With the entry into force of the EU MiCAR Regulation and the recent stricter anti-money laundering rules, many are wondering if today the purchase and sale of cryptocurrencies face-to-face (that is, without going through exchanges or institutional intermediaries) is still a legal practice, especially if it involves a transfer from a cold wallet or an unhosted wallet.
The so-called “travel rule”, introduced by Regulation (EU) 2023/1113 in the “AML package” (that is, the set of recent EU regulations and directives on Anti-Money Laundering), is to say the least punitive regarding the use of wallets whose owner is not identified in advance.
Despite this, the answer is yes: the sale of cryptocurrencies face-to-face remains completely legitimate, provided that certain conditions are met and keeping in mind that it can present some significant risk aspects.
Let’s try to understand better.
What is the travel rule and how it operates
In summary, the Regulation (EU) 2023/1113 requires that transfers of funds and crypto-assets be accompanied by a set of information about the identity of the entity transferring them, just as is the case for traditional bank transfers.
These data, once declared, “travel” together with the crypto asset, allowing the reconstruction of the origin of those funds and verifying that they are not the result of money laundering activities or that they do not go to finance terrorist activities. Hence the expression “Travel Rule”.
Now, it invests exclusively binding the crypto-asset service providers (CASP) who are prohibited from proceeding with transactions if they collect information on the senders and recipients of the transactions, which must then be ready to share with the authorities.
This potentially makes anonymity more difficult, which has historically characterized some operations in criptovalute.
Such rule, however, does not affect the legal validity of a contractual agreement between private parties who decide to transfer crypto-assets in exchange for payment.
Two private individuals, that is, can legitimately and validly conclude an agreement for the transfer of cryptocurrencies, without the obligation to know or request information about the identity of the counterparty. This can occur even if one or both private parties conduct a business activity, provided that it does not fall among those qualified as the provision of professional services in crypto-activities, pursuant to the MiCAR.
So, for example, if Tizio, as a private individual, sells a bitcoin, or a fraction of bitcoin to Caio, he is not required to identify him or even know him. If the agreed countervalue is below the regulatory thresholds on the limitation of cash use, he could receive his payment in cash without incurring any type of prohibition.
The same applies to a business, let’s say a bar, that accepts payments in cryptocurrencies: it would not be required to identify the owner of the wallet, which could easily be a cold wallet or any type of unhosted wallet, meaning non-custodial, not managed by a centralized exchange.
Obviously, there can be tax implications if taxable material is generated (that is, capital gains above the legal threshold), but this has to do with the different topic of tax obligations and compliance.
When does anti-money laundering regulation come into play in transactions between individuals
Having said that, there are cases in which, even if discussing transactions between private parties without the interposition of intermediaries that can be qualified as obligated entities (i.e., those required to apply anti-money laundering regulations), there are cases where anti-money laundering regulations become relevant and come into play.
If cryptocurrencies or fiat currency funds constitute the proceeds of a crime or are intended to finance terrorist activities and the parties involved are aware of the nature and purpose of money laundering of the operation, the conduct of one or both parties and anyone who participates assumes criminal relevance, with respect to the crime of money laundering or self-laundering, as the case may be.
Again, the anti-money laundering regulations become relevant when consultants are involved who, although not intermediaries, still fall into the category of obligated entities constituted by professionals. This occurs in operations of significant entity.
We are talking about professionals such as lawyers, accountants, or notaries, who, in order to assist clients in such operations, are required to fulfill anti-money laundering obligations: adequate verification (and therefore identification) of the client; verification of the source of funds and, if they detect indicators of anomaly, the obligation to report a suspicious operation (SOS).
The battle against cold wallet, unhosted wallet, and non-custodial wallet
The anti-money laundering regulations, both at the European level and at the national level, seem to have declared war on anonymous wallets (cold wallet, unhosted or non-custodial).
The attempt by institutions to overcome the anonymity of cryptocurrency transactions is understandable, especially if they involve significant amounts, in order to prevent tax evasion, avoidance, and money laundering operations. On the other hand, however, the mechanisms concretely provided by regulations, directives, and national laws appear questionable in terms of the general principles contained in European charters and treaties and in terms of the fundamental rights of individuals.
The practical result of such measures, in fact, is that the assets contained in wallets that are not connected to centralized exchange accounts or enabled CASPs (and therefore are not of the custodial type) are subject to a sort of presumption that they are of illicit origin. This results in a limitation of the right to dispose of individuals’ property, which appears to be incompatible with any principle established in the constitutions of most democratic countries, and in the same fundamental charters and founding treaties of the EU.
The legislators of the Union, therefore, have chosen to sacrifice and compress these fundamental rights essentially in the name of the fight against money laundering and the financing of terrorism.
Until a higher court (the EU Court of Justice or the Constitutional Court of one of the member countries) establishes that such a sacrifice is illegitimate because it is contrary to one of the principles contained in the treaties, in the fundamental charters, or in the constitutions of one of the individual member countries, it will be necessary to come to terms with it and operate taking these limitations into account.
