The Travel Rule is a key recommendation of the Financial Action Task Force (FATF), which aims to enhance transparency in financial transactions and combat money laundering and terrorist financing (ML/TF). FATF’s Recommendation 16 requires financial institutions to share certain customer information with each other when conducting transactions on behalf of their clients. The travel rule has been a long-standing requirement for the transfer of funds in fiat currencies, which has been implemented by all financial institutions.
With the rise of crypto assets, the FATF has extended the Travel Rule requirement to Crypto Asset Service Providers (CASPs). This means that CASPs must now implement the Travel Rule just like traditional financial institutions and make relevant originator and beneficiary information available to competent authorities when required.
To enforce the Travel Rule in the EU, the European Parliament passed the Transfer of Funds Regulation (TFR) on April 20th, 2023 along with the Markets in Crypto Asset (MiCA) regulation. The TFR mandates that financial institutions, Payment Service Providers (PSPs), Crypto-Asset Service Providers (CASPs), and intermediaries involved in fund transfers must obtain, hold and share information about the originator and beneficiary with their partners.
The objective of these measures is to ensure that the details of both parties involved in a transaction are included in the transfer, in order to prevent the illegal use of traditional and digital assets for money laundering purposes.
In this overview we will cover the:
- What falls under the TFR
- Information You Need to Provide for Crypto Transfers
- When Does the TFR Apply
- What Happens When Required Information is Missing
- Ensuring Compliance with GDPR
- Consequences of Non-Compliance with the TFR
- When will the TFR enter into force?
Let’s start…
What falls under the TFR
The TFR applies to various types of transactions, including:
- Transfer of funds in any currency irrespective of amount
- Transfers of crypto-assets, including through crypto ATMs
- Electronic money tokens when used to conduct electronic transfers with a payment card, electronic money, or mobile phone.
- Crypto ATMs.
- Self-hosted wallets when a CASP is involved.
However, there are certain types of transactions that are exempt from the Travel Rule, such as:
- Cash transactions
- Paper cheques
- Electronic money tokens when used for payment of goods and services with a payment card, electronic money, or mobile phone, as long as the card number accompanies the transfer
- Tax payments, fines, and other similar payments to a public authority
- PSPs acting on their own behalf
- Peer-to-Peer (P2P) transactions when no CASP is involved
Information You Need to Provide for Crypto Transfers
Financial institutions and CASPs must include the following information when transferring funds:
- The name of the originator
- The originator’s distributer ledger address
- The originator’s crypto asset account number
- The originator’s address (including the country, official personal document number, and identification number, or alternatively, date and place of birth)
- The LEI of the originator or other equivalent official identifier.
Regarding the beneficiary, the transfer must include the following:
- The beneficiary’s name
- The beneficiary’s distributed ledger address
- The beneficiary’s account number
- The beneficiary’s LEI or other equivalent official identifier.
The above information must be provided in advance, or simultaneously with the transfer of crypto assets.
When Does the TFR Apply
The TFR in the EU applies to all transactions, regardless of the amount. While the FATF Recommendation 16 mandates the implementation of the Travel Rule for transactions over €1000, the TFR covers all transfer of funds transactions in both fiat and crypto currencies. This means that the required customer information must be collected and transmitted alongside the transfer for all transactions.
However, Payment Service Providers (PSPs) and CASPs must only verify the information for transactions that exceed €1000.
What Happens When Required Information is Missing
The CASP and PSP of the payee, and the intermediary PSP must establish and implement effective risk-based procedures for transfers of funds or crypto asset transfers that lack required information on the payer, payee, originator or beneficiary. These procedures should enable them to determine whether to execute, reject, or suspend the transfer, and to take appropriate follow-up action. Additionally, when a transfer seems suspicious, the institution must be extra careful and report any suspicious transactions to the relevant authority.
Ensuring Compliance with GDPR
When implementing the TFR, PSPs, CASPs and intermediaries must ensure compliance with GDPR. This means that PSPs and CASPs must provide new clients with the information required by the GDPR before establishing a business relationship or carrying out an occasional transaction. Additionally, CASPs must ensure that the transmission of information is in accordance with the GDPR.
It’s crucial that the information obtained as part of the travel rule is only used for the purposes of preventing money laundering and terrorist financing, and PSPs are not allowed to use that information for commercial purposes.
Consequences of Non-Compliance with the TFR
Member States’ competent authorities should have enhanced supervisory and sanctioning powers regarding the implementation of the TFT. Additionally, they must lay down the rules on administrative sanctions and measures for breaches.
When will the TFR enter into force?
The new regulation repeals the previous regulation (EU2015/847) and will enter into force on the twentieth day following publication in the Official Journal of the European Union. The regulation is binding and directly applicable in all Member States
The updates to the TFR represent a significant step forward in the fight against money laundering and terrorist financing in the cryptocurrency space. While the implementation of the regulation may pose some challenges for CASPs, it is necessary to ensure transparency and accountability in financial transactions.
Overall, the implementation of the TFR is a positive development for the cryptocurrency industry, and it is important for CASPs to stay informed and compliant with the evolving regulatory landscape.