The Transfer of Funds Regulation as applicable to transfers of crypto assets

In June 2019, the Financial Action Task Force (“FATF”) issued a public statement in relation to virtual asset service providers. In the aforementioned public statement, the FATF stated that it would be subjecting virtual asset service providers to Recommendation 16, ergo the so-called ‘Travel Rule’. Following a supplementing amendment to the FATF’s Recommendation 16, the Travel Rule was rendered applicable on the 21st of June 2019. This new requirement, once implemented by FATF member states through their respective legislative frameworks, would oblige virtual asset service providers to obtain and hold the required and accurate originator information and the required beneficiary information of the parties carrying out a virtual asset transfer¹.

Regulation (EU) 2023/1113 ergo the Transfer of Funds Regulation (“TFR”), plans to embody the Travel Rule and render it applicable to crypto asset service providers licensed and operating within the European Union. European Union Regulations are directly applicable throughout the entire Union without the need for Member States to transpose them. Thus, the embodiment of the Travel Rule within the TFR means that the Travel Rule will become directly applicable across all Member States and to all crypto asset service providers operating from such Member States. The proposal to integrate the Travel Rule in the TFR is part of a package of legislative proposals to strengthen the EU's anti-money laundering and countering terrorism financing (AML/CFT) rules, presented by the Commission on the 20th of July 2021².

The Travel Rule for crypto asset service providers

1. a crypto-asset service provider;
2. an entity not established in the Union and providing services similar to those of a crypto-asset service provider⁴;

Information to be collected by crypto asset service providers on the Originator and the Beneficiary in relation to a transfer of crypto assets

Crypto asset service providers of the Originator shall ensure that the transfer of crypto assets is accompanied by the following Originator and Beneficiary information:

• Name of Originator and Beneficiary;
• The Originator’s and Beneficiary’s Distributed Ledger Address, in cases where a transfer of crypto-assets is registered on a network using DLT or similar technology, and the Crypto Asset Account number of the Originator, where such an account exists and is used to process the transaction; 
• The Originator’s and Beneficiary’s Crypto Asset Account number, in cases where a transfer of crypto assets is not registered on a network using DLT or similar technology;
• The Originator’s (but not the Beneficiary’s) address, including the name of the country, official personal document number and customer identification number, or, alternatively, the Originator’s date and place of birth; and 
• Subject to the existence of the necessary field in the relevant message format, and where provided by the Originator to its crypto asset service provider, the current LEI or, in its absence, any other available equivalent official identifier of the Originator & Beneficiary⁹.

Verification processes to be carried out by crypto asset service providers 

The TFR envisages two verification processes that can be carried out by the crypto asset service provider. The first verification process relates to the crypto asset service provider carrying out customer due diligence measures as per Directive (EU) 2015/849 (4AMLD)¹².  The second verification process relates to the crypto asset service provider applying the aforementioned customer due diligence measures at appropriate times to existing customers on a risk-sensitive basis^{13, 14}.

Storage of information collected by crypto asset service provider by virtue of the verification processes

A copy of the documents and information necessary to comply with the customer due diligence requirements shall be kept for a period of five years after the end of the business relationship with the customer or after the date of an occasional transaction.

The supporting evidence and records of transactions, consisting of the original documents or copies admissible in judicial proceedings under the applicable national law which are necessary to identify transactions, shall be kept for a period of five years after the end of a business relationship with their customer or after the date of an occasional transaction.

Upon expiry of the retention periods referred to above, Member States shall ensure that obliged entities delete personal data, unless otherwise provided for by national law, which shall determine under which circumstances obliged entities may or shall further retain data¹⁵. 

Naturally, the processing of personal data is subject to the General Data Protection Regulation (Regulation (EU) 2018/1725)¹⁶.

¹https://blog.bcas.io/everything-you-need-to-know-about-the-travel-rule-in-the-crypto-industry, accessed 8th June 2023
²https://www.consilium.europa.eu/en/press/press-releases/2021/12/01/anti-money-laundering-council-agrees-its-negotiating-mandate-on-transparency-of-crypto-asset-transfers/, accessed 8th June 2023
³Regulation (EU) 2023/1113, Article 3(19)
⁴Regulation (EU) 2023/1113, Article 3(20)
⁵Regulation (EU) 2023/1113, Article 3(18)
⁶Regulation (EU) 2023/1113, Article 3(21)
⁷Regulation (EU) 2023/1113, Article 3(22) 
⁸Regulation (EU) 2023/1113, Article 3 (10)
⁹Regulation (EU) 2023/1113, Article 14
¹⁰Regulation (EU) 2023/1113, Article 14(5)
¹¹Regulation (EU) 2023/1113, Article 15(2)
¹²Directive (EU) 2015/849, Article 16(4)(a)
¹³https://www.eba.europa.eu/sites/default/documents/files/document_library/Publications/Guidelines/2021/EBA-GL-2021-16%20GL%20on%20RBA%20to%20AML%20CFT/1025507/EBA%20Final%20Report%20on%20GL%20on%20RBA%20AML%20CFT.pdf, accessed 8th June 2023
¹⁴Directive (EU) 2015/849, Article 16(4)(b)
¹⁵Directive (EU) 2015/ 849, Article 40
¹⁶Regulation (EU) 2023/1113, Recital 19