In late June, the European Union came to a provisional agreement on the Transfer of Funds Regulation (TFR), which means that all crypto transactions in the bloc will need to carry identifying data and with no minimum transaction threshold. Exemptions will be carved out for transfers between unhosted wallets – that is, wallets kept outside of an exchange.
The new regulations are aimed at aligning Europe with the recommendations of the Financial Action Task Force (FATF), an intergovernmental body that sets many standards in the global financial system. While FATF’s recommendations do not have the weight of law, they are abided by countries that seek to remain whitelisted by the organization.
FATF’s 2019 update to its Recommendation 16, known as the FATF Travel Rule, requires that originator and beneficiary data be shared between virtual asset service providers (VASPs) on transactions that exceed $1,000. In the EU, VASPs are referred to as crypto asset service providers (CASPs). However, with the TFR, the European Union is declining to have any threshold, an aggressive stance that will likely have a major impact on the digital assets industries. Here’s what’s happening.
What Is the TFR?
The Transfer of Funds Regulation is a piece of the legislative package the EU is pushing to improve its anti-money laundering (AML) and counter-terrorism financing (CTF) posture. It was first offered up to the EU Commission in July of 2021.
The TFR still must be confirmed by the EU Council and the EU Parliament. Lawmakers have said that it will become law at the same time as the Markets in Crypto Assets (MiCA) framework, the centerpiece of the bloc’s crypto agenda. The TFR will come into force 18 months after that date.
According to the provisional agreement, there will be no amount of cryptocurrency that can move between accounts on CASPs without personally identifiable information (PII). This stands in contrast to the traditional financial sector, where Europe sets the Travel Rule threshold at 1,000 euros. Legislators maintain that the unique nature of crypto and the ability to do many small transactions with negligible fees necessitates such an approach.
CASP-to-Unhosted Wallet Transfers
When a customer on an exchange sends money to an unhosted crypto wallet, CASPs will only be collecting data when the wallet is also that of the customer, with so-called risk-based AML approaches mandated. Through as yet still undisclosed methods, the CASPs will be required to verify that the wallet belongs to the same person. Additionally, such verifications will only be required in the case of transactions greater than 1,000 euros.
Unhosted Wallet-to-Unhosted Wallet Transfers
Although legislators in the European Parliament had previously signaled this was on the table, an outcry from the crypto industry as well as from outside observers led them to loosen up. At least for the time being, transfers between two unhosted wallets will fall outside the scope of the TFR, though the EU Commission will reassess whether to ramp up (or scale down) measures 18 months following the TFR’s entry into application.
Sanctions Compliance and AML Blacklisting
The onus will fall on CASPs to ensure that they remain compliant with regard to sanctions and other restrictions. For those that violate these rules, there will be a blacklist, but that will arrive as part of the MiCA package and is not directly addressed in the TFR.
One of the main critiques of the Crypto Travel Rule has centered around data protection and the fear that by collecting troves of information on crypto users, governments and other entities will be creating data honeypots for hackers to exploit. The TFR’s approach to data protection will follow the EU’s General Data Protection Regulation (GDPR), which is considered to be among the most robust worldwide. Travel Rule data stored under the TFR is supposed to be shared with authorities upon request but is not turned over to them automatically.
Late June 2022 delivered several major updates for crypto regulation, with the TFR and MiCA being finalized within 24 hours of each other. The two developments signal that the EU is ramping up efforts at regulating crypto, and it’s expected that other countries will follow suit, especially after FATF’s latest report on virtual assets and VASPs.
Recently, FATF issued its updated assessment on how its recommendations are being implemented around the world, and the results were less than stellar. According to the organization, out of the 98 jurisdictions that had initially responded to the Travel Rule guidance, only 28 have gotten around to implementing laws, and very few of those have reached the stage of enforcement yet.
It’s understandable that countries have been slow to implement these guidelines. Many fear that poorly made regulations, designed without adequate care for the technological complications involved in tracking and storing sensitive financial data, could disrupt the progress of nascent crypto companies. And yet at the same, it’s regulatory clarity that will onboard the next wave of institutional investors – a group that prefers not to operate in legal gray areas.
For those looking to stay on the right side of the regulators, CoolBitX’s Sygna Bridge, our first-to-market Travel Rule API and VASP network, serves as a simple solution to help your VASP share the required data with counterparties. Bridge also forms part of our modular AML platforms, Sygna Hub, our full-service product with integrated services from Elliptic, Chainalysis, ComplyAdvantage, and others, as well as Sygna Gate, our browser-based and automated scaled-down version of Hub.
Click here to request a demo and speak to an expert who can guide your company to compliance and security.