Virtual Assets and the Ongoing Evolution of the Travel Rule

14 September 2023

The concepts of pseudonymity and anonymity have been a cause for concern amongst law enforcement agencies and regulators ever since Bitcoin came to prevalence as a means of value transfer after the whitepaper, Bitcoin: A Peer-to-Peer Electronic Cash System, was published on 31 October 2008.

Pseudonymity refers to the inherent quality of most cryptocurrencies - the use of a pseudonym, in this case a public wallet address, which is very often the only individual identifier used in various forms of cryptocurrency transactions.

Anonymity, meanwhile, refers in this instance to activity undertaken to actively conceal the identity of users or parties to a transaction. This can take place by using anonymity-promoting networks or privacy coins - cryptocurrency purpose built for ensuring the anonymity of its users, such as Zcash (ZEC), Monero (XMR), and Dash (DASH).

When the infamous online dark web marketplace, Silk Road, came into existence in 2011, these concerns about identity were realised in a very real way. The website ran for a period of two years and allowed individuals to buy and sell illegal/unethical items over the ‘Tor’ network (an open-source software used to promote privacy and anonymity) whilst using cryptocurrency, predominantly Bitcoin, as a means of payment.

The platform became the online home of various criminal activities, including money laundering and terrorist financing, before being shut down by the FBI in 2013, with more than $3billion worth of Bitcoin being seized.

Developing Policies

Ten years on, the utilisation of cryptocurrencies for illicit purposes has remained a concern for many agencies and regulators around the globe, one of the most prominent being the Financial Action Task Force (FATF).

The FATF is an intergovernmental organisation tasked with developing policies for the purposes of combatting money laundering and terrorist financing. In furthering its objectives, the FATF developed 40 recommendations or standards that provide countries with a comprehensive framework for combatting money laundering and terrorist financing.

In June 2019, the FATF made a public statement specifically dealing with virtual assets and related providers with amendments made to the interpretation note of Recommendation 15 (New Technologies) heralding the introduction of Virtual Asset Service Providers (VASPs). VASPs were immediately brought under the scope of Recommendations 10 to 21, and importantly, Recommendation 16 – the Travel Rule: effectively the requirement to share information in relation to a transaction, and the identities of the parties to the transaction, between the two service providers undertaking it.

The Travel Rule is not a new concept; it has been in existence since the 1970s when it formed part of the US Bank Secrecy Act. The FATF included the rule as one of its Recommendations in 2012, specifically pertaining to traditional financial institutions.

Thankfully, by the time the Recommendation was made, the Society for Worldwide Interbank Financial Telecommunication (SWIFT) was already in existence, allowing for messaging between different financial institutions, greatly simplifying the onus placed on those financial institutions.

Unfortunately, however, VASPs do not have the benefit of existing infrastructure to simplify Travel Rule adoption. On the contrary, they have largely operated in an ecosystem that has historically favoured pseudonymity over identification of beneficial owners.

Despite “know your customer” requirements becoming more stringent as regulators around the world seek to do away with public wallet addresses being able to transact without a clear and verifiable ultimate owner identified as the wallet controller, the Travel Rule brings added complications to VASPs – they are only just coming to terms with KYC, never mind global reporting and data sharing.

Application and Compliance

Like many regulators, the FATF takes a technology neutral approach and does not clearly prescribe just how compliance with the Travel Rule is supposed to be achieved. It does, however, provide general requirements for compliance.

In essence, the Travel Rule applies to VASPs and financial institutions that engage in virtual assets transfers.

This could include a virtual asset transfer between a VASP and another obliged entity, like another VASP or other financial institution, or a virtual assets transfer between a VASP and an un-obliged entity, such as an unhosted wallet.

It is worth noting that when a transaction is between a VASP and an entity to who the recommendation does not apply, the requirements on the VASP as implied by recommendation 16 are reduced.

It’s also worth noting that the FATF defines a VASP as a natural or legal person that: exchanges virtual assets; exchanges virtual assets and fiat; transfers virtual assets; stores virtual assets; or participates in or provides financial services related to an issuer offer and/or sale of virtual assets.

In terms of data requirements, the FATF has suggested a de minimis limit of 1,000 USD/EUR with different data requirements above and below this limit.

Below 1,000 USD/EUR:

  • The name of the originator (sender) and beneficiary (recipient)
  • The virtual asset wallet address of each or a unique transaction reference number

Above 1,000 USD/EUR:

  • Originator
    • name.
    • account number for account used to process the transaction (wallet address).
    • physical address or national identity number or customer identification number which identifies the originator to the ordering institution, or date and place of birth.
  • Beneficiary
    • Name
    • Account number for the account used to process the transaction (wallet address).

The above information needs to be exchanged between VASPs or financial institutions either during or before the transfer takes place. It is also important to note that VASPs or financial institutions are required to carry out a counterparty VASP check confirming that it is dealing with another VASP, that it is registered/licenced in the jurisdiction in which it operates and has sufficient AML/CFT supervision.

Slow Uptake

Despite the Travel Rule recommendation for cryptocurrencies coming into effect in 2019, its international uptake has remained slow.

According to the latest report by the FATF in June 2022, only 29 out of 98 responding jurisdictions had passed Travel Rule legislation while only 11 of those have begun enforcement. The way in which the recommendation has been interpreted and regulated across various jurisdictions has also seen a lot of variation, which only serves to further complicate its effective application.

Meanwhile, technology providers continue to try to find an all-encompassing transaction information sharing system which could deliver on the requirements as set out by the FATF on a global rather than at a country level.

Specialist Support

For those currently considering how the Travel Rule will impact on their business or requiring assistance in preparing to meet their regulatory requirements under the FATF’s Recommendation, the experts at Suntera Digital are well positioned to assist.

Drawing on a strong technical and multi-jurisdictional background and with considerable expertise in the field, the team is able to offer specialist support in areas relating to virtual assets and blockchain technology - from the metaverse, ICOs and cryptocurrency exchanges, to tokenisation, NFT projects and DeFi offerings.

This includes comprehensive consultancy support in an ever-changing global regulatory landscape, while advice is also offered around all aspects of anti-money laundering and regulatory compliance in relation to VASPs – including the ongoing evolution of The Travel Rule.

From developing operational policies and procedures to identifying the most suitable jurisdiction or structure, the team is ready to provide guidance at every step of the virtual assets journey.

 

For more information on the topic mentioned above or to discuss our services, please contact Kyle Brits, Head of Fintech and Virtual Assets, Suntera Digital:

Kyle Brits _ Profile (April 2023)        Kyle Brits

        HEAD OF FINTECH AND VITUAL ASSETS, SUNTERA DIGITAL

        View Bio        |        Email Kyle        |        LinkedIn