The upgraded EU rules on the tracing of transfers of funds bring crypto-asset transfers into the scope of application of the law. Crypto-Asset Service Providers (CASPs) involved in such transfers will be required to collect and verify information on senders and recipients and make it available to national AML/CFT competent authorities on demand.

Together with the publication of the Markets in Crypto-Assets Regulation (MiCA) last May, the EU also published the updated Transfer of Funds (TFR) Regulation (also known as "Wire-Transfer Regulation"). The revision of the TFR was part of a package of four legislative proposals tabled by the Commission back in 2021 to modernize and strengthen the EU's Anti-Money Laundering regime, the other initiatives being the creation of an EU AML Authority, a new AML Regulation, and a new AML Directive (AMLD 6). The new transfer rules seek to ensure traceability of crypto-asset transfers by supplementing and recasting Regulation 2015/847 that provides for the traceability of transfers of funds. They will apply from 30 December 2024, coinciding with the application of the MiCA Regulation.

Effects on Crypto-Asset Service Providers (CASPs)

For several years, Payment Services Providers (PSPs) involved in wire transfers were under the obligation to accompany such transfers with information on the sender (payer) and the recipient (payee), store the information at both sides of the transfer, and keep it available to competent authorities. This became known as the "travel rule", as the collected information had to travel together with the funds.

The revised Regulation maintains the requirements concerning transfers of funds and brings within the scope of the law transfers of crypto-assets made by Crypto-Asset Service Providers (CASPs). This will facilitate the identification of persons sending and receiving crypto-assets for AML purposes and the detection and blocking of suspicious transactions.

The rules apply to all transfers of crypto-assets provided that at least one of the CASPs involved in the transfer is established or registered in the EU. An exemption applies in respect of crypto-transfers where (a) both the sender and the recipient are CASPs acting on their behalf or (b) the transfer is a person-to-person transfer not involving a CASP. It is notable that the discretion afforded to Member States to exempt −under specific conditions −certain domestic low value (less than €1000) transfers of funds does not apply in relation to transfers of crypto-assets.

Information Collected by CASPs

The CASP of the sender must ensure that the transfer of the crypto-assets is accompanied by information on both the sender and the recipient/beneficiary, as follows:

Info on Sender Name, address, official personal document number, customer identification number, distributed ledger address, crypto-asset account number
Info on Recipient Name, distributed ledger address, crypto-asset account number

Prior to the transfer, the CASP of the sender must verify the accuracy of the information relating to the sender using data, documents, or other reliable sources (unless already verified under the relevant AML provisions)

The CASP of the recipient/beneficiary is required to implement effective procedures to detect whether the information on the sender and the recipient is included in the transfer of the crypto assets. Such procedures must enable the CASP to determine whether to execute, reject, return, or suspend a transfer that is not accompanied by complete information. The crypto-assets should not be made available to the recipient before the CASP verifies the accuracy of the information relating to the recipient, using data, documents or other reliable sources (unless already verified under the relevant AML provisions).

Record Retention

CASPs of the sender and the recipient are required to retain records of the information (on the sender and recipient) for five years unless Member States require −on justified grounds −further retention of up to five more years. The stored information must be readily available to support responses to inquiries from the national authorities responsible for preventing and combating money laundering.

Restrictive Measures

The revised TFR also requires CASPs to have in place internal policies, procedures, and controls to ensure the implementation of EU and national "restrictive measures" towards third countries. The European Banking Authority (EBA) is mandated with issuing guidelines by 30 December 2024 concerning the implementation of this requirement.

In conclusion, CASPs should proactively consider their KYC and due diligence processes and arrangements in light of the new rules, paying particular attention to capturing reliable information on the senders, verifying recipients, and assessing and acting on cases where the information received is incomplete. As money laundering and flows of illicit funds through crypto-assets are of increasing concern to Union and Member State authorities, affected entities will be expected to have robust due diligence arrangements in place to defend against the criminal misuse of their services.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.