On 24 November 2023, the EBA published draft Guidelines on preventing the abuse of funds and certain crypto-assets transfers for money laundering and terrorist financing purposes under Regulation (EU) 2023/1113 (‘The Travel Rule Guidelines’).
What do the draft guidelines cover?
The Guidelines are set to introduce new standards across the industry in the following six areas. The objective is to make the abuse of funds and certain crypto-assets transfers for money laundering and terrorist financing purposes more difficult, and to enable relevant authorities to fully trace such transfers where this is necessary to prevent, detect or investigate money laundering and terrorism financing (ML/TF).
Who is impacted?
The proposed new measures will impact Payment Service Providers (PSPs), Intermediary PSPs (IPSPs), Crypto-Asset Service Providers (CASPs), Intermediary CASPs (ICASPs) and Competent Supervising Authorities and will affect procedures for detecting and managing the transfer of funds and crypto-assets.
What do the Guidelines mean for impacted entities?
Criteria to identify transfers carried out exclusively for the payment of goods and services.
Common standards for seamless transmission of data that accompanies the transfer.
The Guidelines define the information PSPs and CASPs should include in relevant fields in the systems when transferring crypto-assets and funds. They also set out the steps CASPs and ICASPs should take if the full information cannot be transmitted due to technical limitations.
The draft Guidelines allow a transitional period of up to 31 July 2025 for CASPs and ICASPs to adjust the systems. The same transitional period is not foreseen for PSPs as the requirements that apply to them in Regulation (EU) 2023/1113 (‘The Regulation’) remain the same.
Requirements for the information that should be transmitted with the transfer.
The Regulation outlines the information to be transmitted but lacks detailed specifications, leading to varying interpretations among different PSPs and CASPs. This variability increases the risk of unnecessary rejection of transfers even when all necessary information is provided.
To address this, the draft Guidelines set out common standards for information to be transmitted with the transfer.
Process of detecting and dealing with transfers with missing or incomplete information.
Risk-based procedures should be used when determining whether to execute, reject or suspend a transfer. The entities should consider the ML/TF risk associated with that transfer before deciding on the appropriate course of action.
Details on the steps to be taken, with respect to self-hosted addresses.
The Guidelines cover the actions for CASPs to comply with the following requirements:
- obtain and hold the information on the self-hosted address,
- ensure that the transfer of crypto-assets can be individually identified, and
- assess whether that address is owned or controlled by the CASP customer where the transfer amount exceeds EUR 1,000
The obligations on the payer’s PSP, payee’s PSP and IPSPs where a transfer is a direct debit.
Direct debits are payment instructions sent by the PSP of the payee to the payer’s PSP. Unlike a credit transfer, which is initiated by the payer, a direct debit is a transaction initiated by the payee. This means that the payee’s PSP holds the information that the payer’s PSP would need to comply with their obligations.
As a result, in the direct debit context, the payer’s PSP may not be able to comply with the requirements of the Regulation if it does not have the required information. These Guidelines have outlined the actions for direct debit providers to make sure they are compliant with the Regulation.
The Regulation must be adhered to by entities within scope by December 30, 2024, necessitating compliance with the new requirements.
The draft Guidelines are currently undergoing a 3-month public consultation. The EBA will finalise these Guidelines once the consultation responses have been assessed.
The consultation period runs until 26 February 2024. To submit your comments, click on the ‘send your comments’ button on the consultation page here.
For more insights and guidance on AML/CTF regulations, feel free to reach out to Parva Consulting’s team to explore how we can assist you with your regulatory compliance needs.