20 April 2021

KYC “from the first euro” for the DASP

On September 29, 2020, 29 people involved in the financing of terrorism has been arrested. This case relies on prepaid cards (known as “coupons“) to acquire Bitcoin in shops, making it complex to identify customers. In response, the Government has adopted, firstly, an ordinance extending the Digital Asset Service Provider (DASP) regime to crypto-to-crypto services as well as exchanges platform and, secondly, a decree to “fight anonymous operations in digital assets”.

In practice, this decree slightly simplifies the identification of online customers (“Know Your Customer” or “KYC”), by requiring DASPs to identify them from the first euro spent and prohibiting anonymous prepaid cards.

Online customer identification: a long-awaited simplification

Customer identification is one of the cornerstones of anti-money laundering and countering the financing of terrorism (AML/CFT) regulation as it allows fighting against the anonymity of financial flows and prevents assets from being made available to persons under sanctions.

Before the publication of the decree, France stood out of its particularly restrictive “double” identification system. When entering into an online relationship, the DASPs had to :

  • first, collect a copy of the ID (art. 561-5-2, 1° of the French Code monétaire et financier (“C. mon. fin.”)); and
  • either require an initial payment by bank transfer, SEPA credit transfer or credit card issued by a European bank (C. mon. fin,. art. 561-5-2, 3°);
  • or collect an advanced or qualified electronic signature (C. mon. fin,. art. 561-5-2, 6°) – also involving the verification of the customer’s identity.

SEPA transfer or credit card payment solution has the advantage of being able to be implemented by the service provider and to be part of the customer’s identification process, provided that the service provider accepts the euro. This solution remains exclusive to European customers in a globalized market.

Conversely, the electronic signature makes it possible to avoid an initial payment in euros and is required for DASPs whose activity is based exclusively on digital assets, such as “crypto-to-crypto” services or custody services. However, this kind of signature relies on a few and expensive service providers.

With the publishing of the decree, service providers will be able to use “an electronic means of identification certified or attested by the French Agence nationale de la sécurité des systèmes d’information [ANSSI] compliant with either a substantialor high level of guarantee” (C. mon. fin. art. R. 561-5-1). This provision entails three consequences :

  • Firstly, this means of identification might be certified or attested by ANSSI only, instead of the European Commission that France has never notified. It will enable identification service providers to offer compliant solutions much more easily; and
  • Secondly, electronic identification means replacing the electronic signature, opening the door to the use of solutions more adapted to AML/CFT regulation as well as an online environment (video control, face match, etc.);
  • Finally, the decree adds to the “double” identification a single method: the use of an identification solution of substantial level certified by the ANSSI is sufficient to guarantee the compliance of their identification system (KYC).

However, this improvement needs to be reflected in the market as only one identification service is currently certified by ANSSI to date – the “Identité Numérique“, made available by the French postal service La Poste.

The lowering of the KYC threshold to 1 euro: a severe measure

Until now, DASP could distinguish between occasional customers who use the service on an intermittent basis (C. mon. fin., art. R.561-10) and business relationships, i.e. customers who maintain a long term relationship.

Regarding occasional customers, DASPs doesn’t need to apply all the due diligence measures (scoring, document collection, etc.) that are only effective regarding established relationships. Given the cost of customer identification, DASPs should only carry out this process above a maximum threshold of 1,000 euros (C. mon. fin, art. R561-10, II, 5°).

Regarding business relationships, DASPs should identify their customers from the first euro and implement all the customer due diligence measures, such as collecting information on the origin of funds, scoring the customer or checking the consistency of transactions.

The decree lowers the threshold for identifying occasional customers from 1,000 to 1 euro, requiring DASPs to identify all of their customers before the first transaction. This provision will have significant consequences for services that rely on the gradual nature of AML/CFT regulation:

  • Bitcoin ATMs, already under the monitoring of the French regulators;
  • digital asset payment services established in France will have to identify their customers from the first euro, which is not the case for their foreign competitors or euro payments services;
  • all services based on low-value transactions, where the identification process makes it difficult and costly to implement.

While this position is understandable in light of the AML/CFT risks, it may induce a loss of competitiveness for France industry as well as the concentration of the market on financial services less sensitive to the KYC cost.

The limitation of digital assets purchasing in e-money

In the context of the aforementioned terrorist financing case, this decree prohibits prepaid cards without prior identification of their holders (e.g. below a threshold of 250 euros) to purchase digital assets.

Consequently, PCS/Transcash cards, gift cards or coupons – under e-money form – sold in shops cannot be used to acquire digital assets through a DASP.

However, an e-money card with prior identification of its holder remains a mean of payment to purchase digital assets.

Timing and implementation

The provisions applicable to DASPs came into force on April 5, 2021, except for the lowering of the threshold to €1 for occasional customers will be applicable as of May 1, 2021. DASPs must immediately adapt their AML/CFT systems accordingly.


Prepared with Vildane Akinci, legal intern.

Our latest posts
Le guide ORWL sur la communication des PSAN
8 January 2024
The ORWL Guide on the Communication of Crypto Asset Services
Mémorandum ORWL sur les contrôles LCB-FT des PSAN
14 December 2023
Copie de [Report] GEDI regulation: new rules for Web3 gaming
14 December 2023
[Report] GEDI regulation: new rules for Web3 gaming