Distributed Ledger Technologies between Anonymity and Transparency: AML/CFT Regulation of Cryptocurrency Ecosystems in the EU

The advent of Bitcoin suggested a disintermediated economy to which Internet users can take part directly. The conceptual disruption brought about by this Internet of Money (IoM) mirrors the cross-industry impacts of blockchain and distributed ledger technologies (DLTs). While related instances of non-centralization thwart the regulatory efforts to establish accountability, in the financial domain further challenges arise from the presence in the IoM of two seemingly opposing traits: anonymity and transparency. Indeed, DLTs are often described as architecturally transparent, but the perceived level of anonymity of cryptocurrency transfers fuels fears of illicit exploitation. This is a primary concern for the framework to prevent the misuse of the financial system for money laundering and the financing of terrorism and proliferation (AML/CFT/CPF), and a top priority both globally and at the European Union level.

Nevertheless, the anonymous and transparent features of the IoM are far from clear-cut, and the same is true for its levels of disintermediation and non-centralization. Almost fifteen years after the first Bitcoin transaction, the IoM comprises today a diverse set of socio-technical ecosystems. Building on a preliminary analysis of their phenomenology, this dissertation shows how there is more to their traits of anonymity and transparency than it may seem, and how these features range across a broad spectrum of combinations and degrees. In this context, given implemented trade-offs can be evaluated by referring to techno-legal benchmarks, to be established through socio-technical assessments grounded on teleological interpretation. Valuable insights are drawn to this end from the various models of central bank digital currency.

Against this backdrop, this work provides framework-level recommendations for the EU to respond to the two-fold nature of the IoM legitimately and effectively. The methodology cherishes the mutual interaction between regulation and technology when drafting regulation whose compliance can be eased by design. Consistently, it presents the idea of creating a transposition model between red flag indicators and techno-regulatory standards, informed by a preliminary risk-based taxonomy of the trade-offs displayed by IoM ecosystems. It suggests its implementation should be informed by an institutionalized and multi-stakeholder model of co-regulation, known in the literature as polycentric. This approach mitigates the risk of overfitting in a fast-changing environment, while acknowledging specificities in compliance with the risk-based approach that sits at the core of the AML/CFT/CPF regime.