EU Travel Rule Effects Major Transfer Requirements for Crypto

June 2024

The EU reached an agreement on the implementation of the Travel Rule in the EU for crypto-asset businesses.

There is an existing regulation in the EU for accompanying data on transfers that relate to payment institutions. The proposal bill was to amend that to include crypto-asset service providers.

The obligations are extensive for EU VASPs and will necessitate procedures for data transfer between VASPs and other VASPs and verifying transfers to unhosted wallets. The travel rule obligations emanate from Financial Action Task Force (FATF) guidelines. 

Who do the rules apply to?

They apply to Virtual Asset Service Providers (VASPs) in the EU. These are technically referred to as Crypto-Asset Service Providers (CASP) in the EU.

A CASP is defined in a separate regulation called the Markets in Crypto-Assets (MiCA). In brief a CASP  is an entity that provides custody, administration of crypto-assets, operates a trading or brokerage platform involving crypto-assets, exchanges crypto-assets for fiat or other crypto-assets, advises on crypto-assets or places newly issued crypto-assets.

For the Travel Rule, there are CASP originators and CASP beneficiaries. The CASP originator is the entity being instructed by the originator (the sender) to send a transaction out of the CASP. The CASP beneficiary is the entity that receives the transaction and credits the beneficiary’s (the receiver’s) account. 

EU Travel Rule Obligations

The EU Travel Rule requires that the CASP originator first completes KYC on the originator prior to sending any funds out. Then the CASP originator has to make sure that when the transaction is sent out to the CASP beneficiary the data below is attached with the transaction (not on the blockchain, it would be sent separately). 

The Travel Rule data needing to be sent are: 

  • the name of the originator, 
  • the account number of the originator (if applicable), 
  • the originator’s residential address, 
  • the originator’s ID number, 
  • the originator’s date and place of birth; and
  • the name and account number (if applicable) of the beneficiary. 

When the CASP beneficiary receives the transaction the entity has to “verify the accuracy of the information on the beneficiary” by doing KYC on the beneficiary. This is effectively cross-checking the Travel Rule data with the data they have on file for the customer. Note: that there are slightly modified requirements if the transaction value is less than EUR1k and is not a connected transaction.

On a risk basis the CASP beneficiary has to check that it has received all the correct information from the originator. If the data is incomplete it should return the funds to the CASP originator or leave the funds in a pending state. The CASP beneficiary has to consider reporting to the FIU in cases of the data being incomplete.

This regime will apply to transfers to unhosted wallets. By ‘unhosted’ wallet we refer to wallets where the private key for the wallet is not controlled by a CASP, but usually is controlled by the owner of the wallet. The Travel Rule will apply to unhosted wallets in a manner that transfers outside of a originator CASP will require the originator CASP to verify that the beneficiary owns the unhosted wallet in question.  

This EU regime was brought about as a result of recommendations from the Financial Action Task Force (FATF). The EU regime envisages that there will be a list of high risk CASPs which will be managed by the European Bank. The implication is that before transferring to a ‘higher risk’ CASP the originator CASP will need to do enhanced due diligence on the beneficiary CASP. 

The final regulations are due to be published shortly. At that stage we will have full details of the regime to be put in place.

- By Adam Vaziri