CryptoUK Responds to Joint Money Laundering Steering Group’s Travel Rule Guidance Consultation
24th August 2023
Draft Travel Rule Guidance Consultation
General challenges on implementing the Travel Rule
Proportionality and interoperability
We know such comments are better targeted to HMT and the FCA but wanted to use this opportunity to raise this to JMLSG, as we are in process of inputting into this industry guidance.
Our members are generally supportive of UK efforts to strengthen the financial crime regime, and the inclusion of the Travel Rule (TR) obligations. However, we also continue to face the challenges of the UK regulation’s lack of a de minimis threshold and proportionality (other than transactions to unhosted wallets). This creates not only real operational challenges and costs to UK industry – but also where we consider financial crime risks are considerably lower.
Our understanding is that the only proportionality that generally applies in the TR (other than unhosted wallets) is in essence to – on a risk based approach – either delay the transaction to obtain the TR information or to not accept the transfer and return the assets (subject to relevant risks eg. sanctions link). Our members highlight some non-exhaustive examples that give risk to these challenges:
- As there is no de minimis, having to check all transactions against verified CDD information (so for example even for a £10 (or euro equivalent) transaction.
- Having to return a transaction, irrespective of size/risk where there is inadequate TR information (so again, for example, even a £10 transaction).
- Having to deal with a lack of global interoperability of TR solutions and legislative obligations, will continue to make this framework challenging.
- Some of our members also wanted to draw attention to the fact that the UK TR legal obligations do not address (and therefore JMLSG does not address) any obligation or parameters around the topic of counterparty VASP due diligence – referenced in page 62 et. seq. of the FATF (2021), Updated Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers. CryptoUK intends to work with our members to discuss what steps and standards need to be taken to address this point as a UK crypto industry. If HMT and the FCA intend to address this issue to provide more guidance, we would strongly encourage that they engage with our members as this will have an operational impact and because it is important also to take account of the underlying relationship between counterparties of a transaction (eg. where they may not be an underlying ‘business relationship’).
In terms of interoperability, our members wish to draw attention to a key hindrance to Travel Rule compliance that is not currently addressed in the JMLSG Guidance or FCA communications. Interoperability between Travel Rule protocols is currently very limited.
For example, a CB [Cryptoasset Business] that sends or receives a transaction to another VASP that uses a non-interoperable Travel Rule protocol may be unable to comply with its TR obligations.
Similarly to the sunrise issue, the lack of interoperability between Travel Rule protocols is an hindrance that CBs cannot reasonably be expected to overcome autonomously. Therefore, it would be beneficial for the FCA to provide guidance that sets expectations for how CBs should comply in these cases.
Specific comments on the JMLSG’s draft guidance
Focusing now on the specific comments in relation to the JMLSG’s draft guidance. We have set out below our comments and detailed drafting is provided in Annex 1. Of course we hope that JMLSG will incorporate all of the industry’s comments, but nevertheless, to assist your considerations, we have tiered our comments based on the UK industry’s priority:
Red= priority, Amber = important, Green = clarity.
Priority Issues (red)
1. Paragraph 10 (or new para 10a) and Paragraph 29: ‘sunrise’ guidance
We were grateful to have sight of the FCA comms/guidance. Our general response to it is that it is positive that the FCA has publicly addressed this as a challenge for industry and set out points of consideration. However, in one particular aspect, we do not consider that the FCA comms goes far enough to support industry. The specific instance is in relation to a UK crypto firm receiving assets from a non-UK VASP that is in a jurisdiction that does not have TR regulations in place, and does not on its own volition comply with it.
The FCA suggests that UK firms should take a risk based approach but does not set out any further detail. This, when coupled with the limitations of the risk based approach (TR Reg 64D(2)) in the TR regulations, means that industry is left uncertain of the FCA’s expectation. We have therefore set out an additional paragraph – new 10a – to simply amplify the FCA’s comms and adjusted paragraph 29 accordingly. This is set out in detail in the Annex but in essence looks to address 4 points:
- CBs need to assess transactional and other risk as they would normally do.
- CBs, if they proceed with the transaction, do not need to collect and verify information set out in Reg 64C(5) and (6).
