The Travel Rule: Another Step Towards EU Oversight of Crypto-Assets

Background

Back in July 2021 the European Commission (the “EU Commission”) published a proposed Regulation on transfer of funds and certain crypto-assets the (“EU Commission Proposal”).  This proposal intends to repeal and recast Regulation 2015/847[1] which currently imposes data collection and transmission requirements on payment service providers with respect to wire transfers of conventional, fiat, fund transfers (the “Wire Transfer Regulation”).[2]  The EU Commission Proposal aims to recast the Wire Transfer Regulation but with the key change of also including transactions involving crypto-assets for the first time.  In doing so, it will only impose obligations on crypto-asset service providers (“CASPs”) to collect and transmit payer and payee data with respect to crypto-asset transactions. Person-to-person crypto-asset transfers remain outside scope of the EU Commission Proposal. To date, crypto-asset transactions have largely remained outside EU regulatory oversight aside from some requirements under the Fifth Anti-Money Laundering Directive and therefore no such data collection and transmission obligations have previously been imposed on CASPs operating in the EU to date.

The purpose of the EU Commission Proposal is to ensure that information is collected and transmitted throughout the crypto-asset transaction chain by CASPs, so that information can be made available to the appropriate authorities with the view to curtailing money laundering and terrorist financing.  This proposal has become colloquially known as the “Travel Rule”, given its distinct resemblance to the similar proposal made by the Financial Action Task Force in its recently updated guidance relating to ‘virtual assets’. 

The proposed introduction of the Travel Rule into EU law represents a significant step by EU authorities in bringing crypto-assets further within the scope of EU regulatory oversight (with full scale regulatory oversight likely coming in the form of the proposed Markets in Crypto-Assets Regulation (“MiCA”) which is currently making its way through the EU legislative process).  

The EU Commission Proposal Requirements (July 2021)

Under the EU Commission Proposal, CASPs must ensure that all crypto-asset transfers are accompanied by the following details:

1. Payer and Payee Name;
2. Payer and Payee account number (where available); and
3. Payer address, official personal identification number (such as PPSN or passport number) or place and date of birth.

CASPs must verify the accuracy of the above information for their own customer from a reliable and independent source (such information would typically be acquired at the customer onboarding stage).

All CASPs will be obligated to have effective monitoring policies and procedures in place in order to ensure that the requisite information is available for each transaction and that no information is missing.  Additionally, these policies and procedures will need to take into account whether any such missing information can be regarded as suspicious, and thus potentially warranting a suspicious transaction report (“STR”) to the relevant financial intelligence unit (“FIU”) in accordance with relevant AML legislation.

Any CASP or crypto-asset intermediary would need to have appropriate risk-based procedures in place in the event that the required information is not available, allowing them to decide whether to effect, reject or suspend a transaction.  Such policies and procedures should also assist in determining the appropriate next steps, such as whether or not to make an STR to the FIU.

In line with the Wire Transfer Regulation, the EU Commission Proposal provided for a de-minimis threshold, whereby the above obligations would only apply to transactions (or group of linked transactions) exceeding €1000 in value.  Additionally, the obligations would only attach to transactions involving EU-based CASPs.  Therefore, transactions involving ‘unhosted’ wallets would not be captured by the EU Commission Proposal.  The rules would not apply to person-to-person transfers conducted without a CASP or crypto-intermediary.

Furthermore, the EU Commission Proposal expressly recognises the application of GDPR provisions to CASPs with regards to the collection of personal data in compliance with the Travel Rule.  CASPs are obliged to retain such data for a period of 5 years and must be prepared to make all such collected data available to the relevant authorities upon request.

Proposed Changes to the EU Commission Proposal by ECON and LIBE

On 9 February 2022, the European Parliament’s Economic and Monetary Affairs (“ECON”) and Civil Liberties, Justice and Home Affairs (“LIBE”) committees published a joint draft report on the EU Commission Proposal (the “ECON Amendment Proposal”), the contents  of which will be of significant interest to CASPs and other firms in the industry.  The following is a list of the noteworthy amendments under the ECON Amendment Proposal, however this does not represent an exhaustive list of all proposed changes:

1. No de-minimis exemption:  probably the most significant proposed amendment is the removal of the de-minimis value exemption, thus requiring the Travel Rule to be applied to any and all crypto-asset transactions, regardless of value, where at least one CASP is located in the EU. This proposed amendment highlights the ongoing perception among EU regulators and politicians with respect to the potential for crypto-assets to be used for illicit activity, even where transfer values are for relatively low amounts.
2. Transfer from / to ‘unhosted wallets’: the ECON Amendment Proposal contains a clarification in respect of transactions involving unhosted wallets and states that there is an obligation to collect the relevant data as long as at least one EU-based CASP is involved.  In such instances, the CASP does not need to transmit the data to the unhosted wallet but still needs to collect the data from their customer and keep it available for the relevant authorities;   
3. Know your transaction requirements: CASPs will also be expected to collect and retain data not only on the payer and payee, but also the source and destination of the crypto-assets, particularly with respect to transactions involving unhosted wallets and non-EU based CASPs who are not compliant with the Travel Rule requirements.  This provision effectively requires CASPs to have measures in place to identify suspicious crypto-assets including those related to illegal or illicit activity such as fraud, ransomware etc;
4. Counterparty due diligence and protection of personal information: this is another somewhat onerous addition, obliging EU CASPs to transmit data to non-EU CASPs, but only after performing adequate due diligence to determine if the non-EU entity can be trusted to both comply with the Travel Rule and to protect the personal information of customers;
5. Public register of non-compliant CASPs: the ECON Amendment Proposal also mandates the establishment of a public register for illicit or risky actors by the European Banking Authority.  This register would consist of non-compliant CASPs who cannot be linked to a recognised jurisdiction or who do not apply adequate customer identification AML due diligence measures; and
6. Fast Track Procedure: in a bid to implement bridging safeguards in advance of MiCA coming into force, the ECON Amendment Proposal has called for the decoupling of the Travel Rule from the Sixth Anti-Money Laundering Directive and mandating its introduction as part of the current suite of AML / CFT measures under AMLD5.

The ECON Amendment Proposal also expands the scope of the requirements to include transactions made via so called ‘Crypto ATMs’; and includes provisions designed to clarify that the requirements would not be triggered in circumstances where two or more CASPs are transferring crypto-assets on their own behalf.

It is open to ECON and LIBE to propose further amendments or additions to the EU Commission Proposal prior to final adoption.  The ECON Amendment Proposal now represents the draft mandate for negotiating the final shape of the legislation with EU governments.  The EU Parliament as a whole is expected to vote on the proposed draft shortly.

If you have any queries on this please get in touch with Joe Beashel, Ian O’Mara, Wayne Flanagan or your usual Matheson Financial Institution Group contact.