to communicate their operations in Italy, and can continue to perform their activities in Italy without having to wait for the decision of the OAM on their enrolment in the register. In the event of failure to comply with the abovementioned deadline or refusal of registration by the OAM, all business must cease or will be considered as abusive. The OAM will have 15 days from the filing of the application to verify its regularity, correctness and completeness (including the attached documentation), and accept or deny the registration, explaining the reasons for its decision. In any event, the refusal to grant the registration does not prevent the CSP from filing a new application. The deadline of 15 days may be suspended once, for a maximum of 10 days, if the OAM considers the communication is incomplete or needs to be supplemented.
- Periodical reports. Once enrolled in the register and in addition to any reporting obligations provided by the AML Regulation, CSPs must send, on a quarterly basis (before the 15th day of the month following the end of each quarter), reports to the OAM, containing data relating to transactions carried out in Italy, and, more specifically: (i) data allowing client identification and (ii) a summary of the aggregate data concerning the activities carried out for each client, according to Annex 1 of the Decree. The data will be kept for 10 years by the OAM, which will ensure the arrangement of appropriate data storage, security and recovery systems. The OAM, if requested, will cooperate and promptly transmit collected data to the special currency police unit of the Guardia di Finanza [Finance Police] and to the police forces, as well to the other authorities indicated by article 21 of the AML Regulation. (On the compliance of this provision to Regulation (UE) 2016/679, please refer to the advice of the Italian Data Protection Authority (Garante per la protezione dei dati personali)
- Sanctions. The registration is a fundamental requirement for CSPs to legitimately perform their business in Italy. In case of default, any exercise of the activity will be considered abusive and administrative sanctions will apply.
Osborne Clarke comment
The Decree will allow a more effective monitoring of the operations of CSPs that carry out their activities in Italy, thus strengthening the existing AML and countering the financing of terrorism safeguards.
The Decree has been drafted by referring to some of the existing proceedings applicable to (FIAT) currency changers, even if we believe that the similarity between the two business cannot be the driver to issue a new regulation for the provision of virtual asset services, which are actually a completely different kind of business. This procedure is not, however, equivalent to a mutual recognition or "passporting" of a licence to provide regulated activities obtained in another Member State of the European Union, such as the virtual assets service provider authorisation released by the Central Bank of Ireland. CSPs will still have to comply with the different EU jurisdictions' applicable regulations to provide their services on a cross-border basis.