Almost three years after the controversial "travel rule" guidance was issued by the Financial Action Tax Force (FATF), regulators and virtual asset service providers (VASP) are still coming to terms with the economic and technical challenges of implementing these rules. While VASPs, which include but are not limited to crypto exchanges, wallet services and crypto custodial solutions, are the primary focus of this regulation, mass implementation is expected to slowly but surely impact how you interact with crypto.
In this guide, we will be discussing everything you need to know about the crypto travel rule and how it will affect your everyday crypto activities.
Read more: Is Bitcoin Legal?
What is the crypto travel rule?
In 2019, the Financial Action Task Force, an intergovernmental body that initiates anti-money laundering (AML) policies for G-7 and an additional 30 or so developed countries, recommended a coordinated approach to combat money laundering and terrorist financing. The rule, formally known as FATF Recommendation #16, requires VASPs to communicate the information of the originators and beneficiaries of crypto transactions that exceed a certain threshold. More specifically, the regulations require VASPs to exchange information regarding the identities of the originator and beneficiary whenever the amount transacted is above $1,000.
In essence, whenever crypto worth over $1,000 is transacted between two parties, the crypto service provider of the sender is expected to communicate the personally identifiable information (PII) of the sender to the crypto service provider of the recipient and vice versa. While this is a given, member states can choose to interpret this guidance and implement versions that best suit their local crypto industries.
For instance, the threshold at which the crypto travel rule kicks in the U.S. is $3,000 (i.e., the rules come into play when the value of the crypto transaction exceeds $3,000). In such cases, VASPs are required to exchange information regarding the amount transacted, the execution date and the identity of the crypto service provider.
Switzerland is known to have a strict version of the travel rule, where regulators require the identification of private wallets interacting with local VASPs.
In addition to the extra information required by individual regulators, FATF recommends the following data ought to be transmitted back and forth by VASPs:
- The names of the sender and the recipient
- The address of the sender
- The account number of the sender and the recipient
The travel rule existed before FATF’s 2019 recommendations. Initially, the regulation was targeted at banks and financial institutions as part of the initiatives for mitigating money laundering. In essence, FATF’s actions in 2019 only expanded this rule such that existing AML regulations can be replicated in the crypto industry. It is worth mentioning that prior to the issuance of the crypto travel rule in 2019, Financial Crimes Enforcement Network (FinCEN), under the U.S. Bank Secrecy Act (BSA), had imposed a similar rule on VASPs operating within its jurisdiction.
Hence, unlike most nations, the U.S. did not need to formulate a new regulation from scratch to comply with FATF’s recommendations. Under this rule, FinCEN requires crypto asset service providers to confirm that crypto transactions do not originate from or are not sent to sanctioned countries or companies.
Why is the crypto travel rule important?
As mentioned earlier, the core purpose of issuing this regulation is to block terrorist financing and money laundering. Below are other reasons the travel rule is important:
- The travel rule ensures that crypto businesses adhere to sanctions.
- It makes it easier for law enforcement to subpoena transaction data.
- It is the first crypto regulation implemented globally, and it could potentially open the door for more uniform crypto regulation.
What are the challenges?
The first challenge associated with the crypto travel rule revolves around the nonuniform approach to the implementation of this regulation in different regions. As mentioned earlier, the requirements of the travel rule differ from country to country. Hence, VASPs are burdened with the task of incorporating robust self-compliance systems that would consider the different requirements of various countries and implement them accordingly. The nonuniformity of the crypto travel rules is popularly called the "Sunrise Problem."
Bearing in mind that VASPs are required to exchange transaction details, there is a need for an interoperable communication system such that VASPs can easily receive and send PII. This means the entirety of the crypto industry must embrace a collaborative approach to come up with the ideal data and communication standards.
Understandably, this is a tad difficult because the crypto industry historically favors a decentralized model of operation. That said, crypto service providers are coming to terms with this situation, with many adopting protocols specially designed to aid the transfer and collection of encrypted data. Examples of these protocols are OpenVASP, Shyft, TRISA and TRP.
More importantly, the crypto industry has reached a consensus over a single data messaging format for all travel rule protocols. This format is called IVMS 101.
Another main talking point is the perceived effect of the influx of digital asset regulation by a faction of the crypto community. Some believe that regulations like the travel rule empower regulators with the tools and data required to surveil and sanction crypto users.
Also worth mentioning is the apparent security risks to which VASPs will be exposed while transmitting users’ information. It is crucial to set up additional security systems that would shield users’ data from such risks.
Lastly, there are data privacy compliance risks that the travel rule exposes VASPs to. Much as VASPs are trying to adhere to the travel rule, they must ensure that their actions align with the data privacy laws of the jurisdictions where they operate.
What does this mean for you?
The first thing you should have at the back of your mind is that you may need to forego part of your privacy to continue to interact with the crypto market.
You will also have to know at least the name of your beneficiaries and those sending you payments. And since there are still challenges associated with the travel rule, there is no saying how the inefficiencies of any of the compliance systems would affect your user experience.
At the early phase of this regulatory revolution, you may be unable to execute transactions, depending on the compliance status of your VASP and that of your counterparty.
Read more: What Are Privacy Coins and Are They Legal?
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.
Learn more about Consensus 2023, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.