Nearly three years after the Financial Action Tax Force (FATF) issued its controversial "travel rule" guidance, regulators and virtual asset service providers (VASPs) are still grappling with the business and technical challenges of implementing these rules. While VASPs, which include crypto exchanges, wallet services, and crypto custody solutions, among others, are at the center of this regulation, mass implementation is expected to slowly but surely impact how you interact with crypto.
In this guide, you'll learn everything you need to know about the crypto travel regulation and how it will impact your daily crypto activities.
What is the crypto travel rule?
In 2019, the Financial Action Task Force, an intergovernmental body that initiates anti-money laundering (AML) measures for the G-7 nations and about 30 other developed countries, recommended a coordinated approach to combating money laundering and terrorist financing. The rule, officially known as FATF Recommendation No. 16, requires VASPs to submit information on the originators and recipients of crypto transactions that exceed a certain threshold. More specifically, VASPs must share information about the identity of the originator and beneficiary when the transaction amount exceeds $1,000.
Essentially, the sender's crypto service provider is expected to share the sender's personal information with the recipient's crypto service provider when cryptocurrencies worth more than $1,000 are exchanged between two parties, and vice versa. Although this is a given, member states can interpret these guidelines and implement versions that best fit their local crypto industry.
For example, the threshold at which the crypto travel rule kicks in in the U.S. is $3,000 (i.e., the rules come into play when the value of the crypto transaction exceeds $3,000). In such cases, VASPs must share information about the amount transacted, the execution date, and the identity of the crypto service provider.
It is known that Switzerland has a strict version of the travel rule, where regulators require identification of private wallets interacting with local VASPs.
In addition to the additional information required by each regulator, the FATF recommends that the following data be transmitted back and forth from VASPs:
- The names of the sender and the recipient
- The address of the sender
- The account number of the sender and the recipient.
The travel requirement existed prior to the FATF's 2019 recommendations, originally targeting banks and financial institutions as part of initiatives to curb money laundering. Essentially, the FATF's 2019 actions only expanded this rule so that existing AML regulations can be replicated in the crypto industry. It is worth noting that prior to the enactment of the crypto travel rule in 2019, the Financial Crimes Enforcement Network (FinCEN) implemented a similar rule under the U.S. Bank Secrecy Act (BSA) for VASPs operating within its jurisdiction.
So unlike most other countries, the U.S. did not have to formulate a new rule from scratch to comply with the FATF's recommendations. Under the rule, FinCEN requires crypto-asset service providers to certify that crypto transactions do not originate from or are sent to sanctioned countries or entities.
Why is the crypto travel rule important?
As mentioned earlier, the main purpose of this regulation is to prevent terrorist financing and money laundering. Below are other reasons why the travel regulation is important:
- The travel regulation ensures that crypto companies comply with sanctions.
- It makes it easier for law enforcement to seize transaction data.
- It is the first crypto regulation to be implemented globally, and it could potentially open the door for more uniform crypto regulation.
What are the challenges?
The first challenge related to the crypto travel rule is the inconsistent approach to implementing it in different regions. As mentioned earlier, the requirements of the travel rule vary from country to country. As a result, VASPs are faced with the task of establishing robust compliance systems that take into account the varying requirements of different countries and implement them accordingly. The inconsistency of crypto travel regulations is popularly referred to as the "sunrise problem."
Given that VASPs need to exchange transaction data, an interoperable communication system is required so that VASPs can easily receive and send personal data. This means that the entire crypto industry must take a collaborative approach to develop the ideal data and communication standards.
Understandably, this is a bit difficult, as the crypto industry has traditionally preferred a decentralized operating model. However, crypto service providers have come to terms with this situation, and many have adopted protocols specifically designed to transmit and capture encrypted data. Examples of these protocols include OpenVASP, Shyft, TRISA, and TRP.
More importantly, the crypto industry has reached consensus on a single data transmission format for all travel rules protocols. This format is called IVMS 101.
Another important topic of conversation is the perceived impact of increasing regulation of digital assets by a segment of the crypto community. Some feel that regulations such as the Travel Rule give regulators the tools and data they need to monitor and punish crypto users.
It is also worth noting the obvious security risks that VASPs face when transmitting user data. It is important to put additional security systems in place to protect user data from such risks.
Finally, the travel rule also poses privacy compliance risks that VASPs face. Even as VASPs seek to comply with the travel rule, they must ensure that their actions comply with the privacy laws of the countries in which they operate.
What does this mean for you?
First of all, keep in mind that you may have to give up some of your privacy in order to continue interacting with the crypto market.
Also, you need to know at least the names of your beneficiaries and those who send you payments. And since there are still challenges related to travel regulation, there's no telling how the inefficiencies of any of the compliance systems would affect your user experience.
In the early stages of this regulatory revolution, you may not be able to transact, depending on the compliance status of your VASP and that of your counterparty.