Scope of the Travel Rule
As explained in Schedule 1 of the Payment Service Act, part 3, the Travel Rule applies to a "payment service provider when it sends or receives digital payment tokens by value transfer on the account of the value transfer originator, or the value transfer beneficiary. However, it will not apply to a transfer and settlement between the payment service provider and another financial institution where the payment service provider and the other financial institution are acting on their behalf, i.e. as the value transfer originator and the value transfer beneficiary".
The Payment Service Act, part 3, further defines "Digital Payment Tokens (DPT) providers" - the definition of DPT service providers includes the transfer of DPTs, the provision of custodial wallet services for DPTs, and the facilitation of the exchange of DPTs without possession of money or DPTs by the DPT service provider.
However, the following information still needs to be exchanged even for transactions below this threshold:
Originator and beneficiary names, and
Originator and beneficiary account numbers
Information to be exchanged
Originator's account number, where an account is used to process the transaction. If no account number is available, a unique transaction reference number should be provided;
Originator's address, official personal document number, customer identification number or date and place of birth.
Beneficiary's account number. If no account number is available, a unique transaction reference number should be provided.
Every virtual asset service provider (VASP) has the obligation to identify the Originator VASPs and verify their identity.
Every Originator VASP needs to record the following information before transferring funds:
Know your customer (KYC) information on the originator
" adequate details of the value transfer so as to permit its reconstruction, including but not limited to, the date of the value transfer, the type and value of digital payment token(s) transferred and the value date" with the value date being defined as "the date of receipt of funds by the value transfer beneficiary" (Schedule 1 of the Payment Service Act, part 3).
VASPs, when dealing with unhosted wallets, should collect the information on the beneficiary and originator and make it available to the Authorities if requested to do so. They also need to apply enhanced due diligence whenever they transact with unhosted wallets. For example, determine the purpose of the transaction, customer due diligence on the beneficiary (and its beneficial owner), including additional checks to manage risks of impersonation, e.g. verifying ownership of unhosted wallets, enhanced monitoring of customer account, and consider filing suspicious activity report if warranted.
Get in touch with 21 Analytics to find out how we can help you verify unhosted wallet ownership. We developed a customer-friendly and privacy-respecting solution to establish the power of disposal over a wallet: Address Ownership Proof Protocol.
When do you need to comply?
NOW. When applying for a license (needed to operate as a VASP in Singapore), you must be able to demonstrate how you will comply with the Travel Rule.
What else do you need to know?
Existing VASPs operating in Singapore were required to notify MAS and submit license applications by 28 July 2020.
If a DPT service provider requires more time to implement the Travel Rule, it should (a) conduct a risk-based analysis taking into account the risk profiles of its customers and counterparties and (b) apply effective risk mitigation measures accordingly. One example of such risk mitigation measures is for the DPT service provider to restrict its VA transactions to a closed-loop within its own customer base, where only verifiable first party transfers for VA transactions are allowed outside the closed-loop and enhanced monitoring is done on those transactions.