By PAUL O’DONOGHUE, Senior Correspondent
CRYPTO companies are ‘shopping’ for EU licenses in jurisdictions perceived to be more lenient, according to the EBA (European Banking Authority).
The regulator warned that this creates “significant” money laundering and financial crime risks.
“Some entities sought to exploit regulatory fragmentation by applying or licensing in jurisdictions they perceived as having less stringent supervision requirements,” it said in a new report.
The EBA said if questioned by regulators, these crypto companies “often failed to respond to information requests”.
It said many firms “withdrew their applications and attempted to restart the process in another MS [EU member state]”.
Regulators also said that crypto businesses often “voluntarily withdrew from the market after on-site inspections had been launched”.
“Forum shopping by CASPs (crypto-asset service providers) creates significant ML/TF (money laundering / terrorist financing) risks,” the EBA said.
Yulia Murat, the Head of Compliance at blockchain analytics firm Global Ledger, said the report “highlights cases where firms (legitimately) choose the most favourable EU country for licence applications”.
“Some underlying reasons for this – like differences in labour costs between Member States – are not easily addressed by policymakers,” she said.
“[But], other causes, such as remaining discrepancies in national laws, can be tackled at the EU level.”
The EU recently moved to address the differences in approach to crypto regulation across the bloc.
The EU Regulation on Markets in Crypto-Assets (MiCA) came into force in December 2024. It is the first comprehensive legal framework for crypto-asset, establishing uniform rules across the EU.
MiCA also requires crypto-asset service providers (CASPs), such as exchanges, wallet providers, and stablecoin issuers, to obtain authorisation from national regulators. They must also meet strict standards on governance.
Different crypto licenses approach across EU
However, the EBA warned that financial crime risks “may persist” under MiCA if national regulators apply “divergent supervisory approaches”.
A risk identified is the fact that MiCA does not enter into force at the same time across the EU.
In some EU member states, the rules will be effective in the coming months.
In others, MiCA will not fully enter into force until July 1, 2026.
The EBA said this allows crypto firms to “benefit from uneven national approaches”.
“During the transitional period, the risks remain acute,” it said.
“Some of those CASPs could also allow unauthorised entities to provide crypto-asset services through hidden partnerships.
“Or, by selling their business to new unlicensed owners. In effect ‘selling’ their registration or licensing. This prolongs the EU financial system’s exposure to ML/TF vulnerabilities.”
We hope you enjoyed reading this article
If you would like unlimited access to AML Intelligence premium articles, newsletter delivered twice a week, access to our Global Bank Fines and Penalties database, free access to Boardroom Series events and much more, select one of our subscription options and become a subscriber!
