The revised Transfer of Funds Regulation: what are the implications for CASPs in the EU?

Introduction

On 29 June 2022, the European Council and the European Parliament reached a provisional political agreement on the proposed revised Transfer of Funds Regulation (TFR), an initiative to apply the Financial Action Task Force’s Recommendation on wire transfers (the Travel Rule) to crypto-asset transfers.

The TFR is part of a proposed Anti-Money Laundering (AML) Package consisting of three Regulations and a Directive to reform the EU’s AML regime. In addition to the AML Package, the TFR is also part of a wider framework for crypto-assets in the EU that includes the Markets in Crypto-Asset (MiCA) Regulation.

There are four key elements to the updated AML regime:

1. a new AML authority, the Anti-Money Laundering Authority (AMLA), which is expected to transform AML supervision within the EU and improve cooperation between Financial Intelligence Units (FIUs);
2. a new AML Regulation (AMLR), a single rulebook that intends to unify the EU’s approach to AML;
3. an update to the AML Directive (AMLD6) under which all Crypto-Asset Service Providers (CASPs) will be required to report suspicious activity, provide information on persons involved in crypto-asset transactions to competent authorities, and adopt policies, procedures, and controls to ensure compliance with foreign sanctions; and
4. the updated TFR.

Implications for Crypto-Asset Service Providers (CASPs)

Apart from the inevitable costs of complying with the new measures, what are the major consequences for European CASPs?

Travel Rule

The Travel Rule will apply to all crypto-asset transfers, regardless of the amount. Every CASP is required to collect and transmit information on originators and beneficiaries (including intermediaries). The requirement to store data for micropayments, risks of data breach, and extra costs for small transactions are some of the expected challenges.

Some of these requirements do not apply to banks and other traditional finance providers, begging the question as to whether or not the EU’s version of the Travel Rule is proportionate and technologically neutral.

Unhosted Wallets

Some requirements which apply to crypto-asset transfers may also apply to transfers made to and from unhosted wallets when the transfer exceeds €1,000. Although they’re not altogether banned, this will deter consumers from holding assets in unhosted wallets. There is the expectation that unhosted wallets will be permitted to transfer funds to hosted wallets, so long as the transfer of required information is included.

However, this presents technical challenges for CASPs. Unhosted wallets do not require the storage of your personal data, so the transfer of this data is not always technically possible, and proof of ownership is very expensive, especially for small transactions.

Does this improve the resilience of the AML regime in Europe? It certainly creates incentives for unhosted wallets to remain outside of the payment ecosystem and widens the domain for illicit activity in peer-to-peer transactions and the holding of funds that have been informally acquired.

Know Your Transaction & Know Your VASP Requirements

The new regulation includes new Know Your Transaction (KYT) and Know Your VASP (KYV) provisions. KYT will require the use the of DLT technology to trace tokens and verify if a token was previously used in illegal activities, a logical and welcome application.

The KYV provision enforces the fact that CASPs in the EU will need to ascertain the licensed or registered status of counterpart CASPs (or VASPs) around the world before engaging in business with them. Enhanced due diligence will apply for third country entities and unregistered or unlicensed entities. Guidance from the European Banking Authority (EBA) on how to conduct the assessment is forthcoming.

What’s next?

The next step will be for the Council and the Parliament to approve the provisional agreement before formal adoption. Technical negotiations between European bodies will also continue and after the final approval from the European Parliament and the European Council, the law will be published in the EU Official Journal. After the TFR enters into force alongside MiCA, CASPs will have 18 months to comply.