In 2019, the Financial Action Task Force (‘FATF’) issued new requirements regarding its travel rule, as described in recommendation 16 of its International Standards on Combating Money Laundering and the Financing of Terrorism (‘the FATF Recommendations’). The purpose of the travel rule is to cover measures combating money laundering and terrorism financing.

The main function of the Travel Rule is to require Crypto Asset Service Providers (CASPs) to obtain ‘required and accurate originator information and required beneficiary information’ and share it with counterparty CASPs or financial institutions during or before the transaction. The personal data of the transacting parties, therefore, ‘travels’ with their transfers. As recommended by the FATF, countries ought to adopt a de minimis threshold of 1000 USD/EUR for transfers of virtual assets, bearing in mind that there exist fewer requirements for virtual asset transfers below the threshold compared to those above the threshold.

When a transfer does not surpass said threshold,  CASPs need to collect the name of the originator – i.e. the sender – and the virtual asset wallet address for each or a unique transaction reference number. In these cases, verification is not necessary unless suspicious circumstances arise relating to money laundering or the financing of terrorism.

On the other hand, when a transfer exceeds said threshold, a CASP must collect the following information: the originator’s name, account number for the account used to process the transaction, physical address, national identity number; customer identification number which uniquely identifies the originator to the ordering institution, or else the date and place of birth, together with the beneficiary’s name and account number.

In June 2023, in an effort to comply with the aforementioned recommendation, the European Union (‘EU’) enacted Regulation (EU) 2023/1113 of the European Parliament and of the Council of 31st May 2023 on information accompanying transfers of funds and certain crypto-assets, amending EU Directive 2015/849. Said regulation aims to harmonise the Travel Rule across all EU Members and will be applied from December 30, 2024. However, it may be argued that this is more burdensome than the FATF recommendations since the de minimis threshold is not catered for, meaning that the Travel Rule is applicable to all transactions regardless of the amount.

Other requirements imposed by the Regulation are that the CASP, as authorised under the Markets in Crypto-Assets Regulation (MiCA), ought to carry out due diligence of its counterparty; verify the accuracy of information about the originator on the basis of documents, data, or information obtained from a reliable and independent source; ensure that transfers of crypto-assets are accompanied by information on the originator and beneficiary; and if it is the service provider of said party, which service provider shall ensure that transfers of crypto-assets are accompanied by information on the originator and beneficiary. In relation to information on the originator and beneficiary, the following must be included: the name, distributed ledger address, where a transfer of crypto-assets is registered on a network using DLT or similar technology; the crypto-asset account number where such an account exists and is used for the purpose of processing the transaction; the crypto-asset account number, where a transfer of crypto-assets is unregistered on a network using DLT or similar technology; the address solely of the originator, including the name of the country, official personal document number and customer identification number or, alternatively, the originator’s date and place of birth; subject to the existence of the necessary field in the relevant message format, and where provided by the originator to its CASP and the current LEI or any other available equivalent original identifier of the originator/beneficiary.

Furthermore, if a transfer of crypto-assets is made to a self-hosted address, the originator’s CASP shall obtain and retain the aforementioned information, ensuring that the transfer of crypto-assets may be individually identified. Where, on the other hand, a transfer of an amount exceeding €1,000 is made to a self-hosting address, the CASP of the originator ought to take adequate measures to assess whether that address is owned or controlled by the originator.

Identical rules are applied in case of a transfer of crypto-assets made from a self-hosted address in relation to the CASP of the beneficiary, who shall implement effective procedures, including, monitoring during or after the transfers, in order to detect whether the information on the originator and the beneficiary is included in the transfer or batch file transfer of crypto-assets. Before making crypto-assets available to the beneficiary, the CASP of the beneficiary shall verify the accuracy of the information on the beneficiary, on the basis of documents, data, or information obtained from a reliable and independent source. Then, it shall implement effective risk-based procedures, including procedures with a view to determining whether to execute or reject a transfer of crypto-assets which lacks the necessary information on both the originator and beneficiary. The CASP of the beneficiary shall take into account missing or incomplete information on the originator or the beneficiary when assessing whether a transfer of crypto-assets is suspicious and whether it is to be reported to the Financial Intelligence Analysis Unit (‘FIAU’) in accordance with Directive (EU) 2015/849.

With the extension of the travel rule to the realm of crypto-assets, more stringent requirements have been imposed on CASPs globally in relation to the publication of personal data of the originator and beneficiary in a crypto-asset transaction. The EU also aims to reflect these recommendations in its newly-enacted Regulation. 

Disclaimer This article is not intended to impart legal advice and readers are asked to seek verification of statements made before acting on them.
Skip to content