How to regulate virtual assets? –about FATF Travel Rule recommendations


The Financial Action Task Force (FATF) was established in 1989 by Group of Seven (G-7) as a global authority to regulate Anti-Money Laundering (AML) and Combating the Financing of Terrorism (CFT). FATF consists of 39 member countries who currently preside over more than 200 countries and almost every major global financial center. FATF also works closely with 8 regional associate members and 30 observer countries and organizations (e.g., IMF, UN, World Bank).

In June 2019, the FATF revised their Recommendation 16 (Travel Rule), which fundamentally changes the original crypto world that we are familiar with. With the revision, the proposal has been extended to Virtual Asset Service Providers (VASPs) such as virtual assets and exchanges, with huge implications. The FATF publishes non-compliant countries and periodically publishes reports on member countries' compliance with the FATF recommendations. The due date of Travel Rule compliance is June 2020.

What is Travel Rule?

Recommendation 16 is commonly referred to as the “Travel Rule,” and was designed to regulate the potential risk for money laundering or terrorist financing in wire transfers. The Travel Rule was previously limited to banks only, and closely mimics the Bank Secrecy Act (BSA) in the United States which requires financial institutions to share information about their customers and assume responsibility for reporting suspicious activity.

Prior to the implementation of the FATF, the cryptocurrency industry was largely self-regulated. Each country created its own rules to prevent money laundering and terrorist financing, but there was a lot of confusion and no overarching international standard, To keep up with the evolving world of cryptocurrencies, Recommendation 16 was expanded to include virtual assets and exchanges in June 2019.

Expanded to include VASPs

Under the Travel Rule, VASPs are required to share the identities of users involved with any virtual asset transfers valuing $1000 USD or more.

Countries should ensure that originating VASPs obtain and hold required and accurate originator information and required beneficiary information on virtual asset transfers, submit the above information to beneficiary VASPs and counterparts (if any), and make it available on request to appropriate authorities.

VASPs will now need to obtain and verify customer identification with one another. The originator’s VASP should share the data listed blow with the beneficiary’s VASP during transactions:

1 Name of the originator and beneficiary

2 Account number used for transaction processing

3 Identifiable information, such as physical address, ID number or place and date of birth.

4 Share  blacklists with other VASP and related parties.

In addition, VASP should also be licensed or registered in the jurisdictions and have ongoing monitoring of transactions.

We can examine whether a VASP should comply with the FATF regulations by questioning the following conditions:

1 Whether it is a centralized virtual currency exchange.

2 Whether it is a centralized virtual currency hosting service.

3 Whether it allows for the transfer of virtual currency.

4 Whether it provides custodian, investor, or issuer related services.

If the answer to any of these questions is “yes,” then VASP should consider a risk-based, proactive approach to compliance:

  • Develop a risk-based program tailored to the specific business
  • Implement Know Your Customer (KYC) and Enhanced Due Diligence (EDD) processes
  • Implement transaction monitoring and customer risk scoring
  • Implement dynamic systems to ensure compliance with sanctions laws
  • Establish clear communication with clients regarding prohibited activities
  • Record detailed suspicious transaction reports (STRs) where possible

Relationship between Travel Rule and KYC

The main difference between Travel Rule and KYC is that the data collected during KYC is only used by the organization that collected the data, whereas under Travel Rule, KYC information needs to be shared between VASPs and/or relevant authorities. Moreover, KYC is an internal process, while Travel Rule is an external process.

Opportunities and Challenges

The Travel Rule will bring both positive and negative effects, with one major benefit being the reduction of financial crime in the cryptocurrency industry. Under the Travel Rule, financial crimes will be more difficult to commit and regulators will have a better understanding of how criminals use cryptocurrency.

Another benefit is that the Travel Rule will lead to stronger KYC policies and practices, which in turn will increase customer confidence in VASPs. As a result, the implementation of Travel Rule may actually attract to new users to the crypto world who believe that the industry is now better regulated and therefore safer.

However, with Travel Rule, cryptocurrency will be no longer anonymous, which is part of the reason it became so popular in the first place. It is possible that the use of VASP has declined due to the impact of Travel Rule. Although many people have heard of cryptocurrencies, only 10% of people actually fully understand how they work. 

On top of that, not all cryptocurrencies and VASPs use the same blockchain or even the same technology. For example, the two most popular cryptocurrencies, Bitcoin and Ethereum, run on completely different block chains, which poses a huge problem for interoperability. It is conjectured that compliance with the Travel Rule would require overall uniformity of certain types in the crypto world, which would lead us to another problem. 

Furthermore, the government needs to develop regulations related to the registration of VASPs and the submission of Travel Rule reports. After all, cryptocurrency is not tied to any government, country, or legal tender.

Then there are the interoperability issues involving cultural, language, and regional barriers. The need for a global solution means that VASPs in the US and VASPs in Japan must be able to use the same system. VASPs from all over the world will need to come together, work towards a common goal, and agree on a solution. When you consider it difficult for all countries around the world to reach consensus on anything, you will see a huge obstacle for VASPs.

Compliance with the Travel Rule also requires compliance with existing personal data privacy laws, such as the GDPR and CCPA, which presents a further set of challenges.

In interviews during the V20 event in June 2019, VASPs proposed some problems and challenges which both originators’ and beneficiaries’ VASP will have to find a way to share data with counterparties while not violating privacy laws or creating unreliable data through tampering.

Travel Rule represents a major change in virtual currency that will fundamentally alter the way VASPs operate in the future. Besides, cooperation between VASPs will be a key part of day-to-day operations. It will be crucial for the virtual currency ecosystem and community to come together and do their best to comply with regulations.