Authors: Dr. Katharina Lasota Heller & Allison Fromm
Although the Covid crisis has focused much attention on new regulations regarding ordinary travel, the cryptocurrency community has been struggling with a different kind of travel rule. The travel rule itself is nothing new. In 1989, in response to concerns about money laundering, the G-7 Summit created a Financial Action Task Force (FATF) that established an initial forty Recommendations in 1990, which they revised over the subsequent years and eventually over 180 countries officially endorsed the standards. In particular, Recommendation 16 decreed that for any wire transaction involving clients of financial institution, the institutions must transmit to each other certain information about the originator and beneficiary. Data about the parties to the transaction must “travel” along with the funds, and hence the “Travel Rule” was born.
Following from guidance issued on digital currencies in previous years, in June 2019 the FATF sought to bring further clarity to the definition of a Virtual Asset Service Provider (VASP), as well as issue guidance on how regulated entities might apply a risk-based approach to managing AML/CFT risks for transactions or business relationships involving virtual assets. While FATF’s officially defines a Virtual Asset as “a digital representation of value that can be digitally traded, or transferred, and can be used for payment or investment purposes,” essentially VAs are cryptocurrencies or asset tokens. FATF published guidance stating that VASPs issuing or transmitting VAs must adhere to many of their recommendations, including the Travel Rule, which had previously only applied to the wire transfer system used by traditional financial intermediaries.
As an illustrative example, assume that Bob owns a graphic design shop in Germany and accepts Bitcoin through his account with VASP Delta. His customer Alice owes him 2 BTC and initiates a payment using her account at VASP Charlie. The illustration below details the nature of the transaction and the diligence that both Charlie and Delta must perform.
Critically, FATF guidance states that transfers involving the use of a VASP by only one party, or transfers that do not involve a VASP at all, do not need to comply with the Travel Rule. Similarly, VASP to VASP transfers are exempt from the requirements of Recommendation 16.
Let’s assume that in our example above involving Alice and Bob, instead of using VASP Delta, Bob was keeping his BTC in an “unhosted” (private / non-custodial) Echo wallet. VASP Charlie would still need to perform due diligence on Alice when establishing an initial relationship. However, as per FATF Recommendation 16, when processing Alice’s transaction, VASP Charlie would not need to send information about Alice along with the BTC because Bob is not using a VASP to receive the funds. The illustration below depicts this scenario.
Meanwhile in Switzerland, a country whose citizens have managed to send trains travelling up all kinds of impossibly steep mountains and where gondolas whisk passengers to otherwise inaccessible peaks and summits, it is perhaps unsurprising that Swiss regulators view the Travel Rule just a bit differently than the rest of the world. In August of 2019, FINMA, the Swiss independent financial markets regulator, stated that it had already been applying Anti-Money Laundering regulations to VASPs since the technology’s emergence. FINMA takes a “technology neutral” approach to regulation, so AML-related requirements for financial intermediaries operating in the crypto space were already applicable, regardless of whether value is transferred by bank wire or distributed ledger technologies (see Article 10, AMLO-FINMA).
Furthermore, FINMA applies stricter standards than the FATF and requires VASPs under its jurisdiction to ensure that their counterparty VASPs are themselves operating in countries with sufficient Anti-Money Laundering regulations. In the diagram below, Alice is now using Swiss VASP Foxtrot to originate her transaction. FINMA requires an extra action (step 2) and the Originator VASP Foxtrot can only complete the transaction after verifying that the Beneficiary VASP Delta is domiciled in a reasonably compliant jurisdiction, such as The British Virgin Islands.
Currently, more than a dozen countries fall onto FATF’s list called “Jurisdictions under increased monitoring”, aka the grey list. The acceptance of them should be decided on a case-by case basis. Transactions from VASPs registered in FATF black-listed countries (North Korea and Iran) should not be accepted. To further illustrate FINMA’s stricter regulations, let’s now assume that Bob’s account was with VASP Gulf, based, for example, in Iran. FINMA would not permit VASP Foxtrot to complete the transaction because transactions to Iran are considered high risk and thus are out of bounds for Swiss VASPs. The illustration below depicts this example.
Additionally, FINMA provides less leeway than FATF regarding private unhosted wallets. Swiss VASPs must confirm the beneficial ownership and identity of all parties to a transaction, even if the counterparty is controlling their own funds from a private wallet, without the support of a VASP. The easiest verification method would be to ensure that the beneficiary is also a customer of the originating VASP (i.e. an internal account transfer with the same VASP). Failing that, Swiss VASPs must employ some other solution to obtain the required identifying and beneficial ownership information and employ suitable technical means to confirm that the identified counterparty controls the unhosted wallet. (For more information on these requirements, see FINMA’s Guidance 02/2019 Payments on the Blockchain.)
For example, if Alice initiates the 2 BTC transaction via VASP Foxtrot and Bob has a private Echo wallet, VASP Foxtrot must verify Bob’s identity, confirm the beneficial owner of the assets held at his wallet address and prove Bob’s control over his private Echo wallet keys using suitable technical means, similar to the due diligence steps VASP Foxtrot would have taken to onboard and open an account for Alice.
While some in the cryptocurrency community worry that these regulations will destroy the very essence of the decentralized financial revolution, others view FINMA’s strong stance on controlling beneficial ownership as essential to the fight against money laundering and its devastating predicate crimes. However, for a nation that developed an international business model based on innovative ways of safely bringing tourists to remote mountain tops, it seems likely that creative Swiss technical minds will overcome these most recent travel challenges as well.