The alternative would be to promote a dispute by agreeing to face a long and complex judicial process.
How do face-to-face cryptocurrency transactions work?
Face-to-face transactions typically start from the meeting of supply and demand through unofficial channels: specialized forums, Telegram groups, local cryptocurrency communities, or personal contacts.
Once the terms of a deal are established and mutual references are obtained, before the physical meeting, it is usually attempted to perform an on-chain verification on the actual capacity of the wallet by requesting the public address of the wallet to check its balance through Block Explorer or similar applications. Then, to understand if the seller actually has access to the wallet, a small test transfer is usually made to the buyer’s wallet.
The parties, then, generally adopt some precautions when it comes to meeting in person: a public place is preferred, ideally with video surveillance and crowded, or witnesses are present, or trusted third parties act as guarantors. Finally, the parties usually verify each other’s identities, exchanging their respective documents for minimal traceability.
The truly critical point is being able to ensure the contextuality between the transfer of cryptocurrencies and payment in fiat currency.
The use of a secure network (or a personal hotspot) is very important when verifying wallets.
Once the details have been verified, before the final authorization and, generally, only when the money is physically delivered or the electronic payment is confirmed, the seller authorizes the transfer of the cryptocurrency from their cold wallet.
The closing of the operation involves waiting for the first on-chain confirmation, especially for operations of significant amount.
When the transaction has been carried out, the parties often exchange paper receipts: not having a certain date, they do not have value for tax purposes (unless they are digitally signed) but they certify the exchange for civil purposes. Finally, as a precaution, the parties usually leave the meeting place separately.
It has been said that the simultaneity of the crypto/fiat transfer and its real-time verification in this type of operation are crucial. Blockchain Explorer is a fundamental tool for this purpose. The buyer can use separate devices to check the progress of the transaction, verify that the transaction hash matches what is shown by the seller, and monitor the number of confirmations until an adequate level of security is reached.
Sometimes additional expedients are also used, especially in more structured transactions: a temporary multisig wallet that requires multiple signatures to authorize the movement of funds; or a trusted third party is involved to temporarily hold the funds; or simple smart contracts can be used that bind the release of cryptocurrencies to certain verifiable conditions.
There are also more sophisticated methods. For example, one can resort to a sort of tokenization of banknotes which involves the registration of the serial numbers of the banknotes used for payment, the creation of “representative” tokens based on these serial numbers with the exchange of these tokens as additional guarantee of the transaction.
This theoretically allows for the “tracking” of physical banknotes without resorting to traditional banking channels.
Attention to fraud
Although these operations may lead one to think that a transaction managed face-to-face, with the physical presence of the parties and the adoption of certain precautions, may be particularly secure and protect against possible fraud, in reality, it is not quite so.
Since, as explained, the simultaneity of the transfer of cryptocurrencies and fiat currency is one of the critical points of this type of operations, one of the most recurring frauds is the one based on the display of false proofs of transfer.
This technique consists of deceiving the counterparty about the transfer of funds by sharing screenshots or falsified documents that only seemingly demonstrate the transfer; or through the presentation of falsified emails in which delays in the transfer are declared or the victim is asked to transfer additional funds as a “transfer fee” or “transaction release” and other similar pretexts.
Another rather widespread method consists of manipulation of destination addresses. In practice, the destination address of the counterparty is replaced with an address controlled by the fraudster, and through malware that modifies the addresses copied to the clipboard, the victim is led to believe that they are sending funds to the correct address.
Particularly insidious are scams based on the use of counterfeit wallets: when the transfer of funds occurs with the handover of physical cold wallets, they could be counterfeit or pre-compromised. This could mean, for example, hardware wallets with modified firmware that allows the scammer to access the private keys. Or, more simply, it could involve wallets based on pre-generated seed phrases known to the scammer, who can thus access the funds contained in the wallet.
Finally, there is the possibility that in these operations, which require the physical participation of the parties, one of them is determined to seize the fiat or crypto funds of the other by resorting to violence or even weapons: legally it is not a fraud (art. 640 c.p.), but a robbery (art. 628 c.p.), but it is a possibility to consider, especially when the amounts involved are significant. It should also be noted that there have been recorded incidents where groups of specifically organized criminals have also appeared on the exchange scene.
“`html
Conclusions
“`
Face-to-face transactions can be a legitimate method of buying and selling cryptocurrencies that values the decentralized aspect of this technology and the privacy of the parties.
However, if they are used to evade anti-money laundering obligations or to conceal income from the tax authorities, they expose participants to significant legal risks and it should be considered that
Blockchain analytics techniques are becoming increasingly sophisticated: authorities are enhancing their specific skills every day to trace transactions even when they may appear anonymous, and it is easy to predict that, with the growing regulation of the sector, the space for untracked operations will further decrease.
Finally, the malicious actors create new techniques and expedients every day, both technological and social in nature.
Engaging in such operations, therefore, requires awareness, caution, and skills, both technical and legal: there is no room for improvisation and, especially for operations of significant amount, it is essential to be supported by an expert lawyer and competent technicians, equipped with specific experience.