It was inevitable that it would happen, after all the EU had already been far behind compared to countries like the USA and Japan, so from next January the exchange platforms will have to worry about being compliant also with the new European anti-money laundering directives; in fact, the fifth anti-money laundering directive will come into force on 10 January, which will produce significant changes to the exchanges that allow the purchase of cryptocurrencies with fiat currency, and vice versa. As we have already had the opportunity to explain with an article of a few days ago the new directives, also daughters of the crackdown wanted by the FATF, they have already made the first victims with companies that have decided to close their doors, but this did not concern both trading platforms and other market players. Many exchanges, in fact, are already compliant with the directives that regulate the activity of cryptocurrency exchanges in the USA, for which they are already moderately ready to extend the same procedures in Europe; the problem will therefore arise only for the platforms that have their registered office in the EU, and not even for all of them, because some of these already operate in compliance with anti-money laundering laws and require users to certify their identity. Moreover, contrary to what one might think, cryptocurrency transactions are almost never anonymous and only certain platforms, such as monero and more generally those relating to crypto that make anonymity, are easily traceable, like any electronic payment. their core business, they will have difficulties with the new directives; as for the exchanges, then, these will solve every problem deciding for the delisting of anonymous coins, for which on the table there remains only the not irrelevant question of the security of the sensitive data of the users who, in compliance with the new anti-money laundering directives, must be kept by the exchanges.

This is not a minor problem since in the event of the theft of such data, consisting of copies of user documents and proof of residence, the risk of identity theft would be around the corner; in any case, the credibility of the platforms themselves is high, if leaks were to occur, users would quickly lose confidence in the centralized exchange platforms and begin to orient themselves massively towards the DEX. Paradoxically, theft of data is perceived as more serious than a theft of funds, if only because the most important exchanges are now accustomed to set aside economic resources to manage the reimbursements in case of theft, far more serious instead the subtraction of sensitive data which is, however, irreparable; once the data has been stolen, in other words, there is no way to go back and the omelette is done. All this inevitably reopens the question concerning the very usefulness of the anti-money laundering legislation, a set of rules that has already been widely proven ineffective in combating illegal conduct but which systematically exposes users to the risk of identity theft; all this becomes even more unacceptable if we consider that it would be simple for the institutions to protect the identity of the citizens if only we stop believing that the role of the institutions is exhausted with writing the laws. It would be enough, in fact, that the European community would equip itself with a platform for the identification of online users and the problem would be solved at the root; in practice, users would authenticate themselves on a single platform and then use those credentials to access any other financial platform, thus avoiding having to share their documents with a variety of different actors.

By centralizing the authentication process, perhaps by means of a private key, all other platforms could be lifted from the burden of collecting and storing user documents, thus reducing costs for companies and risks for users of those platforms; even assuming that these credentials were subtracted, the user would immediately realize that someone has registered to a platform using his login credentials and, once the thing is reported, he could receive a new private key. However, the question concerning the ineffectiveness of the anti-money laundering rules would remain open, which until now have proved to be largely incapable of countering illicit conduct, but at least would protect users from the risk of identity theft. Obviously such a system would also have its weaknesses, the risk that the documents will be removed from the platform would exist anyway, but it would clearly be considerably reduced compared to the current situation; an account is if the user's documents are kept by a single platform, quite another thing if the same documents are kept by a multiplicity of different platforms, in this case the risk that even one will not adopt the necessary security measures to protect user data increases exponentially. We must therefore admit that there is no perfect solution, that risks and criticalities can only be reduced and not eliminated, however we cannot help but notice that the institutions are completely disinterested in reducing risks and criticalities, stubbornly managing things in obedience to a mentality that seems scandalously old. In other words, the institutions do not seem to realize how great the risks for users are when the regulatory framework requires them to share their confidential documents (identity cards, account statements, proof of residence, etc.) with a whole multiplicity of actors whose good faith is not even certifiable; in other words, it is not even possible to assure users of the legitimate use the various platforms will make of their data, the innumerable scandals (among which we can cite by way of example Cambridge Analytica) are there to prove it. Instead, it seems that the institutions believe that their only task is to implement the anti-money laundering regulations, completely disregarding users' security and privacy; a myopic behavior, which reveals a profound ignorance of the dynamics that regulate the contemporary, and of which sooner or later we risk paying all the consequences.