The Sumsuber

Best practices for KYC/AML

4 min read

What is the FATF Travel Rule? The Ultimate Guide to Compliance

The Financial Action Task Force (FATF) Travel Rule requires businesses to collect and share the personal data of participants in a transaction.

Initially, the Travel Rule only applied to banks. However, in 2019, the FATF extended this rule to crypto companies. As of 2020, the G20 and many other jurisdictions began to incorporate the Travel Rule into their local AML laws.

This regulatory shift has jolted the crypto sector and resulted in much confusion. In this article, we’ll clarify the Travel Rule’s requirements and provide some tips on how businesses can ensure compliance in the most efficient way.

What is the FATF Travel Rule

The Travel Rule is the common name for FATF Recommendation #16 on combating money laundering.

It requires both financial institutions and crypto companies—otherwise known as Virtual Asset Service Providers (VASPs)—to collect personal data on participants in transactions exceeding 1,000 USD/EUR.

For financial institutions and crypto companies, this means gathering the names and account numbers of both senders and recipients.

There are some specific requirements for data gathered on senders in particular. This includes additionally collecting either their physical address, unique ID number (national identity number, etc.), customer identification number, or date and place of birth.

The Travel Rule also requires banks and crypto platforms to share sender and recipient data with each other during transactions. That is why this regulation is called the “Travel Rule,” because the personal data of the transacting parties ‘travels’ along with their transfers.

While the transfer of personal data between banks has been a long-established process, it is a totally new requirement for the crypto industry—one that entails building an unprecedented communication network between crypto platforms.

Who is affected

The FATF Travel Rule impacts two categories of businesses: financial institutions (banks, credit firms, etc.) and crypto companies, otherwise known as Virtual Asset Service Providers (VASPs).

The new rule applies to banks and crypto companies located in FATF-member countries, such as the US, Switzerland, Singapore and more.

While VASPs include any companies that provide services related to cryptocurrency, only those conducting transfers between users fall under the Travel Rule.

For instance, if a crypto payment app allows wire transfers, then it must comply with the regulation and gather sender and recipient data on those transfers. In contrast, companies that simply accept crypto payments do not fall under the Travel Rule.

Sanctions: Businesses that fail to comply can face local regulatory sanctions. For example, in South Korea, those who do not meet the country’s new crypto regulation may face up to five years in prison or a fine of over 40 thousand dollars.

Read our article on the FATF guidance on virtual assets to get more insights into compliance for crypto businesses.

How to comply

The Travel Rule’s main requirement is to collect and share information on participants in a transaction. So, to comply, a company needs to introduce two solutions: one for collecting data and another for sharing data.

Here is our take on the most efficient approach to Travel Rule compliance.

Obtaining sender and recipient information

In most cases, companies have already collected personal data on a client by the time a transaction occurs—thanks to KYC processes conducted previously.

However, if this is not the case, the company must request that the client submit their name, account number and either an address, ID number, customer identification number, or date and place of birth.

A company must also ask customers to fill out the name and account number of the individual they want to send money to.

The most efficient way to manage these processes is to find a KYC and crypto monitoring provider. In addition to saving time on data gathering, a provider can help companies solve related compliance challenges, like:

  • Ensuring comprehensive AML compliance: There are plenty of other AML requirements besides the Travel Rule, such as verifying customers at onboarding, filing SARs, and more. An automated KYC & AML solution can help with all of this while reducing costs and the possibility of human error.
  • Conducting risk assessments on transactions: Providers can additionally verify that a client’s money isn’t coming from criminal sources, such as darknet marketplaces, fraudulent exchanges, or mixing services (services that conceal the user’s identity).
  • Ensuring compliance with data protection laws: Now that crypto companies must collect personal data, they fall under data protection regulations like GDPR and the CCPA. A KYC & AML solution is a safe bet for compliance with these complex data protection regulations.

So you’ve collected the relevant personal data, but how do you securely transfer it to another bank or crypto business?

Data sharing

To quickly recap, the Travel Rule requires financial businesses to share the personal information of senders and recipients in a transaction with other financial businesses.

Although this demand is new for the crypto sector, there are already a number of networks that allow encrypted data transfers. Among them are OpenVASP, Shyft, and Trisa, to name but a few.

Such networks provide software that businesses can integrate into their systems to securely transmit customer data to other platforms. This type of software also helps verify counterparty platforms.

In order to join a data transferring network, a company must submit an application and undergo due diligence procedures, in addition to being fully licensed or registered.

Combining these two solutions, one for data gathering and another for data sharing, will ensure compliance with the Travel Rule for businesses.

Key takeaways

The FATF Travel Rule is a requirement that targets the anonymity of wire and crypto transactions in order to prevent money laundering. By following this rule, i.e., collecting and sharing sender and recipient data, you can detect suspicious users and avoid fraud.

Get in touch with our team to see how Sumsub’s crypto solution can help you meet your AML & KYC obligations.