Download the EU Travel Rule Guide by EY and 21 Analytics
Currently, the AMLD5 brings cryptocurrency-fiat currency exchanges under the scope of EU anti-money laundering legislation, requiring exchanges to perform similar compliance obligations as financial institutions. In December 2020, the AMLD6 came into effect: the directive made cryptocurrency compliance more stringent by adding cybercrime to the list of money laundering predicate offences.
In September 2020, the European Union started to be more proactive with the publication of the Digital Finance Package. The most comprehensive is the proposal for a Regulation on “Markets in Crypto-Assets” (MiCA) that seeks to create a fully harmonised European market for virtual assets by establishing a legal taxonomy of virtual assets and defining rules for issuers and service providers.
In July 2021, the European Commission unveiled an AML action plan that proposed to create an EU-wide AML supervisor, harmonising the 27 Member States’ AML regimes and extending anti-financial crime obligations to all crypto asset service providers (CASPs).
On 29 June 2022, a provisional agreement by the European Parliament, Council and Commission on the proposed revised Transfer of Funds Regulation (TFR) was reached. This Regulation aims to implement the Financial Action Task Force’s (FATF’s) Recommendation 16 (Travel Rule) - which previously only applied to traditional wire transfers - to virtual asset transfers involving CASPs in Europe. The regulation, therefore, will be applicable to all CASPs operating in countries that are members of the European Union, without the need for transposal to local laws.
The following day, 30 June 2022, an agreement on the MiCA Regulation was also reached.
The difference between the TFR and MiCA is that MiCA builds the legal framework for crypto, including crypto asset service providers' (CASPs) licensing regimes and definitions, while the TFR brings the crypto Travel Rule into the European Union.
Finally, on 20 April 2023, the European Union Parliament voted on its final version of both documents, which will most likely come into force by July 2023, with an 18-month grace period before full effect by January 2025.
Both documents are in line with their respective draft versions, with a few additional points.
The European Union has opted to use the term crypto asset service provider (or CASP) instead of the FATF’s usual naming virtual asset service provider (VASP).
What is the scope of the Travel Rule in the EU?
“Crypto-assets service providers” as defined in article 3(1) MiCA:
(8) “any person whose occupation or business is the provision of one or more crypto-asset services to third parties on a professional basis;
(9) ‘crypto-asset service’ means any of the services and activities listed below relating to any crypto-asset:
(a) the custody and administration of crypto-assets on behalf of third parties;
(b) the operation of a trading platform for crypto-assets;
(c) the exchange of crypto-assets for fiat currency that is legal tender;
(d) the exchange of crypto-assets for other crypto-assets;
(e) the execution of orders for crypto-assets on behalf of third parties;
(f) placing of crypto-assets;
(g) the reception and transmission of orders for crypto-assets on behalf of third parties
(h) providing advice on crypto-assets”.
The Regulation will apply to “transfers of funds, in any currency, or crypto assets, which are sent or received by a payment service provider, a crypto-asset service provider, or an intermediary service provider (brokers and custodians) established in the European Union”.
It does not apply to person-to-person (P2P) transfers of crypto-assets. A “person-to-person transfer” (peer-to-peer transfer) is defined as “a transaction between natural persons acting, as consumers, for purposes other than trade, business or profession, without the use or involvement” of a CASP. Examples include the use of cryptocurrency trading platforms and self-hosted wallet owners acting on their own behalf - that is, without any CASP assistance.
Neither does it apply when “both the payer and the payee are payment service providers, or both the originator and the beneficiary are crypto-asset service providers acting on their own behalf”. In other words, when the originator and beneficiary are payment services providers or a CASP acting on their own behalf, the Travel Rule does not apply.
Who is the supervisory body for CASPs in the EU?
Each Member State's responsible Authority
New EU AML Authority (AMLA) - planned to be set up in 2023
What is the Travel Rule threshold in the EU?
Every crypto asset transaction between two CASPs must comply with the Travel Rule. There is no transfer value exemption (de minimis threshold) for transactions.
For all transfers, the originating CASP must communicate the following information with each crypto transfer before or simultaneously with the transfer:
originator distributed ledger address,
originator crypto asset account number,
originator address, which must include the name of the country, official personal document number and customer identification number, or alternatively date and place of birth,
originator LEI (where applicable, or an equivalent official identifier).
beneficiary distributed ledger address,
beneficiary crypto asset account number,
beneficiary LEI (where applicable, or an equivalent official identifier).
The processing of personal data under this Regulation should take place in full compliance with the General Data Protection Regulations (GDPR). CASPs shall ensure that at all times, the transmission of any personal data on the parties involved in a transfer of funds or a transfer of crypto assets is conducted per the GDPR. CASPs should put appropriate measures in place to protect personal data against accidental loss, alteration, or unauthorised disclosure.
Beneficiary CASPs are required to collect and store the above information and should implement effective risk-based procedures to determine whether to execute, reject, return or suspend a transfer lacking information and to take the appropriate follow-up action.
Further guidance on how to do this will be published by the European Banking Authority (EBA).
Self-hosted wallets are in scope
Transfers to and from self-hosted wallets are in the Transfer of Funds Regulation (TFR) scope when transactions involve CASPs. Therefore, CASPs must obtain the Travel Rule required information on the transfer’s originator and beneficiary, usually from its client.
If a self-hosted wallet owner sends or receives more than EUR 1000 to or from their own wallet using a CASP, the CASP will need to collect proof that that customer controls the self-hosted wallet.
When do you need to comply with the Travel Rule in the EU?
The MiCA and TFR texts were approved on April 20 2023; the next step is for the Regulations to be published in the Official Journal; this will most likely occur by June 2023, 20 days thereafter the Regulations will enter into force.
CASPs will have an 18-month grace period to initiate their compliance regime before the Travel Rule is live in the EU, which is predicted to be January 2025.