EU AML Crypto Rule Update: European Union Moves Toward Full Transaction Traceability
The use of Convertible Virtual Currencies (CVCs) or “crypto” for illicit use has risen sharply this year. Fines and restraining orders are being levied against fintech organizations, banks, and crypto-asset firms who fail to comply with anti-money laundering and transaction record-keeping regulations. Up until this point, the European Commission, which is the executive branch of the European Union (EU), and the Financial Action Task Force (FATF) haven’t implemented strict rules related to transaction traceability. That is about to change.
The Financial Action Task Force (FATF) proposed a law to apply the travel rule to cryptocurrency transactions, effectively making them completely traceable. The Travel Rule requires businesses who are engaged in or are an intermediary to, cryptocurrency transactions to collect and share the personal data of participants in a transaction. This rule already applies to wire transfers such as those completed through a bank or Western Union.
What Is The Travel Rule?
The Travel Rule is the industry term for the FATF Recommendation #16 focused on anti-money laundering efforts. The rule requires both financial service firms and Virtual Asset Service Providers (VASPs) to collect Personally Identifiable Information (PII) on transactions exceeding 1,000 USD/EUR.
In addition to basic biographical information, VASPs and banks are required to collect a further layer of information from senders during a transaction: their physical address, unique ID number (national identity number, etc.), customer identification number, or date and place of birth.
Initially, the Travel Rule only applied to banks. The Travel Rule’s scope was extended in 2009 to include crypto companies. The G20 and other jurisdictions have begun to incorporate the travel rule into their local AML/CFT laws to aid money laundering investigations and provide true transaction clarity. This change will undoubtedly assist law enforcement agencies and regulators during investigations and with the enforcement of anti-money laundering laws and regulations.
According to FinCEN’s guidance report on this matter, a few frequently asked questions include:
- Are all transmittals of funds subject to this rule?
No. Only transmittals of funds equal to or greater than $3,000 (or its foreign equivalent) are subject to this rule, regardless of whether or not currency is involved. In addition, transmittals of funds governed by the Electronic Funds Transfer Act (Reg E) or made through ATM or point-of-sale systems are not subject to this rule. (January 1997)
- What are the “Travel” rule’s requirements?
All transmittor’s financial institutions must include and send the following in the transmittal order:
- the name of the transmittor
- the account number of the transmittor, if used
- the address of the transmittor
- the identity of the transmittor’s financial institution
- the amount of the transmittal order
- the execution date of the transmittal order
- the identity of the recipient’s financial institution
and, if received:
- the name of the recipient
- the address of the recipient
- the account number of the recipient, and
- any other specific identifier of the recipient.”
What is important to understand is that as this rule is being extended to VASPs and crypto transactions, the entire transaction traceability process will become much easier and less time-consuming.
Want to learn more about the Travel Rule and how it applies to your bank? Contact one of our Identity Executives today.
Who Regulates Cryptoassets & Crypto Exchanges?
The European Union (EU) is composed of 27 member states, each of which has its own regulations and laws relating to cryptocurrencies and crypto exchanges.
There are a number of banks and commissions which regulate the cryptocurrency industry/crypto exchanges including:
- European Commission (EC)
- European Central Bank (ECB)
- European Banking Authority (EBA)
- European Insurance & Pension (EIOPA)
- European Supervisory Authority for Securities (ESMA)
These agencies have been busy proposing and implementing rules to build a strong framework that is intended to combat ML/TF and illicit activities including fraud, spoofing, and abuses of the financial system.
Identity Checks For Money Laundering & Fraud Prevention in the EU
Identity checks are particularly important for banks and financial institutions to screen for money laundering, fraud, and past illicit financial activities. KYC, or Know Your Customer, is the process of verifying a customer’s identity to ensure they are providing accurate personally identifiable information (PII) as well as in order to understand their past financial behavior with previous institutions or money service providers.
The Know Your Customer (KYC) process helps to ensure that the financial institution’s services are not misused for identity theft, money laundering, and the funding of criminal organizations. KYC ensures that organizations are both compliant and that customers with a suspicious financial background are not approved for an account at the bank or financial institution.
The essential documentation required for a successful Know Your Customer process is as follows:
Proof Of Identity (POI):
- A UID/passport, driver’s license, or voter’s ID card
- A PAN (Permanent Account Number) card with a picture matching the customer
- A current ID card issued by the State
- Any valid Debit or Credit card issued by a bank
Proof Of Address (POA):
- A copy of utility bills such as electric bills with a verifiable address
- Visa/Driver’s License with a digital picture
- A copy of a registered sale agreement or lease for residence
- Any identification document in the name of one’s spouse
Proof of Income/Past Financial Activities
- Income Tax Returns
- Credit Report
- Paycheck Stubs or Bank Statements
A new client may attempt to use one or more of the above documents for identity verification and the key for a bank/financial institution to understand is the vulnerable nature of current identification documents in the EU and worldwide. Despite security innovations, fraudsters are still engaging in many legacy techniques to fraudulently obtain access to a bank’s offerings.
