How the FATF travel rule relates to AMLD5

24 Nov How the FATF travel rule relates to AMLD5

The emergence of the Distributed Ledger Technology has completely transformed the ability of businesses and individuals to transfer money and raise capital by cutting out middlemen, raising payment efficiency and increasing the pool of available investors to any geographical location. Besides opportunities, however, this technological development has also given rise to innovative ways of law evasion. EU legislators reacted quickly, adopting the Anti-Money Laundering Directive 5 in 2018, which brought some specified digital currency service providers under traditional financial regulation. Yet the reach of EU authority is geographically limited, while the global nature of the threat facing financial authorities requires a global solution. Enter the Financial Action Task Force. FATF’s recommendations are centered on the exchange and verification of information between financial institutions and this is best exemplified by Recommendation 16, also known as the ‘travel rule’. This article aims to examine the most recent update of FATF recommendations and determine the extent to which we can expect Recommendation 16 to exert influence over EU AML future policy in relation to virtual assets.

Financial Action Task Force – FATF

The Financial Action Task Force is an organization established in 1989 with the purpose of setting international anti-money laundering standards and coordinating their gradual implementation worldwide.[1] Following the September 2001 terrorist attacks in New York, the FATF expanded its scope of action to include the combating of terrorist financing.[2] Currently, FATF has 37 member countries and 2 regional organizations, the European Commission and the Gulf Co-operation Council.[3] The recommendations issued by FATF are not legally binding, however, FATF closely monitors their implementation in jurisdictions over the globe and subjects them to regular evaluations of enforcement. A negative evaluation indicates lack of security within a particular financial system, raising suspicions over corruption and the ability of national authorities to inhibit unfair practices should they occur. Therefore, a negative evaluation issued by FATF is likely to have a repelling effect on foreign investors, putting pressure on domestic institutions to address identified deficiencies.[4] Thus, in order to maintain their position in the global economy, member countries hold FATF’s recommendations in high regard and treat them as if they are in fact law.

The 2014 FATF report on virtual currencies

In 2014 FATF issued a report titled ‘Virtual Currencies: Key Definitions and Potential AML/CFT Risks’ in order to address the emergence of virtual currencies and the opportunities they create for conducting unsupervised internet transactions using DLT.[5] The following year FATF issued the ‘Guidance for Risk-Based Approach to Virtual Currencies’ as part of a multistage process to counter money laundering and terrorist financing risks associated with the use of virtual currencies, calling for appropriate amendments to national legislation.[6]  While, these documents recognized the potential of virtual currencies to improve payment efficiency and reduce transaction costs, they also identified a number of legal loopholes in existing AML and CFT regulatory frameworks. According to the Task Force, these legislative omissions are caused primarily by the lack of regulatory inclusion for virtual assets and entities facilitating trade in virtual assets, making them easily exploitable by criminal and terrorist organizations. The most serious risks arising in this context are connected to the fact that the use of new DLT forms of payment enables criminals, terrorist financiers, and “other sanction evaders” to store and move illicit funds outside the reach of law enforcement and keep their identity secret from financial institutions when conducting large monetary transactions. Anonymity has been identified as a particularly pressing concern in the use of DLT due to the generally non-face-to-face relationship between parties, the absence of a centralized overseeing body, and the global reach of such payment methods.[7]

