EU strikes a deal on “travel rule” for crypto-asset transfers

Context

On 29 June 2022, the European Parliament and Council reached a provisional agreement on a new bill, aiming to ensure that crypto transfers involving EU-supervised crypto-asset service providers (CASPs) can always be traced and suspicious transactions blocked.

Regulation (EU) 2015/847 on information accompanying transfers of funds already requires payment service providers to include payer and payee information with transfers involving banknotes, coins, scriptural money and electronic money (known as the “travel rule”).

To prevent the misuse of crypto assets to facilitate, fund and hide criminal activities and launder proceeds, this traceability requirement is now extended to crypto-asset transfers. The objective here is to align EU legislation with international crypto-asset transfer standards, especially Financial Action Task Force (FATF) recommendations.

Therefore, when CASPs send or receive crypto-asset transfers on behalf of a customer, they will need to obtain and submit information on the transaction’s originator and beneficiary.

There are currently only two exceptions: for person-to-person transfers conducted without a CASP or other obliged entity, or when both the originator and beneficiary are CASPs acting on their own behalf.
 

No de minimis threshold

Due to crypto assets’ specific characteristics and risk profile, the information obligation will apply to all crypto-asset transfers, regardless of the transfer value—in contrast, money transfers have a EUR1,000 threshold.

Required information

While limited originator and beneficiary information should be obtained for crypto-asset transfers within the EU, transfers outside the EU will require more complete information.

In any case, due to the borderless nature and associated risks of crypto-asset activities and CASPs, all crypto-asset transfers will be treated as cross-border wire transfers, with no simplified domestic wire transfer regime.

Know your transaction

In addition to obtaining accurate originator and beneficiary information, CASPs will be expected to obtain information on the source and destination of crypto assets involved in a transfer.

In particular, CASPs should establish effective procedures to detect suspicious crypto assets, especially any link with illegal activities (such as fraud, extortion, ransomware or darknet marketplaces) or if they have passed through mixers, tumblers or other anonymizing services. This is especially important for transfers involving un-hosted wallets or non-EU CASPs that do not comply with the same travel rule obligations.
 

Counterparty due diligence and data protection through the chain

Before transmitting information, CASPs should identify their counterparty and assess if they can be reasonably expected to comply with the travel rule, while also protecting the confidentiality of the originator's personal data, especially for transfers outside the EU.

Negotiators agreed that the establishment of a public register for non-compliant and non-supervised CASPs (with which EU CASPs would not be allowed to trade) will be covered in the Markets in Crypto-Assets (MiCA) Regulation, which is currently being negotiated.
 

Far-reaching scope

This new regulation will apply to a wide range of transfer scenarios and actors, including:

• Transfers from or to “un-hosted wallets” (those in the custody of private users and not institutional custodians), provided that a CASP or another obliged entity is involved.
• If a customer sends or receives more than EUR1,000 to or from their own un-hosted wallet, the CASP will need to verify whether the customer effectively owns or controls this wallet. However, verifying the ownership of un-hosted wallets should not unduly delay the execution of the intended transfers.
• Providers of kiosks connected to a distributed ledger network, also known as crypto-asset automated teller machines (“crypto-ATMs”).
• Intermediary providers of crypto-asset transfers: the European Banking Authority (EBA) will issue guidelines clarifying how the relevant obligations apply to intermediaries, to ensure all required information is transmitted along the crypto-asset transfer chain and made available to the competent authorities upon request.

Next steps

The European Parliament, Council and Commission are now working on the text’s technical aspects. Once confirmed, the new regulation will be published in the Official Journal of the European Union.

Once the new rules enter into force, obliged entities will have 9 months to perform phased rollouts to apply the travel rule. In any case, they will need to fully comply with the new rules 18 months after they enter into force.

Contacts

Subject matter specialists

Regulatory Watch Kaleidoscope service