The Travel Rule – Crypto Meets Global Regulation
Feb 24, 2020
In 2020, most jurisdictions will introduce the obligation for financial intermediaries to exchange customer data when transferring cryptocurrencies on behalf of their clients. The so called “travel rule” is part of the global regulation against money-laundering. What is standard to traditional payments for a long time, poses a challenge to the crypto-financial industry.
In the first few years after the Bitcoin white paper had been published, hardly anyone imagined the store of value it would become, nor the potential of cryptocurrencies to rival traditional payments. ‘Be careful what you wish for’, comes to mind when thinking about the regulatory attention the crypto space receives nowadays.
The Travel Rule for Cryptocurrencies
Last June, the Financial Action Task Force (FATF) issued new requirements for cryptocurrencies to combat money laundering and terrorism financing. The 37 member countries are expected to adopt these regulatory rules within one year.
The influential intergovernmental organization had cryptocurrencies on its radar for quite a while. Last year, it started to include “virtual assets” in the regulatory framework and introduced the term “virtual asset service provider” (VASP, see below).
Yet the implementation of some of the most recent guidance is a challenge for the crypto-financial industry.
What is a Virtual Asset Service Provider (VASP)?
Any natural or legal person who (…) as a business conducts one or more of the following activities or operations for or on behalf of another natural or legal person:
- exchange between virtual assets and fiat currencies;
- exchange between one or more forms of virtual assets;
- transfer of virtual assets;
- safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; and
- participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.
This is particularly true for recommendation 16, often referred to as “travel rule”. It requires any VASP to obtain, hold, and transmit originator and beneficiary information when transferring virtual assets to or from another VASP on behalf of their clients.
Under the new guidance, the sending customer’s name, address and account number must be transmitted as well as the name and account number of the recipient.
Not a new idea
The travel rule is not a new invention. For most countries, it has been part of the regulation on wire transfers at least since the 1990s.
From a regulatory perspective, applying the rule to cryptocurrencies is therefore seen as leveling the playing field between different funds transfer systems.
However, contrary to traditional wire transfers, the rule requires an additional exchange of information that is per se not necessary for blockchain-based transactions. The need for industry participants to agree on standards for such an additional information layer is what makes the requirement difficult.
Peer-to-peer transactions are not affected
Unlike traditional wire transfers, cryptocurrencies are often (or even typically) transferred between parties that are not financial intermediaries or VASPs. These peer-to-peer transfers remain out of scope.
The unequal treatment of transfers among intermediaries versus peer-to-peer transactions has been criticized. It was argued that the travel rule in its current form will be not effective to combat criminal activity, instead putting a burden on the crypto-financial industry. However, service providers being active in the space will have no alternative but to adhere to the rule.
Implementing the travel rule is not as easy as it first seems. Imagine you as a VASP receive the instruction from a client to transfer 10 Bitcoin to an unknown blockchain address. How do you know whether the destination address is controlled by another VASP, which triggers the obligation to send originator and beneficiary information? If this can be determined, how is the information transmitted and in what format? What happens if the client refers to the wrong VASP by mistake or even on purpose? Finally, how can be ensured that client data is protected along the way.
Different solutions are currently being discussed by the VASP community. Initial ideas where suggesting centralized approaches, such as global registration of addresses controlled by VASPs, which would obviously undermine the benefits arising from the blockchain. Increasingly, the discussion focuses on decentralized and open protocols. Some ideas suggest the usage of blockchain.
In a recent blog post, Andy Bryant from bitFlyer summarized the different technical solutions across two dimensions: Firstly, whether it follows a centralized or decentralized approach, and secondly whether the solution utilizes a blockchain or not.
Irrespective of the way it is implemented, the travel rule will have an impact on the crypto-financial ecosystem. For a VASP, compliance will be less costly when receiving cryptocurrencies from another VASP, together with the mandated originator information, than obtaining the necessary background on a transaction made from the customer’s private wallet.
For this reason, there are concerns that VASPs might prefer transactions from other VASPs to the extent that it will weaken the peer-to-peer nature of cryptocurrencies.
On a more positive note, the travel rule does address the most important regulatory concerns about cryptocurrencies: their usage in money-laundering and to evade sanctions.
Even though the fear of illicit transactions is often exaggerated – blockchain compliance company Chainalysis accounted them for less than 1% of all Bitcoin activity in 2019 – such allegations were hindering further acceptance.
Therefore, while the travel rule is a significant burden to those active in the space, it will at least place cryptocurrencies at a more equal footing with traditional payment systems. One excuse less for delaying adoption.
Bitcoin Suisse has proposed an open standard to facilitate compliance with the travel rule for virtual assets. Called OpenVASP, the protocol is designed to:
- pursue a decentralized approach without the usage of a central component;
- work with any blockchain or distributed ledger technology (DLT) used for the underlying virtual asset transfer;
- put privacy of transferred data at the center of its design.
More information can be found on the OpenVASP website here.