TFOFR – INATBA Second Response with Amendment Suggestions

INATBA’s initial response on the AMLR was issued in March 2022. It featured three critical obstacles for the proliferation of crypto-assets set forth by the texts of the AML Package, and it focused primarily on the Transfer of Funds Regulation (TFOFR) – more commonly known as the Travel Rule – which inscribes the Consumer Due Diligence (CDD) requirements for all Crypto Asset Service Providers (CASPs) that transact with crypto assets.


The three key obstacles were:

  • Definitions; Which Should Reflect the Industry More Accurately than in AMLD, AMLR and TFOFR

  • Applying the principle of “same risk, same rules” to AML requirements (Threshold)

  • Unhosted Wallets – Exchanging consumer information accompanying transfers of funds across multiple CASPs while protecting privacy

This document expands on the initial publication and the three critical obstacles by listing the specific articles that are in question, providing an alternative wording of these articles and the rationale behind these proposed changes. These proposals feature the insights and consensus of INATBA’s 170 members.

This document will touch upon the three issues listed above and expand upon them. These most recent drafts contain proposals that INATBA believes will hinder the growth of the blockchain and crypto-asset industry in Europe.

As this file moves into the Trilogues, it is of paramount importance that the key topics highlighted are corrected before the file passes into law. A principled approach which follows proportionality, business and technology neutrality, upholds the privacy and security of European Citizens and supports the listed goals of Blockchain technology adoption in Europe must be followed by policy-makers.

INATBA and its members remain available to gather industry feedback and engage in bilateral conversations with the policy-makers working on regulations. To provide comments and additional feedback, please contact us at [email protected]

 

Executive Summary: 

In this document, INATBA expands on the amendment suggestions required to harmonise the regulation with the operational realities and potential of the innovative European crypto-asset and blockchain industries. This document analyses the initial text proposed by the Commission and the amendments written by the Council and European Parliament (EP).

Firstly, the EP’s version expands upon the definitions of hosted and unhosted wallets, clarifying one of the biggest sources of confusion seen in the original document. INATBA thanks the Parliament for their proposed change which alleviates one of the three key issues of the original text. 

The further proposed amendments by the Council and EP are diametrically opposed to the direction that our members believe this regulation should be moving. 

The Council’s proposal removes the 1,000 EUR reporting threshold, making any and all crypto-asset transactions eligible for CDD requirement, and is significantly more onerous than both the Commission’s version and FATF recommendations. In addition, the requirement placed on CASPs to not only collect, but also verify, any and all CDD data provided by their customers and the transaction recipients creates an operational burden which will result in low growth or the reversal of the growth of this industry in the EU. In addition this approach will create a central database of sensitive and personal data which places European citizens at risk and raises significant privacy concerns.

Feedback from INATBA members suggests that should the proposed amendments remain, many  CASPs will seek to relocate to non European jurisdictions.  This will result in enforcement becoming substantially harder for European authorities 

INATBA seeks a more proportional, technology neutral and realistic approach towards  the verification requirements and thresholds. We also call for an approach which does not create privacy and personal security risks for European citizens. This document expands on the rationale and provides suggested amendments in  key highlighted articles in all three of the TFOFR’s versions.

Article 3 (16 & 18a)     Issue 1: Definitions

_________________________________________________________________
Original Text of the Commission: 

N/A

_________________________________________________________________

Amended Text by the European Parliament: 

 

For the purposes of this Regulation, the following definitions apply:

(16) ‘provider of crypto-asset transfers’ means any natural or legal person whose occupation or business includes the provision of services relating to the transfer of crypto-assets on behalf of another natural or legal person.

(18 a) ‘unhosted wallet‘ means a wallet address that is not held or managed by a provider of crypto-asset transfers;

_________________________________________________________________

Rationale Behind Change:

INATBA members are in support of this amendment made in the European Parliament version of the document. 

Definitions were highlighted on the original response document since they were incomplete. The update of the definitions matches our proposal and we thus support the European Parliament’s amendments.

To expand slightly, amendment (16) has INATBA’s support as it covers the important part of FATF’s VASP definition that was not fully translated into MiCA’s CASP definition.  (18a) clarifies the description for unhosted wallets, simplifying what technology and products are in scope of these requirements.

