How the FATF Travel Rule Changed Crypto AML Compliance
After nearly a decade of murky regulation on cryptocurrencies, the virtual penny finally dropped for crypto-asset exchanges last year. During its June 2019 plenary, the Financial Action Task Force (FATF), the G20’s financial crimes watchdog, officially adopted a small but potent amendment to one of its 40 Recommendations, non-binding guidances that its member jurisdictions must follow or risk international ostracization.
The FATF’s Interpretive Note to Recommendation 15 paragraph 7(b) R-16 finally introduced a key component of anti-money laundering and counter-terrorism funding (AML/CFT) regulation that had its roots in American traditional finance regulation- the Bank Secrecy Act’s “travel rule’.
What is the FATF travel rule, how did it come into existence, and what expected impact will it have on both governments and their domestic crypto asset service providers?
Why did the FATF introduce their R.16 “Travel Rule”?
In February 2018, Mr. Marshall Billingslea, at the time the Assistant Secretary for Terrorist Financing for the U.S. Treasury, was unanimously elected by the FATF as their next president. The FATF presidency rotates between the FATF’s 39 official members every one to two years.
Mr. Billingslea took office on 1 July 2018 for a one-year tenure that would conclude by the end of June 2019. On his agenda? Aligning global virtual asset regulations in accordance with the States’ legislation.
The United States would make it the focal point of their FATF presidency to ensure that not only U.S. crypto exchanges, but exchanges globally, would be required to register with their local financial intelligence units (FIU) and create and implement the technology needed to share real-name user information during the transmittal process.
In October 2018, Mr. Billingslea set the stage for what’s to come with a FATF guidance that clearly defined virtual assets and virtual asset service providers (VASPs), companies who perform crypto-related services, and the relationship between these new concepts.
The FATF followed this up in February 2019 with a far-reaching Interpretive Note to Recommendation 15 (New Technologies) in their Public Statement – Mitigating Risks from Virtual Assets.
Two main proposals shocked and immediately drew the ire of the hitherto freewheeling cryptocurrency sector:
- Paragraph 3 proposed that VASPs should be required to be licensed or registered in accordance with local financial laws.
- Paragraph 7(b)-R.16 went even further, and introduced the FATF travel rule for transactions exceeding $1,000:
The FATF “Travel Rule”
Countries should ensure that originating VASPs obtain and hold required and accurate originator information and required beneficiary information on virtual asset transfers, submit the above information to beneficiary VASPs and counterparts (if any), and make it available on request to appropriate authorities.
Countries should ensure that beneficiary VASPs obtain and hold required originator information and required and accurate beneficiary information on virtual asset transfers, and make it available on request to appropriate authorities.
Those familiar with U.S financial regulations immediately recognized the origins of this new requirement.
After a fiery Private Sector Consultative Forum (PSCF) in Vienna 2019, it was clear that regulators would not be swayed, despite the vehement objections of the crypto industry. The amended FATF Recommendation 16, casually referred to as the FATF travel rule or crypto travel rule, was officially added to the FATF Standards on 21 June 2019 in their Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers.
VASPs had a reason to be upset. From a technical and financial standpoint, a regulatory requirement like the R.16 travel rule would require designing a technical solution that didn’t exist as of yet, and it would also bring “onerous” burdens of additional costs and manpower. It was clear that the halcyon days of non-regulated exchanges were numbered.
What was the purpose of this dramatic pivot on virtual asset regulation though?
Why was the FATF travel rule introduced?
The historic bull run of Bitcoin in late 2017 brought cryptocurrencies into the mainstream. It was branded a speculative new zeitgeist technology that could potentially wean the world off centralized finance. The price of Bitcoin went hyperbolic from $1,000 in January 2017 to an incredible $19,000 by December as interest pea.
Where the crypto industry previously resembled a lawless outpost, it suddenly morphed into something much more dangerous, as money launderers, financial criminals and terrorist financiers flocked to this borderless new unregulated frontier.
These bad actors could now convert fiat into digital assets and transmit them to any destination anonymously within seconds, where they could be redeemed for fiat currency again. The explosion in unregulated crowdsourced funding projects like initial coin offerings (ICOs) drew further concern,as the vast majority of them were clearly scams and many acted as fronts for ML/TF operations.
To exacerbate things, rumors started circulating around that Facebook, already on the bad side of the United States after the Cambridge Analytica scandal broke in March 2018, had hired over 50 engineers in early 2019 to start work on their own “stablecoin” cryptocurrency.
Both U.S. and global regulators were caught off-guard by the rapid proliferation of this new digital asset class that they did not understand and for which they had no cohesive protocols in place to govern.
On 9 May 2019, the U.S.’ Financial Crimes Enforcement Network (FinCEN), the States’ primary AML/CFT regulator, official FIU and member of the Egmont Group, issued its “CVC Guidance” on convertible virtual currencies.