Motives for the 2019 update of the FATF recommendations

In light of the above described dangers, in June 2019 FATF updated its recommendations on combating money laundering and the financing of terrorism with the aim of mitigating previously identified risks connected to the emergence of Virtual Assets.[8] FATF was wary of the terminological ambiguities that could arise given the different definitions of virtual assets employed by various jurisdictions. Therefore, in order to clarify the scope of application of its recommendations, FATF added to its Glossary two new terms: “Virtual Asset”, a digital representation of value that can be digitally traded, or transferred, excluding digital representations of fiat currencies, securities and other financial assets that are already covered by FATF Recommendations; and “Virtual Asset Service Provider”, any natural or legal person who in the course of their business conduct on behalf of another person virtual asset transactions, safekeeping and administration services, and ICOs.[9] Determining whether an entity will qualify as a VASP under the FATF Recommendations depends on the presence of two key elements. First, the entity in question has to facilitate VA-related activities in the course of its business, and second, it must deal with VA on behalf of another natural or legal person – the customer. This means that besides crypto exchanges, whether they engage in virtual-to-fiat or virtual-to-virtual transactions, VA custodian wallet providers and providers of financial services relating to the issuance, initial offer and sale of VA, during an ICO for instance, will all be covered by the FATF Recommendations. In accordance with these conditions, peer-to-peer exchanges do not qualify as VASPs due to the fact that they do not facilitate VA transactions. This is the case since peer-to-peer exchanges are inherently similar to bulletin boards, which are solely used by buyers and sellers to locate one another, but do not act as intermediaries in the actual trades.^[10] Similarly, natural and legal persons that obtain and use VA on their own behalf to purchase goods and services are not considered VASPs, since they do not fulfill the condition of acting in the name of another.

The travel rule

The updated FATF Recommendations require that VASPs be subjected to regulations already applicable to Financial Institutions, such as banks and capital/stock exchanges.[11] This means that countries should mandate VASPs to comply with licensing and registration requirements, adopt customer due diligence practices, effectively monitor and record transactions, prohibit transfers to or from designated individuals, and freeze the assets of such individuals whenever they are found within the VASP’s control. In addition to these customary requirements, following the June 2019 amendments to FATF Recommendation 15, FATF Recommendation 16, also known as the ‘travel rule’, now encompasses transactions involving VAs and VASPs. The ‘travel rule’ was introduced by FATF in 2012 to prevent terrorists and other criminals from using wire transfers (transfers carried through electronic means) to move their funds, making transaction information easily available to law enforcement authorities, and thereby, assisting them in detecting, investigating and prosecuting terrorist and criminal organizations and the individuals linked to them. According to the text of Recommendation 16 and the explanatory note to it, countries have to implement legislation that obliges financial institutions executing wire transfers to collect, record and communicate certain information to their financial institution counterparties in order to facilitate the identification of suspicious transactions and enable quicker implementation of freezing actions.[12] Wire transfer ordering institutions must collect verified originator information and requested beneficiary information and submit it to the beneficiary financial institution. Similarly, on the other side of the transaction, the beneficiary financial institution has to collect and hold required (not necessarily accurate) originator information and verified for accuracy information of intended beneficiary. For wire transfers falling below the EUR/USD 1000 threshold such information must include at a minimum the originator and beneficiary names and account numbers (e.g. credit/debit card account number or VA wallet number). Importantly, under these circumstances verification is not necessary, unless there is a suspicion of money laundering or terrorist financing.[13] However, for wire transfers exceeding the threshold, information must always be verified and additionally contain the originator’s physical (geographical) address, or national identity number, or date and place of birth.[14] In the event that an ordering financial institution does not comply with these requirements, it should not be allowed to execute the wire transfer.[15] As a further measure of prevention, beneficiary financial institutions are obliged to identify wire transfers lacking the required information and establish effective risk-based procedures for determining whether to execute, reject, or suspend such wire transfers and the appropriate follow-up actions that need to be taken in each scenario.[16]In accordance with Recommendation 11, both ordering and beneficiary institutions must store all collected data relevant to a particular transaction (e.g. amount and currency involved) for a period of at least 5 years after execution and all personal information of transferor and recipient (e.g. copies of identification documents and client correspondence) for at least 5 years following the end of business relations with that person.[17] Recommendation 16 must be observed regardless of whether originator and recipient are the same person, and regardless of whether the transaction takes place between obliged entities, or VASPs, or any combination of these two.[18]