European Union Moves Toward Full Transaction Traceability, Applying the ‘Travel Rule’ To Cryptocurrency Transactions
Are companies ready for this drastic shift? As of October 2020, according to the Finbold’s Bank Fines 2020 report, global authorities issued $13.74 billion in AML fines, with three large US banks, Goldman Sachs, Wells Fargo, and JP Morgan Chase accounting for over half of that total. Many crypto exchanges lack the necessary compliance procedures required to even begin to apply these laws. Many id verification solutions were not built to comply with the level of complexity required to root out potential bad actors and limit their access to modern bank systems.
“These proposals have been designed to find the right balance between addressing these threats and complying with international standards while not creating an excessive regulatory burden on the industry,” the European Commission said in its statement.
The rule change will require that:
- A company handling crypto assets for a customer must include the customer’s PII information. This would include the customer’s name, address, date of birth and account number
- Transfers must include the name of the person who will receive the crypto assets
- Providing anonymous crypto-asset wallets will be prohibited
- The recipient’s service provider must also check if any of the required information is missing
The drastic change in this rule seems to be that this information must be verified to be accurate and that anonymous crypto wallets will no longer be permitted. This rule change will definitely assist in transaction traceability during criminal investigations and retrieving transaction data.
In a play on words, the Travel Rule ensures that personal data is shared with participating banks during domestic and international transactions. There literally is no way to avoid this transaction trail or transaction traceability because the personal data of the transacting parties ‘travels’ along with their transfers.
Interested in a robust fraud and compliance solution for your bank? Contact IDMERIT today.
Will Anonymous Crypto Wallets Disappear?
One of the major issues surrounding cryptocurrency transactions includes their ability to be monitored and regulated including transaction traceability especially when relating to cryptocurrency’s ‘anonymous’ crypto wallets. Modern id verification solutions must be able to collect, verify, and share data during the customer onboarding process or during these sometimes complex cryptocurrency transactions to prevent fraud and abuse.
Bitcoin founder ‘Satoshi Nakamoto’ created Bitcoin with the intention that his financial system without ‘third-party intermediaries would be the wave of the future. One major tenant of this system would be that people would be able to send and receive funds anonymously. While this would be a major leap forward in fundamental privacy protections, this type of unregulated system would present a number of issues both in terms of oversight and the complete unfettered ability to commit illicit offenses such as money laundering, fraud, and terrorist financing.
Building a ‘Harmonised Framework’
The EC and the FATF have since their inception advocated for uniformity in applying specific anti-money laundering and counter-terrorist financing regulations. In fact, both entities have been quite vocal about their views.
“We shouldn’t have different rules for the financial system. They should apply across digital currencies as well,” said EU commissioner for financial services, Mairead McGuinness, during a press conference.
Future of Cryptocurrency Transaction Traceability
Implementing these rule changes will undoubtedly change the landscape for both cryptocurrency traders and regulators alike. Gone will be the days of drawn-out, costly, investigations as transactions will be easily resolved along with their senders and receivers. Cryptocurrency exchanges, banks, and fintech companies will need to adapt to the new regulatory climate, including enhanced identity verification solutions being the norm, not just the exception.
IDMvalidate is a robust fraud and compliance solution to help you comply with AML/CFT obligations. Contact one of our Identity Executives to get started.
IDMvalidate: Fast, Secure, & Global Identity Verification Solution
IDMvalidate can authenticate and verify government-issued identity documents in online and offline conditions. It is a part of several identity fraud solutions that IDMERIT has created which offer fraud detection before it happens.
Our document verification solution provides powerful security in the airline industry, at home and abroad.
- Multi-Language support
- Integrate seamlessly with IDMaml and IDMrisk
- Easily integrate into your system with a simple API
- Biometric facial recognition & face liveliness technologies are used to produce a live match
- Validate your customers in less than 6 seconds
- We can validate Passports, Drivers Licenses and National ID’s from 175+ countries
- Indigenously built Deepfake recognition and liveness recognition models with the highest degree of accuracy in the world
Contact one of our identity specialists to Schedule a Demo of IDMvalidate today.
Headquartered in San Diego, California, IDMERIT provides an ecosystem of identity verification solutions designed to help its customers prevent fraud, meet regulatory compliance and deliver frictionless user experiences. The company is committed to the ongoing development and delivery of offerings that are more cost-effective and comprehensive than other solution providers. IDMERIT was funded by experts who have been sourcing data on personal and business identities across the globe for over a decade. This access to official and trusted data throughout the world has become increasingly important as companies find themselves completing transactions across borders as a standard course of business. www.idmerit.com