In this, they reminded U.S. money service businesses (MSBs), an umbrella term that covered “money transmitters” such as crypto exchanges, that they were subject to the Bank Secrecy Act (BSA) and would need to comply with this seminal U.S. legislation.
This came only weeks after FinCEN issued the first penalty to an individual peer-to-peer crypto exchanger, Mr. Eric Powers, for acting as a money transmitter but failing to register as an MSB.
The timing of the FATF’s Interpretive Note in February 2019, the punishment of Mr. Powers, the April 2019 CVC guidance and Mr. Billingslea’s ascent in June 2019 was no coincidence.
By 21 June 2019, only 10 days before the end of Mr. Billingslea’s term as president, the FATF travel rule was in the books. The FATF’s extended network of member countries and FATF-style regional bodies (FSRBs) would have to ensure that their local VASPs would be compliant with this new requirement by June 2020.
What does the FATF Travel Rule require from financial institutions?
According to paragraph 114 of the FATF’s June 2019 Risk-based Approach to Virtual Assets and VASPs: beneficiary institutions should collect and hold the following information:
(i) originator’s name (i.e., the sending customer);
(ii) originator’s account number where such an account is used to process the transaction
(iii) originator’s physical (geographical) address, or national identity number, or customer identification number (i.e., not a transaction number) that uniquely identifies the originator to the ordering institution, or date and place of birth;
(iv) beneficiary’s name; and
(v) beneficiary account number where such an account is used to process the transaction
What is the Bank Secrecy Act’s Travel Rule?
The Bank Secrecy Act of 1970 is the cornerstone of American financial regulation and provides FinCEN and U.S. Treasury head, Mr. Steven Mnuchin, with the mandate to bring AML/CFT violators to justice.
The BSA “Travel Rule” came into effect in 1996 as the Bank Secrecy Act (BSA) rule [31 CFR 103.33(g)]. It originally only targeted money launderers, but assumed a more prominent role after the 911 terrorist attacks sparked the updated Patriot Act’s strong terrorism-combatting measures.
Now firmly entrenched in the United States’ regulation of its traditional financial sector, the BSA Travel Rule [31 CFR 103.33(g)] obligates all financial institutions to pass on specific information to their counterparties during certain funds transmittals that exceed $3,000 in value.
For transactions ( or a series thereof) exceeding $10,000, financial institutions need to file a currency transaction report.
What does the BSA Travel Rule require from financial institutions?
Below is the transmittal information required by the BSA to be shared from the originator (“transmittor”) to the beneficiary (“recipient”). Sound familiar?
All transmittors’ financial institutions must include and send the following in the transmittal order:
- The name of the transmittor,
- The account number of the transmittor, if used,
- The address of the transmittor,
- The identity of the transmittor’s financial institution,
- The amount of the transmittal order,
- The execution date of the transmittal order, and
- The identity of the recipient’s financial institution;
and, if received:
- The name of the recipient
- The address of the recipient,
- The account number of the recipient, and
- Any other specific identifier of the recipient.
How are the BSA and FATF Travel Rules linked?
Comparing these with the BSA’s Travel Rule requirements, we can see this clear overlapping of required information:
|Requirement||FATF Travel Rule||BSA Travel Rule|
|Originator Account Number||✔️||✔️|
|Originator Physical Address/ ID number/ Date of Birth/ Customer number||✔️||✔️|
|Beneficiary Account Number||✔️||✔️|
The FATF Travel Rule in 2020
With the June 2020 deadline quickly approaching, FATF members and VASPs alike are scrambling respectively to implement compliant regulatory frameworks and technical solutions.
In recent months, countries and jurisdictions have introduced comprehensive crypto-asset reforms to align themselves with the FATF’s virtual asset reforms. Examples range from Japan’s Payment Services Act, Abu Dhabi (FSRA amendments), South Africa’s Position Paper on Crypto-Assets to the EU 5th Anti-Money Laundering Directive.
Elsewhere, regulators are working with self-regulatory organizations (SROs) to put the finishing touches on their own travel rule versions.
The FATF is also connecting with private enterprises that offer customized R.16 solutions despite the cancellation of its 2020 PSCF, such as CipherTrace’s TRISA, Netki’s TransactID, Sygna’s Bridge and OpenVASP.
The global application of the travel rule for crypto businesses is an imminent reality that will soon constitute the new norm.
Crypto-dealing MSBs or VASPs that continue to fail to take adequate measures not only risk penalizations, but also the closing of their businesses by authorities and possible prosecution for AML/CFT violations. It is therefore advisable for exchanges to consult with their local authorities and stay abreast of their country or FSRB’s R.16 compliant measures.