- CBs should keep a record of evidence that the non-UK VASP is in a jurisdiction that does not have TR regulations in place.
- Non-receipt of TR information does not constitute a FCA reportable failure for the purposes of 64D(5) and 65E(5).
This is a significant issue, as mentioned, to the UK crypto industry so we would be grateful if you could give this suggested amendment your full consideration. The absence of which will have a potential impact on operational uncertainty costs and a potential damage to UK competitiveness in this sector.
2. Paragraph 36: High risk un-hosted wallet transactions
Our members highlighted that the drafting of Paragraph 36 creates a strict obligation rather than suggested guidance, as it uses the language of ‘should’. We have suggested the language to ‘may’ to make clear that this is guidance and not an obligation that is specified in law.
Important Issues (amber)
3. Paragraph 24: Clarifying the addressee of missing information requests and discrepancies enquiries
While it is clear in paragraph 64D(2)(a) that requests for missing information need to be addressed to the CB of the originator, the intended addressee of enquiries about detected discrepancies is not made explicit in paragraph 64D(2)(b). Therefore, our members requested clarification that enquiries about detected discrepancies – in relation to JMLSG para 24 which addresses 64D(2)(b)- may be addressed to any relevant stakeholders (e.g. the CB of the originator or the beneficiary customer), hence the proposed change.
4. Paragraph 27: Adding Travel Rule status as a relevant factor
Our members suggested adding the status of Travel Rule implementation in the jurisdiction of the counterparty CB as an additional factor to consider in their risk assessment. This would help align the JMLSG guidance with the FCA statement on the sunrise issue, in that the latter states that “[i]f the cryptoasset transfer has missing or incomplete information, UK cryptoasset businesses must consider the countries in which the firm operates and the status of the Travel Rule in those countries”.
Clarificatory Issues (green)
5. Paragraph 13: We clarify the wording to hopefully read more easily that counterparty is a non-UK VASP
6. Paragraph 17: lack of clarity as to what is ‘relevant information particular in the context of when dealing with another jurisdiction with different obligations
We received comments that further clarification as to what relevant information within paragraph 17 was referring to, would be helpful. We have therefore suggested specific reference to the relevant MLR regulation. We appreciate that this may not fit with traditional JMLSG house style but as the paragraph refers to the TR standards of a third country, we consider that it would be helpful, in this instance, to make this clarification.
7. Paragraph 33: Suspicious activities
Our members requested clarification that existing guidance on dealing with suspicious transactions should also be considered when evaluating whether to return funds to the CB of the originator.
8. Paragraph 38: SAR reporting
We had one comment that raised concern that the drafting of paragraph 38 might give rise to a different standard of when to report a SAR eg. suspicion or reasonable suspicion. We therefore have suggested an amendment to paragraph 38 that simply refers to the relevant section in Chapter 22 et al to avoid doubt of any change in standards which will in any way be set by POCA and not JMLSG.
