January 27, 2022

What you need to know about implementing the Travel Rule

Implementing the Travel Rule: A Primer

Over the last few years we have seen global regulators — from Singapore to Hong Kong, the U.S. to the U.K — focus on cryptocurrencies in white papers, guidance, advisories and enforcement actions. Many of those discussions have centered around one regulation: the Travel Rule.

Also known as the “funds transfer record keeping regulation” and “FATF Recommendation 16”, the travel rule requires virtual asset service providers (VASPs) and other financial institutions to exchange originator and beneficiary identifying information with counterparties during certain threshold transactions. What does this mean? It means that crypto businesses are currently, or in-the-not-so distant future will be, required to provide customer details to the next institution to which funds are traveling.

And while the Travel Rule has been discussed and debated, we are now hearing a louder drumbeat for implementation. On that front, practical challenges remain. On February 8, TRM Talks is joined by a panel of experts on travel rule compliance: Pelle Brændgaard, CEO and co-founder of Notabene; Tamsyn Harrison, Senior Legal Associate at Luno; and Malcolm Wright of InnoFi Advisory and Global Digital Finance. In the lead up to TRM Talks Travel Rule, check out the primer below and don’t get called for traveling 🏀

‍

Travel Rule timeline

June 2019: FATF drops the travel rule on crypto businesses

In June of 2019, the Financial Action Task Force (FATF) provided guidance to a wide swath of crypto businesses (also known as “virtual asset service providers or VASPs). The guidance set forth that VASPs should be required by their regulators to pass information about customers to one another when transferring funds in an information sharing effort designed to mitigate the risk of money laundering and other financial crime. The provision, commonly known as the the travel rule, requires VASPs to exchange originator and beneficiary know-your-customer (KYC) information with counterparties for transactions over a certain threshold. FATF’s recommended threshold is $1000 Euros, but the number differs by jurisdiction.

The FATF recommendation states that when crypto businesses send money, they must:

"... obtain and hold required and accurate originator [sender] information and required beneficiary [recipient] information and submit the information to beneficiary institutions ... if any. Further, countries should ensure that beneficiary institutions ... obtain and hold required (not necessarily accurate) originator information and required and accurate beneficiary information ..."

Under the FATF travel rule guidance, the required information for each transfer includes:

(i) originator’s name (i.e., the sending customer);
(ii) originator’s account number where such an account is used to process the transaction (e.g., the VA wallet);
(iii) originator’s physical (geographical) address, or national identity number, or customer identification number (i.e., not a transaction number) that uniquely identifies the originator to the ordering institution, or date and place of birth;
(iv) beneficiary’s name; and
(v) beneficiary account number where such an account is used to process the transaction (e.g., the VA wallet).

July 2021: FATF says it’s time to implement the travel rule guidance

The travel rule today, a longstanding requirement for international banks when sending each other money on customers' behalf, is still a work in progress. In July of 2021, FATF published its "Second 12-Month Review of the Revised FATF Standard on Virtual Assets and Virtual Asset Providers ("the report"). While the report is a follow up to the June 2019 guidance, it encompasses much more. The report, which enlisted the help of TRM and other blockchain analytics providers in order to better understand the data behind illicit finance risks, is a 43-page VH-1 style "where are they now" referendum on regulators, nation states, and VASPs in implementing FATF's previous recommendations including the travel rule.

FATF, concerned with jurisdictional arbitrage, points throughout the report to what it sees as insufficient implementation of the travel rule or the development of so-called travel rule solutions as disincentivizing "the private sector, particularly VASPs, to invest in the necessary technology solutions and compliance infrastructure to comply with the travel rule." FATF writes:

"Overall, there has been further progress [on the travel rule] in the last year. Nonetheless, two years after the FATF revised its Standards, most jurisdictions and most VASPs are not complying with the travel rule. This is a major obstacle to effective global AML/CFT mitigation and is undermining the effectiveness and impact of the revised FATF Standards."

October 2021: FATF says 📣 implement!!

In October 2021, FATF released Updated Guidance For A Risk Based Approach For Virtual Assets and Virtual Asset Providers. That guidance interpreted the definition of VASP to include certain decentralized finance (DeFi) projects, NFT issuers and marketplaces and stablecoin governance bodies. In doing so, FATF potentially expanded the universe of crypto businesses responsible for implementing the travel rule and other AML compliance.

‍

What is the sunrise issue?

