The new Transfer of Funds Regulation

1. Introduction

In the shadow of the EU Regulation on Markets in Crypto-Assets (MiCA), lurks another regulation published by the EU. This is none other than the well-known Transfer of Funds Regulation (TFR). The TFR has made a name for itself, especially in the banking sector, with its last revision in 2015. With the current revision, it now also poses major challenges for crypto-asset service providers (CASPs). The reason for the new version of the TFR from 2015 was primarily the so-called "Travel Rule" of the Financial Action Task Force (FATF). The Travel Rule originates from Recommendation 16 of the FATF and is intended to oblige CASPs to transmit information about the originator and the beneficiary when transferring crypto-assets. The extension of the scope of application of the TFR is intended to enable complete traceability of transfers of crypto-assets and thus reduce the risk of money laundering and terrorist financing in the long term.

2. Scope

According to Article 2, the new TFR applies to all transfers of crypto-assets where the CASP of the originator or the beneficiary has its registered office in the Union. Excluded from the scope of the TFR are person-to-person transfers of crypto-assets carried out without the involvement of a CASP, and transfers of crypto-assets where both the originator and the beneficiary are CASPs acting on their own behalf.

3. Obligations on the crypto-asset service provider (of the originator)

In any case, CASPs shall provide the following information in full throughout the payment chain:

1. name of the originator
2. distributed ledger address of the originator and the crypto-asset account number of the originator, where an account exists and is used to process the transaction
3. originator's crypto-asset account number
4. originator's address, including the name of the country, official personal document number and customer identification number, or, alternatively, the originator's date and place of birth
5. current LEI or, in absence, any other available equivalent official identifier of the originator In addition, the CASP of the originator must submit the following information on the beneficiary:
6. name
7. distributed ledger address
8. crypto-asset account number
9. current LEI of the beneficiary This information must be provided by the CASP in advance of, or simultaneously or concurrently with the transfer of crypto-assets and in a secure manner in accordance with the General Data Protection Regulation. In the case of a transfer or crypto-assets to a self-hosted address, the CASP of the originator is required to obtain the above-mentioned information, hold it, and ensure that the transfer of crypto-assets is individually identifiable. In the case of a transfer of an amount exceeding EUR 1,000 to a self-hosted address, the CASP is obliged to determine whether the self-hosted address is owned or controlled by the originator.

4. Obligations on the crypto-asset service provider (of the beneficiary)

The CASP of the beneficiary shall comply with the following obligations:

• Implementation of effective procedures to in order detect whether the information on the originator and the beneficiary is included in the transfer (completeness check)
• Obtain and hold information of the information on the originator and the beneficiary and ensure that the transfer of crypto-assets can be individually identified (applies only to transfers of crypto-assets from a self-hosted address)
• Determining whether the distributed ledger address is owned or controlled by the beneficiary (applies only to transfers of crypto-assets from a self-hosted address whose value in EUR exceeds 1,000)
• Verification of the accuracy of the information on the beneficiary

5. Challenges in practice

Self-hosted addressesOne of the biggest challenges for CASPs is to find a technical solution to determine whether the self-hosted address is owned or controlled by the originator or beneficiary. The final version of the TFR does not provide for any exceptions and does not offer any technical guidance on how this should be done in practice.Financial expenseWith the extension of the scope of application of the Money Transfer Regulation, CASPs are confronted not only with technical but also with financial challenges. The technical as well as the organizational implementation of the Travel Rule is associated with an enormous effort and high costs for CASPs. Although recital 12 of the TFR indicates that the regulation should not impose unnecessary burdens or costs on obligated entities and that the preventive approach should be targeted and proportionate, it remains to be seen how high the costs for CASPs to implement the Travel Rule will actually be.

6. Sanctions

To ensure that CASPs comply with their obligations under the TFR, effective, proportionate and dissuasive sanctions should be established. It is up to the Member States to determine or define the administrative sanctions for violations of the TFR. It should be noted, however, that the Member States do not have a free hand in the concrete definition, but must meet a certain minimum standard. The harshness of the sanctions once again demonstrates the EU's zero tolerance policy in the fight against money laundering and terrorist financing.

7. Software solutions for Travel Rule compliance

Since the publication of the FATF's Travel Rule, a number of software providers have set themselves the goal of bringing a technical solution for the Travel Rule to the market. In addition to the major players such as Chainalysis and Ciphertrace, a number of newcomers such as Notabene are now promising solutions for the successful implementation of the Travel Rule. It remains to be seen whether the existing software solutions will be able to cope with the extensive and technically complex obligations of the TFR. by Leyla Farahmandnia & Gregor Schütz