How the travel rule relates to AMLD5 rules

So what do the FATF recommendations mean for Europe? As already mentioned, the European Commission, which is the executive body of the European Union, having the powers to monitor the implementation of EU law by Member States and propose new legislation to the European Parliament, is a member of FATF. Hence, it should be expected that the Commission will take the necessary measures to correct any regulatory omissions in the current AML and CFT EU framework and meet the requirements imposed by FATF’s recommendations by 2020. Currently, the latest major legislative instrument in the field of anti-money laundering issued at the EU level is the Anti-Money Laundering Directive 5.[19] The AMLD 5 introduced the providers of virtual-to-fiat exchange services and custodian wallet providers to the list of “obliged entities”, thereby explicitly bringing such bodies within the scope of the Directive. According to AMLD 5, “obliged entities” have to be registered by national authorities, must conduct customer due diligence checks prior to commencing and during the course of business relationships, keep records of customer dealings, and report suspicious transactions to competent authorities. However, that does not seem to completely satisfy the most recent set of recommendations issued by FATF. For instance, the term “obliged entities” does not cover virtual-to-virtual exchanges, which fall under the definition of VASP. Furthermore, the record keeping duties imposed on “obliged entities” are not as specific and encompassing as these described in Recommendation 16. While FATF requires both originator and recipient institutions to collect information regarding sender and beneficiary and immediately communicate such information, the AMLD 5 solely requires that financial institutions collect customer information and submit it to Financial Intelligence Units upon request. Finally, in relation to financial activities, the AMLD 5 customer due diligence standards apply where the value of the transaction exceeds EUR 1000, in line with the threshold established by FATF.[20] However, in relation to the purchase of goods, the EU threshold under AMLD 5 currently stands at EUR 10 000.[21] Given that such purchases can now be made using DLT, it appears that this circumstance opens the current EU AML and CFT legal framework to abuse. Hence, it is likely that this threshold is lowered when further amendments of the AMLD 5 are made.

[1] https://www.fatf-gafi.org/about/whoweare/.

[2] https://www.fatf-gafi.org/about/whatwedo/.

[3] https://www.fatf-gafi.org/about/membersandobservers/.

[4] https://www.fatf-gafi.org/publications/high-risk-and-other-monitored-jurisdictions/more/more-on-high-risk-and-non-cooperative-jurisdictions.html?hf=10&b=0&s=desc(fatf_releasedate).

[5] FATF (2014), Virtual Currencies: Key Definitions and Potential AML/CFT Risks, http://www.fatf-gafi.org/media/fatf/documents/reports/Virtual-currency-key-definitions-and-potential-aml-cft-risks.pdf.

[6] FATF (2015), Guidance for Risk-Based Approach to Virtual Currencies, http://www.fatf-gafi.org/media/fatf/documents/reports/Guidance-RBA-Virtual-Currencies.pdf.

[7] FATF (2015), Guidance for Risk-Based Approach to Virtual Currencies, at pages 31-2.

[8] FATF (2012-2019), International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation, http://www.fatf-gafi.org/media/fatf/documents/recommendations/pdfs/FATF%20Recommendations%202012.pdf.

[9] FATF (2012-2019), International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation, at pages 126-7.

[10] FATF (2019), Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers, http://www.fatf-gafi.org/media/fatf/documents/recommendations/RBA-VA-VASPs.pdf, at paras 38-9.

[11] Ibid. FATF (2012-2019), Recommendation 15 at page 15.

[12] Ibid. FATF (2012-2019), INR 16 at page 72, para 1.

[13] Ibid. FATF (2012-2019), INR 16 at page 73, para 5.

[14] Ibid. FATF (2012-2019), INR 16 at page 73, para 6.

[15] Ibid. FATF (2012-2019), INR 16 at page 74, para 14.

[16] Ibid. FATF (2012-2019), INR 16 at page 75, paras 19 and 21.

[17] Ibid. FATF (2012-2019), Recommendation 11 at page 13.

[18] Ibid. FATF (2019), at para 113.

[19] Directive 2018/843, amending Directive 2015/849.

[20] Article 2 (5), Article 11 (b)(ii) of Directive 2018/843, amending Directive 2015/849.

[21] Article 11 (c) of Directive 2018/843, amending Directive 2015/849.