On June 30th, the Financial Action Task Force (FATF) released the outcomes of the June FATF Plenary, a report that concluded a 12-month review of cryptocurrency businesses as they prepare for the Travel Rule and its extended information sharing requirements.
The result back then: the FATF would extend the preparation period by another 12 months, allowing the industry more time to become compliant with the Travel Rule and avoid penalties.
The year-long extension did not come as a surprise: “I expect FATF to only reiterate their guideline expectations on member countries during the plenary. This will help ensure that more VASPs [virtual asset service providers] can work with greater confidence towards firm Travel Rule compliance deadlines in each country following the June plenary,” said Michael Michael Ou, CEO of CoolBitX, on June 9th, prior to the June Plenary report.
Another extension of the preparation period, however, is unlikely according to David Riegelnig, Head of Risk Management at Bitcoin Suisse AG.
“From the regulators’ point of view, they’ve granted one more year to implement the travel rule and they see that the industry is moving,” he told the BTC Times. “I expect regulations to come into effect at least mid-next year.”
What Is the FATF?
The Financial Action Task Force on Money Laundering (FATF) sets international standards to prevent money laundering and terrorist financing. Its primary objective is to develop and enforce FATF Recommendations, which describe a comprehensive plan for a globally coordinated effort to identify the transfer of funds for illicit purposes.
What Is the Travel Rule?
The Travel Rule was first created in the U.S. on May 28th, 1996 through the Bank Secrecy Act and was issued by the Treasury Department’s Financial Crimes Enforcement Network (FinCEN).
The rule requires all intermediary financial institutions to share customer information with one another for fund transfers exceeding $3,000. The type of information that must be provided include the name, address, and the bank account number of the sender.
With the emergence of Bitcoin, a new, unregulated asset class has stepped into the picture and continues to draw interest from both young and established financial institutions. In light of this, the FATF is currently developing new standards for virtual asset service providers (VASPs) to comply with the Travel Rule.
On June 21st, 2019, the FATF updated the existing FATF Recommendation 16 to include the FATF Travel Rule specifically to address the challenges law enforcement faces in monitoring and identifying the use of cryptocurrency for money laundering or terrorist financing. This new Travel Rule is similar to the audit regulations of the United States’ Bank Secrecy Act, but extends the obligation to cryptocurrency transfers world-wide.
Which Cryptocurrency Companies Need to Comply With the Travel Rule?
The Travel Rule applies to businesses that exchange, transfer, or safekeep cryptocurrencies, as well as those who provide financial services related to cryptocurrencies.
“If you custody, process, or exchange crypto, you’re a VASP. But if you are a wallet software provider, you might be excluded,” David Riegelnig told the BTC Times.
But what about “decentralized” exchanges and lending protocols that facilitate transactions through smart contracts?
“FATF is increasingly thinking about this [space], especially with the recent DeFi frenzy,” Riegelnig shared. “If a smart contract is controlled by humans through admin keys, it’s very possible that they will be treated as intermediaries.”
Privacy-enhancing services such as CoinJoin providers, according to Riegelnig, likely have no reason to worry about the Travel Rule as they don’t typically control the private keys of CoinJoin participants.
What Will Change for Businesses and Customers?
With the FATF extending its review period by another 12 months, the Travel Rule is anticipated to be enforced by June 2021.
Therefore, customers of cryptocurrency businesses that operate in one of the FATF’s 39 participating member states should expect personally identifiable information to be collected and shared should they transfer cryptocurrency from one institution to another. This includes countries such as the United States, the United Kingdom, China, and Japan.
However, the Travel Rule will have an impact on businesses all over the world as members may choose not to interact with those who aren’t compliant.
“It's true that FATF requirements are binding only to member states. But in reality, they are effective beyond this group. After this migration period, no transfers will be done with VASPs in countries that are ‘non-cooperative’. You can simply not risk your license for that,” Riegelnig concluded.