PURPOSE: to fight money laundering and the financing of terrorism, including by implementing international standards and by ensuring the availability of basic information on payers and payees of transfer of funds, and on originators and beneficiaries of transfers of crypto-assets.
LEGISLATIVE ACT: Regulation (EU) 2023/1113 of the European Parliament and of the Council on information accompanying transfers of funds and certain crypto-assets and amending Directive (EU) 2015/849.
CONTENT: this Regulation updates the rules on information accompanying transfers of funds by extending the scope of these rules to transfers of crypto-assets.
Under the new rules, the crypto asset service providers are obliged to collect and make accessible certain information about the originator and the beneficiary of the transfers of crypto assets they operate. This is what payment service providers currently do for wire transfers. It will ensure traceability of crypto-asset transfers in order to be able to better identify possible suspicious transactions and block them. The new agreement will enable the EU to deal with the risks of money laundering and terrorist financing linked to these new technologies, while reconciling competitiveness, consumer and investor protection, and the protection of the financial integrity of the internal market.
The introduction of this travel rule will ensure financial transparency on exchanges in crypto-assets and will provide the EU with a solid and proportional framework that complies with the most demanding international standards on the exchange of crypto-assets, in particular recommendations 15 and 16 of the Financial Action Task Force (FATF).
Scope
This Regulation will apply to transfers of funds, in any currency, which are sent or received by a payment service provider or an intermediary payment service provider established in the Union. It will also apply to transfers of crypto-assets, including transfers of crypto-assets executed by means of crypto-ATMs, where the crypto-asset service provider, or the intermediary crypto-asset service provider, of either the originator or the beneficiary has its registered office in the Union.
Given the role of crypto-ATMs in providing or actively facilitating transfers of crypto-assets, transfers of crypto-assets linked to crypto-ATMs should fall under the scope of this Regulation.
Ensuring traceability of crypto-asset transfers
In practical terms, the aim of this recast is to impose an obligation on crypto-asset service providers to collect and make accessible certain data on the originator and beneficiary of the crypto-asset transfers they process.
The Regulation provides for a system imposing an obligation on payment service providers to ensure that fund transfers are accompanied by information on the originator and beneficiary of funds and imposing an obligation on crypto-asset service providers to ensure that crypto-asset transfers are accompanied by information on the originator and beneficiary of crypto-assets.
Payment service providers and crypto-asset service providers will ensure that information on the originator and beneficiary of funds or on the originator and beneficiary of crypto-assets is not missing or incomplete.
It is intended to require verification of the accuracy of the information on the originator or beneficiary of funds only for individual transfers of funds that exceed EUR 1 000, unless the transfer appears to be linked to other transfers of funds that cumulatively exceed EUR 1 000, whether the funds were received or paid in cash or in the form of anonymous electronic money, or where there are reasonable grounds to suspect money laundering or terrorist financing.
Self-hosted wallets
There are specific requirements for transfers of crypto-assets between crypto-asset service providers and self-hosted wallets. In the case of a transfer of an amount exceeding EUR 1 000 that is sent or received on behalf of a client of a crypto-asset service provider to or from a self-hosted address, that crypto-asset service provider should verify whether that self-hosted address is effectively owned or controlled by that client.
Policies, procedures and internal controls to ensure the implementation of restrictive measures
Payment service providers and crypto-asset service providers will be required to have policies, procedures and internal controls to ensure the implementation of restrictive measures at EU and national level when transferring funds and crypto-assets under the Regulation.
Data protection
Regarding data protection, it is expected that the General Data Protection Regulation (GDPR) will remain applicable to transfers of funds, and that no separate data protection regulations will be introduced.
Given the urgency to ensure traceability of crypto-asset transfers and chose to align the timetable for application of this regulation with that of the markets in crypto assets (MiCA) regulation.
ENTRY INTO FORCE: 29.6.2023.
APPLICATION: from 30.12.2024.