In June 2019, the Financial Action Task Force (FATF) made an amendment to one of their recommendations that will fundamentally change the world of crypto as we know it. Recommendation 16, commonly referred to as the Travel Rule, was originally made to help anti-money laundering (AML) and counter terrorist financing (CTF) efforts when it comes to wire transfers. Now the recommendation has been expanded to include virtual assets and exchanges, and the repercussions are huge.

The deadline for compliance is June 2020, and many virtual asset providers are struggling to figure out the logistics. In this article, we’ll take a deep dive into the FATF Travel Rule, the implications it has, and the challenges it presents. 

What is the FATF Travel Rule?

To truly understand the FATF Travel Rule, we first need to understand its origins. In the 1970s, the Banking Secrecy Act (BSA) was a major piece of US legislation that fundamentally changed the banking industry forever. For the first time in history, banks were required to cooperate with the US government to fight money laundering, terrorist financing, and other financial crimes. Not only does the BSA fight against money laundering, but it also ensures that banks are not used as tools to facilitate it.

Under the BSA, financial institutions must work to monitor and detect any potential money laundering activities, and are also required to report these activities to the authorities. While the BSA is a US law administered by the Financial Crimes Enforcement Network (FinCEN) it has international implications. 

After the terrorist attacks of 9/11, the BSA was further expanded upon with the Patriot Act – specifically Title III. While the purpose of the Patriot Act was to fight terrorism on all levels, including financial, it also had major implications for the international financial community. It strengthened banking rules regarding international money laundering and terrorist financing, and opened up channels of communications between law enforcement and financial institutions across borders. Once the US introduced these laws, the rest of the world followed shortly after.

Which leads us to the Travel Rule. As an international regulatory body, the FATF does not make laws, but it does make recommendations to fight financial crime. The task force isn’t afraid to “name and shame” countries that are not compliant, and regularly issues reports on how member states are doing when it comes to following the FATF recommendations. 

Recommendation 16, also known as the Travel Rule, previously only applied to banks. It requires financial institutions to share information about their customers and assume the responsibility to report suspicious activities, similar to the BSA. In June 2019, in an attempt to keep up with the evolving world of cryptocurrency, Recommendation 16 was expanded to include virtual assets and exchanges. 

Prior to the FATF’s mandate, the cryptocurrency industry was largely self-regulating. Individual countries have made their own rules in an effort to prevent money laundering and terrorist financing, but there has been a lot of confusion and no overarching international standard.

Now under the Travel Rule, Virtual Asset Service Providers (VASPs) are required to share the identities of users involved with any virtual asset transfers valuing $1000 USD or more. VASPs will now need to obtain and verify customer identification with one another, which presents a number of problems which we will dive into later. VASPs include any individual or business that conducts the following activities as part of their services:

Aside from sharing customer data with other VASPs or the authorities, VASPs also have a number of other duties they must fulfill in order to be compliant. The first is that ongoing transaction monitoring needs to take place. This means that VASPs will need to determine what typical transactions look like for each user so that they are able to spot any changes to the established pattern which could signify criminal activity. Financial institutions already do this in most countries and it is part of a risk-based approach to AML and CTF.

VASPs should also screen customer wallets and potentially share any blacklists with other VASPs and relevant parties. Additionally, VASPs should be licensed and/or registered in their jurisdiction. As you can see, it’s a big ask for an industry that is largely anonymous and decentralized.

While the Travel Rule sounds similar to Know Your Customer (KYC), it does have a couple key differences. The first is that during KYC, the data collected is only used by the organization that collects it. With the Travel Rule, that KYC information needs to be shared between VASPs and/or the relevant authorities.  Secondly, KYC is an internal process while the Travel Rule is an external one. 

The implications of the Travel Rule

The Travel Rule has a number of implications, both positive and negative. A big positive is the reduction of financial crime in the cryptocurrency industry. Money laundering has been a particular concern over the years, and while the crypto world has yet to experience a money laundering scandal on par with traditional banks, it is only a matter of time. As a result of the Travel Rule, financial crimes will be more difficult to carry out, and regulators will have a better understanding of how criminals are using crypto.

Another benefit is that the Travel Rule will lead to stronger KYC policies and practices which, in turn, leads to higher customer confidence in VASPs. As a result, implementing the Travel Rule might actually attract new users to the crypto world who feel that the industry is now better regulated and therefore, safer. 

However, with the Travel Rule, cryptocurrency is no longer anonymous, which is part of the reason it has become so popular in the first place. It could be that as a result of the Travel Rule, VASPs usage takes a downturn. While many people have heard of cryptocurrency, only 10% of people actually understand fully how it works. Crypto use could drop off as a result of the Travel Rule, which is an unintended and unfortunate implication.

Challenges for Travel Rule compliance

As mentioned earlier, complying with the Travel Rule presents a variety of unique challenges. The first is that cryptocurrencies’ blockchains do not have any underlying technology to collect the necessary personal information needed for compliance. One is going to need to be created, which will be a lot of work. It also needs to be scalable, and cost effective.

Additionally, not all cryptocurrencies and VASPs use the same blockchain or even the same technology. For example, two of the most popular cryptocurrencies, Ethereum and Bitcoin, operate on completely different blockchains, which poses a huge problem for interoperability. Presumably, Travel Rule compliance will require some type of overall unification in the crypto world, which leads us to our next problem.

VASPs are inherently competitive, and in order to be compliant, they will need to collaborate with each other and the necessary authorities. Additionally, the government needs to be involved with both registering VASPs and the reporting aspect of the Travel Rule. When cryptocurrency was first introduced, the whole point was that it was not tied to one government, country, or currency. Now the FATF is asking for that to change, and while the reasoning is understandable (the prevention of criminal activity), the industry has struggled to come to terms with it.

And then there are further issues of interoperability involving cultural, linguistic, and regional barriers. A global solution is needed, which means a VASP in the United States and a VASP in Japan need to be able to use the same system. VASPs from all over the world will need to come together and work towards a common goal and agree on a solution. When you consider that all of the countries in the world have trouble agreeing on any one thing, you can see the huge hurdle that VASPs face.

Compliance for the Travel Rule needs to also comply with existing data privacy laws such as the GDPR and the CCPA, which offers another set of difficulties. 

Conclusion – Explaining the FATF Travel Rule

As you can see, the Travel Rule marks a major change when it comes to virtual assets, and will fundamentally alter how VASPs operate in the future. Cooperation is going to become a key part of day to day operations; something which has never previously existed. As some nations have already taken a dislike to cryptocurrency and virtual assets, it is important that the community stands together and does its best to reach compliance. 

Failing to comply could have dire consequences for VASPs all over the world. As mentioned earlier, the FATF cannot prosecute but it will not hesitate to call out those who are failing to comply, and VASPS will be no exception. The main issue many VASPs are facing is finding a solution in time to comply with the FATF’s recommendation. Keep an eye out for our next Travel Rule article that will outline the current solutions that are emerging.