What Does The Revised Transfer of Funds Regulation Entail?
The Travel Rule in Europe has been shaped recently, imposing, in some aspects, stricter requirements than initially recommended by the FATF. There are still final technicalities to be decided upon, but VASPs can already know what to expect when it comes to unhosted wallets, the threshold, transaction dealbreakers and other important aspects of the regulation.
Transfer of Funds Regulation (TFR) is the European Union’s Travel Rule implementation.
On 29 June 2022, the European Parliament, Council and Commission reached a provisional agreement on the proposed revised Transfer of Funds Regulation.
The regulation covers both VASP to VASP transfers and VASP to and from unhosted (also known as non-custodial) wallet transactions. The new agreement brings changes in the anti-money-laundering demands to both cases. We will cover them in this article.
To Whom Does the Transfer of Funds Regulation Apply?
The regulation applies to the so-called CASPs, crypto asset service providers, operating in the European Union. The Market in Crypto Assets (MiCA) regulation has defined which types of services fall under this category, including but not limited to the FATF’s VASP definition.
For the TFR to apply, at least one of the transacting VASPs needs to be registered in one of the European Union member states. There are no exceptions to this rule.
What Does The Revised Transfer of Funds Regulation Entail?
With the agreement, crypto-asset transfers are included in the AML regime regarding follow-the-money demands, which earlier applied only to wire transfers.
After the regulation comes into force, VASPs will need to gather and exchange some data on the persons involved in such transactions, similar to the requirements originally proposed by the FATF.
1. VASP to VASP Transfers Require Travel Rule Compliance:
When a transfer happens between VASPs, the originating VASP needs to gather, store and communicate the originating person’s accurate:
account number, and
date of birth, or physical address, or identity number or national ID.
To the beneficiary VASP; which, in turn, needs to gather and store all of the above originating person information and the beneficiary’s accurate:
full name, and
These beneficiary details also need to be held and stored by the originating VASP.
It is crucial to highlight here that the new agreement removes the transaction value threshold and, therefore, makes the Travel Rule requirement applicable to all, even the smallest, VASP to VASP transactions.
2. VASP To or From Unhosted Wallet Transfers Require Other Measure
When a transfer happens between a VASP and an unhosted wallet, the VASP is expected to achieve the same AML goals: facilitate funds traceability. Since unhosted wallets are not VASPs and, therefore, not AML-obliged entities, the actions a VASP must take to comply are slightly different.
Due to heavy criticism of the original text, the new agreement relaxed some demands around transacting with unhosted wallets, and some technicalities are yet to be finalised.
For all transfers involving unhosted wallets, VASPs must conduct enhanced due diligence procedures. However, in addition to these measures, VASPs must verify the identity of the unhosted wallet owner if:
The owner is their client (also referred to as first-party transfer), and
The transaction is above 1000 EUR.
For all other cases involving unhosted wallets, guidance on the appropriate risk mitigating and due diligence measures is yet to be provided by the European Banking Authority (EBA).
3. The Travel Rule Will Not apply to Peer-to-Peer (P2P) Transactions
Unhosted wallets transacting directly with other unhosted wallets will not have to adhere to the Travel Rule.
Examples of P2P transactions include the use of cryptocurrency P2P trading platforms and wallet owners acting on their own behalf - that is, without interaction with any wallet at a VASP’s custody.
What Is the Threshold for Crypto Travel Rule in Europe?
There is no Travel Rule threshold for transactions between VASPs (regulated entities).
There is a 1000 EUR threshold for proof of ownership to be required on transactions involving unhosted wallets, on top of other conditions that must be met, as explained above.
What Are TFR’s Data Protection Related Requirements?
Before transacting with companies outside the EU, VASPs should perform enhanced due diligence to allow the establishment of their business relationships.
Considering the sensitivity of the required Transfer of Funds Regulation data, the European regulators agreed that if there is no guarantee that the counterparty is able to handle and store the information securely, it should not be sent.
Moreover, this reinforces that EU VASPs are subject to GDPR requirements and that data should only be made available to the VASPs executing the transfers and competent authorities.
What Are Europe’s Relevant Travel Rule Dates?
It is important to note that this agreement is provisional. The text’s final revision date is still to be advised but will presumably be at the end of 2022.
When it comes to enforcement, VASPs can expect the European Union’s requirement to be fully imposed by Summer 2024, according to insights from policy advisors and information shared in our latest event on the Travel Rule in the EU.
Creating a Safer and Clearer Regulatory Environment
Through the implementation of this regulation, the European Union aims to mitigate financial crime and the misuse of crypto assets.
The desired outcome is a safer ecosystem that offers regulatory clarity to EU-based businesses.
Please note: The terms virtual asset service provider and VASP have been used throughout the text. These terms hold a similar meaning to crypto asset service provider (CASP).
The main difference between the terms is that the MiCA definition is slightly broader than the FATF’s to make provision for new markets that don’t exist yet.
Curious to know more? Subscribe to our blog post for regularly updated content. Or click here to chat with us directly.