With the rapid development of financial technologies and cryptocurrencies, it’s becoming increasingly difficult for governments to regulate digital assets. One of the most significant regulatory initiatives in recent years has been the FATF Travel Rule, aimed to combat money laundering and terrorist financing by introducing strict requirements for Virtual Asset Service Providers (VASPs).
What is the Financial Action Task Force (FATF)?
The Financial Action Task Force (FATF) is an intergovernmental organisation established in 1989 at the initiative of the G7 countries. Its purpose is to develop and promote strategies to combat money laundering and terrorist financing. The FATF plays a key role in setting global standards for financial security and ensures their implementation at national levels.
The FATF sets guidelines that serve as a benchmark for countries in creating effective systems to combat money laundering and terrorist financing (AML/CFT). The organisation conducts periodic reviews and assessments of member countries regarding their compliance with established standards, offering recommendations for improvement.
The FATF has developed 40 key recommendations that cover various aspects of financial activity: customer identification (KYC) and verification of their financial activities, monitoring of suspicious transactions, and the introduction of standards for virtual asset service providers (VASP) with the aim of preventing the use of cryptocurrencies for illegal purposes.
For international companies, adhering to FATF recommendations is critically important. Failing to meet these requirements can lead to serious legal consequences, including fines and operational restrictions.
What is the FATF Travel Rule?
The FATF Travel Rule is an international set of guidelines aimed at preventing money laundering and the financing of terrorism under Recommendation 16. This rule applies to financial institutions engaged in the transfer of virtual assets, as well as cryptocurrency companies known as VASPs (Virtual Asset Service Providers). The Travel Rule compliance requires financial institutions to obtain and pass on specific information about the originator’s account number and recipient during electronic transfers to ensure transparency in financial transactions.
Originally, the Travel Rule was developed for traditional financial institutions (banks and money transmitters). With the rise in popularity of virtual assets and cryptocurrencies, the FATF expanded the application of this rule to foreign money service businesses. This was done to prevent the use of cryptocurrencies for illicit purposes and to establish uniform standards on a global level.
According to FATF reports, as of the end of 2023, 35 out of 135 responding jurisdictions have adopted legislation on Travel Rules, and 27 jurisdictions have already started implementing these measures. Provisions on combating money laundering and terrorist financing are set to come into effect across the European Union from December 30, 2024.
What are the FATF Travel Rule Requirements?
Travel rule requires VASPs to provide information about the sender and beneficiary when transferring virtual assets. The information obtained help clients identify, prevent and report financialcrimeandmust be stored and passed on to the counterparty before the transfer of virtual assets is completed. This data must be available upon request by competent authorities and stored on servers for no less than 5 years. It’s important to note that the requirements of the FATF Travel Rules may vary depending on the jurisdiction.
So, before carrying out the operation, the sender’s VASP must verify the following information:
- Sender’s name;
- Account number;
- Date and place of birth;
- Sender’s physical address or national identification number;
- Customer identification number, which uniquely identifies the sender to the managing institution.
- Beneficiary’s name;
- The beneficiary’s account number used for processing the transaction (for example, the wallet address).
The Financial Action Task Force (FATF) recommends that countries adopt a minimum threshold of 1,000 US dollars/euros for VA (Virtual Asset) transfers. For transfers below this threshold, comparatively fewer requirements are imposed; it suffices to simply collect the name of the sender and recipient, each of their wallet addresses, or a unique transaction link. Such information does not require verification in the absence of suspicious circumstances.
As the use of cryptocurrencies has increased, the Financial Action Task Force (FATF) has expanded the application of the Travel Rule to include providers of virtual asset services (VASPs), also known as Crypto Asset Service Providers (CASPs) or Money Services Businesses (MSBs).
VASP (Virtual Asset Service Provider) refers to legal entities or individuals that carry out one or more of the following activities for or on behalf of another person: exchange between virtual assets and fiat currencies, transfer, custody, and administration of virtual assets. It’s a global term used worldwide.
CASP (Crypto Asset Service Provider) is a term used in EU legislation, similar to the concept of MSB (Money Services Business) utilised by the Financial Crimes Enforcement Network (FinCEN) in the USA. MSB encompasses a wide range of companies that provide financial services, including money transfers, currency exchange, issuing and redeeming payment instruments, traveller’s cheques, trading in precious metals, and more.
Who is Affected by the FATF Travel Rule?
In 2019, the FATF recommended extending the application of the Travel Rule to VASPs for both fiat and virtual asset transactions. It was determined that the Travel Rule should apply if transactions involve a traditional bank transfer, a transfer of virtual assets between VASPs and another obligated entity, or a transfer of virtual assets between a VASP and a hosted wallet.
First and foremost, the FATF Travel Rule affects traditional financial institutions. Banks and credit organisations are required to collect and transmit information about payers and recipients when conducting electronic transfers. Payment systems must ensure that the necessary data accompanies transactions at every stage.
These recommendations also apply to Virtual Asset Service Providers (VASPs). Cryptocurrency exchanges are required to collect and share information about their clients when conducting transactions. ICO and STO providers, conducting initial token offerings, must comply with participant identification requirements.
Individual users of financial services may be affected by requirements to provide additional information. Corporate clients should be prepared for more thorough compliance.
How is the FATF Travel Rule Implemented?
The implementation of the FATF Travel Rule requires financial institutions and VASPs to introduce comprehensive processes and technologies. Companies need to update their compliance programs, incorporate the Travel Rule requirements into their anti-money laundering (AML) and counter-terrorism financing (CFT) policies. It’s also essential to strengthen “Know Your Customer” (KYC) procedures and customer due diligence (CDD).
