Opinion

The global 'patchwork' of crypto travel rule

As crypto becomes more mainstream, regulatory bodies worldwide worked hard at implementing measures to ensure its transparency and mitigate associated risks, particularly around anti-money laundering (AML) and combating the financing of terrorism (CFT). One such measure is the Travel Rule, which mandates the transmission of originator and beneficiary information for certain crypto transactions. However, the implementation and enforcement of the Travel Rule vary significantly across jurisdictions, creating challenges for Virtual Asset Service Providers (VASPs) operating globally.

In the United Arab Emirates (UAE), cryptocurrency is legal to hold, sell, and trade. The regulatory landscape is overseen primarily by two entities: the Virtual Assets Regulatory Authority (VARA) in Dubai and the Financial Services Regulatory Authority (FSRA) in Abu Dhabi.

Travel rule in Dubai: VARA's approach

VARA's Compliance and Risk Management Rulebook, effective from February 7, 2023, explicitly mandates Crypto Travel Rule compliance for Dubai VASPs. The minimum threshold for compliance is AED 3,500, as noted by the Notabene.id team. VASPs must collect and transmit specific originator and beneficiary information, including names, account numbers, addresses, and unique transaction identifiers, for transactions exceeding this threshold.

While VARA urges VASPs to manage risks associated with transactions involving self-hosted wallets, it has not provided specific guidelines on handling them. Additionally, VASPs are required to conduct risk-based due diligence on counterparty VASPs before entering into any transaction. VARA also addresses the 'sunrise issue,' requiring VASPs to outline their plans for complying with the Travel Rule in jurisdictions where it is not yet mandatory.

Travel rule in Abu Dhabi: ADGM FSRA's approach

In Abu Dhabi, the FSRA's regulatory framework for virtual assets also incorporates the Travel Rule. The threshold for compliance is 0, meaning that all transactions, regardless of the amount, are subject to the Travel Rule. VASPs must collect and transmit the required originator and beneficiary information, including names, addresses, and account numbers.

The FSRA's approach aligns with the European Union's Transfer of Funds Regulation, which also mandates wallet ownership verification for transactions exceeding 1,000 euros. This verification ensures that the originator or beneficiary customer genuinely controls the associated wallet.

Beyond the specific regulations in the UAE, the implementation of the Travel Rule presents a complex and fragmented landscape worldwide, as noted by the Notabene.id team. Jurisdictions have adopted varied approaches to thresholds, enforcement timelines, and obligations related to self-hosted wallets, making compliance a challenging endeavor for VASPs operating across borders.

The Financial Action Task Force (FATF) initially recommended a de minimis threshold of $1,000 USD/EUR, exempting transactions below that amount from Travel Rule requirements. However, the 2021 update introduced a more nuanced approach, mandating the collection of originator and beneficiary information for all transactions, regardless of the amount, with verification required only under suspicious circumstances.

This has led to diverse implementations across the globe:( Source: Notabene.id)

No Threshold: Jurisdictions like the European Union, Estonia, Bahrain, Bermuda, India, Malaysia, and the Netherlands have adopted a zero-threshold approach, requiring Travel Rule compliance for all transactions regardless of the amount.

Specific Thresholds:Many jurisdictions have set specific thresholds, triggering Travel Rule obligations only for transactions exceeding a certain value. Examples include Canada (CAD 1,000), Dubai (AED 3,500), Gibraltar (EUR 1,000), Hong Kong (HKD 8,000), Japan (YEN 100,000), Jersey (1,000 Euros), Liechtenstein (CHF 1), the Philippines (PHP 50,000), Singapore (SDG 1,500), South Korea (KRW 1,000,000), Switzerland (CHF 1,000), the United Kingdom (EUR 1,000), and the United States (USD 3,000).

Limited Information Below Threshold: Some jurisdictions, like the Bahamas (1,000 BSD) and Indonesia (1,000 USD), require a limited scope of information to be collected and transmitted for transactions below the threshold, with full Travel Rule compliance triggered above it.

Threshold to be Announced (TBA):Certain jurisdictions, like Australia and South Africa, have announced plans to implement the Travel Rule but have yet to specify the threshold.

The enforcement dates for Travel Rule compliance also vary considerably, with Singapore leading the way in January 2020 and the European Union's full implementation scheduled for December 2024. Additionally, regulations regarding self-hosted wallets remain inconsistent, ranging from enhanced due diligence requirements to mandatory collection and verification of wallet owner information.

The fragmented nature of Travel Rule implementation presents challenges for VASPs operating internationally. Understanding and complying with the diverse requirements across jurisdictions demand meticulous attention to detail and robust compliance frameworks. It is crucial for VASPs to stay updated with regulatory developments and proactively adapt their operations to ensure adherence to the evolving global landscape.

Stefano Virgilli

The author is a member of the International Press Association