The Swiss regulator, FINMA, was one of the first regulators to issue its own guidance on the application of the travel rule to VASPs in August 2019, with stricter rules than the FATF.
Scope of the travel rule
Article 2 of the Anti Money Laundering Act (AMLA) defines which entities/activities are in scope. It should be read in conjunction with the related FINMA circulars and guidances, and in particular for the application of the travel rule FINMA guidance 02/2019 "payments on the blockchain". In this guidance, FINMA mentioned that "Switzerland has always applied the Anti-Money Laundering Act to blockchain service providers", and especially article 10 AMLO-FINMA on the required information in payment transactions.
According to Article 7 of the Anti Money Laundering Ordinance (AMLO), a VASP is deemed to practice its activity professionally if it fulfils any of the following :
achieves a gross revenue of more than CHF 50,000 per calendar year;
established business relationships with more than 20 contractual parties per calendar year;
has unlimited control of third-party funds in excess of CHF 5 million, or
performs transactions at a volume of more than CHF 2 million per year
Unhosted wallets are in the scope of the Swiss implementation of the travel rule. Indeed, FINMA provides that "such an exception would favour unsupervised service providers and would result in supervised providers not being able to prevent problematic payments from being executed".
Information to be exchanged
Name of the originator;
Account number of the originator, where an account is used to process the transaction. If no account number is available, a transaction reference number should be provided;
Originator's address, official personal document number, customer identification number or date and place of birth.
Name of the beneficiary;
Beneficiary's account number.
The Swiss Regulator goes further than the FATF and has imposed stricter requirements on VASPs. Indeed, VASPs have to verify the identity of the beneficiary of the transfer, which concretely means:
for transfers to or from an external wallet belonging to an existing onboarded customer, VASPs will have to verify that the customer has a power of disposal over the assets held in the external wallet;
for transfers to or from an external wallet belonging to a third party, VASP will have to verify the identity of the third party as well as establish the identity of the beneficial owner, and verify that the third party controls the external wallet.
FINMA establishes that the proof of ownership should be done using "technical means". There are different ways to do so, such as the "satoshi test" or signed messages using the private key (we have covered the various methods in this blogpost). Each option has weaknesses when it comes to security, privacy, user experience or adoption. The graphic below compares the methods helping you to understand why we developed the most customer-friendly and compliant option: Address Ownership Proof Protocol (AOPP).
Different ways VASPs can perform proof of ownership
When do you need to comply?
Article 10 AMLO
What else do you need to know?
"Blockchain service providers" are subject to AML Regulations, which includes for example, "to verify the identity of their customers, to establish the identity of the beneficial owner, to take a risk-based approach to monitoring business relationships and to file a report with the Money Laundering Reporting Office Switzerland (MROS) if there are reasonable grounds to suspect money laundering".