Catarina, Regulatory & Compliance Senior Associate at Notabene, specializes in global crypto regulations. With roles including co-chair of the CryptoUK Travel Rule group and part of the EBA Expert Group, she shapes Travel Rule compliance. Holds Masters in Energy Law and BA in Law.
It has now been three years since the Financial Action Task Force (FATF) extended its anti-money laundering and counter-terrorist financing (AML/CTF) Standards to financial activities involving Virtual Assets (VAs) and Virtual Asset Service Providers (VASPs) to respond to the threat of criminal and terrorist misuse.
FATF's recently released ‘Targeted Update on Implementation of FATF’s Standards on VAs and VASPs, provides an overview of areas of progress that countries and the industry have made and continued implementation gaps and concerns.
Travel Rule Highlights:
The FATF reflects on the progression of the private sector in a positive light. The document highlights the progress on developing and implementing Travel Rule solutions, and the final conclusion is that both countries and the industry need to move faster to ensure global application of the Travel Rule.
The FATF reports that only 29 countries have implemented the Travel Rule requirement, and even fewer are actively enforcing it.
The FATF urges countries to implement and enforce the Travel Rule to resolve the sunrise issue that slows the industry adoption rate of solutions.
The report also calls on the private sector to accelerate the interoperability of Travel Rule solutions.
Below, we share our 4 key takeaways.
1. The FATF acknowledges the progress of VASPs in implementing the Travel Rule, sometimes ahead of legislators
The FATF notes that since June 2021, jurisdictions have made limited progress in implementing and enforcing the Travel Rule.
Conversely, especially in the second quarter of 2022, Notabene has seen a peak increase in Travel Rule adoption by VASPs. This willingness to comply is also explicitly acknowledged by the FATF. In many cases, this increase was directly attributable to regulatory urgency, with Travel Rule requirements coming into force in different jurisdictions (most notably, Estonia, where Travel Rule came into force on June 15th, and Japan’s April 2022 enforcement date. However, we understand that Japan’s Financial Services Agency allows softer, tiered enforcement).
We have seen that VASPs are also primarily motivated by counterparty urgency. VASPs are looking to become compliant with Travel Rule to continue transacting with their counterparties based in jurisdictions where Travel Rule is already in force. Complying with the Travel Rule is increasingly being perceived as a competitive advantage.
2. Effective Travel Rule compliance requires global, interoperable, and nuanced Travel Rule solutions rather than regional and closed networks
The FATF stresses that global implementation and full compliance with FATF Standards require interoperability between Travel Rule solutions. A closed network approach where transmission of Travel Rule information is dependent on the approval of the network members or a third party hampers a global and effective approach to Travel Rule compliance.
Notabene is an open network. We do not act as gatekeepers and believe each VASP should be able to decide who to transact with and share Travel Rule information. Additionally, Notabene is a protocol-agnostic solution. To ensure that our customers can reach the most expansive network of counterparty VASPs through Notabene, we work on integrating with any live Travel Rule messaging protocols. Acknowledging the importance of interoperability, integrating with existing Travel Rule protocols is Notabene’s main priority in the product roadmap.
The FATF recognizes that Travel Rule needs to be implemented at a global level, despite the differences in how each jurisdiction handles different Travel Rule components - the FATF highlights, in particular, the differences in how each jurisdiction approaches:
Whether a de minimis threshold applies and the transaction amount that triggers Travel Rule requirements;
The compatibilization between Travel Rule obligations and data protection frameworks;
Crypto enables a global and borderless financial industry, and the design of crypto compliance solutions should help preserve this characteristic while accounting for the specificities that might exist in different jurisdictions.
Our solution achieves this by reflecting the requirements of different jurisdictions (in terms of the de minimis threshold that applies, if any, the scope of the required information about the originator and beneficiary customers and requirements applicable to transactions with unhosted wallets) in our systems and product offerings. A validation mechanism ensures that any Travel Rule transfer includes all the needed information according to the jurisdiction of the Originator VASP and issues warnings in case the requirements applicable to the Beneficiary VASP are more comprehensive.
3. The FATF reports that most jurisdictions choose not to exclude unregulated VASPs from legal transaction flows
“22 out of 32 jurisdictions have decided to allow domestic VASPs to transact with any foreign VASP, whether they are licenced/registered or not,”
“most jurisdictions have decided to require domestic VASPs to apply the Travel Rule with all foreign VASPs, whether or not they are registered/licensed or have similar Travel Rule requirements .”
We are pleased to see this trend, as measures restricting transactions or Travel Rule flows with unregulated VASPs might have unintended consequences. On the one hand, this can result in excluding VASPs located in jurisdictions that do not yet offer robust frameworks to regulate the crypto industry and register/license crypto firms, regardless of how robust the VASP’s compliance program is.
According to the FATF, “only 12 jurisdictions out of 53 (23%) have been assessed as largely compliant with R.15 [i.e., with the AML/CTF Standards for VAs and VASPs]”, which implies that this could potentially affect a large number of VASPs.
The private sector, under close monitoring of the competent supervisory authorities, is better positioned to determine whether or not to transact with certain counterparties following a risk-based approach that takes into consideration the specificities of their businesses, the due diligence performed on these counterparties, and the risks associated with a particular transaction.
This is, in fact, one of the advantages of the Travel Rule - it allows VASPs to manage risk at the transaction level and adopt a more targeted approach when enforcing restrictions, and avoid blanket exclusions that can be disproportionate depending on the context.
On the other hand, restricting Travel Rule flows with unregulated VASPs is counterproductive. Presumably, managing counterparty risk is particularly relevant when transacting with unregulated VASPs, and that is better achieved by engaging in Travel Rule flows with those VASPs. Of course, performing appropriate counterparty VASP due diligence on the counterparty VASP before transacting and sharing Travel Rule information is a central element of the process.
4. Rapid and broad enforcement of Travel Rule requirements across jurisdictions is key to overcoming the sunrise issue.
The Travel Rule was first introduced in the FATF Standards in June 2019. Since then, Travel Rule requirements have been transposed to national frameworks at different speeds across jurisdictions. This poses a challenge for VASPs that are already required to comply when interacting with counterparties based in jurisdictions where regulators might not even have passed Travel Rule into law. In these cases, counterparties are often unprepared to send, receive and process Travel Rule transfers. Even if their compliance teams are willing to collaborate, finding resources to engage in compliance processes that are not yet mandatory in their jurisdiction is a difficult sell internally.
To account for this, VASPs are often granted generous grace periods to comply in full, take a phased approach to compliance, or apply alternative risk mitigation measures in cases where Travel Rule flows cannot be completed successfully.
The private sector has expressed that, although this flexibility is helpful, the industry can only overcome the sunrise issue with rapid and broad enforcement of the Travel Rule across jurisdictions.
At Notabene, one of our core product design principles is to ensure our customers are able to achieve phased compliance even if a transaction’s counterparty had no Travel Rule compliance solution in place. Hence, we have launched a free plan (Sunrise Plan) for companies to securely and privately respond to pending Travel Rule data transfers. This plan grants access to our powerful Travel Rule compliance dashboard, allowing Compliance Officers to set up secure automated compliance workflows and benefit from our award-winning integrations with blockchain analytics and sanctions screening providers–even if they are not yet ready to integrate a Travel Rule solution.