In June 2019, the Financial Action Task Force (FATF) made an amendment to one of their recommendations that will fundamentally change the world of crypto as we know it. Recommendation 16, commonly referred to as the Travel Rule, was originally made to help anti-money laundering (AML) and counter terrorist financing (CTF) efforts when it comes to wire transfers. Now the recommendation has been expanded to include virtual assets and exchanges, and the repercussions are huge.
The deadline for compliance is June 2020, and many virtual asset providers are struggling to figure out the logistics. In this article, we’ll take a deep dive into the FATF Travel Rule, the implications it has, and the challenges it presents.
What is the FATF Travel Rule?
To truly understand the FATF Travel Rule, we first need to understand its origins. In the 1970s, the Banking Secrecy Act (BSA) was a major piece of US legislation that fundamentally changed the banking industry forever. For the first time in history, banks were required to cooperate with the US government to fight money laundering, terrorist financing, and other financial crimes. Not only does the BSA fight against money laundering, but it also ensures that banks are not used as tools to facilitate it.
Under the BSA, financial institutions must work to monitor and detect any potential money laundering activities, and are also required to report these activities to the authorities. While the BSA is a US law administered by the Financial Crimes Enforcement Network (FinCEN) it has international implications.
After the terrorist attacks of 9/11, the BSA was further expanded upon with the Patriot Act – specifically Title III. While the purpose of the Patriot Act was to fight terrorism on all levels, including financial, it also had major implications for the international financial community. It strengthened banking rules regarding international money laundering and terrorist financing, and opened up channels of communications between law enforcement and financial institutions across borders. Once the US introduced these laws, the rest of the world followed shortly after.
Which leads us to the Travel Rule. As an international regulatory body, the FATF does not make laws, but it does make recommendations to fight financial crime. The task force isn’t afraid to “name and shame” countries that are not compliant, and regularly issues reports on how member states are doing when it comes to following the FATF recommendations.
Recommendation 16, also known as the Travel Rule, previously only applied to banks. It requires financial institutions to share information about their customers and assume the responsibility to report suspicious activities, similar to the BSA. In June 2019, in an attempt to keep up with the evolving world of cryptocurrency, Recommendation 16 was expanded to include virtual assets and exchanges.
Prior to the FATF’s mandate, the cryptocurrency industry was largely self-regulating. Individual countries have made their own rules in an effort to prevent money laundering and terrorist financing, but there has been a lot of confusion and no overarching international standard.
Now under the Travel Rule, Virtual Asset Service Providers (VASPs) are required to share the identities of users involved with any virtual asset transfers valuing $1000 USD or more. VASPs will now need to obtain and verify customer identification with one another, which presents a number of problems which we will dive into later. VASPs include any individual or business that conducts the following activities as part of their services:
Aside from sharing customer data with other VASPs or the authorities, VASPs also have a number of other duties they must fulfill in order to be compliant. The first is that ongoing transaction monitoring needs to take place. This means that VASPs will need to determine what typical transactions look like for each user so that they are able to spot any changes to the established pattern which could signify criminal activity. Financial institutions already do this in most countries and it is part of a risk-based approach to AML and CTF.
VASPs should also screen customer wallets and potentially share any blacklists with other VASPs and relevant parties. Additionally, VASPs should be licensed and/or registered in their jurisdiction. As you can see, it’s a big ask for an industry that is largely anonymous and decentralized.
While the Travel Rule sounds similar to Know Your Customer (KYC), it does have a couple key differences. The first is that during KYC, the data collected is only used by the organization that collects it. With the Travel Rule, that KYC information needs to be shared between VASPs and/or the relevant authorities. Secondly, KYC is an internal process while the Travel Rule is an external one.