The Joint Money Laundering Steering Group (JMLSG) has just published UK industry guidance on the regulation of funds transfers (the “Travel Rule”) for consultation. The consultation ends on August 25.
Here are the key points to consider and some outstanding regulatory issues.
Background
The Travel Rules obligations come into force in early September 2023 and will require UK cryptocurrency firms to send user and principal information before or when transferring digital assets to another crypto firm. It does not apply when the transaction relates to transactions on the accounts of crypto firms (i.e. when there is no underlying customer) – so, for example, an OTC crypto broker seeking liquidity from a crypto exchange.
I have recently been fortunate enough to chair several CryptoUK industry working groups on this topic, and have also personally worked on regulation with the UK Treasury, the Financial Conduct Authority (FCA), JMLSG and colleagues at Notabena – a travel rules solutions provider that Elliptical partnerships with.
The final guidelines are helpful, but some key questions remain which I will touch on in due course. It is also clear to me that the industry will need to work through this and identify where the pain points are.
Essentially, the Travel Rule will require that:
- The transfer of cryptoassets between crypto firms and where there is an underlying originator or beneficiary – ie. the legal or natural person on whose behalf the transaction is carried out – will have to meet new requirements.
- If both crypto firms are in the UK, certain minimum information must be provided by the originator firm before or at the time of the transfer. However, additional information must be collected and ready to be sent to the user’s crypto firm, upon request.
- If the transaction has only one UK share and the transaction is greater than or equal to €1,000, then minimum and additional information will need to be sent.
- In the case of non-hosted wallets, where the transaction is greater than or equal to 1,000 euros and there are higher risks, the firm must have systems and controls in place to clarify the control of that non-hosted wallet.
- If the originator crypto firm is unable to determine – after reasonable efforts – whether it is dealing with a UK or non-UK firm, it may assume that the beneficiary firm is a non-UK firm.
- The guidance makes it clear that intermediary nodes within the Lightning Network and other second-layer solutions are not covered by this obligation. However, where applicable, a transfer between crypto firms – even if using the Lightning Network – can be caught and therefore should be compliant. Firms will need to discuss with the FCA how best to deal with this. Here the guidelines strike a balance between ensuring that firms have taken all reasonable steps to find a solution to passing on the relevant information and not having guidelines that could otherwise inadvertently block the obligation.
In my view, the Travel Rule should not be seen as an isolated tool to mitigate financial crime, but rather as part of the overall financial crime regulatory framework. I see this as a three dimensional view to consider when looking at regulation rather than a silo basis. Blockchain analytics is the other side of the coin when it comes to the Travel Rule and assessing the risk of a transaction.
Questions that remain
For me, the significant issues are:
- When, for example, you are a “user cryptoasset business”, and you receive a transfer from an “originator cryptoasset business”, but the user information you received does not match your records, what do you do? And what is the operational process of returning the property? This is complex because it doesn’t exist de minimis the threshold to which these obligations apply. It is possible that the UK industry can adopt an approach of delaying transmission until all travel rules information is matched and agreed, thereby limiting unnecessary operational costs.
- When a UK firm receives a transaction from a non-UK crypto firm that is not subject to the same legal obligations – such as an EU firm where the Travel Rule does not come into force at the end of 2024 – what does it do? This is the so-called “sunrise” issue. Under UK law, it must, using a risk-based approach, either delay the allocation of the transaction to its customer or reverse the transaction. Equally, for UK crypto custodians, which are considered an intermediary crypto firm under UK regulations, this is challenging when one or both of their clients are based in a jurisdiction that does not have to provide this information. In this case, it potentially makes it uncompetitive to be a UK crypto custodian.
Clearly, this is an unsustainable position. I think – and as the JMLSG guidance suggests – the FCA will need to make some supervisory communications to address this. It is hoped that this will be a clarification that no enforcement action will be taken during the “period” when a UK firm is doing business with another crypto firm that is not subject to similar obligations under the Travel Rules. This is no different to the surveillance communications I was involved with or aware of while at the FCA, so it is not insurmountable.
The Travel Rule is a new piece of UK law that will apply from September 2023. We at Elliptic’s GPRG team are always happy to communicate with clients about our understanding of these and other cryptocurrency regulations. Email mark.aruliah@elliptic.co.
Crypto Compliance Regulation