What Does The Revised Transfer of Funds Regulation (TFR) Entail?
The Travel Rule in Europe has been shaped recently, imposing, in some aspects, stricter requirements than initially recommended by the Financial Action Task Force (FATF).
Transfer of Funds Regulation (TFR) is the European Union’s Travel Rule implementation.
On 29 June 2022, the European Parliament, Council and Commission reached a provisional agreement on the proposed revised Transfer of Funds Regulation.
On 5 October, the European Parliament, Council and Commission signed off on the final text of the TFR, as well as the Market in Crypto Assets (MiCA) framework. Both documents are in line with their respective draft versions, with a few additional points.
The difference between the TFR and MiCA is that MiCA builds the legal framework for crypto, including crypto asset service providers (CASPs) licensing regimes and definitions, while the TFR only brings crypto Travel Rule into the European Union.
The regulation covers CASP to CASP transfers and CASP to and from self-hosted wallet (unhosted wallet) transactions. The new agreement brings changes in the anti-money-laundering demands to both cases. We will cover them in this article.
To Whom Does the Transfer of Funds Regulation Apply?
The regulation applies to the so-called CASPs, crypto asset service providers operating in the European Union. The Market in Crypto Assets (MiCA) regulation has defined which types of services fall under this category, including but not limited to the FATF’s CASP definition.
For the TFR to apply, at least one of the transacting CASPs must be registered in one of the European Union member states. There are no exceptions to this rule.
Neither does it apply when “both the payer and the payee are payment service providers or both the originator and the beneficiary are crypto-asset service providers acting on their own behalf”. In other words, when the originator and beneficiary are payment services providers or a CASP acting on their own behalf, the Travel Rule does not apply.
What Does The Revised Transfer of Funds Regulation Entail?
With the agreement, crypto-asset transfers are included in the AML regime regarding follow-the-money demands, which earlier applied only to wire transfers.
CASPs need to gather and exchange data on the persons involved in such transactions, similar to the requirements initially proposed by the FATF.
1. CASP to CASP Transfers Require Travel Rule Compliance
When a transfer occurs between CASPs, the originating CASP needs to gather, store and communicate the originating person’s data in the following circumstances:
transactions over EUR 1000,
smaller transactions from the same origin amounting to the value of EUR 1000 and up,
if CASPs suspect money laundering or terrorism financing.
They are to proceed with the below list of data, which is to be collected and sent alongside the transaction:
the name of the originator,
the originator's blockchain address,
the originator’s crypto-asset account number (e.g. account at CASP),
the originator’s address (including the country and official personal doc. number and the customer ID number, or alternatively, date and place of birth),
the current Legal Entity Identifier (LEI) of the originator, where available,
the name of the beneficiary,
the beneficiary’s crypto-asset account number, and,
the current LEI of the beneficiary, where available.
However, for transfers below EUR 1000 between CASPs registered in the EU, the originating CASP can send less information, but needs to include at least:
the names of the originator and the beneficiary, and
the payment account numbers of the originator and the beneficiary, or a unique transaction identifier.
To the beneficiary CASP; which, in turn, needs to gather and store all of the above originating person information and verify the beneficiary’s:
full name, and
These beneficiary details also need to be held and stored by the originating CASP.
It is crucial to highlight here that the new agreement removes the transaction value threshold and makes the Travel Rule requirement applicable to all, even the smallest, CASP to CASP transactions.
2. CASP To or From Self-hosted Wallet Transfers Require Other Measures
When a transfer happens between a CASP and a self-hosted wallet, the CASP is expected to achieve the same AML goals: facilitate funds traceability. Since self-hosted wallets are not CASPs and, therefore, not AML-obliged entities, the actions a CASP must take to comply are slightly different.
Due to heavy criticism of the original text, the new agreement relaxed some demands around transacting with self-hosted wallets, and some technicalities are yet to be finalised.
CASPs must conduct enhanced due diligence procedures for all transfers involving self-hosted wallets. However, in addition to these measures, CASPs must verify the identity of the self-hosted wallet owner if:
the owner is their client (also referred to as first-party transfer), and
the transaction is above 1000 EUR.
For all other cases involving self-hosted wallets, guidance on the appropriate risk mitigating and due diligence measures are yet to be provided by the European Banking Authority (EBA).
3. The Travel Rule Will Not Apply to Peer-to-Peer (P2P) Transactions
Self-hosted wallets transacting directly with other self-hosted wallets will not have to adhere to the Travel Rule. Examples of P2P transactions include the use of cryptocurrency P2P trading platforms and wallet owners acting on their own behalf - without interaction with any wallet at a CASP’s custody.
A “person-to-person transfer” (peer-to-peer transfer) is defined as “a transaction between natural persons acting, as consumers, for purposes other than trade, business or profession, without the use or involvement of a CASP”.
What Is the Threshold for Crypto Travel Rule in Europe?
There is no Travel Rule threshold for transactions between CASPs (regulated entities).
There is a 1000 EUR threshold for proof of ownership to be required on transactions involving self-hosted wallets, on top of other conditions that must be met, as explained above.
What Are the TFR’s Data Protection-Related Requirements?
Before transacting with companies outside the EU, CASPs should perform enhanced due diligence to allow the establishment of their business relationships.
Considering the sensitivity of the required Transfer of Funds Regulation data, the European regulators agreed that if there is no guarantee that the counterparty can handle and store the information securely, it should not be sent.
Moreover, this reinforces that EU CASPs are subject to GDPR requirements and that data should only be made available to the CASPs executing the transfers and competent authorities.
What Are Europe’s Relevant Travel Rule Dates?
Regarding enforcement, CASPs can expect the European Union’s requirement to be fully imposed by Summer 2024, according to insights from policy advisors and information shared in our latest event on the Travel Rule in the EU.
Creating a Safer and Clearer Regulatory Environment
By implementing this regulation, the European Union aims to mitigate financial crime and the misuse of crypto assets. The desired outcome is a safer ecosystem that offers regulatory clarity to EU-based businesses.
Curious to know more? Subscribe to our blog post for regularly updated content. Or click here to chat with us directly.