Currently, the AMLD5 brings cryptocurrency-fiat currency exchanges under the scope of EU anti-money laundering legislation, requiring exchanges to perform similar compliance obligations as financial institutions. In December 2020, the AMLD6 came into effect: the directive made cryptocurrency compliance more stringent by adding cybercrime to the list of money laundering predicate offences.
In September 2020, the European Union started to be more proactive with the publication of the Digital Finance Package. The most comprehensive is the proposal for a Regulation on “Markets in Crypto-Assets” (MiCA) that seeks to create a fully harmonised European market for virtual assets by establishing a legal taxonomy of virtual assets and defining rules for issuers and service providers.
In July 2021, the European Commission unveiled an AML action plan that proposed to create an EU-wide AML supervisor, harmonising the 27 Member States’ AML regimes and extending anti-financial crime obligations to all crypto asset service providers (CASPs). This included a proposed Regulation “on information accompanying transfers of funds and certain crypto-assets”.
On 29 June 2022, a provisional agreement by the European Parliament, Council and Commission on the proposed revised Transfer of Funds Regulation (TFR) was reached. This Regulation aims to implement the Financial Action Task Force’s (FATF’s) Recommendation 16 (Travel Rule) - which previously only applied to traditional wire transfers - to virtual asset transfers involving CASPs in Europe. The regulation, therefore, will be applicable to all CASPs operating in countries that are members of the European Union, without the need for transposal to local laws.
The following day, 30 June 2022, an agreement on the MiCA Regulation was also reached.
The difference between the TFR and MiCA is that MiCA builds the legal framework for crypto, including crypto asset service providers (CASPs) licensing regimes and definitions, while the TFR brings the crypto Travel Rule into the European Union.
On 5 October, the European Parliament, Council and Commission signed off on the final draft of the Transfer of Funds Regulation and the MiCA framework.
Both documents are in line with their respective draft versions, with a few additional points.
The European Union has opted to use the terms crypto asset service provider (or CASP) instead of the FATF’s usual naming virtual asset service provider (VASP).
Scope of the Travel Rule
“Crypto-assets service providers” as defined in article 3(1) MiCA:
(8) “any person whose occupation or business is the provision of one or more crypto-asset services to third parties on a professional basis;
(9) ‘crypto-asset service’ means any of the services and activities listed below relating to any crypto-asset:
(a) the custody and administration of crypto-assets on behalf of third parties;
(b) the operation of a trading platform for crypto-assets;
(c) the exchange of crypto-assets for fiat currency that is legal tender;
(d) the exchange of crypto-assets for other crypto-assets;
(e) the execution of orders for crypto-assets on behalf of third parties;
(f) placing of crypto-assets;
(g) the reception and transmission of orders for crypto-assets on behalf of third parties
(h) providing advice on crypto-assets”.
The Regulation will apply to “transfers of funds, in any currency, or crypto assets, which are sent or received by a payment service provider, a crypto-asset service provider, or an intermediary service provider (brokers and custodians) established in the European Union”.
It does not apply to person-to-person (P2P) transfers of crypto-assets. A “person-to-person transfer” (peer-to-peer transfer) is defined as “a transaction between natural persons acting, as consumers, for purposes other than trade, business or profession, without the use or involvement” of a CASP. Examples include the use of cryptocurrency trading platforms and self-hosted wallet owners acting on their own behalf - that is, without any CASP assistance.
Neither does it apply when “both the payer and the payee are payment service providers or both the originator and the beneficiary are crypto-asset service providers acting on their own behalf”. In other words, when the originator and beneficiary are payment services providers or a CASP acting on their own behalf, the Travel Rule does not apply.
Each Member State's responsible Authority
New EU AML Authority (AMLA) - planned to be set up in 2023
Every crypto asset transaction between two CASPs must comply with the Travel Rule. There is no transfer value exemption (de minimis threshold) for transactions involving at least one company registered in a European Union country.
However, for transfers below EUR 1000 between CASPs in the EU, the originating CASP can send less information but needs to include at least:
- the names of the originator and the beneficiary; and
- the payment account numbers of the originator and of the beneficiary, or a unique transaction identifier.
The EU Transfer of Funds Regulation (TFR) Breakdown - Transactions under EUR 1000
In the event that the CASPs involved suspect:
money laundering or terrorism financing,
multiple transactions originate from the same wallet and sum to over EUR 1000, or
the funds have been received or paid out in cash,
They are to proceed with the below list of data.
For transfers over EUR 1000, the originating CASP must communicate the below-verified information with each crypto transfer:
the name of the originator,
the originator's blockchain address,
the originator’s crypto-asset account number (e.g. account at CASP),
the originator’s address (including the country and official personal doc. number and the customer ID number, or alternatively, date and place of birth),
the current Legal Entity Identifier (LEI) of the originator, where available,
the name of the beneficiary,
the beneficiary’s crypto-asset account number, and,
the current LEI of the beneficiary, where available.
The EU Transfer of Funds Regulation (TFR) Breakdown
Beneficiary CASPs are required to collect and store the above information and should implement effective procedures to detect whether the information on the originator is missing or incomplete.
If a self-hosted wallet (unhosted wallet) owner sends or receives more than EUR 1000 to or from their own wallet using a CASP, the CASP will need to collect proof that the self-hosted wallet is controlled by that customer.
Transfers to and from self-hosted wallets are in the scope of the Transfer of Funds Regulation (TFR) when transactions involve CASPs. Therefore, CASPs are required to apply enhanced due diligence measures with respect to transfers involving self-hosted wallets.
When performing transfers to or from self-hosted wallets, CASPs need to collect ownership proofs if:
The transaction value is above 1000 EUR, and
The owner of the wallet is the CASP’s client.
When do you need to comply
Some milestones still need to be completed before you are obliged to comply.
First, the final text approved on 5 October 2022 will be voted on in plenary and published in the European Union’s Official Journal, which is planned to happen by March 2023. Once this step is complete, the regulation enters into force after 20 days, establishing the act's legal existence.
Then, the TFR becomes applicable 18 months after entry into force. The date of applicability is when this regulation starts to effectively produce obligations.