Response to consultation on Guidelines on preventing the abuse of funds and certain crypto-assets transfers for ML/TF (Travel rule Guidelines)
Question 1. Do you agree with the proposed provisions? If you do not agree, please explain how you think these provisions should be amended, and set out why they should be amended. Please provide evidence of the impact these provisions would have if they were maintained as drafted'?
Despite we don’t in principle disagree with the proposed provisions, we identified some items that as currently stated are not realistically fully in line with the technologies present in the sector. The regulatory provisions would need further sub-guidelines in order to ensure proper governance.
Par 3 – Transmitting information with the transfer.
- The Technical limitations are the inherent problem of transferring and receiving information through blockchain, as there are no satisfactory solutions or infrastructure in the current state of the art to ensure the receipt of information through Blockchain.
- The regulatory exception of an alternative mechanism and infrastructure not fully capable of transmitting the required information until 31 July 2025 is also a vague prediction, as not even exceptional and partial solutions are currently available.
- How can CASPs deal with situations where the sender used a non-custodial wallet? This scenario should be further regulated by the guidelines.
- A further clarification should be provided with regard to the protocols architecture that must be robust enough to enable transmissions by being compatible with existing industry standard. The definition of “existing industry standard” shall be further elaborated.
CASPS are also requested to determine increasing risk factors according to their risk appetite and to the 4 risk pillars by considering whether the CASP is located in high-risk or sanctioned countries, in countries that have not yet implemented the travel rule, or in countries that don’t have licensing regime for CASPS or with self-hosted addresses.
Increased risk shall also be considered when the Transfers from or to addresses or wallets known to be linked to suspicious activities, include the use of mixers, tumblers, IP anonymizers, Stealth Addresses, from CASPS identified as repeatedly failing to provide required information without justified reason.
Since the transfers are made through blockchain, CASPS are able to monitor the location where a certain customer has logged in the last time but is impossible to identify whether the CASP is located in a high-risk, sanctioned, or not-travel-rule-compliant country.
It would be helpful to have a centralized register for suspicious wallet addresses, and for CASPS identified as repeatedly failing to provide required information without justified reason.
Also, the definition of “techniques to performing layering of addresses” shall be further clarified.
Par 7. Treatment for repeatedly failing CASPs.
The guidelines mention “Advanced Analytics Tools” and “Other Suitable Technical Means” that should be used by the CASPs to identify and verify that the self-hosted address is owned by the originator and beneficiary in situations where a transfer from or to a self-hosted address exceeds 1000 Euro.
In this regard, the market has a shortage of tool that can be used to monitor this aspect.
Also, the guideline specifies that when the self-hosted address is owned or controlled by a third person instead of the CASP customer, the CASP should collect additional data on the third person from other sources.
It should be noted that the blockchain analytic data are limited, and they won’t fully reach the scope. With regards to third party data, we cannot ensure that the third party’s CASP will share a sufficient level of information in case they are not regulated.
It would be helpful to have an authority-based centralized database, where the information on CASPS where this information is stored.
General Considerations
From a business point of view, the main problem in implementing the travel rule as stipulated in the guidance note is the non-existence of a centralized infrastructure to transfer and collect data.
The first question that arises is who will develop this infrastructure, as there are currently no effective systems in place to ensure that the required level of information is transferred and stored.
To this end, it would be useful to publish guidelines on the infrastructure and how it should be implemented.
Some suggestions from the guidelines do not apply to blockchain technologies. For example, we're not able (there is no such technology) to identify the owner (first and last name, address, and other customer's details) of the non-custodial (unhosted) wallet.
From a technical point of view and business point of view, the main problem in implementing the travel rule, as stipulated in the guidance note, is the non-existence of a centralized infrastructure to transfer and collect data from one CASP to another. More to say, to develop such an infrastructure CASPs need to:
- have clear guidelines on its specifications and implementation process
- should be discussed and developed either collectively or with the help of a regulator