What is the FATF Travel Rule? Who is affected? India 2024
A number of clients have started receiving an email from centralized exchanges like CoinDCX, WazirX, etc asking for Originator Info. It says something like the following:
Subject: Provide Originator Info for Recent Deposit - X,XXX.XX USDT
Body: Hi Customer, We noticed a crypto deposit in your account from a wallet that lacks the required originator travel rule information. As a regulated Virtual Digital Assets Service Provider, we must maintain originator information for all deposits. To comply with this, we kindly ask you to provide the necessary details for this deposit by clicking the form below. Deposit Amount: X,XXX.XX USDT / Deposit Reference ID: ABC123456
Topics Covered
Background
In order to understand the background behind this email, we have to travel back to 2019. In 2019, the Financial Action Task Force (FATF), a global authority on anti-money laundering efforts, updated its recommendations, including one known as Recommendation 16, commonly referred to as the "Travel Rule" in the context of virtual asset (VA) transfers. This rule mandates that Virtual Asset Service Providers (VASPs) and financial institutions involved in VA transfers collect and exchange personal data of both senders and recipients in transactions.
Originally applicable solely to traditional financial institutions, the FATF expanded its recommendation in 2019 to encompass VASPs. VASPs are defined as entities conducting various activities related to virtual assets on behalf of others, such as exchanging virtual assets for fiat currencies, transferring virtual assets, and providing related financial services.
While the term VASP is used by the FATF, different countries employ alternative terms to describe crypto service providers, including CASP (Crypto Asset Service Providers), MSB (Money Services Businesses), and DPT Service Providers. It includes any natural or legal person who as a business conducts one or more of the following activities for or on behalf of another natural or legal person:
- exchange between virtual assets and fiat currencies;
- exchange between one or more forms of virtual assets;
- transfer of virtual assets;
- safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; and
- participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.
Many jurisdictions including India are now integrating the Travel Rule into their anti-money laundering (AML) laws. As of April 2023, 35 out of 135 responding jurisdictions had passed Travel Rule legislation, with 27 implementing enforcement and supervisory measures. For instance, in the UK, Regulation 5 concerning cryptoasset transfers under the Money Laundering and Terrorist Financing Regulations took effect on September 1, 2023, with similar measures being implemented in India during Financial Year 2024-25.
This regulatory adjustment has stirred uncertainty within the crypto sector regarding how to adhere to the new FATF recommendation. In this article, we'll delve into the requirements of the crypto Travel Rule and offer guidance on ensuring effective compliance for crypto traders, investors, usdt arbitrage traders and businesses.
What is the FATF Travel Rule?
The FATF Travel Rule, formally known as Recommendation 16, is part of the FATF's efforts to combat money laundering and terrorism financing (ML/TF). It mandates that financial institutions engaged in virtual asset (VA) transfers and crypto companies, collectively known as Virtual Asset Service Providers (VASPs), gather and share "required and accurate originator information, and required beneficiary information" with counterpart VASPs or financial institutions during or prior to transactions.
Named for the way personal data of transacting parties "travels" with their transfers, the regulation necessitates the exchange of pertinent information.
The FATF suggests a de minimis threshold of 1,000 USD/EUR for VA transfers, with fewer requirements for transfers below this threshold compared to those exceeding it.
For transfers under the threshold, VASPs must collect:
- The names of the originator (sender) and beneficiary (recipient)
- The VA wallet address for each or a unique transaction reference number
- Verification is unnecessary unless ML/TF-related suspicions arise, in which case customer information should be verified.
For transfers exceeding the threshold, VASPs must collect:
- Originator’s name
- Originator’s account number for the account used in the transaction (e.g., wallet address)
- Originator’s physical address, national identity number, customer identification number, or date and place of birth
- Beneficiary’s name
- Beneficiary’s account number for the account used in the transaction (e.g., wallet address)
Recommendation 16 applies to VASPs in transactions involving traditional wire transfers, VA transfers between VASPs or other obliged entities, and VA transfers involving non-obliged entities (e.g., unhosted wallets). However, in the latter case, VASPs originating VA transfers are not expected to provide required information to non-obliged entities.
This requirement for personal data transfer is relatively new for the crypto industry, necessitating the establishment of communication networks between crypto platforms.
Who is affected?
The FATF mandates the imposition of the Travel Rule on two key entities:
- Financial institutions, including banks, involved in virtual asset (VA) transfers.
- Virtual Asset Service Providers (VASPs).
According to FATF guidelines, a company qualifies as a VASP if it offers the following services:
- Exchange between virtual assets and fiat currencies.
