On July 22, 2021, HM Treasury released Amendments to the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 Statutory Instrument 2022, a consultation that included an entire chapter on the transfers of crypto assets. Chapter 6 laid forth provisions poised to implement the FATF’s Crypto Travel Rule into UK law.
Below are our important takeaways:
1. HM Treasury proposes to update the Money Laundering Regulations (MLRs) rather than pass primary legislation needed to amend the Funds Transfers Regulations (FTRs)
6.7: The use of the Money Laundering Regulations
As it is retained EU law, the government does not have the ability to easily amend the FTR, except to remove deficiencies caused by EU exit. More substantial amendments of the kind necessary to apply R.16 to cryptoassets would require primary legislation. The government therefore proposes to use its powers to amend the MLRs, which will also ensure that AML legislation for the cryptoasset sector is consolidated in one place, and is therefore easier to navigate.
Notabene Takeaway: Acknowledging the urgency with which HM Treasury wants to roll out the Travel Rule, they propose to update existing MLRs rather than attempt to amend the EU FTR laws. This will make it easier and faster to implement, and also has the benefit of ensuring all AML regulation for cryptoassets is kept within the MLRs.
2. HM Treasury offers an unspecified grace period for compliance solution integration
The government acknowledges that the process of integrating these requirements into a firm’s business practices may take time. It is important that new regulations are introduced in a proportionate way, striking the right balance between reducing the harms of illicit finance and supporting innovation that benefits consumers and the economy. It is therefore proposed that firms will be allowed a grace period after the amendments to the MLRs are made, to allow the integration of compliance solutions.
Notabene Takeaway: The HM Treasury acknowledges that introducing new compliance measures is a cost and needs to be balanced with their support for innovation. It will offer a grace period and calls on critical industry players’ responses to create evidence-based policy decisions. You can submit your feedback to this email Anti-MoneyLaunderingBranch@hmtreasury.gov.uk by October 14, 2021. Notabene will also provide a response.
3. Full Travel Rule data transfer requirements will apply to all VASP-to-VASP transfers over £1,000
Meanwhile, transfers below £1,000 will still require the collection of less PII.
In line with INR.16 and the approach taken in the FTR, the government proposes that the following information should be required to be sent with a transfer of cryptoassets.
These requirements are the minimum information which should accompany a transfer of cryptoassets; there is nothing to prevent a cryptoasset service provider providing additional information with the transfer (such as, for example, providing full beneficiary and originator information, if the sending cryptoasset sevice provider does not know the jurisdiction in which the receiving cryptoasset service provider is based).
Notabene Takeaway: Notably, HM Treasury will require travel rule transfers below the threshold, similar to the EU requirements. Also, it is worth noting that while some jurisdictions have deemed all crypto transfers to be treated as ‘cross-border transfers, the UK makes an exception here by allowing transfers between UK-based VASPs not to include PII.
4. PII received, transmitted, or retained is within the scope of the UK GDPR
Personal data received, transmitted or retained pursuant to these provisions is within scope of the UK General Data Protection Regulation (GDPR), and crypto asset service providers will therefore need to process it in line with the requirements in that legislation.
Notabene Takeaway: UK VASPs must uphold GDPR when performing Travel Rule transfers. This is not unexpected, but some questions arise on whether they will oblige their counterparties who are not in the EU or UK to also abide by GDPR.
5. HM Treasury invites comments/feedback on unhosted wallet transfers
6.27: Treatment of unhosted wallets
Obligations under R.16 only fall on cryptoasset service providers, not on private individuals using unhosted wallets. Although FATF are reviewing the treatment of unhosted wallets within scope of the recommendations, current FATF Guidance states that, where a beneficiary’s cryptoassets service provider receives a transfer from an unhosted wallet, it should obtain the required originator information from its own customer that receives the cryptoassets transfer. This requirement does not extend to the verification of said originator information. Where a transfer is being made from a cryptoassets service provider to an unhosted wallet, the originating provider is not expected to send information to an unhosted wallet, though it should still collect information on the intended beneficiary.
Notabene Takeaway: HM Treasury is hinting that it would only require obtaining the counterparty information and not its verification if it were to roll out requirements around unhosted wallets. This is in line with what FATF recommends now, but it is encouraging that they invite commentary from the industry. Regardless, companies must be prepared to implement a risk-based approach concerning unhosted wallets.