16 May Transfer of Funds Regulation Amendments
The Transfer of Funds Regulation (TFR) was adopted in 2015, laying down rules on the necessary payer and payee information that must accompany transfers of funds within the EU. Its purpose is to assist Member States’ authorities in preventing and detecting money laundering and terrorist funding activities. The amendments as part of the new AML package foresee bringing crypto-assets and crypto-asset service providers (CASPs) within the ambit of the TFR in order to close remaining loopholes in the EU regulatory financial framework. Importantly, however, such a move will increase compliance burdens on crypto related entities and threatens to drive the crypto industry away from Europe. This article will look at the contents of the amended Regulation, assess its potential impact on the entities that fall within its scope and attempt to objectively determine whether the anticipated compliance costs are justified.
2. Content of the amendments:
Traceability of money transfers is a crucial factor in enabling national authorities to effectively prevent, detect and investigate instances of money laundering (ML) and terrorist financing (TF) as well as to impose restrictive measures where necessary. To achieve this, the 2015 TFR, currently in force, stipulates that the payment service providers of payers must ensure that transfers of funds are accompanied by identifying personal information of the payer and payee, such as their names, account numbers, and addresses. Similarly, on the other side of the transaction, the payment service providers of payees are obliged to verify the accuracy of payee information and monitor whether any required data is missing.
The TFR amendments consist of expanding the scope of those obligations to crypto-asset service providers (CASPs). According to the TFR amendments, information requirements will apply to CASPs whenever their transactions, whether in fiat currency or crypto-assets, involve either a traditional wire transfer or a crypto-asset transfer between a CASP and another obliged entity (e.g. between two CASPs or between a CASP and a bank or another financial institution). The CASP of the receiving party, or beneficiary, will have to monitor whether originator or beneficiary information is missing and will not be allowed to make the transferred crypto-assets available to the recipient until it has verified that the transaction does not give rise to ML or TF risks. The amended Regulation will leave only peer-to-peer crypto-asset transfers out of its scope and will not apply in situations where both the originator and final recipient are properly licensed CASPs, acting on their own behalf.
Arguably one of the biggest challenges posed by the amendments to the TFR would be to comply with information requirements when a transfer of crypto-assets is made from a self-hosted wallet. According to the upcoming rules, CASPs will have to obtain and hold information on the counterparty in a transaction made to or from a self-hosted wallet. In case of a transfer to a self-hosted wallet that exceeds EUR 1000 in value, the CASP of the originator must assess whether the wallet is owned or controlled by the originator. In case of a transfer from a self-hosted wallet that exceeds EUR 1000 in value, the CASP of the beneficiary must assess whether the wallet is owned or controlled by the beneficiary. This low threshold would potentially necessitate the storing and reporting of large amounts of data, giving rise to concerns over personal information breaches. In order to ensure the protection of such data against accidental loss, alterations or unauthorised disclosures, the TFR amendments also extend the obligations on payment service providers to process payer and payee information in accordance with the General Data Protection Regulation (GDPR) to CASPs and crypto-asset transfers. The security of personal data would be ensured by requiring CASPs to implement technical and organisational measures as well as procedures for notification of personal data breaches to concerned individuals.
3. Arguments in favour:
One of the major arguments in favour of the TFR amendments is that adding CASPs to the scope of the existing Regulation will close loopholes in the financial system that allow criminals to use crypto-assets in order to disguise the origin of illicit funds. According to regulators, crypto-assets present a particularly acute vulnerability due to their inherent anonymity, global reach and high transaction speed. The amendments, however, will severely limit exploitative strategies and additionally bring a higher level of convergence with international Anti-Money Laundering (AML) rules, and in particular, the ‘travel rule’ established by the Financial Action Task Force (FATF). In 2019 the FATF, an international standard setting organisation in the area of ML and TF with members including the United States, Russia, China and the EU, revised its recommendations so as to bring virtual assets and virtual asset service providers within the scope of rules applying to traditional wire transfers. The TFR amendments implement the FATF’s latest recommendations, ensuring the uniform application of rules that facilitate the traceability of crypto-asset transactions throughout the EU.
