All Crypto Transfers Require Disclosing Relevant Originator and Beneficiary Data.
On Wednesday, June 29, European policymakers agreed on a deal to apply the Transfer of Funds Regulation to crypto-assets. This deal will have significant impacts on crypto businesses working in the EU. While the technical aspect of the regulation is yet to be finalized and approved before finally enforced, the critical provisions agreed upon last will most likely stay. So, what’s covered, and what does this mean for crypto businesses in the EU?
Travel Rule: All Cryptoasset Service Providers (CASPs) must comply with the Travel Rule and disclose relevant originator and beneficiary data for ALL crypto transfers without a minimum threshold. This regulation reaches above the Financial Action Task Force (FATF) ‘s Criteria, which only requires Travel Rule on transfers over EUR 1,000. CASPs in the EU must comply with the Travel Rule for any transaction where the direct transfer is made to another CASP and, therefore, must adhere to GDPR law.
Unhosted Wallets: The measures agreed upon will require that for any transaction with an unhosted wallet over EUR 1,000, a CASP must verify that the wallet is owned and controlled by its customer. This is aligned with the approach to unhosted wallets taken in some jurisdictions such as Switzerland, where regulated entities must verify whether transfers to third-party unhosted wallets are controlled by their customers. CASPs will also need to assess the illicit finance risks for all transactions with unhosted wallets and apply appropriate risk-based due diligence measures. Again, blockchain analytics can help CASPs identify and manage these risks to meet their regulatory requirements.
Source of Fund/Wealth Verification: Before making deposited funds available to their customers, CASPs must assess the source of funds, determine that they do not involve exposure to sanctioned actors, and check for indicators of money laundering and other financial crime risk indicators. CASPs should have a blockchain analytics capability to evaluate these risks.
Counterparty CASP Due Diligence: CASPs will need to conduct due diligence on counterparty CASPs outside the EU. The EU will publish a list of non-compliant and non-supervised CASPs that EU-based CASPs must not trade with. This is where solutions like Crystal Blockchain Directory (our database of information on CASPs) come in, enabling CASPs to identify potential risk factors among counterparties.
What is next? The Parliament, Council, and Commission will work on the technical aspects of the text. After that, the agreement must be approved by the Economic and Monetary Affairs, Civil Liberties and Justice Committees, and Parliament before being enforced.