REGULATIONS

Crypto Travel Rule
in

Gibraltar

by

Gibraltar Financial Services Commission

🇬🇮
Travel Rule required from
Travel Rule regulation still pending
March 22, 2021

Gibraltar was the first country in the world to provide a purpose-built regulatory framework for businesses using blockchains or distributed ledger technology back in 2018. The travel rule was implemented through the Proceeds of Crime Act 2015 (Transfer of Virtual Assets) Regulations 2021 (TR Regs) and has been in force since March 22, 2021.

Is cryptocurrency legal in Gibraltar?

Gibraltar adopted a proactive and progressive approach to regulating the crypto industry by putting forward the Distributed Ledger Technology Framework (DLT Framework) as early as 2018. This framework regulates firms carrying out by way of business, in or from Gibraltar, the use of distributed ledger technology (DLT) for storing or transmitting value belonging to others.

Are there any AML crypto regulations in Gibraltar?

Gibraltar's DLT Framework is founded on nine fundamental principles. One of which requires DLT providers to "have systems in place to prevent, detect and disclose financial crime risks such as money laundering and terrorist financing." The Gibraltar Financial Services Commission (GFSC) issued a Guidance Note tailored to support DLT providers in translating this principle into appropriate practices. DLT providers are subject to the obligations foreseen in the Proceeds of Crime Act (POCA) and to the Guidance Notes issued under POCA on systems of control to prevent the financial system from being used for ML/TF.

Who regulates cryptocurrency in Gibraltar?

The GFSC is the authority responsible for regulating and supervising distributed ledger technology activities in Gibraltar, as part of its broad mandate to regulate and supervise the country's financial industry.

Who is the Crypto Travel Rule Regulator in Gibraltar?

As part of its mandate to regulate and supervise distributed ledger technology activities in Gibraltar, the GFSC is responsible for monitoring compliance with the crypto travel rule. However, the Gibraltar Financial Intelligence Unit (GFIU) is the entity responsible for facilitating the receipt, analysis, and dissemination of suspicious transaction reports (STRs) filed by VASPs under the POCA.

Are there licensing or registration requirements for VASPs in Gibraltar?

Yes, "DLT Providers" in Gibraltar are required to apply with the GFSC for a DLT Provider License (see Financial Services (Distributed Ledger Technology Providers) Regulations 2017). Additionally, the Proceeds of Crime Act 2015 (Relevant Financial Business) (Registration) Regulations 2021 (RFBR Regs), which entered into force on March 22, 2021, requires (most relevantly) the following financial businesses to register with the GFSC for AML/CTF supervision, provided that they are not already subject to supervision by a relevant supervisory authority:

  1. "undertakings that receive, whether on their own account or on behalf of another person, proceeds in any form from the sale of tokenised digital assets involving the use of DLT or a similar means of recording a digital representation of an asset; or
  2. persons who, by way of business, use DLT to exchange units of value, or arrange, or make arrangements with a view to, the exchange of units of value using DLT".

FATF Travel Rule requirements in Gibraltar

Is the Crypto Travel Rule mandated in Gibraltar?

Yes, the crypto Travel Rule was implemented in Gibraltar through the enactment of the TR Regs, which has been in force since March 22, 2021.

Does Gibraltar permit a grace period to comply with the Crypto Travel Rule?

Although the TR Regs do not explicitly grant any grace period for compliance with the crypto Travel Rule, a grace period of 18 months was communicated from the GFSC to the industry. The grace period was announced on March 22, 2021, and ends until September 22, 2022.

When does the Crypto Travel Rule go into effect in Gibraltar?

The crypto travel rule has been in effect in Gibraltar since March 22, 2021 - the date of entry into force of the TR Regs - although the GFSC granted an 18-months grace period to comply.  

Complying with the FATF Crypto Travel Rule in Gibraltar

What is the minimum threshold for the Crypto Travel Rule in Gibraltar?

In Gibraltar, crypto travel rule requirements only apply to transactions with a value equal to or in excess of EUR 1,000 - defined as "material transactions" in the TR Regs (see section 3 .(1)). However, it is worth noting that the TR Regs explicitly foresee that this threshold may be modified by Government order.

What personally identifiable information is required to be shared for the Crypto Travel Rule in Gibraltar?

In Gibraltar, the originator VASP is required to share the following personally identifiable information (PII) of the originator and beneficiary of the transfer with the beneficiary VASP (TR Regs, section 4.(2)):

Originator PII:

  • Name;
  • Virtual asset account number / unique transaction identifier in case an account number does not exist; and one of the following:
  • Address;
  • National identity number;
  • Customer identification number;
  • Date and place of birth.

Beneficiary PII:

  • Name;
  • Virtual asset account number / unique transaction identifier in case an account number does not exist.

Are there differences in customer PII requirements for cross-border transfers versus transfers within Gibraltar?

In Gibraltar, the scope of personally identifiable information that needs to be shared between VASPs for compliance with the Crypto Travel Rule is the same for cross-border and internal transfers.

What are the non-custodial or self-hosted wallet requirements in Gibraltar?

When receiving transactions from non-custodial or self-hosted wallets, Gibraltar requires beneficiary VASPs to obtain from their own customer (i.e., the beneficiary of the transfer) the following PII of the transfer originator (TR Regs, section 5.(2)):

  • Name; and one of the following:
  • Address;
  • National identity number;
  • Customer identification number;
  • Date and place of birth.

When sending transfers to non-custodial or self-hosted wallets, VASPs are not subject to travel rule requirements.

Why choose Notabene for Crypto Travel Rule compliance in Gibraltar?

Notabene's solution is live and can be used by VASPs to comply with local Travel Rule requirements today. Most relevantly, through Notabene, VASPs are able to identify whether the counterparty wallet is custodial or self-hosted and take the measures appropriate to each scenario. Complying with the Travel Rule requires significant changes to VASPs' existing UX and data flows. Bearing this in mind, we allow for a staggered implementation of our solution and promote testnets for VASPs to take their first steps towards compliance in a simulated environment.

Sign up for our next testnet.

Relevant Links:
Last updated
October 1, 2021

Book a demo.
Comply with the Travel Rule today.

Learn what is required of your business to comply
Show regulators your path towards compliance
Send, receive and monitor your Travel Rule transfers today
Fully automate incoming and outgoing transfers
BOOK A DEMO
related articles