By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Beneficiary VASPs: Key Requirements Under the EU Transfer of Funds Regulation

Catarina Veloso
Catarina Veloso
July 12, 2024
Catarina, Regulatory & Compliance Senior Associate at Notabene, specializes in global crypto regulations. With roles including co-chair of the CryptoUK Travel Rule group and part of the EBA Expert Group, she shapes Travel Rule compliance. Holds Masters in Energy Law and BA in Law.
Summary

The European Union's Transfer of Funds Regulation (TFR) and the European Banking Authority’s final Travel Rule Guidelines impose stringent requirements on Crypto Asset Service Providers (CASPs) to ensure transparency and security in crypto-asset transactions. Beneficiary CASPs, in particular, have critical responsibilities in managing incoming transactions despite their limited control over deposit flows compared to originating CASPs.

Beneficiary CASPs cannot proactively block incoming deposits and rely on the compliance of the originator CASP to meet obligations. Therefore, it is crucial to evaluate strategies for handling non-compliant deposits. This article focuses on the specific requirements for beneficiary CASPs and strategies for managing transactions that fail to meet compliance standards.

Required Information for Transactions

Under Article 16/1 of the TFR, beneficiary CASPs are obligated to receive specific information about both the originator and the beneficiary of each transaction. Articles 14(1) and 16(1) of the TFR specify the required information, including:

  • Full name of the originator and beneficiary
  • Distributed ledger address and account number
  • Address and official personal document number of the originator
  • Additional optional information, such as customer identification number or date and place of birth, to ensure unambiguous identification.

Monitoring Systems for Detecting Non-Compliance

The TFR mandates that beneficiary CASPs implement robust monitoring systems to detect non-compliant transactions. According to the Travel Rule Guidelines, these systems should include:

  1. Methods for detecting missing, incomplete, or meaningless information.
  2. Pre- and post-monitoring practices aligned with money laundering and terrorist financing (ML/TF) risk levels.
  3. Criteria for recognizing risk-increasing factors. [1]

Managing Non-Compliant Transactions

Beneficiary CASPs must follow specific procedures to detect a transaction lacking the required information. Article 17 of the TFR outlines four possible actions:

  1. Execute: The CASP can proceed with the transaction if the risk assessment allows it.
  2. Reject: The transaction can be rejected if it does not meet compliance standards.
  3. Return: The funds can be returned to the originator if the necessary information is not provided.
  4. Suspend: The transaction can be temporarily suspended while additional information is requested.

The Travel Rule Guidelines provide more granularity on how CASPs should define the appropriate follow-up action:

  • Beneficiary CASPs can request missing information from the originator CASP rather than immediately rejecting or returning the transfer. [2] 
  • If the information is not provided within a specified timeframe (three working days for EU transfers and up to seven days for others), the CASP must decide whether to proceed based on a risk assessment. [3] 
  • If the rejection is technically impossible (e.g., the crypto-assets have already been received), the transfer should be returned to the originator. [4]
  • If returning the transfer to the original address is not possible, CASPs should hold the returned assets in a secure, segregated account while communicating with the originator CASP to arrange the proper return of the crypto-assets. [4]

‍

Managing Non-Compliant Counterparties

When beneficiary CASPs identify deposits missing Travel Rule data, it not only disrupts the transaction but also strains relationships with non-compliant counterparties. Here’s how CASPs should manage these situations according to Article 17/2 of the TFR:

  1. Reassess the Relationship: Evaluate if the counterparty repeatedly fails to provide the required information.
  2. Report Non-Compliance: Notify competent authorities about the non-compliance.


Assessment Criteria

To determine the appropriate course of action, CASPs must assess whether the counterparty has repeatedly failed to meet their obligations. The assessment involves both quantitative and qualitative criteria:

  • Quantitative: Frequency of incomplete transfers and unanswered follow-up requests. [5]
  • Qualitative: Counterparty cooperation, agreements for extended time, and reasons for missing data. [6]

Steps for Repeated Non-Compliance

  1. Issue Warnings: Inform the counterparty of potential consequences and set deadlines for compliance.
  2. Enhanced Due Diligence: Apply stricter measures to manage risk.
  3. Terminate Relationship: If necessary, end the business relationship or reject future transfers.
  4. Report Repeatedly Non-compliant CASPs: CASPs must report non-compliant counterparties within three months of identifying non-compliance and include details of the non-compliant counterparty CASP, nature and frequency of breaches, justifications provided, and actions taken. [7] 

‍

General Obligations

Finally, the Travel Rule Guidelines offer a concise overview of supplementary requirements that CASPs should consider when dealing with deposits. 

‍

Pre vs. Post Transaction Monitoring

CASPs are responsible for establishing policies and procedures to determine which transfers require monitoring before or during the transfer process. This decision should consider any factors that may increase risk, as specified in the “EBA’s Guidelines on Money Laundering/Terrorist Financing (ML/TF) Risk Factors.” [8]

Meaningless and Inconsistent Information

CASPs should treat information as missing if essential fields are left empty or if the provided information is deemed meaningless or inconsistent. For example, random strings of letters should be considered meaningless information. [9]

Communication Systems

When contacting the counterparty for clarification, CASPs should use the same messaging system utilized to transmit the initial information. [10]

Self-Hosted Wallet Deposits

For deposits from self-hosted wallets, any requests for clarification should be directed straight to the customer. [11]

Interested in learning more? Check out our articles on Self-Hosted Wallet Transaction Requirements Under the EU TFR and Top 10 Insights European CASPs Need to Know About the Upcoming Travel Rule Compliance Regulation.

References

[1] European Banking Authority (EBA). (2024). Guidelines on information requirements in relation to transfers of funds and certain crypto-assets transfers under Regulation (EU) 2023/1113 (‘Travel Rule Guidelines’) §42

[2] Travel Rule Guidelines, §54.

[3]Travel Rule Guidelines, §§ 54, 56.

[4] Travel Rule Guidelines, §55.

[5] Travel Rule Guidelines, §68.

[6] Travel Rule Guidelines, §69.

[7] Travel Rule Guidelines, §§ 70-75

[8] Travel Rule Guidelines (§46 et seq.

[9] Travel Rule Guidelines, §49 et seq.

[10] Travel Rule Guidelines, §58.

[11] Travel Rule Guidelines, §63.

‍

FAQs