REGULATIONS

Crypto Travel Rule Regulations in

United Kingdom

by

Financial Conduct Authority (FCA)

🇬🇧
Travel Rule required from
Travel Rule regulation still pending
September 1, 2023
Content last updated

The UK government has taken an innovative approach to regulating crypto assets and stablecoins by working with industry experts and regulators to develop an evidence-based plan.

Timeline of regulatory action:

  • July 22, 2021: The HM Treasury released a consultation seeking views on amendments to the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs.) Read Notabene's assessment of the amendments.
  • October 14, 2021: The HM Treasury concluded its consultation. 
  • July 21, 2022: The UK published the Money Laundering and Terrorist Financing (Amendment) (No. 2) Regulations 2022 (“MLTFR 2022”), introducing Travel Rule obligations to UK VASPs.
  • September 1, 2023: Travel Rule requirements enter into force in the UK

‍

Download the UK Cryptocurrency Regulation Guide

Get the PDF

‍

1. Is cryptocurrency legal in the United Kingdom?

Yes. The Financial Conduct Authority (FCA) put out a policy statement called "Guidance on Cryptoassets" (PS19/22) that describes the types of cryptoassets that fall under the FCA's regulatory authority, as well as the resulting obligations on firms and protections for consumers.

‍

2. Are there any AML crypto regulations in the United Kingdom?

Yes. As of January 10, 2020, businesses operating in the UK involved in cryptoasset activities must register with the FCA under the MLRs and comply with the anti-money laundering (AML) requirements. More recently, the MLTFR 2022 notably extended Travel Rule obligations to UK VASPs.

‍

3. Is the Crypto Travel Rule mandated in the United Kingdom?

The Crypto Travel Rule was passed into law in the UK on July 21, 2022. It will enter into force on September 1st, 2023. (MLTFR 2022, pg.1, para 3)

‍

4. Who regulates cryptocurrency in the United Kingdom? 

The Financial Conduct Authority (FCA) regulates cryptocurrency in the United Kingdom.

‍

‍

FATF Travel Rule requirements in the United Kingdom

‍

1. Are there licensing or registration requirements for VASPs in the United Kingdom?

Yes. Since January 10, 2020, businesses seeking to carry on cryptoasset activity in the UK that do not have an e-money license must register with the FCA under the MLRs. UK-based VASPs must adhere to several compliance rules, including know-your-customer, AML, and combating the financing of terrorism.

‍

2. When does the Crypto Travel Rule go into effect in the United Kingdom?

The Crypto Travel Rule will enter into force in the UK on September 1, 2023. (MLTFR 2022, pg.1, para 3)

‍

3. Does the United Kingdom permit a grace period to comply with the Crypto Travel Rule?

Yes. The United Kingdom considered the widespread support for a grace period and deferred the Travel Rule requirement by 12 months. The FATF crypto Travel Rule was passed on July 21, 2022, but UK VASPs have until September 1, 2023, to comply.

6.7:

Reflecting the consensus in favour of a grace period, and taking into account the current status of compliance technology, the government has decided to allow a 12-month grace period, to run from the point at which the amendments to the MLRs take effect until 1 September 2023, subject to Parliamentary approval, during which cryptoasset businesses will be expected to implement solutions to enable compliance with the Travel Rule.

View British VASPs on the Notabene Network

Explore the Network

‍

Complying with the FATF Crypto Travel Rule in the United Kingdom

‍

1. What is the minimum threshold for the Crypto Travel Rule in the United Kingdom?

UK VASPs must transfer Travel Rule information regardless of the transaction amount. However, there is a requirement to transmit a broader scope of data when the following conditions are met:

  1. At least one counterparty (the Originator VASP, the Beneficiary VASP, or the Intermediary VASP) carries out business outside the UK with respect to the transaction; and
  2. The transfer is equal to or exceeds the equivalent in cryptoassets of 1,000 euros. (MLTFR 2022, pg.5, para. 64C (1), (4))

More information is provided in the table below.

‍

2. What personally identifiable information is required to be shared for the Crypto Travel Rule in the United Kingdom?

When transferring cryptocurrency between businesses, the Originator VASp must include specific information as required by UK regulations. The rules vary depending on whether all businesses involved are based in the UK, or if at least one is located outside the UK:
‍

Source: The Money Laundering and Terrorist Financing (Amendment) (No. 2) Regulations 2022, pg. 4, para 64B-C.

‍

Source: The Money Laundering and Terrorist Financing (Amendment) (No. 2) Regulations 2022, pg. 4, para 64B-C.


3. Are there differences in customer PII requirements for cross-border transfers versus transfers within the United Kingdom?

Yes. UK-transfers require less PII. The Originator VASP must provide additional information within three working days if the Beneficiary VASP requests. The table above describes the information required and that may be requested. (MLTFR 2022, pg. 4, para 64C (2))

‍

{{training2="/cta-components"}}

‍

4. What are the non-custodial or self-hosted wallet requirements in the United Kingdom?

UK VASPs are not required to transmit any information when conducting transactions with self-hosted wallets. This approach aligns with FATF standards and mirrors how many jurisdictions have incorporated the crypto Travel Rule requirements into their national regulations.

