Scope of the travel rule
Travel rule applies to a "payment service provider when it performs the sending of one or more digital payment tokens by value transfer or when it receives one or more digital payment tokens by value transfer on the account of the value transfer originator or the value transfer beneficiary but shall not apply to a transfer and settlement between the payment service provider and another financial institution where the payment service provider and the other financial institution are acting on their own behalf as the value transfer originator and the value transfer beneficiary".
"Digital Payment Tokens" ("DPT") providers are defined in Schedule 1, part 3 of the Payment service act. The definition of DPT service providers includes the transfer of DPTs, the provision of custodial wallet services for DPTs, and the facilitation of the exchange of DPTs without possession of money or DPTs by the DPT service provider.
However, the following information still needs to be exchanged even for transactions below this threshold:
originator and beneficiary names, and
originator and beneficiary account numbers
Information to be exchanged
Name of the originator;
Account number of the originator, where an account is used to process the transaction. If no account number is available, a unique transaction reference number should be provided;
Originator's address, official personal document number, customer identification number or date and place of birth.
Name of the beneficiary;
Beneficiary's account number. If no account number is available, a unique transaction reference number should be provided.
Every VASP has the obligation to identify the Originator VASPs and verify their identity.
Every Originator VASP needs to record the following information before transferring funds:
KYC information on the originator
" adequate details of the value transfer so as to permit its reconstruction, including but not limited to, the date of the value transfer, the type and value of digital payment token(s) transferred and the value date" with the value date being defined as "the date of receipt of funds by the value transfer beneficiary"
VASPs, when dealing with unhosted wallets, should collect the information on the beneficiary and originator and make it available to the Authorities if requested to do so. They also need to apply enhanced due diligence whenever they transact with unhosted wallets. For example, determine the purpose of the transaction, customer due diligence on the beneficiary (and its beneficial owner), including additional checks to manage risks of impersonation, e.g. verifying ownership of unhosted wallets, enhanced monitoring of customer account, and consider filing suspicious activity report if warranted.
Get in touch with 21 Analytics to know how we can help you verify unhosted wallet ownership. We developed a customer-friendly and privacy-respecting solution to establish the power of disposal over a wallet: Address Ownership Proof Protocol.
When do you need to comply?
NOW. When applying for a license (needed to operate as a VASP in Singapore), you must be able to demonstrate how you will comply with the travel rule.
What else do you need to know?
Existing VASPs operating in Singapore were required to notify MAS and submit license applications by July 28th 2020.
If a DPT service provider requires more time to implement the travel rule, it should (a) conduct a risk-based analysis taking into account the risk profiles of its customers and counterparties, and (b) apply effective risk mitigation measures accordingly. One example of such risk mitigation measures is for the DPT service provider to restrict its VA transactions to a closed-loop within its own customer base, where only verifiable first party transfers for VA transactions are allowed outside the closed-loop and enhanced monitoring is done on those transactions.