Let’s start at the beginning. Initially, the Travel Rule only applied to financial institutions. AMLD4 was adopted to ensure that the Financial Action Task Force (FATF) requirements on wire transfer service providers, and in particular the obligation on payment service providers to accompany transfers of funds with information on the payer and the payee, were applied uniformly throughout the EU. The latest changes introduced in June 2019 in the FATF standards on new technologies, have provided new and similar obligations for crypto-asset service providers, also known as CASPs, to facilitate the traceability of transfers of crypto-assets.
The Travel Rule is established for the purpose of preventing, detecting, and investigating money laundering and terrorist financing. The Travel Rule applies to transfers of funds, in any currency, which are sent or received by a payment service provider, or an intermediary payment service provider established in the EU. It shall also apply to transfers of crypto-assets, including transfers of crypto-assets executed by means of crypto-ATMs, where the CASP, or the intermediary CASP, of either the originator or the beneficiary has its registered office in the EU.
Since the Travel Rule is new in the crypto sector, we will focus on the requirements and implications for CASPs and financial institutions that are engaged in crypto- assets transfers. The Travel Rule requires CASPs to accompany transfers of crypto assets with information on the originators and beneficiaries of those transfers. CASPs are also required to obtain, hold, and share that information with their counterpart on the other end of the crypto assets transfer and make it available to competent authorities on request. The CASP should carry out due diligence of its counterparty. Because the personal data of the transacting parties ‘travels’ with their transfers, the regulation was dubbed the “Travel Rule”. Examples of information that needs to be shared with the counterparty are the name of the originator or beneficiary, blockchain address, address, country, and personal document number.
Interesting to mention is that the FATF recommends that countries adopt a de minimis threshold of 1,000 USD/EUR for Crypto- assets transfers, while keeping in mind that there would be fewer requirements for Crypto-assets transfers below the threshold compared to those above the threshold. The Transfer of Funds Regulation however applies to all transactions regardless of the amount. There is only one exception: A CASP is only required to verify the information on the user of a self-hosted address in the case of a transfer of an amount exceeding EUR 1 000 that is sent or received on behalf of a client of a CASP to or from a self-hosted address.
Of course, every new regulation has its own challenges and implications for the market it will apply to. We would like to name a few:
- Lack of technical resources and extra costs for CASPs: Compliance with the Travel Rule requires implementations and adjustments of the systems that are in place, which will most likely add costs to the business operations.
- Lack of interoperability: CASPs use various protocols and solutions that are not always able to interact with each other, complicating communication, and data exchange.
- Non-uniformity among jurisdictions: countries adopt the Travel Rule based on their own regulations, which may deviate from FATF standards. In particular, jurisdictions may have different de minimis thresholds as mentioned before, varying originator and beneficiary data to be collected and transferred, etc.
- Another industry concern is the so-called ‘Sunrise Issue’. The Travel Rule requirements are enforced at a different pace across jurisdictions. This means that one CASP may be Travel Rule-obligated while its cross-border counterparty may not be.
The EU Travel Rule shall apply as of the 30th of December 2024. In the meantime, the crypto market will be working hard on implementing the Travel Rule within its business.
Something to look out for is that by 1 July 2026, the Commission of the EU shall issue a report assessing the risks posed by transfers to or from self-hosted addresses or entities not established in the EU, as well as the need for specific measures to mitigate those risks, and propose, if appropriate, amendments to the Transfer of Funds Regulation.