Article 15(2)           Issue 2: Proportionality

_________________________________________________________________
Original Text by the Commission: 

 

By way of derogation from Article 14(1), transfers of crypto assets not exceeding EUR 1,000 that do not appear to be linked to other transfers of crypto assets which, together with the transfer in question, exceed EUR 1,000, shall be accompanied by at least the following information:

(a) the names of the originator and of the beneficiary;
(b) the account number of the originator and of the beneficiary or, where Article 14(3) applies, the insurance that the crypto-asset transaction can be individually identified;

By way of derogation from Article 14(5), the crypto-assets service provider of the originator shall only verify the information on the originator referred to in this paragraph, first subparagraph, points (a) and (b), in the following cases:

(a) the crypto-assets service provider of the originator has received the crypto-assets to be transferred in exchange of cash or anonymous electronic money;
(b) the crypto-assets service provider of the originator has reasonable grounds for suspecting money laundering or terrorist financing.

EDITOR NOTE: Council’s amended version suggests the removal of this threshold entirely.

_________________________________________________________________

 

Amended Text: 

 

“Propose that exemptions are amended to match transaction reporting thresholds equal to those in Art. 2.5 of the EU Directive 2015/847 (ie existing interbanking transaction) or at, the least, maintained as originally suggested in the Commission’s initial draft”

_________________________________________________________________

Rationale Behind Change:

Blockchain-based transactions are, by the technology’s nature, public and traceable. This means that any person can review and track blockchain transactions through chain explorers, like blockchain.org or etherscan.io. Many sophisticated analytics solutions exist and have already been used by authorities to trace and track criminally suspicious transactions.

In addition, CASPs perform existing KYC and other CDD operations as part of the rules imposed through AMLD5. Cross-referencing the existing consumer identity information collected by CASPs can provide a clear view of nearly all stakeholders in the industry and their operations. 

 

The inherent value of this Decentralized Ledger Technology is the trust and openness it provides to its users. As such, the AML risk of blockchain based transactions is lower compared to risks found in private silos within financial institutions. Afterall, the historic opaqueness of financial institutions is the reason AML reporting standards exist. 

 

As such, the AML reporting threshold should in no way be more onerous than the one proposed in the original draft of this regulation. Contrary to that, the Council and the Parliament have proposed to remove any and all transactions thresholds, meaning that any and all transactions from CASPs to Unhosted Wallets will have to perform onerous consumer information collection and verification processes. 

 

This goes against the principles of being technology neutral and especially the proportionality of requirements. INATBA members believe that the threshold should, at the least, be lifted to match existing financial transactions thresholds given in Art. 2.5 of the EU Directive 2015/849 , if not expanded to a significantly higher figure. 

If this requirement, proposed by the Council, becomes law, Europe will yet again fall short of industry expectations and lose resources and talent to comparative jurisdictions.

Article 14(5b)       Issue 3: Verification of unhosted wallets

_________________________________________________________________

Amended Text of the European Parliament: 

5b. In the case of a transfer of crypto assets made to an unhosted wallet, the provider of crypto-asset transfers of the originator shall collect and retain the information referred to paragraphs 1 and 2, including from its customer, verify the accuracy of that information in accordance with paragraph 5 of this Article and Article 16(2), make such information available to competent authorities upon request, and ensure that the transfer of crypto assets can be individually identified. For transfers to unhosted wallets which are already verified and have a known beneficiary, providers of crypto-asset transfers shall not be required to verify the information of the originator accompanying each transfer of crypto assets. Such information shall be made available to competent authorities upon request in accordance with Article 33 of Directive (EU) 2015/849. 

Providers of crypto-asset transfers shall adopt effective measures to ensure that the verification of the ownership information in relation to unhosted wallets does not cause undue delay to the execution of the intended transfers.

_________________________________________________________________

Amended Text: 

 

“Propose that the requirements to verify the information about unhosted wallets are deleted”

_________________________________________________________________

Rationale Behind Change:

 

Requirements proposed by both the original draft of this regulation and international financial regulatory bodies like FATF, stated that operators in the industry should store consumer due diligence (CDD) information and share with authorities upon request. 

 

Yet again, the European Parliament’s draft goes well beyond the suggested requirements of international bodies and the Commision, proposing significantly more onerous requirements for the collection and, more importantly, the verification of CDD information collected related to unhosted wallets.

The European Parliament’s proposal would require providers to verify information on both the originator and the beneficiary in a transaction involving an unhosted wallet. In many cases this would not be possible or it would be disproportionately onerous for the provider to undertake verification measures in relation to a party that is not a customer of the provider. 

