The move to regulate cryptocurrency exchanges is gathering steam as the EU will require the operators of such venues to perform the same level of client due diligence as banks do.

The change in regulations came as part of an anti-money laundering directive that the European Council adopted earlier this month.

“These new rules respond to the need for increased security in Europe by further removing the means available to terrorists,” said Vladislav Goranov, minister for finance of Bulgaria, which holds the Council presidency currently, in a prepared statement. “They will enable us to disrupt criminal networks without compromising fundamental rights and economic freedoms.”

Cryptocurrency’s anonymity has helped launder between $4.2 billion and $5.6 billion annually, or 3% to 4% of the continent’s criminal takings, according to the European police agency Europol.

As part of the directive, EU members will have 18 months to translate the document’s requirements into national financial regulations.

In the meantime, cryptocurrency exchange should establish internal risk-based internal policies, procedures, and controls, according to Sven Stumbauer, a managing director at Alix Partners.

Other recommendations he made in a recently published white paper included that exchanges create the role of chief compliance officer, commit to ongoing training, and hire independent firms to test the exchange’s AML-compliance program.

“This is especially important at the point when an exchanged from/to virtual currency for fiat currency occurs,” Stumbauer wrote. “The detection and subsequent reporting of suspicious activity can represent significant challenges for virtual currency exchanges and should focus not only on traditional detection patterns but also consider alternative typologies tailored to virtual currencies, their users, and geographies in which they operate.”

Over the past few years, regulators have taken high-profile enforcement actions against a few cryptocurrency exchanges, according to Stumbauer.

The most notable enforcement in the past five years is the case brought by US Department of Treasury against the Costa Rican online money-transfer business Liberty Reserve.

When the Federal government proved that the Liberty Reserve facilitated the movement of approximately $6 billion in illicit profits using its Liberty Dollar virtual currency, the court ordered CEO Arthur Budovsky to serve a 20-year sentence for money laundering under Section 311 of the USA Patriot Act.

Liberty Reserve required clients to provide basic identifying information, but the company never validated the submitted information, according to Stumbauer.

“It allowed users to establish accounts with fake names (‘Russia Hackers,’ ‘Hacker Account,’ and ‘Joe Bogus’) and obviously fake addresses (‘123 Fake Main Street, Completely Made Up City, New York’), he noted.

Stumbauer only expects to see the number of these enforcement cases to increase in the months and years to come.