New EU anti-money laundering measures have been approved by European legislators.

By Stuart Davis and Charlotte Collins

The European Parliament and Council have finally signed off on the text of the fifth Anti-Money Laundering Directive (known as MLD5).

Overview

The new directive is of particular interest to the FinTech sector as, amongst other things, MLD5 includes measures to increase transparency around more recently developed instruments of payment — namely cryptocurrencies and prepaid cards. Both these instruments lend themselves to anonymity and raise concerns that they could be used to help fund terrorist activities.

MLD5 will lower the threshold for identifying the holders of anonymous prepaid cards from €250 to €150. It will also require know-your-customer (KYC) checks to be performed for remote payment transactions exceeding €50, or if a withdrawal of more than €50 is made. The new provisions will also mandate that prepaid cards issued outside the EU can only be used in the EU if they comply with equivalent anti-money laundering (AML) standards (although it seems that this is left for the EU acquirer to judge). This is largely driven by European lawmakers’ concerns that individuals can fund terrorism “on a shoestring”, as evidenced by the fact that rental cars used in terror attacks have been paid for using prepaid cards.

By James Inness and Stuart Davis

Following our 7 November 2017 blog “Europe as a Hub for Initial Coin Offerings”, the European Securities and Markets Authority (ESMA) has published two statements on Initial Coin Offerings (ICOs). The statements underline ESMA’s interest in ICOs as a means to raise capital for enterprises, particularly given their rapid growth in recent months, as well as highlighting ESMA’s concerns for investor protection given the potentially high risks to investors.

Interestingly, one of the issues ESMA has focussed on is the requirement for ICO issuers intending to raise capital in the EU to comply with the EU Prospectus Directive in circumstances in which the ICO is structured as a security offering (as opposed to a non-security utility offering). ESMA acknowledges that the exemptions from the requirement to publish an approved prospectus under the EU Prospectus Directive would potentially be available to ICO issuers in the same manner as for issuers in relation to other types of securities offering, as noted in Latham’s earlier blog.

By Gail Crawford and Calum Docherty

Her Majesty’s Government last week published a position paper outlining its preferred post-Brexit landscape for data protection. The high-level takeaways are hardly surprising: the government stresses that it intends to “remain a global leader on data protection” and, as we already know, the UK’s Data Protection Bill, announced in the Queen’s Speech, will implement the EU’s General Data Protection Regulation (GDPR).

The paper’s top priority is the frictionless movement of personal data between the UK and the EU. The government sets out the Schrems test – i.e., that standards in a non-EU country must be “essentially equivalent” to those applied in the EU – and emphasises that the UK will be in an “unprecedented position” at Brexit, as the UK will have fully implemented the GDPR and so have the same data protection standards as the remaining EU member states. The government priority, then, is for the UK and the EU “to agree early in the process to mutually recognise each other’s data protection frameworks” to allow the free flow of personal data to continue at the time of Brexit. This bespoke interim solution would be followed up with agreed timelines about longer-term arrangements, with the paper suggesting that the UK will ultimately seek an adequacy decision.