While countries have been expected to implement frameworks to ensure travel rule compliance since the 2019 guidance, VASPs seem to have been, for myriad reasons, slow to comply. Therefore, most global regulators have not enforced the requirement and countries are at different stages of travel rule implementation. In fact, some countries are years behind others in terms of implementation. This is known in the cryptoverse as the “sunrise” problem or issue. The sunrise problem could potentially make it risky for VASPs from travel rule compliant nations to do business with exchanges in jurisdictions that are behind on implementation. FATF essentially advises VASPs in travel rule-compliant jurisdictions to take a risk-based approach to doing business with non-compliant VASPs. According to the October 2021, that risk-based approach should include:

VASPs that have not implemented the travel rule should be considered higher-risk.
A VASP needs to undertake counterparty VASP due diligence before they transmit the required information.
Originators and beneficiary VASPs should screen transactions to ensure that the counterparty does not have sanctions exposure.
In the case of unhosted wallets — where there is not an originator or beneficiary institution — a VASP must still collect the required information with respect to their customer.
VASPs are expected to engage in robust counterparty due diligence that may include "blockchain analytics services."

‍

The Travel Rule today

What information is a VASP supposed to provide to be travel rule compliant?

According to FATF, the following information should be exchanged between VASPs in a transaction:

‍

Originator Information

Originating VASP should:‍

Obtain, hold a record of, and submit verified originator KYC information and submitted to the beneficiary VASP at the time of the transfer.

Beneficiary VASPs should:

Obtain and hold the KYC data submitted by the originating VASP; however, it is not required to re-verify this data.

‍

Beneficiary Information

Originating VASP should:

Submit unverified KYC data about the beneficiary to the beneficiary VASP (obtained from its customer (originator)).

Beneficiary VASP should:

Obtain unverified beneficiary KYC data from originating VASP and compare it to own verified data of the beneficiary.

‍

Both originating and beneficiary VASPs should:

Obtain the necessary KYC information from either its customer (in the case of the originating VASP) or from the originating VASP (in the case of the beneficiary VASP)and maintain a record.
Undertake sanctions screening to confirm that the beneficiary or the originator are not on the U.S. or other sanctions’ list.
Undertake transaction monitoring with a blockchain intelligence solution, investigate if any red flags for fraud or financial crime, and report to a regulator or law enforcement if consistent with the VASP’s risk based approach.

‍

What do global regulators say about the Travel Rule?

While FATF sets the standards, global regulators have, or are in the process of, implementing the Travel Rule. TRM travel rule solution partner Notabene provides a helpful global overview. The bottom line is that you have countries around the world at different stages of travel rule compliance. You have countries like the United States, Lichtenstein, Canada, Gibraltar, Singapore, Switzerland, and the European Union that have implemented travel rule regulations. Countries such as Japan, South Korea, Germany, and South Africa have plans to implement within the next year or so. But that, much to FATF’s chagrin, leaves a lot of the map without immediate plans to implement.

What’s next?

Soon after the release of the October guidance, TRM Talks sat down with the chairs of FATF's Virtual Assets Contact Group (VACG), Habuchi Takahide of Japan's Financial Services Agency and Jon Fishman of the U.S. Treasury. Watch the recording here. When asked about section 200 of the guidance — which suggests that regulators could allow VASPs to take a "staged approach" to requiring implementation of the travel rule — Mr. Habuchi clarified, "The travel rule implementation is one of the top priorities of FATF's virtual asset work." He continued, "the phased approach is acceptable only to to the extent that it leads to achieving full implementation earlier," (than would otherwise have been possible).

As the calls for implementation heat up, according to Mr. Habuchi, the VACG will focus on (1) working to ensure implementation of the standards globally; (2) continuing to monitor the virtual asset market paying close attention to emerging risks; and, (3) continuing to encourage public private partnerships. In a Coindesk piece this month, FATF president Marcus Pleyer, stayed on message explaining, “The FATF will not proscribe a one-size-fits-all compliance solution to the industry. It is up to businesses to use technology that they find most effective to record and share sender and recipient information. It is heartening to see in recent years how the crypto sphere has evolved with an understanding that growth in this marketplace requires regulation.”

What does all this mean? It means that in 2022 the FATF is going to be putting the pressure on global regulators to implement and enforce a travel rule framework. It also means you should watch TRM Talks: Travel Rule Implementation! Click the banner below to sign-up.

‍