The EU Commission published their legislative package on AML and CTF on June 20, 2021.
The package comprises of 4 proposals, one of which is the transposition of FATF’s Recommendation 16 – aka the ‘Travel Rule’ into EU regulations. The provisions of the Travel Rule will be transposed into the existing EU wire transfer Regulation (EU) 2015/847.
What are the key takeaways from the regulation draft?
- The regulation will transpose FATF’s Travel Rule to EU Member States directly (meaning there is no need for transposition into national law).
- The regulation applies to CASPs (Crypto Asset Service Providers) which has a broader scope of services included than that of the FATF’s VASPs (Virtual Asset Service Providers).
- The information to be collected on the transfer originator and beneficiary are in line with the FATF’s Travel Rule language.
- The regulation explicitly states it does not apply to person-to-person transfers.
What are the proposed requirements for CASPs?
The requirements apply to CASPs whenever their transaction (in fiat currency or crypto-asset) involve:
- A traditional wire transfer;
- A crypto-asset transfer between a CASP and another obliged entity (e.g between two CASPs or between a CASP and another obliged entity, such as a bank or other financial institution).
Why does the EU Travel Rule regulation use the term ‘CASP’ and what does it refer to?
FATF requirements consistently use the term VASP – Virtual Asset Service Provider.
EU regulation on wire transfers will be using the term CASP – Crypto Asset Service Provider.
The term is being introduced by the Markets in Crypto Assets regulation (still in draft stage).
Based on the MiCA draft, the term CASP will cover all the arms of FATF’s VASP definition and go over and beyond FATF’s scope of VASPs.
The following activities fall into the scope of CASP:
(a) the custody and administration of crypto-assets on behalf of third parties;
(b) the operation of a trading platform for crypto-assets;
(c) the exchange of crypto-assets for fiat currency that is legal tender;
(d) the exchange of crypto-assets for other crypto-assets;
(e) the execution of orders for crypto-assets on behalf of third parties;
(f) placing of crypto-assets;
(g) the reception and transmission of orders for crypto-assets on behalf of third parties;
(h) providing advice on crypto-assets.
Notably, MiCA refers to CASPs as “any person whose occupation or business is the provision of one or more crypto-asset services to third parties on a professional basis.”
CASP of the transfer originator must ensure that the transfers are accompanied by;
- The following details regarding the originator:
- Account number -where such exists and is used to process the transaction or ensure that the transaction can be identified in the distributed ledger;
- Address, official personal document number, customer ID number or date and place of birth.
- The following details regarding the beneficiary:
- Account number -where such exists and is used to process the transaction or ensure that the transaction can be identified in the distributed ledger.
CASP of the transfer originator must verify the information listed above on the originator using reliable and independent sources. This is likely to have been done at the client onboarding stage (where CASPs perform KYC checks on their clients).
For transfers below or equal to 1000 EUR, CASP of the transfer originator may choose to send reduced scope of information, i.e.
- Names of the originator and beneficiary;
- Account number (or transaction identifier).
CASP of the transfer beneficiary must:
- Implement effective procedures to detect whether the information on the originator is included in, or follows, the transfer of crypto-assets.
- Implement effective procedures, including, where appropriate, ex-post monitoring or real-time monitoring, in order to detect whether the required information on the originator or the beneficiary is missing. This can be done through monitoring during or after the transfer. In cases of missing or incomplete information, the EU Travel Rule regulation notes that CASPs should have effective measures in place to address the risk identified.
CASP of the transfer beneficiary must verify the information listed above on the beneficiary using reliable and independent sources. This is likely to have been done at the client onboarding stage (where CASP performs KYC checks on their clients).
The EU Commission Travel Rule proposal also notes that GDPR provisions apply to CASPs with regards to the personal data handled in the transaction.
The information on the originator and beneficiary must be kept for 5 years and be made available to authorities when requested.