Importantly, the EU Commission argues, in proposing the TFR amendments, that the revised legislative act is designed to establish a proportionate and preventive approach to combating ML and TF without unnecessarily burdening CASPs with compliance costs. Hence, the changes only aim to lift the veil of anonymity when it comes to crypto-asset transactions and discourage all activities meant to conceal the identity of parties, such as mixing, which is the act of combining information from multiple transferors before executing a transaction, as well as single use stealth addresses, designed to ensure that no trace of the parties’ identity is left on the blockchain. The use of mixing services would be allowable only where circumstances show that anonymity is necessary to satisfy legitimate privacy concerns. However, where the legitimacy of mixing services cannot be proved by the receiving party, the crypto-asset transfer should be considered high-risk.
4. Arguments against:
Despite assurances from legislators that the proposed amendments are strictly necessary for ensuring AML and CFT, representatives of the crypto industry argue that certain aspects of the TFR amendments may have crippling effects on their businesses. One of the major points to that end is that requirements to verify originator information of transfers coming from self-hosted wallets would dissuade CASPs from transacting with self-hosted counterparties altogether, since there are no established methods for verifying data coming from such sources. It is true that transfers to or from self-hosted wallets that have already been verified once would not trigger requirements to repeatedly confirm the accuracy of originator or beneficiary information for each subsequent transaction involving that same wallet. Nevertheless, the initial wave of verification that will follow adoption of the amendments is likely to cause delays of crypto-asset transfers, which would directly conflict with requirements to implement effective measures that prevent delays in relation to transactions with self-hosted wallets.
Another big concern is privacy and whether the TFR amendments are in conflict with the minimisation of information processing principle endorsed by the GDPR. According to the amendments, the obligation to verify the accuracy of payer and payee information will not apply for transfers that do not exceed EUR 1000 in value in order to ensure that requirements are not overly strict. However, in practice that threshold might be so low that it compromises the effectiveness of the measure. The large amount of data that would have to be stored may prove to be overwhelming and largely useless. At the same time, the collection and storing of such large amounts of personal information does not stand well with the principle that data collection should be limited to what is directly necessary for achieving a specified purpose. Furthermore, imposing such a low threshold might actually have the effect of driving crypto-asset transfers underground as individuals start seeking ways to avoid using legitimate and secure intermediaries.
5. Final remarks:
The amendments made to the Transfer of Funds Regulation make up the smallest amount of textual changes in the new AML package, yet they seem to have sparked the most controversy within the crypto world. Concerned parties assert that these legislative changes will drive the crypto-industry away from Europe as compliance costs incentivise CASPs to relocate to more lenient jurisdictions. Their thesis has been backed by some Member State government institutions and representatives, such as the Federal Ministry of Finance in Germany, which criticised the EU proposal in a letter to a member of the Bundestag from 1 June 2022. According to their position, reporting obligations that are not based on suspicion are a disproportionate measure in the fight against money laundering. Instead, they propose alternative solutions like blockchain analysis tools that can help carry out more targeted risk assessments by alerting authorities when coins already associated with criminal transactions attempt to enter regulated financial space. Despite the opposing views, the final text of the amendments to the TFR has been adopted on the 20th of April 2023.
Series of blogs AML/CFT
In July 2021, the European Commission presented a new package of legislative proposals to tighten measures against money laundering and terrorist financing across the European Union. The new EU anti-money laundering and counter-terrorist financing (AML/CFT) rules will be extended to the entire crypto sector. In this blog series, we will therefore discuss in detail various topics that may be of interest.
The following topics are covered:
- Overview of the new AML/CFT package
- Transfer of Funds Regulation Amendments
- Anti-Money Laundering Regulation & Directive 6
- Anti-Money Laundering Authority Regulation