Following this, it is necessary to select a specialised technological platform for the secure transmission of information between transaction participants, and to implement encryption protocols to protect the information being transferred.
It’s crucial to carry out pilot projects and initiate test transactions to verify the functionality of new systems. It’s also essential to continuously monitor the system’s efficiency and provide reports to regulators on the progress of implementation.
To standardise the data being transmitted, uniform protocols are used, such as IVMS101. The use of decentralised identifiers (DID) and blockchain technologies enables the secure storage and transfer of identification data.
What Is the Travel Rule’s Threshold?
The FATF recommends setting a threshold amount for the application of the Travel Rule at 1000 US dollars/euros or the equivalent in another currency. Upon reaching this threshold, financial institutions and VASPs must collect virtual asset wallet addresses or transaction link numbers, as well as sender and recipient identity information.
It’s also worth considering that this amount can vary depending on the jurisdiction. For example, in Switzerland, the threshold is zero. That is, information exchange occurs with any transactions.
Does the Travel Rule Apply to Every Crypto Transfer?
The short answer is no, the FATF Travel Rule does not apply to every cryptocurrency payment. This is possible if the Travel Rule is in effect in at least one of the jurisdictions of the VASPs conducting the transaction.
The travel rule applies when a transaction involves two regulated entities, for example, between two VASPs or between a VASP and a traditional financial institution. In such cases, both parties are required to collect and transmit the necessary information about the payer and the recipient.
The FATF recommends applying the Travel Rule to transactions that exceed a certain monetary threshold. In most jurisdictions, this threshold is set at the equivalent of 1000 US dollars or euros. Transactions below this threshold may be exempt from the requirement to transmit full information, although they are still subject to appropriate customer due diligence (KYC).
Peer-to-peer transactions between private wallets not associated with VASPs are not subject to the Travel Rule. That is, if two users exchange cryptocurrency without the intermediation of a regulated VASP, then the requirement does not apply.
What is the Bank Secrecy Act Travel Rule (BSA)?
The Bank Secrecy Act (BSA) travel rule was enacted in 1970 and represents the first major piece of legislation in the USA aimed at preventing money laundering. The BSA sets out reporting and record-keeping requirements for financial institutions to assist the government in identifying and preventing financial crimes.
The travel rule, introduced in 1996, is an amendment to the BSA and was developed by the Financial Crimes Enforcement Network (FinCEN). It earned its name from the requirement for certain information to “travel” along with a money transfer from one financial institution to another.
The rule applies to any domestic or international money transfers of 3000 US dollars or more. Financial institutions initiating or receiving such transfers must collect and transmit all necessary information about the payer and recipient.
It is mandatory to transfer all collected information to the next financial institution in the payment chain. Copies of the information and transaction records must be kept for 5 years. Banks and financial institutions may be exempt from some requirements under certain circumstances, for example, for internal transfers within the same institution or group.
FinCEN has extended the travel rule requirements to Virtual Asset Service Providers (VASPs), including cryptocurrency exchanges, classifying them as Money Services Businesses (MSBs).
FATF vs BSA Travel Rule
The FinCEN BSA rule served as the basis for the FATF Travel Rule. The FATF recommendations can be applied by any country in the world, whereas the BSA is a sort of national interpretation specific to the USA and has its own unique features.
Similar to the FATF Travel Rule, FinCEN requires financial institutions and VASPs to collect and share information about the sender and recipient of transactions. The US also demands that VASPs verify that cryptocurrency transactions are not originating from or directed towards countries or companies under sanctions.
However, the FinCEN Travel Rule sets a different threshold. Only transfers amounting to or exceeding 3,000 US dollars – including any foreign equivalent – fall under this rule. In 2020, the Federal Reserve Board of Governors, FinCEN, and the US Treasury proposed amendments to the BSA to lower the overall Travel Rule threshold from 3,000 dollars to 250 dollars for international transfers. However, these amendments have not yet been adopted. The FATF Travel Rule is set at 1,000 US dollars/euros.
Both rules require the collection and transfer of information about the payer and recipient, including: full name, account number or unique transaction identifier, address or other identifying details. The FATF recommends including the date and place of birth, national identification number. The BSA requires an identification number (such as a social security number), with the date and place of birth potentially being requested if necessary.
The FATF Travel Rule is a recommendation that countries implement into their national legislation at their discretion. The BSA Travel Rule is mandatory for all financial institutions and MSBs in the USA, with non-compliance resulting in legal liability.
To enhance understanding, we have systematically organised all the key differences between BSA and FATF Travel Rule into a clear table:
| Requirement | BSA | FATF | |
Originator information | Threshold | $3,000 | $1,000 |
| Name | Required | Required | |
| Account number | When available | Required | |
| Address | Required | Required | |
| Identity of financial institution | Required | Not required | |
| Transmittal amount | Required | Not required | |
| Execution date | Required | Not required | |
Recipient information | Name | Required | Required |
| Account number | When available | Required | |
| Address | When available | Not required | |
| Identity of financial institution | Required | Not required | |
| Any other specific identifier of the recipient | When available | Not required |
If your organisation requires professional support to ensure compliance with BSA or FATF Travel Rule requirements, our law firm is ready to provide expert advice and solutions tailored to your individual needs. Contact us right now for an initial consultation and professional analysis of your case.