This requirement, in combination with the removal of the thresholds for crypto-asset transactions undermines the ability of obligated entities in the European crypto-asset industry to seamlessly interact with unhosted wallets and fully participate in the future development of the decentralized crypto-asset industry. INATBA members implore the Council and the European Parliament to reconsider these amendments and remove them during the Trilogues.

As per the above amendment recommendation, INATBA members believe that these requirements are too onerous and provide very little benefits in terms of preventing AML risks.

 

Article 14(6)         Issue 3: Proportionality

_________________________________________________________________
Amended  Text of the European Parliament: 

Verification as referred to in paragraph 5 shall be deemed to have taken place where (a) the identity of the originator has been verified in accordance with Article 13 of Directive (EU) 2015/849 [and the information obtained pursuant to that verification has been stored in accordance with Article 40 of that Directive or (b) Article 14(5) of Directive (EU) 2015/849 applies to the originator.


_________________________________________________________________

Amended Text: 

 

“Propose that the requirements to verify the information about unhosted wallets are deleted”

_________________________________________________________________

Rationale Behind Change:

As per the above amendment recommendation, INATBA members believe that these requirements are too onerous. Please review the amendment suggestions for Article 14(5b) for further clarification of our position and rationale.

Article 16(4a)       Issue 3: Verification of unhosted wallets

_________________________________________________________________
Amended Text of the European Parliament: 

 

Where there is a transfer of crypto assets from an unhosted wallet, the provider of crypto-asset transfers of the beneficiary shall collect and retain the information referred to in Article 14(1) and (2) from its customer, verify the accuracy of that information in accordance with paragraph 2 of this Article and Article 14(5), make such information available to competent authorities upon request, and ensure that the transfer of crypto assets can be individually identified. For transfers of crypto assets from unhosted wallets which are already verified and have a known originator, providers of crypto-asset transfers shall not be required to verify the information of the originator accompanying each transfer of crypto-assets. 

The provider of crypto-asset transfers shall maintain a record of all transfers of crypto assets from unhosted wallets and notify the competent authority of any customer having received an amount of EUR 1,000 or more from unhosted wallets. 

Providers of crypto-asset transfers shall adopt effective measures to ensure that the intended transfers are not unduly delayed by verification of the ownership information in relation to unhosted wallets and by reporting procedures. 

_________________________________________________________________

Amended Text: 

“Propose that the requirements to verify the information about unhosted wallets are deleted”

_________________________________________________________________

Rationale Behind Change:

As per the above amendment recommendation, INATBA members believe that these requirements are too onerous. Please review the amendment suggestions for Article 14(5) and 14(5a) for further clarification of our position and rationale.

Article 18ac (2, 3 and 4)   Issue 3: Proportionality

_________________________________________________________________
Amended Text by the Parliament: 

2.(3) wallet, services risk factors: 

  • a) privacy wallets, mixers or tumblers, or other anonymising services for transfers of crypto-assets; 
  • b) crypto-asset wallet addresses, including unhosted wallets, identified as being linked to money laundering, terrorist financing.
  1. The provider of crypto-asset transfers shall also determine on a risk sensitive basis whether to reject any future transfers of crypto assets from or to, or restrict or terminate its business relationship with, a provider of crypto-asset transfers associated with a high risk of money-laundering, terrorist financing and other criminal activities. 

 

  1. Notwithstanding paragraph 1, with respect to privacy wallets, mixers or tumblers, or other anonymising services for transfers of crypto assets, the provider of the crypto-asset transfer shall obtain additional information on the purpose of the intended transfer and a justification for legitimate use, before deciding whether to reject or suspend a transfer, and shall report its decision to the competent authority.

_________________________________________________________________

Amended Text: 

 

“Propose that the use of privacy wallets, mixers and tumblers is reviewed by obligated entities in accordance with a risk-based approach, and will not be prevented if appropriate information can be obtained from the customer.”

_________________________________________________________________

Rationale Behind Change:

 

INATBA members believe that existing requirements placed on CASPs can alleviate the risk posed by the use of privacy enhancing decentralised applications. In many cases, such utilities are used by persons in need of enhanced privacy protection. CASPs should be guided to perform the relevant and necessary checks to ensure that such persons are allowed access to their services without avoiding AML obligations – but the current version, if it remains unchanged, outright removes this ability from CASPs.