Electronic payment transactions in the EU generally need to be accompanied by information about the payer and payee. EU lawmakers are now debating how to extend this requirement, known as the “travel rule”, to combat money laundering via cryptoassets. The proposals have raised concerns in the industry about how cryptoasset service providers could comply with the rule in practice.
What is the “travel rule”?
The Financial Action Task Force sets international anti-money laundering standards. In 2019, the FATF put forward several recommendations for regulating what it calls virtual assets. One recommendation was for virtual asset service providers to obtain, hold and transmit information about both the originator and beneficiary in any virtual asset transaction. The intention behind this “travel rule” is to increase the information available to anti-money laundering and counter terrorist financing authorities about suspicious transactions.
FATF recommendations need to be adopted by national authorities to have legal force. Only a small number of FATF member jurisdictions have applied its recommendations. However, at its most recent meeting of finance ministers, the G7 confirmed its commitment to holding cryptoassets to the same standard as the rest of the financial system, including rapidly implementing the travel rule.
EU approach to implementation
The European Commission has proposed implementing the FATF recommendation by amending (or “recasting”) the EU’s Funds Transfer Regulation.
The FTR currently details the requirements for information that must accompany transfers of funds involving an EEA payment service provider. Under the proposals, similar requirements would be extended to transfers of cryptoassets made by cryptoasset service providers (CASPs). The recast FTR would take the definition of CASP from the EU’s draft legislation for regulating crypto-assets, MiCAR which covers crypto exchanges, custodians and traders, among others.
CASPs would be required to ensure that all transfers of cryptoassets are accompanied by:
- for the originator CASP: the originator’s name, account number (where relevant), address, official personal document number, customer identification number or date and place of birth; and
- for the beneficiary’s CASP: the beneficiary’s name, account number (where relevant).
CASPs would also be required to verify the accuracy of this information.
The final details of the recast FTR are currently being negotiated. We highlight below some of the important points still under discussion.
Should there be a minimum threshold?
The Commission’s original proposal would have applied only transactions worth more than €1,000. This is in line with the FATF recommendation for a threshold of €1,000/$1,000 for occasional transactions. However, the European Parliament and Council have suggested applying the travel rule to all transactions involving CASPs, with no minimum transfer threshold.
How to deal with transfers involving unhosted wallets?
Not all transfers of cryptoassets involve intermediaries such as an exchange or custodian. Users may hold cryptoassets for themselves in “unhosted wallets”. This poses a problem for applying travel rule standards because it may not be possible to identify the person who owns the cryptoassets in an unhosted wallet.
Nevertheless, the European Parliament has proposed requiring CASPs not only to collect but also to verify information on the identity of the unhosted wallet holder. The beneficiary’s CASP would also need to systematically report to the relevant authorities all transfers exceeding €1,000 from unhosted wallets.
If it is included in the final text, these requirements would pose practical difficulties for CASPs as they would need to find a way to collect the relevant information from controllers of unhosted wallets. In practice, this may mean that some CASPs choose not to provide services to these wallets.
When would the travel rule start to apply?
The Commission’s draft changes to the FTR interact with other pieces of EU legislation which are still in draft, such as MiCAR and the EU’s latest AML package. It may be several months before these texts become law. To avoid delaying implementation of the travel rule, the European Parliament and Council have suggested de-coupling the recast FTR from the AML package so that the former can start to apply sooner.
The latest thinking is that the recast FTR will be able to align with MiCAR. At one point the Parliament had suggested de-coupling the two but recent progress on MiCAR negotiations should mean that the two texts can enter into force at the same time. It is still to be confirmed when the rules will start to apply.
There are several other measures that the European Parliament has proposed, including:
- a ban on transactions with third country CASPs deemed not to comply with EU rules;
- enhanced due diligence for crypto transfers relating to banking transactions;
- a ban on high-risk transfers on AML/CTF grounds; and
- establishing a CASP blacklist.
These would impose potentially burdensome requirements on CASPs to screen crypto-asset transfers. Even if these ideas are not picked up in the recast FTR, they may be revisited when the text of the EU AML package is negotiated.
What is the UK’s approach?
The UK government has also committed to implementing the FATF travel rule. HM Treasury has published draft changes to the Money Laundering Regulations which are due to come into force later this year. Thanks to a grace period, registered UK cryptoasset businesses have until 1 September 2023 before the travel rule comes into force. Read our briefing for more on the UK’s plans.
What happens next?
Negotiations between the European Parliament, Commission and Council are expected to conclude in the coming months. Once the text is agreed, the recast FTR will need to complete the legislative process. As noted above, it is not clear how much time CASPs will have to prepare before the rules start to apply.
With thanks to Imran Bhaluani for writing this post.