As the Head of Regulatory and Compliance at Notabene, I've been at the forefront of discussions about one of the most pressing issues keeping compliance officers awake at night: How do you handle non-compliant deposits under the Travel Rule in the EU and other jurisdictions?
The implementation of the Travel Rule is an essential step in ensuring compliance with anti-money laundering (AML) and counter-terrorist financing (CTF) regulations. But this regulatory evolution brings a real challenge—how should Crypto Asset Service Providers (CASPs) respond when they receive non-compliant deposits? The issue isn’t only theoretical; it’s something that every CASP will face.
The Challenge of Non-Compliant Deposits
With the implementation of the Travel Rule, non-compliant deposits are an inevitable reality. These can arise from various scenarios(^1) that beneficiary CASPs must be prepared to address such as:
- Deposits originating outside of approved CASPs
- Deposits from approved CASPs with insufficient Travel Rule information
- Deposits from approved CASPs with inconsistent beneficiary information
- Deposits from approved CASPs where the originator is not an allowed person
Without a clear policy or well-defined workflow, the risks are high and these issues can disrupt the user experience, complicate operations, and even lead to asset loss. Each scenario requires a well-thought-out policy and workflow to address it effectively while minimizing disruption to user experience.
Non-Compliance Under the EU’s TFR (Regulation 1113/2023)
In the EU, Travel Rule under the TFR (Regulation 1113/2023)(^2) places significant responsibility on beneficiary CASPs. Articles 14, 16, and 17 of the regulation clearly outline the need for accurate originator and beneficiary information to be included with each transaction. The challenge lies in the fact that beneficiary CASPs can't proactively block incoming deposits. They must rely on the originating CASP's compliance to meet their obligations. This creates a complex situation where beneficiary CASPs must navigate between regulatory compliance and customer service. Despite beneficiary CASPs having less control over incoming deposit flows than originating CASPs, they must still enforce compliance, using methods such as post-monitoring or suspending suspicious transactions.
Under Article 17, CASPs must implement risk-based procedures to determine whether to execute, reject, return, or suspend transfers of crypto-assets that lack the required information. Non-compliant transactions must be carefully reviewed, with potential responses ranging from requesting missing data to returning the crypto-assets to the originator.
But the process isn't simple. For instance, a transfer may originate from a wallet that no longer belongs to the sender. Or, the originator may have no account with an approved CASP. How do you return the funds then? The answers are not always straightforward, and the EU’s TFR leaves room for a risk-based approach to address these scenarios.
Developing a Policy for Travel Rule Non-Compliant Deposits
At the heart of handling non-compliant deposits is the necessity of a clear, risk-based policy which is part of every industry best practice. This policy must account for several key steps:
- Withhold assets until compliance is achieved: If the necessary Travel Rule information is missing, the assets should not be made available to the beneficiary until compliance is ensured. This may require collecting additional information or performing enhanced due diligence.
- Return non-compliant assets promptly: Where compliance cannot be achieved, CASPs should have clear procedures for returning the assets to the originator. This process should be timely to avoid user frustration while ensuring that the return itself is secure and complies with AML/CTF obligations.
- Avoiding technical complications in the return process: Blockchain transactions, particularly those involving aggregated wallets, present additional challenges. Simply sending the funds back to the originating address may not always be feasible or safe. Instead, CASPs should establish secure, alternative methods to return funds while protecting against illicit activity.
- Reassess relationships with non-compliant counterparties: CASPs should monitor their counterparties’ compliance levels. Repeated non-compliance from a particular CASP may necessitate reevaluating the relationship, issuing warnings, applying enhanced due diligence, or even terminating the partnership. And let's not forget that there is a requirement of reporting of non-compliance of CASPs to national authorities.
The Return Dilemma
One of the most challenging aspects of handling non-compliant deposits is the return process. The FATF guidance and local regulations don't prescribe specific requirements for return policies, leading to varied practices among VASPs.
Key considerations for a return policy include:
- Where to return the assets
- Who to return the assets to
- Whether Travel Rule compliance applies to the return transaction
While there’s no universally accepted answer, the principle of reliability and a risk-based approach may guide your actions. For instance, can you confidently rely on a blockchain address used in a Travel Rule message for returning assets? Often, the answer is no. Wallet addresses change, can become dormant, and may result in commingled assets.
A more cautious approach is to confirm the originator’s identity and account details through both on-chain screening and direct communication with the counterparty. This ensures that the return process doesn’t inadvertently violate AML/CTF rules.
These are the practical steps for compliance that you can take:
- Develop clear policies for handling non-compliant deposits
- Implement robust monitoring systems to detect non-compliant transactions
- Establish a detailed workflow for the return process
- Communicate policies clearly to users to minimize disruption
- Regularly reassess relationships with repeatedly non-compliant counterparties
Notabene’s Role: Helping CASPs Navigate Non-Compliance
At Notabene, our platform helps CASPs identify and manage non-compliant CASPs with precision. By offering insights into missing Travel Rule data and alerting users to potential non-compliant transactions, we help CASPs maintain compliance while minimizing disruption. Additionally, our reporting tools allow CASPs to generate comprehensive lists of non-compliant transactions, simplifying their decision-making process and enhancing their regulatory reporting.
The Path Forward: A Risk-Based Approach
Handling non-compliant deposits under the Travel Rule is complex, but not insurmountable. As the regulatory landscape continues to evolve, staying informed and adaptable will be key to success in the world of crypto compliance. The road ahead may be challenging, but with the right policies, workflows, and tools such as Notabene in place, compliance can be achieved without sacrificing user experience. At Notabene, we’re committed to helping CASPs and regulators strike this critical balance.
If you would like to speak with Notabene about implementing a risk-based compliance solution for your unique needs, book a call with our team today.
References
^1 This is not an inclusive list
^2 https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32023R1113