.svg)
Crypto industry representatives have cautioned that guidelines for compliance with the EU’s Transfer of Funds Regulation need further clarification, in their response to the European Banking Authority’s consultation.
Between November 2023 and February 2024, the European Banking Authority (EBA) undertook a public consultation on new guidelines on preventing the abuse of funds and certain crypto-assets transfers for money laundering and terrorist financing purposes.
These are otherwise known as the "travel rule" guidelines, and come from the Financial Action Task Force (FATF) guidance.
In its guidelines, the regulator specified the steps that payment service providers (PSPs), intermediary PSPs (IPSPs), crypto-asset service providers (CASPs) and intermediary CASPs (ICASPs) need to take to detect missing or incomplete information that accompanies a transfer of funds or crypto-assets.
The guidelines also detail the procedures that all of these providers should put in place to manage a transfer of funds or a transfer of crypto-assets that lacks the required information, and aim at forging a common understanding to ensure the consistent application of EU law, as well as a stronger anti-money laundering and counter-terrorism financing of terrorism (AML/CTF) regime.
While the opportunity to feedback has been welcomed, there are some issues that the crypto industry wishes the EBA to address.
"The EBA Guidelines are draft for now and are expected to change before a final version is released, likely by June,” explained Hannah Zacharias, regulatory engagement lead at 21 Analytics, which provides travel rule compliance software.
Switzerland-based Zacharias told Vixio that the guidelines are helpful for crypto firms as they clarify important issues for compliance, especially when dealing with self-hosted wallets.
“However, there is a lack of clarity in some concepts,” she said. “We hope the provisions that don't make sense are improved, like requirements to rely on blockchain analytics for identity verification, for example."
Zacharias and crypto stakeholders have however queried how burdensome the guidelines could be for self-hosted wallets, even if compliance clarity has been offered.
In a joint response compiled by 21 Analytics, the European Crypto Initiative, Crystal Blockchain, EU Blockchain and Observatory Forum, Rotational Labs, VASP Holdings and Zornitsa Daskalova, global head of financial crime at Optima Partners, the respondents have said that the use of self-hosted addresses does not inherently result in more risk and have challenged the need for more than one technical proof of ownership over a self-hosted wallet address in transfers over €1000.
According to the respondents, no evidence has been presented, suggesting that self-hosted wallets are inherently riskier.
“The industry consensus is that self-hosted wallet in itself is not enough of a risk factor strong enough to warrant enhanced due diligence on the customer,” Daskalova told Vixio.
In the crypto world, self-hosted wallets are wallets where the owner has complete control over their private key. They can also be referred to as non-custodial wallets, and brands include AirGap and Ledger.
Vyara Savova, senior policy lead at the European Crypto Initiative, told Vixio that this is “a general sentiment we are already quite used to encountering whenever there’s a discussion around compliance and crypto assets, but in the case of EBA’s consultation, it was going beyond and even contradicting both the FATF and the TFR”.
Savova explained that respondents have stressed to the EBA that self-hosted addresses are far less risky from an AML perspective.
“We presented and then pointed at the specific text of the TFR, where a list of risky circumstances of their use is provided, meaning that the regulator’s intention was not to qualify self-hosted addresses as high risk per se and that EBA was going beyond its mandate in doing so,” she said.
Self-hosted wallets are also being handled differently in other similar jurisdictions.
For example, the UK government said in a 2022 consultation that “the government does not agree that unhosted wallet transactions should automatically be viewed as higher risk; many persons who hold crypto assets for legitimate purposes use unhosted wallets due to their customisability and potential security advantages and there is no good evidence that unhosted wallets present a disproportionate risk of being used in illicit finance”.
Bulgaria-based Savova pointed out that it is “important to note that EBA is limited by FATF travel rule guidelines, on the one hand, and the already adopted text of the TFR, on the other, with the latter at a time going even beyond what is recommended by FATF.”
“Therefore, [the] EBA is far from being left at its own devices when interpreting the travel rule for crypto transactions.”
Now that the consultation is closed, the EBA will work towards releasing its final guidelines, which will then need to be endorsed by the European Commission before they are implementable.
