New EBA guidelines to combat money laundering in crypto asset transfers

The European Banking Authority (EBA) published the Travel Rule Guidelines on 4th July, a set of measures aligned with the MiCA Regulation and anti-money laundering obligations aimed at improving the traceability of fund and crypto-asset transfers within the European Union.

T

he new obligations, known as the Travel Rule Guidelines, specify the information that must accompany transfers of funds and certain crypto-assets. They have been designed by the European Banking Authority (EBA) as a new approach to curb money laundering through the crypto market. 

The new guidelines are based on establishing a robust onboarding process with proper user identification. Maximum transparency to block illicit activities. 

Who are these guidelines applicable to? 

The EBA guidelines are directed at various entities within the financial sector, including: 

• Payment Service Providers (PSPs). These are entities that facilitate payment transactions between users and merchants, providing an infrastructure for the transfer of funds. These providers include banks, electronic money institutions, and other companies that enable these activities. 

• Intermediary Payment Service Providers (IPSPs). These entities act as intermediaries between end users and payment service providers. Additionally, they may offer supplementary services such as payment aggregation, facilitating transactions across multiple platforms, and enhancing the efficiency of the payment process. 

• Crypto-Asset Service Providers (CASPs). CASPs, which we discussed extensively in the article on MiCA regulation, are entities that offer services related to crypto-assets, such as cryptocurrency exchanges, custody, and the issuance of new crypto-assets. These providers play a crucial role in facilitating consumer and business access to and use of cryptocurrencies. 

• Intermediary Crypto-Asset Service Providers (ICASPs). Finally, ICASPs are intermediaries that facilitate interactions between end users and CASPs. They may offer services such as converting crypto-assets into fiat currencies, integrating various crypto-asset platforms, and providing technological solutions for managing crypto-assets. 

Information requirements 

The foundation of these new obligations lies in the proper identification of individuals, a process that currently must be carried out remotely, using video identification methods. 

The EBA guidelines require thorough identification of both the payer and the beneficiary in each transfer. For individuals, this identification must include the full name, current residential address, and official identification numbers such as passport or national ID. For legal entities, the required information includes the trading or registered names, the official address of the headquarters, and tax identification numbers or any other official identifier of the entity. 

These measures are essential to ensure that every individual and entity involved in a transaction can be clearly identified, which is crucial for preventing illicit activities. The collection and verification of this information provide a solid foundation for transparency and traceability in the financial system, enabling authorities and financial entities to effectively monitor and manage suspicious activities. 

Risk-Based approach 

The risk-based approach is a cornerstone of this guide. From this perspective, it is acknowledged that not all transactions and customers pose the same level of risk; therefore, entities must tailor their controls and procedures according to the level of risk associated with each specific case. 

PSPs and CASPs must conduct a thorough risk assessment for each client and transaction. This involves classifying clients and transactions according to their potential involvement in illicit activities. Therefore, entities must establish procedures and controls proportional to the identified risk, ensuring that due diligence measures are intensified when necessary. 

A crucial part of this approach is the ability to effectively detect and manage transfers with incomplete or missing information. Entities must have robust systems in place to identify anomalies in transactions, such as missing or inconsistent data, which could indicate attempts to conceal the true nature of the operation. 

Additionally, this approach involves continuous and adaptive monitoring of transactions, with the ability to adjust controls and procedures as risks evolve and new threats emerge. Ongoing staff training is also crucial to stay abreast of the latest trends in money laundering and terrorist financing techniques, ensuring that the measures adopted are effective and up to date. 

An interesting aspect of the guidelines is the requirement to establish procedures for identifying transfers that appear to be linked, such as multiple transactions between the same parties within a short period of time. These transfers could indicate attempts to circumvent information thresholds or evade the detection of suspicious activities. 

Impact of the guidelines and potential challenges 

These guidelines represent a significant step towards greater transparency and control in the crypto-asset ecosystem. With better identification of participants in transfers, authorities will be able to trace the flow of funds and detect criminal activities more easily. In summary, the regulation aims to achieve: 

• Increased transparency: Mandatory identification of payers and beneficiaries will enable greater transparency in crypto-asset transfers. 

• Reduction in money laundering and terrorist financing: The guidelines will make it more difficult for criminals to use crypto-assets for money laundering and terrorist financing. 

• Greater market confidence: Enhanced transparency and the fight against criminal activities will contribute to increased confidence in the crypto-asset market. 

However, the implementation of these guidelines may present some challenges. One of these is the cost associated with updating systems and procedures necessary to comply with the stricter regulatory requirements. This investment involves not only significant financial resources but also time and effort from the entities to adapt to the new compliance standards. 

Another crucial challenge is global interoperability. The effectiveness of the guidelines largely depends on other jurisdictions outside the European Union adopting similar measures. Without global coordination, there is a risk that international transactions may be exposed to regulatory gaps, compromising the security and prevention objectives against illicit activities that the guidelines aim to strengthen. 

Additionally, the protection of data, or how it is approached, represents a sensitive dilemma. While combating money laundering and terrorist financing is crucial, it is also essential to preserve the privacy and rights of users. Finding an appropriate balance between these two objectives can be challenging, especially in an environment where financial transactions are increasingly digitised and subject to regulatory scrutiny. 

Furthermore, these rigorous approaches to the identification and monitoring of transactions could limit the spontaneity and fluidity of the crypto market, potentially affecting users’ ability to conduct transactions quickly and efficiently. 

Intense regulation could introduce additional barriers that affect innovation and competitiveness within the crypto-asset market. In an effort to ensure financial security and integrity, it is crucial to find a balance that allows for the effective application of the guidelines without unnecessarily compromising the agility and accessibility of the crypto market for legitimate users. 

Overall, the EBA’s Travel Rule Guidelines align with international regulations working in the same direction, such as the United States’ Anti-Money Laundering (AML) Act and Bank Secrecy Act (BSA), Canada’s Anti-Money Laundering and Terrorist Financing (AML/ATF) Act, and Japan’s Financial Instruments and Exchange Act (FIEA). 

According to the official text, they will be fully applicable by the end of 2024. Compliance with these guidelines will be essential for CASPs and PSPs to maintain their licences and avoid sanctions. 

Request information from our team of experts and avoid non-compliance penalties