- Exchange between various virtual assets.
- Transfer of virtual assets.
- Safekeeping and/or management of virtual assets or related instruments facilitating control over them.
- Participation in and provision of financial services linked to the issuance, offer, or sale of a virtual asset.
Under specific circumstances, decentralized services (DeFi) and peer-to-peer (P2P) platforms may also fall under the VASP category, thereby obligated to adhere to the FATF Travel Rule.
The definition of a VASP may vary across jurisdictions, as FATF recommendations are not universally binding. However, numerous FATF member states, such as the US, South Korea, and Singapore, have integrated the crypto Travel Rule into their national legislation to varying extents.
Non-compliance with the Travel Rule can lead to local regulatory penalties for businesses operating in jurisdictions where it is enforced. For example, in Estonia, failure by an executive or employee of a virtual currency service provider to verify payer information or providing services outside of a business relationship may result in fines of up to 300 fine units for individuals and up to 400,000 euros for legal entities.
How to Comply?
For Companies
Ensuring compliance with the Travel Rule involves several key steps:
- Conducting due diligence on the counterparty before sharing data.
- For originating VASPs:
- Identifying the client (originator).
- Obtaining necessary information from the originator, retaining a record, and sharing it with the beneficiary VASP after all checks.
- Screening to confirm that the beneficiary is not a sanctioned entity.
- Monitoring transactions and reporting any suspicions.
- For beneficiary VASPs:
- Obtaining necessary information from the originator's VASP, verifying its accuracy and consistency, and retaining a record.
- Screening to confirm that the originator is not a sanctioned entity.
- Monitoring transactions and reporting any suspicions.
In summary, companies need to implement two solutions for compliance: one for collecting data and another for sharing it. Fortunately, the FATF does not prescribe specific methods or technologies for data sharing, allowing companies to choose based on their discretion.
An efficient approach to compliance involves:
Obtaining sender and recipient information:
- Utilizing existing client data obtained through previous KYC processes.
- Conducting regular KYC processes if necessary, collecting additional data about clients during transfers.
- Using a KYC and crypto transaction monitoring tool that ensures comprehensive AML compliance, conducts transaction checks, and complies with data protection laws.
Data sharing:
- Implementing encrypted data transfer networks such as OpenVASP, Shyft, or Trisa.
- Combining data gathering and data sharing solutions to address issues like protocol compatibility, ensuring compliance with the Travel Rule.
By following these steps and utilizing appropriate tools and technologies, companies can effectively comply with the Travel Rule in the crypto sector.
For Individuals
Individuals in India can ensure compliance with FATF Recommendation 16 by adhering to the regulations and guidelines set forth by relevant authorities. These regulations encompass a wide range of individuals involved in the cryptocurrency ecosystem, including crypto traders, investors, peer-to-peer (P2P) traders, USDT arbitrage investors, cryptocurrency software developers, and professionals working in the crypto industry. Here are some steps individuals can take to comply with FATF regulations in India:
Use Regulated Platforms: When engaging in virtual asset transactions, individuals should use platforms that are regulated by Indian authorities. These platforms are more likely to comply with AML/CFT regulations, including FATF Recommendation 16.
Complete KYC Procedures: Individuals should be prepared to undergo Know Your Customer (KYC) procedures when signing up for virtual asset services. This typically involves providing identification documents and verifying personal information.
Provide Accurate Information: When conducting transactions on virtual asset platforms, individuals should ensure that they provide accurate information about themselves and their counterparties, as required by the platform's compliance policies.
Be Mindful of Transaction Limits: Individuals should be aware of transaction limits imposed by virtual asset platforms and ensure that they do not exceed these limits without appropriate verification procedures.
Report Suspicious Activity: If individuals encounter any suspicious activity on virtual asset platforms or observe transactions that may be linked to money laundering or terrorism financing, they should report such activity to the relevant authorities or platform administrators.
Stay Informed: Individuals should stay updated on regulatory developments related to virtual assets and FATF recommendations. This can help them understand their obligations and ensure compliance with applicable regulations.
Seek Professional Advice: If individuals have any doubts or questions regarding their obligations under FATF Recommendation 16 or related regulations, they should seek advice from our team of legal or financial professionals. Our team is familiar with all virtual asset compliance requirements in India.
By following these steps and remaining vigilant, individuals in India can contribute to efforts to combat money laundering and terrorism financing while ensuring compliance with FATF Recommendation 16.
DISCLAIMER
CMS Meta:
Comments