Go back to menu

Industry sceptical about how "travel rule" recommendation will apply to crypto

Crypto exchanges have 12 months to implement new FATF anti-money laundering standards

27 June 2019

The Financial Action Task Force (FATF) Recommendation 15 has now been formally adopted at the third and last Plenary of the FATF under the U.S. Presidency of Marshall Billingslea. FATF Recommendation 15 sets out more detailed implementation requirements for what FATF considers effective regulation and supervision/monitoring with respect to anti-money laundering (AML) and counter financing of terrorism (CFT) for virtual asset services providers (VASPs). It also sets out how the FATF standards apply to activities or operations involving virtual assets.

What is a virtual asset?

FATF defines a virtual asset to be a digital representation of value that can be digitally traded, or transferred, and can be used for payment or investment purposes (i.e. a crypto asset or crypto currency).  A VASP means any natural or legal person who as a business conducts one or more of: i) exchange between virtual assets and fiat currencies; ii) exchange between one or more forms of virtual assets; iii) transfer of virtual assets; iv) safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; and v) participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.

Travel Rule

FATF now requires countries to require VASPs to be licensed or registered, and to subject VASPS to adequate regulation and supervision or monitoring for AML/CFT. The most problematic part of the requirements is that contained in paragraph 7(b) of the Interpretative Note to FATF Recommendation 15:

"Countries should ensure that originating VASPs obtain and hold required and accurate originator information and required beneficiary information on virtual asset transfers, submit the above information to beneficiary VASPs and counterparts (if any), and make it available on request to appropriate authorities. It is not necessary for this information to be attached directly to virtual asset transfers. Countries should ensure that beneficiary VASPs obtain and hold required originator information and required and accurate beneficiary information on virtual asset transfers, and make it available on request to appropriate authorities."

This effectively applies what is often called the "travel rule" to crypto exchanges and means that crypto exchanges and other VASPs must share originator and beneficiary information during transactions between exchanges.

While the travel rule (which is a rule under the U.S. Bank Secrecy Act that requires traditional financial institutions to pass on certain information to the next financial institution, in certain funds transmittals involving more than one financial institution) makes sense in a context where all financial transactions are sent through intermediaries, virtual asset transactions can occur not just through crypto exchanges or other businesses, but also from person to person, person to machine, machine to machine, via smart contracts and through multiple other combinations and potential endpoints.

Those in the industry are understandably sceptical about how these recommendations will apply to crypto. Implementation of systems to collect and then transmit the information which it is required that VASPs exchange will be an onerous task. Arguments have been made that the inclusion of this 'travel rule' will drive users of virtual assets, and therefore criminal users of such assets, underground. High profile critics include the former FATF President Roger Wilkins AP, who was quoted in a report by industry media outlet Cointelegraph Japan:

“What we are hearing from industry is that the new rules may have the opposite effect to which they were intended, effectively forcing crypto transactions off the controlled platforms, which are currently one of the best avenues we have in gaining visibility over financial crime.”

Countries are required to make not only VASPs, but also their directors and senior management, subject to sanctions for failure to comply with this and other AML/CFT requirements.


It may be called a recommendation, but the fact that FATF's recommendations are not binding international law does not mean they can be ignored. FATF includes all the key financial systems, and those systems will implement FATF recommendations as law. It is inconceivable that the US and UK would not implement them - and where they go financial services has to follow. Jurisdictions who do not bring their systems into line with FATF's standards risk are not being placed on the FATF grey list, which is a yellow card on the way to the black list. In the worst case scenario, a country on the grey list could face issues such as economic sanctions or problems getting loans from international institutions (e.g. the IMF). While this may not be the case, at the least being added to the grey list is an indicator to the global financial and banking system about heightened risks in transactions with that country. As such, while it may take some countries longer than others to implement the Recommendations, VASPs looking to use regulatory arbitrage to relocate their operations to a more favourable regime may reach the end of the road in due course once the Recommendations have been more widely implemented under FATF pressure to do so.

The G20 reaffirmed it would align with the FATF standards earlier in the month. Member States have been quick to endorse the Recommendation. U.S. Treasury Secretary Steven Mnuchin stated:

"The [FATF] Interpretive Note adopted this week includes virtual asset standards that are binding to all countries. By issuing updated guidance, the FATF is enhancing financial transparency and setting expectations. This will enforce a level playing field for virtual asset service providers, including cryptocurrency providers, and traditional financial institutions. Under these new measures, virtual asset service providers will be required to implement the same AML/CFT requirements as traditional financial institutions. They will need to: - Identify who they are sending funds on behalf of, and who is the recipient of those funds; - Develop processes where they are required to share that information with other providers of virtual assets, and law enforcement; - Know their customers and conduct proper due diligence to ensure they are not engaging in illicit activity; and, - Develop risk-based programs that account for the risks in their particular type of business. By adopting the standards and guidelines agreed to this week, the FATF will make sure that virtual asset service providers do not operate in the dark shadows."

FATF will give countries 12 months to abide by the Recommendation, with a review set for June 2020. Those who fall within the definition of VASPs need to find the technological solutions to aligning with the FATF standards fast if they are to keep up with this deadline.

The authors of this article - Megan Gordon, Ellen Lake and Jesse Overall - were interviewed by Reuters for their views on this topic. Read Megan's comments in Reuters' coverage.