.svg)
In line with international guidance on crypto-asset transfers, the UK is soon to become the latest jurisdiction to implement a crypto "travel rule".
As of September 1, 2023, in-scope UK crypto-asset firms must comply with new anti-money laundering and counter-terrorist financing (AML/CTF) legislation that was introduced in July 2022.
Under the new rules, crypto exchanges and custodians will be required to collect, verify and share information about crypto-asset transfers sent and received by their customers.
The travel rule requires that transfers of crypto-assets be accompanied by certain personally identifying information regarding the “originator” and the “beneficiary”.
The originator is the person or organisation that owns the crypto-asset and initiates the transfer, and the beneficiary is the person or organisation that receives it.
For transfers where more than two parties are involved — for example, when a transfer must pass through a separate sub-custodian — the originator must collect and supply the identifying information to the intermediary.
The travel rule requirements apply to all crypto-asset transfers between in-scope firms regardless of the purpose or value of the transaction.
This includes when a transfer is made by the same person to their own account on a separate platform, or when transfers are made between groups of firms with a shared ownership structure.
What to include?
Firms must ensure that the names and account numbers of both the originator and beneficiary accompany all transfers.
In cases where both firms are carrying on business within the UK, the beneficiary may request additional information that must be supplied within three working days.
If the originator is an individual, this could include an address, passport number, birth certificate number, date of birth or place of birth.
If the originator is an organisation, a customer identification number or registered office address may be requested.
Where the value of the transfer is €1,000 or more and at least one of the firms is carrying on business outside the UK, additional information is required by default.
Guidance from the Joint Money Laundering Steering Group (JMLSG) notes that the provision of this information must occur before or at the moment of the completed transaction.
It also notes that if a firm originates a transfer to a jurisdiction outside the UK with higher travel rule requirements, the firm complies with its UK obligations by providing the same information mentioned above.
Risk management
When deciding whether to execute, withhold or cancel a transfer, firms are advised to consider the purpose and nature of the originator’s relationship with the beneficiary.
They should also consider the value and frequency of the transfer(s), and the duration of the originator’s relationship with the beneficiary.
Firms must keep detailed records of counterparts that fail to provide the information required, and these must be passed on to the Financial Conduct Authority (FCA).
A policy of “escalation” should also be in place, so that firms can issue warnings to others for repeated non-compliance, following a “risk-based approach” based on the criteria above.
FATF guidance gains traction
By implementing the travel rule, the UK will bring itself into alignment with the latest interpretation of Recommendation 15 of the Financial Action Task Force (FATF).
First applied to virtual assets in 2018, Recommendation 15 requires countries and financial institutions to identify and assess AML/CTF risks associated with new technologies.
Subsequent interpretations followed, leading to the adoption of crypto travel rule requirements that would mirror the same requirements that are applied to wire transfers in Recommendation 16.
In June 2022, a targeted update from FATF focused specifically on the travel rule and countries’ lack of progress in implementing it.
At the time, only 29 jurisdictions out of 98 that answered a FATF survey on virtual assets the previous year had passed a travel rule in legislation, and “only a small subset” of these had begun enforcement.
One of the earliest jurisdictions to implement a travel rule was Singapore, which passed such a law in December 2019 and began enforcing it in January 2020.
In Singapore, similar to the UK, originators and beneficiaries must exchange personally identifiable information for all transaction sizes, although additional information must be shared for transfers of more than S$1,500 ($1,100).
In South Korea, a travel rule came into effect in March 2022, and in Hong Kong a travel rule came into effect in June this year.
In the EU, a travel rule was passed in April this year, at the same time as the separate Markets in Crypto-Assets (MiCA) Regulation. However, the travel rule will not come into effect until December 2024.
The US has yet to pass a travel rule in legislation, but a bipartisan bill to do so was reintroduced last month, as covered by VIXIO.