Annex 1 – Detailed JMSLG Comments
| JMLSG Guidance | CryptoUK Proposed Drafting | |
|---|---|---|
| Sunrise issue | ||
| 10. The Financial Action Task Force (FATF) has recognised that delays in implementation and different timelines for enforcement of the travel rule across jurisdictions results in what is referred to as the ‘sunrise issue’. This may present challenges for CBs dealing with counterparties in jurisdictions where the travel rule has not yet been implemented. CBs should be aware of and take account of any FCA communications on this matter. | New 10a. Further to FCA communications ‘FCA sets out expectations for UK cryptoasset businesses complying with the Travel Rule’ on 17 August 2023.In relation to: ‘When receiving a cryptoasset transfer from a jurisdiction without the Travel Rule: … – The UK cryptoasset business should take these factors into account when making a risk-based assessment of whether to make the cryptoassets available to the beneficiary.’New 10a When receiving a cryptoasset transfer from a jurisdiction without the Travel Rule:
A CB will not need to report this as a failure of the travel rule to the FCA, under obligation 64D(5) and 64E(5). The CB should keep a record to evidence its justification that a jurisdiction does have travel rule obligations in force and in application. |
|
| Information accompanying an inter-cryptoasset business transfer | ||
| 13. The CB of the originator must also ensure that this additional information above accompanies transfers where at least one CB is not carrying on business in the UK and the transfer value (single or linked) is €1,000 or more. | 13. The CB of the originator must also ensure that this additional information above accompanies transfers where |
|
| 17. The provision of the required information must occur before or at the moment the transaction is completed. Where the transfer is to a jurisdiction with higher requirements than those required in terms of the travel rule, a CB complies with its travel rule obligations by providing the information as required. | 17. The provision of the required information must occur before or at the moment the transaction is completed. Where the transfer is to a jurisdiction with higher requirements than those required in terms of the travel rule, a CB complies with its travel rule obligations by providing the information as required by 64C(5) and 64C(6). | |
| Missing and inaccurate information | ||
| 24. When there is missing or inaccurate information, the CB of the beneficiary must, when appropriate, request the missing information (regardless of whether the CB of the originator is subject to higher value thresholds in its jurisdiction), and consider making enquiries as to any discrepancies. The nature of discrepancies may be assessed on a risk-based approach as there may be a reasonable justification provided for the discrepancy (e.g. a truncated name exceeding character space would not require further enquiries). CBs should consider notifying the CB of the originator in the event of material discrepancies. | 24. When there is missing or inaccurate information, the CB of the beneficiary must, when appropriate, request the missing information from the CB of the originator (regardless of whether the CB of the originator is subject to higher value thresholds in its jurisdiction), and consider making enquiries as to any discrepancies from any relevant parties to the transaction. The nature of discrepancies may be assessed on a risk-based approach as there may be a reasonable justification provided for the discrepancy (e.g. a truncated name exceeding character space would not require further enquiries). CBs should consider notifying the CB of the originator in the event of material discrepancies. | |
27. In particular firms will have regard to:
|
27. In particular firms will have regard to:
|
|
| 29. Firms must report repeated failures by a CB to provide the required information to the FCA. A risk-based approach may be used to determine what constitutes a repeated failure. This would take into account, for example, the volume and size of transactions over a period of time, or a percentage of transaction failures from a particular CB. The reporting requirement applies regardless of the CB of the originator’s own jurisdictional obligations. Firms should document steps taken along with their reasonings. | 29. Firms must report repeated failures by a CB to provide the required information to the FCA. A risk-based approach may be used to determine what constitutes a repeated failure. This would take into account, for example, the volume and size of transactions over a period of time, or a percentage of transaction failures from a particular CB. The reporting requirement applies regardless of the CB of the originator’s own jurisdictional obligations. Except where the jurisdiction does not yet have Travel Rule requirements in place – in these cases, the obligation to report repeated failures does not apply. Firms should document steps taken along with their reasonings. | |
| 33. Where a CB or intermediary returns a cryptoasset to the originator (as set out above), this is not a cryptoasset transfer for the purposes of the travel rule. | 33. Where a CB or intermediary returns a cryptoasset to the originator (as set out above), this is not a cryptoasset transfer for the purposes of the travel rule. When a CB intends to return cryptoassets to the originator, it is also reminded to consider JMLSG guidance Sector 22: Dealing with suspicious transactions – Para 22.65 – 22.71. | |
| 36. Where a CB has determined that information should be requested, it should take reasonable steps to obtain the information from its own customer. In higher risk cases, firms should also take further steps to ascertain the source of funds in the unhosted wallet and should only consider authorising the transfer if the control over the unhosted wallet can be reasonably established through appropriate solutions (e.g. micro deposit or cryptographic signature). | 36. Where a CB has determined that information should be requested, it should take reasonable steps to obtain the information from its own customer. In higher risk cases, firms |
|
| 38. Where the transaction creates a suspicion of ML/TF/PF, a firm must still submit a SAR where appropriate (see Sector 22 paragraphs 22.22, 22.65-22.69 and Part I Chapter 6). | 38. CBs are reminded that it must submit a SAR where appropriate (see Sector 22 paragraphs 22.22, 22.65-22.69 and Part I Chapter 6). | |
