As of September 1st, the FATF Crypto Travel Rule has been implemented in the United Kingdom. Hence, for all Virtual Asset Service Providers (VASPs) that are active in the UK, comprehending the nuances of the Travel Rule is no longer optional—it's a business imperative.
At the heart of the matter, the primary obligation for UK-based VASPs is to meticulously collect, verify, and share information about crypto-asset transfers. But what does this mean in practice?
Suppose a VASP receives an inbound payment from a jurisdiction where the Travel Rule isn't enforced. In such a case, it's not just business as usual - the VASP is required to conduct a risk-based assessment before making the assets available to the recipient. By extension, similar protocols would apply to UK citizens initiating payments to foreign territories.
While planning to implement the FATF Travel Rule, the Financial Conduct Authority (FCA) was clear in its expectations - VASPs are not merely encouraged but expected to exercise due diligence, even when they use third-party services to assist with compliance.
VASPs must also make it a point to monitor how the Travel Rule is being implemented in other jurisdictions. This vigilance is particularly crucial when dealing with transfers to or from regions that have yet to adopt the Travel Rule.
The VASPs are required to make sure they can receive the necessary information for each transaction. However, even if receiving this information isn't possible, they are still obligated to collect and verify it in line with Money Laundering Regulations. This must be done before any crypto asset transfer occurs.
UK VASPs must scrutinize the countries involved if a transfer comes in with incomplete or missing information. It's essential to be aware of each country's status with regard to the Travel Rule, especially given that only a limited number—like the United States, Germany, and Japan—have fully implemented it. Statistically speaking, as of March 2022, only 29 out of 98 jurisdictions had met the necessary requirements.
Given this fragmented FATF Travel Rule compliance landscape, VASPs are entering uncharted territory. Moreover, the crypto economy itself is still evolving, and compliance requirements like these are inevitably going to pose challenges and the UK-based VASPs are no exception to these growing pains.
Cross-border transfer of funds deals with the regulations of two different legal jurisdictions. The compliance mechanism in such transfers always has to be well-structured and well-laid-out, ensuring that the regulatory realities of two different political geographies are taken into account. This is why many crypto service providers believe that they need further guidance from the FATF while they work on compliance.
In June 2023, the FATF released an update stating that a whopping 75% of 98 jurisdictions were either partially compliant or not compliant with their requirements for virtual assets and VASPs.
This discrepancy in compliance levels creates a challenge as transactions between compliant and non-compliant jurisdictions become fraught with legal complexities. The industry calls this the "Sunrise" issue, a problem Shyft Veriscope has found an innovative solution for.
Shyft Veriscope uses a "historic lookback" approach, allowing VASPs to pull information on any transaction, regardless of when it occurred or whether the receiving VASP was compliant at the time. This feature allows for seamless, compliant transactions across borders and regulatory landscapes.
In essence, Veriscope helps VASPs navigate the fragmented regulatory environment by retroactively generating the necessary compliance information, ensuring that every player can meet their obligations under the FATF Travel Rule.
Fraudulent actors are always active in exploiting cracks in the system, and one such vulnerability could arise from a transaction involving both compliant and non-compliant jurisdictions.
But it doesn't end there - even within two compliant geographies, unequal levels of compliance could similarly present exploitable gaps.
For example, both Canada and the UK are travel rule-compliant. However, Canada requires VASPs to record the beneficiary's postal address, while the UK does not. Such irregularities have to be streamlined to achieve an efficient implementation of the Travel Rule.
The crypto-economy has facilities like self-custodial or unhosted wallets, where no service provider knows the wallet details. Only the holder possesses and controls the private key to that wallet. In such setups, it becomes difficult for VASPs to comply with the norms, including a requirement for firms to identify the names of people behind transactions.
The implementation of the FATF Travel Rule in the UK signals a pivotal moment in the evolving landscape of cryptocurrency regulation. While the UK has taken proactive steps to embrace this global standard, the challenges for Virtual Asset Service Providers (VASPs) are far from over. With a fragmented global adoption rate, issues like the "Sunrise" problem loom large, and even within compliant jurisdictions, nuances in the regulatory frameworks create additional layers of complexity.
As the regulatory landscape continues to mature, VASPs will need to keep several key considerations in mind:
Regulatory Harmonization: Given the patchy adoption of the Travel Rule, efforts to standardize compliance requirements across jurisdictions will become increasingly important. The crypto industry will benefit from greater cooperation among regulators globally.
Technological Solutions: Leveraging technological solutions like Shyft Veriscope can serve as a lifeline for VASPs struggling with cross-jurisdictional compliance. Such tools offer a real-time, scalable way to meet regulatory requirements without sacrificing operational efficiency.
Ongoing Monitoring: Regulatory compliance is a moving target. Keeping abreast of updates, whether from FATF or local regulatory bodies like the FCA, will be vital for continuous compliance. To stay updated on the latest developments and insights, consider subscribing to our Veriscope recap newsletter.
Fraud Prevention: As the sector evolves, so will the techniques used by fraudulent actors. VASPs must continually refine their risk assessment methodologies to identify and mitigate potential vulnerabilities, whether they arise from inconsistent compliance levels or inherent features of the crypto economy.
Customer Education: As compliance requirements become more complex, so does the user experience. VASPs will need to educate their customer base on what these new rules mean for them and how they are being implemented to protect everyone involved.
Dialogue with Regulators: Open communication channels with regulatory bodies can help VASPs gain clearer insights into upcoming changes and possibly influence future policy.
The journey towards full compliance with the FATF Travel Rule is more akin to a marathon than a sprint. With an evolving crypto landscape, shifting regulatory paradigms, and emerging technological solutions, VASPs operating in the UK—and indeed globally—need to stay agile, vigilant, and proactive in their approach to meeting these new challenges.
VASPs need a Travel Rule Solution to comply with the FATF Travel Rule. Have you zeroed in on it yet? Check out Veriscope, the only frictionless crypto Travel Rule compliance solution.
Follow us on X (Formerly Twitter), LinkedIn, Telegram, and Medium for up-to-date news from the world of crypto regulations. To keep up-to-date on all things crypto regulations, sign up for our newsletter.