The crypto travel rule in the EU explained
Cryptocurrency is notoriously under-regulated, leading to fears it is filled with rampant money laundering and illicit cashflows. Can the crypto travel rule stop this happening?
Due to the unique nature of cryptocurrency, it was not considered to come under the regulatory restrictions of normal currency, until the Fifth Anti-Money Laundering Directive (5AMLD) came into force across the European Union (EU) in January 2020.
EU regulations on crypto so far
This supposedly brought crypto into line with other assets as an AML risk, but many practical gaps remained. 5AMLD brought three key changes to the crypto industry:
- Created a legal definition to cryptocurrency as a “digital representation of value that is not issued or guaranteed by a central bank or a public authority... but is accepted by natural or legal persons as a means of exchange and which can be transferred, stored and traded electronically.”
- Gave Financial Intelligence Units (FIUs) the power to obtain the addresses and identities of the owners of any given cryptocurrency, also known as a virtual asset or currency.
- Assigned cryptocurrency exchanges as obliged entities, meaning they must comply with the same AML regulations as regulated businesses and come under the purview of their relevant local FIU.
But for many critics of the crypto industry this was not enough, and more was demanded from regulators as to what should be done to protect consumers from the potential dangers of crypto. Dangers that are still very real in fiat currency such as money laundering and terrorism financing. Fiat currency is any money that exists under the control of a government or central bank that is issued by a government and not necessarily backed by a commodity, whereas most crypto currency is free from direct governmental control. This lack of control has led many governments to being concerned that crypto could be a haven for criminal activity. The recent sanctioning of TornadoCash is a good example of how governments may react to these concerns.
In June 2022, the EU agreed to implement new rules to stop illicit flows in the region. The major focus of these rules, the so-called ‘travel rule’ has been decried by major crypto exchanges and criticized as unworkable.
What is the crypto travel rule?
The crypto travel rule is simple at its core. Crypto exchanges must know the beneficiary and origin of every transaction, it follows long-established guidance from the Financial Action Task Force (FATF) in the form of Recommendation 16.
The recommendation has been altered to impact all Virtual Asset Service Providers (VASPs) and Crypto Assets Service Providers (CASPs) – this simply means that it will affect any business that accepts crypto or provides access to it. VASPs and CASPs will be expected to have the information for digital wallets that they provide but also to have it for any unhosted wallets. This is not likely to be possible in many cases and will likely be a reason to block certain transactions.
For most of Europe there will be a maximum threshold of value, set by member states, where FATF travel rule information does not need to be noted. But that value will not be able to exceed €1000, except in Switzerland and Liechtenstein where all transactions will need to obey the travel rule regardless of their size.
FATF has reimagined crypto currency transfers as a form of wire transfer and subjected crypto to all the related limitations as a result. This means the entire transaction needs to be traceable and documented. The source of funds and recipient of funds for the transfer needs to be clear on both sides of the transaction.
Crypto has long been lauded by its supporters for the pseudonymous nature of the digital currency. No personal details are theoretically required so long as the digital wallet ID is known. This means that crypto exchanges would have to assign identity to digital wallets. Something that is potentially not always possible, especially if the transaction is made without including the exchange on one side and without any customer due diligence measures.
Beyond that it’s even more difficult thanks to the nature of the transactions, there is no blockchain-native way to ensure that data would travel alongside the transaction.
Thanks to EU privacy rules, this can also only be done where it is certain that businesses can guarantee user privacy at both ends of the transaction.
There is an attempt at play here to end anonymity in the crypto industry, but it’s also clear from cursory levels of knowledge that it is not easily achievable. The crypto exchanges will need to engage solutions that can adapt to this change properly.
The threat of financial crime and crypto
An overarching reason as to why crypto exchanges’ protests have been ignored by regulators is the directive to protect consumers. It does not matter how difficult the regulation is for crypto companies if consumers benefit.
This is a long-suffering issue that every other regulated business has had to come to terms with. But the move to dramatically show support for regulating crypto has left some wondering how realistic the threat is from crypto markets to consumers anyway. And how much money laundering is being done using crypto currencies and assets?
Chainalysis has reported that $8.6 billion was laundered through crypto currencies in 2021, with 47% of stolen crypto currency being laundered through traditional exchanges.
In contrast to the UN’s $800 billion to $2 trillion per year in fiat currency it seems like pocket change in comparison. However, the rate of growth is alarming. Crypto currency money laundering has raised by 30% in a single year according to the same report.
Clearly crypto is a growth industry for criminals, and not one that should be left to flourish as a marketplace for money laundering in the same way that fiat currency has become.
The problem for crypto exchanges is that they are now exposed in the EU in a way they have never been before. They’re open to severe penalties and sanctions from regulators if they do not find a way to obey the rules imposed on them.
What does the travel rule mean for crypto exchanges?
Many crypto exchanges are coming up with clunky solutions that do not provide a great user experience and rely on the user for information verification. For example, in the Netherlands, Coinbase has created a form-fill solution for users.
The crypto exchange requires users to provide name and address information of recipients of cryptocurrency if it is being transferred away from the exchange. There are many weak points to this approach, most obviously that a criminal could simply lie on the form.
At this early stage, showing willingness to comply with the travel rule and some efforts being made in that direction may be enough to keep regulators happy, but that won’t last forever.
Will the travel rule end anonymity in crypto? No, it won’t. Of all the AML regulations ever imposed and suggested by FATF, none have managed to eliminate money laundering. But the travel rule serves an important purpose, it will slow down the growth of illicit activity in the crypto space.
More importantly, the travel rule will create elements of traceability from the first transaction. There are blockchain technologies such as tumblers, aka mixers, that can add privacy layers to most cryptocurrencies, but they can be considered a stopping point for legitimate use of the coins in a particular transaction.
As an early attempt to regulate cryptocurrency, the travel rule is neither the best nor worst idea. It will need to be iterated on repeatedly as the realities of its limitations and oversights become clear. The travel rule will be useful for monitoring both the source of funds and beneficiaries at moments where cryptocurrency is realised into fiat currency for real-world spending. Given that only El Salvador uses cryptocurrency for regular spending (to questionable effect) most crypto currency users will be looking to transfer their cryptocurrency into fiat currency when exiting a crypto exchange.
What can crypto exchanges do?
The crypto travel rule is focused mainly on transactions, using a solution focused on understanding the origin and destination of transactions would be a good start. Rather than expecting customers to tell the compliance officer who they’re sending money to via an unreliable form, it would be better to capture that information natively in the transaction process and use multiple transactions to build a clear picture of the recipient.
For most transactions the originator will be clear, it’s the customer who has already given the exchange all their personal information. As for the beneficiary it becomes more difficult if the wallet is not hosted by the exchange. It could be solved by blocking the transaction or using real-time transaction monitoring to understand customer activity as it happens and build insights into the beneficiary from there to make sure they match the information provided by the customer.
The travel rule is a difficult regulation for crypto exchanges to comply with, in part due to the principles of crypto technology. But by focusing on the approach, it is possible to satisfy regulators.