What is the impact of the recast EU Transfer of Funds Regulation on crypto-assets transfers?

The European Commission officially published the much-anticipated Markets in Crypto-Assets Regulation (MiCAR) and the revised Transfer of Funds Regulation (the TFR3) in the Official Journal of the European Union on 9 June 2023.

While MiCAR has been the subject of many discussions and articles, the TFR3 has been considered much less – despite its significant impact on the crypto industry.

Anti-money laundering framework

This revised regulation aims at implementing the Financial Action Taskforce (FATF)’s recommendations on virtual assets in Europe. The FATF is an intergovernmental organisation that sets standards to tackle money laundering in the global financial system. While FATF's recommendations are not legally binding, they are widely followed and implemented, as countries are mindful of remaining whitelisted by this organisation.

Considering that the traceability of crypto-assets can be a particularly valuable tool against money laundering and terrorist financing, the FATF's Recommendation 16 (known as the Travel Rule) requires originator and beneficiary data to be shared between virtual asset service providers along with transfers of crypto-assets.

The European Union has taken an aggressive stance with the adoption of the TFR3, in going beyond the FATF's recommendations.

Information-sharing and the Travel Rule

The Travel Rule is a set of guidelines that requires financial institutions to share information between each other alongside transfer of funds that are at least partially processed electronically. This includes credit transfers, direct debits, and even money remittance.  

Along with the transfer of funds, data on the payer and the payee "travels" from one financial institution to another until the funds reach their final destination. The purpose is to increase fund traceability and to tackle money laundering more efficiently.

Up until the adoption of FTR3, the Travel Rule was implemented into EU laws by the Regulation 2015/847 on information accompanying transfers of funds (the TFR2). However, under the TFR2, the Travel Rule was only applicable to a) transfers of fiat currencies and b) only for transactions over €1000, or where funds to be transferred electronically were provided in cash or in anonymous e-money.  

How does it apply to crypto-assets transfers?

The TFR3 extends the scope of the Travel Rule in the EU to transfers of crypto-assets.

The new rules will apply to crypto-asset service providers and financial institutions providing crypto-asset services (together referred to as crypto-asset service providers (CASPs)) where either the CASP of the originator, the CASP of the beneficiary of the transfer, or any intermediary CASP is established in the EU.

While the FATF Recommendation 16 suggests implementing that obligation for crypto-asset transfers in excess of €1.000, the TFR3 imposes this obligation on every crypto-asset transfer, regardless of its value.

The Travel Rule will not apply to person-to-person transfers (between self-hosted wallets) that do not involve a CASP.

Information required and timing

The originator's CASP will have to make sure that transfers of crypto-assets are accompanied by specific  information, such as details of the originator (including name, address and distributed ledger technology (DLT) address/account number) and of the beneficiary (including name and DLT address/account number).

The beneficiary's CASP, and any intermediary CASP involved, will have to implement processes to detect whether the information accompanying a crypto-asset transfer is missing or incomplete.

That information will have to be submitted in a secure manner and in advance of, or simultaneously or concurrently with, the transfer of crypto-assets.

What about unhosted wallets?

In the case of transfers to or from unhosted wallets (also called "non-custodial wallets" or "self-hosted addresses"), CASPs will have to collect information on both the originator and the beneficiary, usually from their client.

A CASP will not be required to verify the information on the unhosted wallet's user, unless the amount sent or received on behalf of a CASP's client to or from an unhosted wallet exceeds €1000.

When will the TFR3 apply?

Along with MiCAR, the TFR3  entered into force on 30 June 2023 and will apply from 30 December 2024.

In the meantime, European supervisory authorities are expected to produce level 3 guidelines by 30 June 2024.

Osborne Clarke comment

While these rules represent a significant step forward in the fight against money laundering in the crypto-ecosystem, their practical implementation will raise some challenges for CASPs and involve significant operational resources.

From a global perspective, the TFR3 will impose much stricter standards on crypto-asset service providers than in other regions. By way of comparison, the US Financial Crimes Enforcement Network (FinCEN) has decided to implement a US$3000 threshold for the application of the Travel Rule to crypto-asset transfers. While there are some discussions to lower that threshold, there have been no legal amendments so far.