6.27:

Where a transfer is being made from a cryptoassets service provider to an unhosted wallet, the originating provider is not expected to send information to an unhosted wallet, though it should still collect information on the intended beneficiary. (HM Treasury 2022. pg. 37, para 6.27)

‍

However, different obligations–set forth in the MLTFR 2022–apply in transactions with self-hosted wallets:

  1. When transacting with self-hosted wallets, UK VASPs may request missing information specified in I.A (1-2) from customers. If the customer is the transfer originator, the VASP must acquire missing Beneficiary Customer information (name and account number), and vice versa;
  2. When the VASP's customer is the Beneficiary of a self-hosted wallet transfer that exceeds 1,000 euros, the VASP may also collect the Originator's information in II.B of the table above. (MLTFR 2022, pg. 7-8, para 64G)

‍

Collecting this information from the end customer is not set as a mandatory requirement, but rather as a measure that VASPs shall assess whether to adopt based on a risk assessment that takes into account the following:

  • the purpose, nature, and duration of the relationship with the customer,
  • the purpose and value of the unhosted wallet transfer, and 
  • how frequently the customer transacts. 

‍

5. What are the Travel Rule Obligations for a Beneficiary VASP?

When receiving a inter-cryptoasset business transfer, Beneficiary VASPs shall:

  1. Confirm all required information was received;
  2. Match received Beneficiary information against their customer due diligence information.

In case there is missing information or any mismatch in the Beneficiary information is identified, the Beneficiary VASP should consider the following steps:

  1. Send missing information request to Originator VASP;
  2. Make enquiries about the discrepancy 
  3. Consider withholding funds until the information is received / discrepancy resolved
  4. Consider returning funds to Originator VASP. 

It is worth noting that Beneficiary VASPs must report to the FCA any repeated failure by another VASP to provide required information and any steps the Beneficiary VASP has taken in response to such failures. (MLTFR 2022, pg. 6, para 64D)

Why choose Notabene for Crypto Travel Rule Compliance in the United Kingdom?

Notabene’s tools help British VASPs and financial institutions comply with the FATF’s Recommendation 16 “Crypto Travel Rule” as required by the HM Treasury. Our protocol-agnostic solution securely permits VASPs to send, store and maintain required PII for Travel Rule transactions around the globe. We offer two GDPR-compliant methods to store and manage data as mandated by the HM Treasury. Additionally, our award-winning Travel Rule solution was recently accepted into The Financial Conduct Authority (FCA)’s Regulatory Sandbox initiative. Reach out to chris@notabene.id to participate in testing Travel Rule procedures in line with UK rules.

References

* An inter-crypto asset business transfer is defined as “a transaction carried out by two or more crypto asset businesses which involves the making available of a crypto asset of an originator to a beneficiary, provided that at least one of the crypto asset businesses involved in the transaction is carrying on business in the United Kingdom in respect of the transaction (whether that is a crypto asset business acting for the originator or a crypto asset business acting for the beneficiary or an intermediary crypto asset.” (MLTFR 2022, pg. 4, para 64B)
 
** UK transfers are defined as “The crypto asset businesses executing the inter-crypto asset business transfer (including any intermediary crypto asset business) is carrying on business in the United Kingdom. (MLTFR 2022, pg. 5, para 64C)


*** International transfers are defined as “At least one of the crypto asset businesses executing the inter-crypto asset business transfer (including any intermediary crypto asset business) is not carrying on business in the United Kingdom.” (MLTFR 2022, pg. 4, para 64B)



HM Treasury 2021Amendments to the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 Statutory Instrument 2022 July 2021 | Consultation. Published July 22, 2021.
HM Treasury 2022Amendments to the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 Statutory Instrument 2022 | Response to the Consultation. Published June 2022. 
MLTFR 2022The Money Laundering and Terrorist Financing (Amendment) (No. 2) Regulations 2022. Published July 21, 2022.

Notabene's commitment to privacy + security:

‍Bank-grade security for an insecure world‍
  • Passed rigorous security reviews by more than 150 institutions, including global banks and top 20 crypto exchanges
  • Annual SOC 2 Type II Audit for Security and Data Privacy Categories
  • Regular penetration testing by security audit leader Cobalt
‍Industry’s strongest protection for your customer data‍
  • Industry’s only escrowed exchange of encrypted PII
  • Compliant with EU GDPR, Singapore PDA
  • Plug-and-play Travel Rule end-user data consent component
‍Enterprise White Glove features‍
  • 24h/7 days a week uptime
  • Configurable enterprise SLA
  • SOC2 compliant disaster recovery and business continuity plans
Learn more about our commitment to security
This content is provided for general informational purposes only. By using the content, you agree that the information on this content does not constitute legal, financial or any other form of professional advice. No relationship is created with you, nor any duty of care assumed to you, when you use this content. The content is not a substitute for obtaining any legal, financial or any other form of professional advice from a suitably qualified and licensed advisor. The information on this content may be changed without notice and is not guaranteed to be complete, accurate, correct or up-to-date.

Help us keep this page up to date! Any comments, corrections or suggestions on this page can be sent to
catarina@notabene.id.