April 2023, marked the vote and finalisation of the Transfer of Funds Regulation (TFR). European CASPs have a timeframe of just under 10 months to align their compliance practices with the European Union’s implementation of the FATF’s Travel Rule.

Changes in the Transfer of Funds Regulation (TFR)

The TFR, which closely resembled the version agreed upon provisionally in July last year, saw minor adjustments. Notable additions included revisions related to domestic transfers and the timing of Travel Rule data exchange. Additionally, there was further clarification on transfers involving CASPs and self-hosted wallets.

Transfer of Funds Regulation (TFR): Domestic Transfers

The initial TFR proposal suggested that less data be collected for transfers up to EUR 1000 between European CASPs (domestic transfers) unless they posed an elevated risk. However, this provision has been eliminated, and regardless of the CASP’s location or the transaction value, complete Travel Rule information, as per the TFR, must be collected, stored, and exchanged.

The originating CASP is responsible for ensuring that the transfer is accompanied by the required Travel Rule data outlined in the TFR. When sending funds from an EU CASP to a CASP outside the territory, the originating CASP must verify that the beneficiary CASP has appropriate safeguards in place to receive and store the data in compliance with the General Data Protection Regulation (GDPR).

The EU Transfer of Funds Regulation (TFR) Breakdown 

The European Parliament emphasised that due to the nature of cryptocurrencies, these obligations should apply to all CASP-to-CASP transactions.

Transfer of Funds Regulation (TFR): Timing of Travel Rule Data

Previously, originating CASPs were required to send the Travel Rule data specified in the TFR before executing the virtual asset transfer. However, the updated TFR now mandates CASPs to send the data even before allowing the initiation of the transaction. This change ensures that CASPs can screen all parties involved in a transfer in real-time; again, it is emphasised that the data transmission must comply with the GDPR.

Transfer of Funds Regulation (TFR): Self-hosted Wallets

The TFR does not cover peer-to-peer (P2P) transactions, meaning self-hosted wallets are not subject to the TFR unless a CASP is involved in the transaction.

CASPs must collect and retain information regarding the originator and beneficiary for all self-hosted wallet transactions. The collected information does not require verification. However, for transactions exceeding EUR 1000 to or from a self-hosted wallet, CASPs must confirm that the client has control over the associated address.

If a CASP suspects inaccurate information has been provided or identifies suspicious transaction patterns, they must implement enhanced due diligence (EDD) measures to mitigate these risks.

For further details, please refer to the European Union’s Travel Rule Regulations or download our comprehensive summary: TFR European Union Travel Rule Regulations Guide.

__________________________________________

About Author: 

Founded by Bitcoiners in 2020, 21 Analytics is a leader in crypto compliance technology and security. By leveraging the team’s vast experience in blockchain, it has been possible to advance the company’s ethos of combining compliance with data protection while strengthening privacy for financial intermediaries and their customers.
LinkedIn: https://www.linkedin.com/company/21analytics/