Nov 2024
What is the Travel Rule?
The virtual asset “Travel Rule”, formally known as the “Financial Action Task Force (FATF) Recommendation 16”, requires Virtual Asset Service Providers (VASPs) to share and hold specific customer information with recipient institutions when performing transactions involving virtual assets.
The Travel Rule is similar to the requirements imposed on traditional financial institutions in many jurisdictions when performing wire transfers in fiat currency. The Travel Rule is implemented in the Cayman Islands under PART XA of the Anti-Money Laundering Regulation (as revised) (the AMLRs). The Travel Rule aims to enhance transparency and mitigate illicit activities such as money laundering and terrorist financing within the cryptocurrency ecosystem.
By ensuring that both the originator and beneficiary information accompanies all transactions, the Travel Rule strives to bring a higher level of scrutiny, accountability and transparency to virtual asset transfers, aligning the virtual asset industry with global regulatory standards.
What is Involved?
VASPs are required to obtain and hold accurate originator and beneficiary information on virtual asset transfers whenever a VASP initiates a virtual asset transfer from its own virtual asset wallet (or facilitates a transfer from that of a third party wallet) and another third party wallet (as per the below Diagram 1).
The Travel Rule mandates that all virtual asset transfers involving at least one VASP are subject to the obligations, meaning any transaction conducted on behalf of an originator with the intent of making the virtual asset accessible to a beneficiary must comply. This rule applies to all “obliged entities” under the AMLRs which includes VASPs regulated by the Cayman Islands Monetary Authority.
The AMLRs contain definitions and provisions pertaining to the identification, verification, production, record-keeping, and other relevant obligations relating to virtual assets, including the Travel Rule requirements for VASPs.
What information is required?
To comply with the FATF’s Travel Rule and meet Cayman AML requirements, the VASP operating the originating and beneficiary wallets must exchange specific information during virtual asset transfers:
(a) Originator VASP Requirements:
a. name of both parties.
b. The account numbers of both parties, if an account is used.
c. The originator’s:
i. physical address;
ii. Identification number;
iii. customer identification number or date and place of birth.
d. The unique transaction reference number (“UTR”) if no account is used to process the transfer.
(b) Beneficiary VASP Requirements:
a. name of both parties.
b. The account numbers of both parties, if an account is used.
c. The beneficiary’s
i. physical address;
ii. Identification number;
iii. customer identification number or date and place of birth.
d. The UTR if no account is used to process the transfer.
What are the Verification Obligations?
The originating VASP must verify the originator’s information using data or documentation that satisfies the requirements of Regulation 20(1) of the AMLRs and provide this information to the beneficiary VASP with the transfer. For batch transfers there are modified applicable requirements.
If the originating VASP cannot collect the required information under Part XA of the AMLRs, it is not permitted to execute the relevant transfer. Similarly, the beneficiary VASP must verify the beneficiary’s information in line with Regulation 20(1) of the AMLRs and have systems to detect and address missing information on the originator or beneficiary.
What if There is Incomplete Information?
If required information is incomplete, the beneficiary VASP must either reject the transfer or request the missing details. Beneficiary VASPs must implement risk-based policies to handle transfers with incomplete information pursuant to Part XA of the AMLRs. Both the originating VASP and the beneficiary VASP must keep records of the complete originator and beneficiary information for each transfer for a minimum of 5 years from the date of the transfer.
What about Unhosted Wallets?
When transfers involve non-obliged entities, such as unhosted (i.e. self-hosted) wallets, VASPs must collect and retain the required originator and beneficiary information from their own customer to ensure compliance.
Existing and Prospective VASPs in the Cayman Islands – What’s required?
All VASPs registered or in the process of registering with CIMA are required to submit details of their compliance arrangements, including relevant policies, procedures, and resources (such as technological tools), to demonstrate how they will comply with the Travel Rule provisions outlined in the AMLR. Similarly, new applicants for VASP registrations or licenses must explain in their applications how they will adhere to the Travel Rule provisions. This information should be included as an attachment when submitting their policies on anti-money laundering and counter-terrorist financing as part of CIMA’s application process.
Why is it Important?
Adherence to the Travel Rule is a strict regulatory requirement, and failure to comply can result in severe penalties, legal consequences, and reputational damage.
It is important to consider the Travel Rule at the outset, as implementing the Travel Rule can be financially demanding. It necessitates investment in technology, systems, and processes to ensure secure and accurate transmission of required information. As such, prospective VASPs need to be aware that compliance can take time and operationalising compliance can be a costly endeavour.
Maintaining compliance with the Travel Rule also requires considerable ongoing monitoring and audit resources. This continuous effort ensures that VASPs can promptly identify and address any discrepancies or potential violations, thereby maintaining the integrity and security of their operations. By focusing on Travel Rule compliance, VASPs not only fulfil their regulatory obligations but also strengthen their overall risk management framework and build trust with customers and stakeholders.
For further information on the virtual asset advisory services that the Regulatory & Risk Advisory team offer, please download our VASP Service Offering factsheet below.
¹Please note that the Rule does not apply to persons undertaking transfers while operating on the same platform as this activity would fall within the VASP’s ordinary transaction monitoring and record keeping obligations under the AMLRs.